Hi Stewart, again a thx for you quick reply :-) > Hi Tom, > > > i am looking for a way to setup at child gk as a proxy which is forwarding > > all the registration requests to the parent gk. > > just a short description to my problem. > > > > i setup a child gk behind a NAT as a proxy for the internal phones. > > i register as a gateway to the parent gk and setup at the .ini file the > > prefix which should be forwarded to my proxy child gk. > > > > 1.) at the moment every client is allowed to register at the proxy (not a > > good solution if the proxy is in a dmz) > > It should not be hard to set up iptables (or a hardware firewall) to allow > registration and Setup only from internal addresses and from the parent gk. > > 2.) with the prefix option i can tell the parent gk to forward e.g. 4711 to > > my child gk > > > > question to 1.) is it possible to prevent clients to register at the child > > gk and only use the parent gk for registration? > > I don't think so (but I don't know much about this area). However, if > you just want central administration of your authentication, etc., you > can have the child gk access the same radius, sql, etc. database > as the parent. > > > question to 2.) is is possible to prevent the child gk to do any rerouting > > with the prefix option? > > I don't understand your question. Do you have administrative control > of the child gk? Where would your problem calls come from (local > IP phones, parent gk, other source) and where don't you want them > to go? yes i think to setup iptables is a good idea in everycase, but what i am looking for is to forward all the registration requests to the parent gk. The child gk is at the customers side and the only work for it should be to enable multiple phones with different e.164 No. behind a NAT Router. Maybe there is another way than to use a child gk as an proxy. If i understand right, i can register at the child gk every e.164 No i want and than give with the prefix option the order to the parent gk to route these e.164 No. to this child gk. ThatÂs why i donÂt want that the child gk is allowed to register a client by itself but rather send the registration request to the parent gk and that the child gk is not allowed to setup a route to a selfdefined prefix. I know that this is hard to realize with the gatekeeper.ini at the child_gk it must be done or be able to setup at the parent_gk side. > > > p.s. i am using 2.0.9 at the moment because the 2.2.0 died after every reset > > (24h) of my adsl line. > > Oh, how awful. If "unbundled" DSL is available in your area, and there > is a reliable alternate ISP, IMHO you should switch. In addition to solving > the disconnect problem, you will probably get much higher upload speed, > which you'll need if you want to handle several calls at once. > > If you are stuck with the disconnect, is your IP address changed each time? > If so, even if you can avoid gk crashes, all calls will drop, and you won't > be able to reconnect them until the child gk has reregistered with the > new IP. You may be able to avoid this by getting a static IP from your > present ISP, or going to a new ISP, even if they must connect via > your LEC's DSLAM and BAS that forces the disconnect. > > If you are disconnected every 24h but keep the same IP, then with the > proper modem/router you should be "down" for only about five seconds, > and the gk shouldn't even notice. Unfortunately, calls in progress may > drop, not because of a technical problem, but because five seconds of > silence is enough to convince most callers that the line has gone dead, > and they hang up. > Unfortunately i have realized the same crash with the 2.0.9 version, the gatekeeper die after the Public IP of the the Router changed. The child GK is sending a keepalive registration Request to the parent GK which is rejected due to do a full Registration (i guess because the Public IP has changed) than the Child GK state a "Select Error 10" and the gnugk die. I fully agree with you that there are better solutions without a 24 hour disconnect and with static public IP but unfortunately i have fixed situations at the customers side and most providers in germany will provide this solution with the forced disconnect. There are some options at the Endpoint Section NATRetryInterval=60 and NATKeepaliveInterval=86400 do you think that changing this values could prevent the "Select Error 10" (i will send a log trace asap to give more information) here is my child_gk.ini file for information [Gatekeeper::Main] Fourtytwo=42 Name=XXX TimeToLive=300 EndpointIDSuffix=_xxx [GkStatus::Auth] rule=deny [Endpoint] Gatekeeper=x.x.x.x Type=Gateway H323ID=XXX E164=YYYY Prefix=ZZZZ [RoutedMode] GKRouted=1 H245Routed=0 CallSignalPort=1721 CallSignalHandlerNumber=1 AcceptNeighborsCalls=1 AcceptUnregisteredCalls=0 RemoveH245AddressOnTunneling=1 RemoveCallOnDRQ=1 DropCallsByReleaseComplete=1 SendReleaseCompleteOnDRQ=1 SupportNATedEndpoints=1 ForwardOnFacility=1 ShowForwarderNumber=0 Q931PortRange=0 H245PortRange=0 ConnectTimeout=180000 [Proxy] Enable=1 T120PortRange=0 RTPPortRange=10000-59999 ProxyForNAT=1 Thx a lot TOM ------------------------------------------------------- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt _______________________________________________________ List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549 Homepage: http://www.gnugk.org/
