Hi all,
I'm trying to configure gnugk behind nat, the network situation is
this:
external endpoint (may be natted)
|
| x.x.x.x
Router (it's doing Nat and firewall)
| 192.168.1.1
-----------------------------------------
| | (DMZ)
| 192.168.1.3 | 192.168.1.2
Linux |
firewall internal
with nat endpoint2.
| 192.168.0.254
|
|192.168.0.1
internal
endpoint1
Is it possible to use only one gatekeeper on the Linux firewall
machine to connect all the endpoints ?
I tried to do this with gnugk 2.0.9 (the 2.2.1 has more problem or it
look like) and the following configuration:
--------------------------------
[Gatekeeper::Main]
Fourtytwo=42
Name=GK1
;TotalBandwidth=16777216
NetworkInterfaces=192.168.0.254/24, 192.168.1.3/24,x.x.x.x/0
[RoutedMode]
GKRouted=1
H245Routed=1
CallSignalPort=1720
CallSignalHandlerNumber=1
AcceptNeighborsCalls=1
AcceptUnregisteredCalls=1
RemoveH245AddressOnTunneling=1
DropCallsByReleaseComplete=1
SupportNATedEndpoints=1
Q931PortRange=20000-29999
H245PortRange=30000-30999
[Proxy]
Enable=1
T120PortRange=40000-40999
RTPPortRange=50000-59999
ProxyForNAT=1
ProxyForSameNAT=0
[RasSrv::RRQFeatures]
[RasSrv::ARQFeatures]
ArjReasonRouteCallToSCN=0
ArjReasonRouteCallToGatekeeper=1
CallUnregisteredEndpoints=1
RemoveTrailingChar=#
[RasSrv::RRQAuth]
default=confirm
[GkStatus::Auth]
rule=explicit
192.168.0.1=1
192.168.1.2=1
127.0.0.1=1
192.168.1.4=1
default=forbid
------------------------------------------
But it's not working.
I also tried to solve the problem with 2 gnugk configured as neighbors
and almost worked but if the external endpoint is natted I can't call
it from internal endpoint.
The configurations are the following:
------------------------------------------
GK1 configuration (on linux firewall)
------------------------------------------
[Gatekeeper::Main]
Fourtytwo=42
Name=GK1
;TotalBandwidth=16777216
NetworkInterfaces=192.168.0.254/24,192.168.1.3/24
[RoutedMode]
GKRouted=1
H245Routed=1
CallSignalPort=1720
CallSignalHandlerNumber=1
AcceptNeighborsCalls=1
AcceptUnregisteredCalls=1
RemoveH245AddressOnTunneling=1
DropCallsByReleaseComplete=1
SupportNATedEndpoints=1
Q931PortRange=20000-29999
H245PortRange=30000-30999
[Proxy]
Enable=1
T120PortRange=40000-40999
RTPPortRange=50000-59999
ProxyForNAT=1
ProxyForSameNAT=1
[RasSrv::Neighbors]
GK2=192.168.1.4
[RasSrv::GWPrefixes]
GK2=*
[RasSrv::RRQFeatures]
[RasSrv::ARQFeatures]
ArjReasonRouteCallToSCN=0
ArjReasonRouteCallToGatekeeper=1
CallUnregisteredEndpoints=1
RemoveTrailingChar=#
[RasSrv::RRQAuth]
default=confirm
[GkStatus::Auth]
rule=explicit
192.168.0.1=1
192.168.1.2=1
127.0.0.1=1
192.168.1.4=1
default=forbid
[RasSrv::RewriteE164]
[RasSrv::LRQFeatures]
ForwardHopCount=7
NeighborTimeout=10
ForwardResponse=1
AcceptForwardedLRQ=1
AlwaysForwardLRQ=1
[RasSrv::PermanentEndpoints]
[Gatekeeper::Auth]
default=allow
[CallTable]
AcctUpdateInterval=60
[Gatekeeper::Acct]
FileAcct=sufficient;stop
default=accept
[FileAcct]
DetailFile=/var/log/gk/CDR.log
StandardFormat=1
#Rotate=weekly
[NATedEndpoints]
[Endpoint]
[CTI::Agents]
VirtualQueueAliases=CC
RequestTimeout=10
[LogFile]
rotate=Weekly
------------------------------------------
GK2 configuration on Linux in DMZ
------------------------------------------
[Gatekeeper::Main]
Fourtytwo=42
Name=GK2
#TotalBandwidth=16777216
;Home=192.168.1.4
NetworkInterfaces= 192.168.1.4/24,x.x.x.x/0
;x.x.x.x is the public ip of my router
[RoutedMode]
GKRouted=1
H245Routed=1
CallSignalPort=1720
CallSignalHandlerNumber=1
AcceptNeighborsCalls=1
AcceptUnregisteredCalls=1
RemoveH245AddressOnTunneling=1
DropCallsByReleaseComplete=1
SupportNATedEndpoints=1
Q931PortRange=20000-29999
H245PortRange=30000-30999
[Proxy]
Enable=1
T120PortRange=40000-40999
RTPPortRange=50000-59999
ProxyForNAT=1
ProxyForSameNAT=1
[RasSrv::Neighbors]
GK1=192.168.1.3
[RasSrv::GWPrefixes]
GK1=*
[RasSrv::RRQFeatures]
[RasSrv::ARQFeatures]
ArjReasonRouteCallToSCN=0
ArjReasonRouteCallToGatekeeper=0
CallUnregisteredEndpoints=1
RemoveTrailingChar=#
[RasSrv::RRQAuth]
default=confirm
[GkStatus::Auth]
rule=explicit
192.168.0.1=1
192.168.1.2=1
192.168.1.3=1
127.0.0.1=1
192.168.1.4=1
default=forbid
[RasSrv::RewriteE164]
[RasSrv::LRQFeatures]
ForwardHopCount=7
NeighborTimeout=10
ForwardResponse=1
AcceptForwardedLRQ=1
AlwaysForwardLRQ=1
[RasSrv::PermanentEndpoints]
[Gatekeeper::Auth]
default=allow
[CallTable]
AcctUpdateInterval=60
[Gatekeeper::Acct]
FileAcct=sufficient;stop
default=accept
[FileAcct]
DetailFile=/var/log/gk/CDR.log
StandardFormat=1
#Rotate=weekly
[NATedEndpoints]
[Endpoint]
[CTI::Agents]
VirtualQueueAliases=CC
RequestTimeout=10
[LogFile]
rotate=Weekly
--------------------------------------------
I spent a lot of time trying to solve this problem (the best solution
is with one gatekeeper) but without reaching the goal :(.
All the ports are open on the router and forwarded to the GK2 ... and
the firewall of GK1 has the necessary ports open.
Can anyone help me please?
Thanks in advance.
Arturo Sandrigo
-------------------------------------------------------
This SF.net email is sponsored by Demarc:
A global provider of Threat Management Solutions.
Download our HomeAdmin security software for free today!
http://www.demarc.com/Info/Sentarus/hamr30
_______________________________________________________
List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549
Homepage: http://www.gnugk.org/
