Earl What you are talking about in the linux kernel is an ALG or application layer gateway. H.460.18/.19 has no capacity to handle ALG's and you may have problems unless you set the switch H46018NoNat = 0. An ALG will rewrite the addresses to the outside and open pinholes in the NAT. If you set H46018NoNat=0 then it will turn H.460.18/.19 off IF a NAT is not detected which is the case you would have if you have an ALG. If enabled, H.460.23 will detect the ALG automatically and then turn H.460.18/.19 off in the gatekeeper. H.460.24 will still be available to allow sending and receiving calls to other people without needing to proxy. Basically it detects it and works with the ALG. I have a NetGear router with a H.323 ALG and it works fine with point to point, non proxy, calls. Another case is UPnP, Most routers support it. The H.460.23/.24 allows for the detecting and reporting of the type of NAT. If the type of NAT is not friendly like Symmetric NAT you can use UPnP to report it as a friendly NAT to the gatekeeper. PacPhone supports UPnP with H.460.23/.24. I will only enable it when a non-friendly NAT is detected. When UPnP is active, UDP ports are opened and closed when required and only under the instruction by the gatekeeper so not all calls will need to use UPnP. Port forwarding? You should not need to do it. With H.460.18/19 the gatekeeper proxy will detect the media. With H.460.23/.24 port forwarding may help with bad NAT. It will detect the port forward and work with it. You only need to port forward the UDP port range. For PacPhone that is 5000 - 5100. It will be reported to the gatekeeper as a (good) Cone NAT and you can make and receive calls without proxying. Basically, forget everything you learnt about H.323 and NAT as H.460.18/.19/.23/.24/.24a breaks almost all those assumptions. Simon -----Original Message----- From: Earl [mailto:Large.Files@xxxxxxx] Sent: Saturday, 21 November 2009 8:59 PM To: GNU Gatekeeper Users Subject: Re: Test Gatekeeper for 2.3.1 RC1 online Simon, the question I have with the GK requesting a TCP connection from the endpoint is that unless the router has h.323 spying activated (kernel modules for h.323 connection tracking), how will this dynamically-negotiated TCP port pass through the firewall before the endpoint? I am *not* willing to forward ports 1k to 64k through a firewall to the computer on which an endpoint is running. I am willing to let a limited and well-calculated number of ports through to the computer via port-forwarding, no more than necessary. It is my desire to eventually use h.323 connection tracking in a Linux firewall and only open up pinholes in the firewall, one by one, automatically, as negotiated between GK and EP. However, with reference to http://max.kellermann.name/projects/netfilter/h323.html I only see H.323, H.225, H.245 protocols as being spied upon, so I don't know if h323-conntrack-nat, which is now integrated into all modern Linux kernels, will spy on H.460 negotiations - or even if it is necessary to spy on H.460 to open up the required pinholes ? My application is secure telecom for a small, non-profit organization, striving to improve the the present and future conditions of mankind. I have to figure out all the technical complications by myself in my spare time, hopefully with a bit of help from the h.323 community. Earl Simon Horne wrote: > The TCP Listening port is redundant and has no effect with > H.460.18/.19 as the gatekeeper will request a TCP connection from the > endpoint when a call comes in. [snip] > > Simon > > -----Original Message----- > From: Earl [mailto:Large.Files@xxxxxxx] > Sent: Saturday, 21 November 2009 5:12 AM > To: GNU Gatekeeper Users > Subject: Re: Test Gatekeeper for 2.3.1 RC1 online > > [snip] > > strange: > the TCP listening port configuration in Pacphone can be changed to any > port and registration will take place. ---------------------------------------------------------------------------- -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________________ Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users Homepage: http://www.gnugk.org/ ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________________ Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users Homepage: http://www.gnugk.org/
