Re: My first H.323 Zone

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Simon Taylor wrote:
> Thanks Brian!
>
> Here are the answers to your questions:
>
> /By "ADSL router" do you mean that your ADSL modem is acting as a/
> /firewall/NAT router, supplying private IP addresses to your internal/
> /H.323 endpoints and your ISP is assigning you only one external public/
> /IP address (assigned to your router)?/
>
> Yes, absolutely. My ISP gives me one public IP, and each machine on 
> the network has an address of 192.168.1.x
> /
> If that is the case, do you have administrative access to your router in
> order to possibly implement a dynamic DNS setup and/or create inbound
> TCP port mappings?
>
> /Yes, and infact I already have a no-ip setup.
> No port mappings done yet.
> /
> Also, are the external endpoints that you're trying to call out to and
> receive calls from part of another different gatekeeper zone or simply
> independent standalone endpoints (unassociated with a gatekeeper)? And
> finally, do those external endpoint(s) and/or external gatekeeper(s)
> each have their own public IP address or are they private/hidden behind
> another NAT router?/
>
> I hope to dial out to the Tandberg test service (EMEA) on 194.0.215.40
> Or VTC Test http://vtctest.pointsofdata.com/
> The VTC test can call you back, in theory.
> I believe these are standalones.
>
> I would then move on to private hidden IP gateway'd endpoints!
>
> Cheers!
>
> Simon
>
>
>

Ok, that makes sense.

Part of the challenge with the scenario that you're describing is 
dealing with the NAT translations and the inbound firewall. 
Unfortunately a portion of the H.323 protocol is dynamically negotiated 
(TCP/UDP port numbers negotiated on the fly) so it's difficult to 
predict which port numbers need  to be open and mapped on the firewall. 
I believe the ports of interest though are:

port 1718/udp - (gk discovery)
port 1719/udp - (gk registration)
port 1720/tcp - (q.931 call signaling)
port (dynamic, some port greater than 1024)/tcp - (h.245 call control)
port (dynamic, some port greater than 1024, even numbered)/udp - (video 
RTP payload)
port (dynamic, some port greater than 1024, odd numbered)/udp - (video 
RTCP control)
port (dynamic, some port greater than 1024, even numbered)/udp - (audio 
RTP payload)
port (dynamic, some port greater than 1024, odd numbered)/udp - (audio 
RTCP control)
port 1503/tcp - (t.120 whiteboard/file/text "data conferencing")

One simple approach to dealing with the NAT and firewall issues is to 
declare one of your internal machines as the "default" inbound IP map on 
your router, if your router supports such a feature. That way if anyone 
tries to connect to your external public IP address the packets get 
forwarded to that one internal box. Initially that internal box can be 
one of your video endpoints just to make sure that your router is 
configured properly. Then, once you're sure that your router is working 
correctly, bring your second endpoint and gatekeeper into the equation.

Using Polycom PVX as that initial test endpoint, set the default inbound 
map on your router to point at the machine that PVX is installed on. 
Then on the machine where PVX is installed, set PVX's "external WAN 
address" to the IP address that your ISP currently has assigned to you. 
If your router doesn't support defining a default inbound IP map, in the 
case of Polycom PVX there's an option labeled "use fixed ports" which 
limits those dynamic TCP and UDP ports listed above to fall within the 
port range 3230-3235. You can then define individual TCP and UDP port 
maps on the router one at a time instead of setting a single default IP 
map. Then, finally test to make sure that your one test endpoint is 
working correctly for both inbound and outbound calls dialing by IP 
address.

If that all works, you should be able to then put your gatekeeper box 
where that test endpoint originally was (such that all inbound traffic 
hits your gatekeeper box instead). Configuring your gatekeeper in proxy 
mode will accept the RTP/RTCP traffic from the remote endpoints and 
forward the RTP/RTCP traffic locally to your internal endpoints.

It's been a while since I had that home proxy scenario actually in use 
though (and I'm not the greatest at taking notes or making backups of 
past configs), so I don't have the exact options that needed to be set 
within the gnugk config to make that home proxy scenario work properly. 
I'm sure there are others on the list here though that can chime in if 
you have any issues after going through the proxy section of the 
documentation.

Hope the info helps.

-Brian


------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________________

Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users
Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users
Homepage: http://www.gnugk.org/

[Index of Archives]     [SIP]     [Open H.323]     [Gnu Gatekeeper]     [Asterisk PBX]     [ISDN Cause Codes]     [Yosemite News]

  Powered by Linux