Simon Taylor wrote: > Thanks Brian! > > Here are the answers to your questions: > > /By "ADSL router" do you mean that your ADSL modem is acting as a/ > /firewall/NAT router, supplying private IP addresses to your internal/ > /H.323 endpoints and your ISP is assigning you only one external public/ > /IP address (assigned to your router)?/ > > Yes, absolutely. My ISP gives me one public IP, and each machine on > the network has an address of 192.168.1.x > / > If that is the case, do you have administrative access to your router in > order to possibly implement a dynamic DNS setup and/or create inbound > TCP port mappings? > > /Yes, and infact I already have a no-ip setup. > No port mappings done yet. > / > Also, are the external endpoints that you're trying to call out to and > receive calls from part of another different gatekeeper zone or simply > independent standalone endpoints (unassociated with a gatekeeper)? And > finally, do those external endpoint(s) and/or external gatekeeper(s) > each have their own public IP address or are they private/hidden behind > another NAT router?/ > > I hope to dial out to the Tandberg test service (EMEA) on 194.0.215.40 > Or VTC Test http://vtctest.pointsofdata.com/ > The VTC test can call you back, in theory. > I believe these are standalones. > > I would then move on to private hidden IP gateway'd endpoints! > > Cheers! > > Simon > > > Ok, that makes sense. Part of the challenge with the scenario that you're describing is dealing with the NAT translations and the inbound firewall. Unfortunately a portion of the H.323 protocol is dynamically negotiated (TCP/UDP port numbers negotiated on the fly) so it's difficult to predict which port numbers need to be open and mapped on the firewall. I believe the ports of interest though are: port 1718/udp - (gk discovery) port 1719/udp - (gk registration) port 1720/tcp - (q.931 call signaling) port (dynamic, some port greater than 1024)/tcp - (h.245 call control) port (dynamic, some port greater than 1024, even numbered)/udp - (video RTP payload) port (dynamic, some port greater than 1024, odd numbered)/udp - (video RTCP control) port (dynamic, some port greater than 1024, even numbered)/udp - (audio RTP payload) port (dynamic, some port greater than 1024, odd numbered)/udp - (audio RTCP control) port 1503/tcp - (t.120 whiteboard/file/text "data conferencing") One simple approach to dealing with the NAT and firewall issues is to declare one of your internal machines as the "default" inbound IP map on your router, if your router supports such a feature. That way if anyone tries to connect to your external public IP address the packets get forwarded to that one internal box. Initially that internal box can be one of your video endpoints just to make sure that your router is configured properly. Then, once you're sure that your router is working correctly, bring your second endpoint and gatekeeper into the equation. Using Polycom PVX as that initial test endpoint, set the default inbound map on your router to point at the machine that PVX is installed on. Then on the machine where PVX is installed, set PVX's "external WAN address" to the IP address that your ISP currently has assigned to you. If your router doesn't support defining a default inbound IP map, in the case of Polycom PVX there's an option labeled "use fixed ports" which limits those dynamic TCP and UDP ports listed above to fall within the port range 3230-3235. You can then define individual TCP and UDP port maps on the router one at a time instead of setting a single default IP map. Then, finally test to make sure that your one test endpoint is working correctly for both inbound and outbound calls dialing by IP address. If that all works, you should be able to then put your gatekeeper box where that test endpoint originally was (such that all inbound traffic hits your gatekeeper box instead). Configuring your gatekeeper in proxy mode will accept the RTP/RTCP traffic from the remote endpoints and forward the RTP/RTCP traffic locally to your internal endpoints. It's been a while since I had that home proxy scenario actually in use though (and I'm not the greatest at taking notes or making backups of past configs), so I don't have the exact options that needed to be set within the gnugk config to make that home proxy scenario work properly. I'm sure there are others on the list here though that can chime in if you have any issues after going through the proxy section of the documentation. Hope the info helps. -Brian ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________________ Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users Homepage: http://www.gnugk.org/
