Hi Andy, for all calls that use H.460.18, fully proxy mode is activated automatically, so your setting for H245Routed doesn't make any difference. GnuGk currently doesn't do multiplexing, but you can limit the ranges of ports it uses with the XXXPortRange= switches (see the manual). But you still have to make sure you have enough ports in those ranges for your calls. Regards, Jan Andy wrote: > > Hi everybody! > > I'm having some questions regarding H.460.18/19. I have the following > scenario: > > : +---------------+ > : | VC-Endpoint#1 | > : | H323id: 4711 | > : +------+--------+ > : |eth0:192.168.1.140 > : | > : | > : | <- Standard GK-Registration > : | to 192.168.1.1 > : | > : | > : |eth1:192.168.1.1 > : +--------+---------------+ > : | LinuxFW using iptables | > : | GnuGK 2.3.1 listening | <- I'll call it "GnuGK/FW" below > : | on eth0 and eth1 | > : +--------+---------------+ > : |eth0:78.x.x.x > : | > : | > : | > : .----..----..----. > : ( ) > : : INTERNET : > : ( ) > : '----''----''----' > : | > : | > : | > : |eth0:85.x.x.x > : +--------+---------------+ > : | LinuxFW using iptables | > : +--------+---------------+ > : |eth1:192.168.1.1 > : | > : | > : | <- GK-Registration to > : | 78.x.x.x using H.460.18 > : | > : | > : |eth0:192.168.1.140 > : +------+--------+ > : | VC-Endpoint#2 | > : | H323id: 4712 | > : +---------------+ > > And that's my tiny config: > > [Gatekeeper::Main] > Fortytwo=42 > TimeToLive=600 > StatusPort=7000 > > [RoutedMode] > GKRouted=1 > H245Routed=1 > CallSignalPort=1721 > EnableH46018=1 > > [GkStatus::Auth] > rule=allow > > First question: Do I need "H245Routed=1" for my scenario? > > > Telneting on my GnuGK at port 7000 confirms, that both endpoints are > registered and one of them by using H.460.18... at least that's the > output of "rv". What's a little confusing for me is, that "s" tells me, > that I have 2 registered endpoints, but none of them is NATed. So, dees > NAT in this context refer just to the GnuGK-firewall-traversal-approach? > > Anyway, registering using H.460 works fine... as soon as I open port > 1719 on the GnuGK/FW. Calling 4712 from 4711 and vice-versa works as > well... as soon as I allow incoming traffic to the GnuGK/FW coming from > 85.x.x.x. From the internal side - Intranet - all incoming traffic is > allowed by default. I know that I could reach the same goal by opening > just the related ports/ranges for the external IP, but just for testing > with known counterparts, this approach is fine for me. As a result, the > established call will use some dynamic ports out of the specified ranges > for RTP traffic.... and that's the point where I have some questions: > > I know of commercial firewall-traversal solutions, also relying on > H.460.18/19, which manage to do the whole thing by opening only 3 ports > to the internet: > > o) 1719 UDP - H.460.18 RAS, needed to register on the GK > O) 2776 TCP - H.460.18 call signaling, needed to initiate the call > o) 2777 UDP - H.460.19 multiplex media control channel > TCP - H.460.18 call control > > So, I wonder if this would also be possible with the GnuGK? For example, > I didn't find any directive to configure H.460.19 multiplexing for > GnuGK...?!? Any ideas? > > Thx a lot in advance! > > Cheers, > Andy -- Jan Willamowius, jan@xxxxxxxxxxxxxx, http://www.gnugk.org/ ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________________ Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users Homepage: http://www.gnugk.org/
