Re: H.460.18 occasionally exposes/tries to useEndpoints Internal Address

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


Remove 
[Gatekeeper::Main]
Home=
Bind=

[Proxy]
InternalNetworks=

Add
[Gatekeeper::Main]
ExternalIP={external IP of NAT box}

This should create an appropriate route table inside GnuGk for your
configuration.

Simon


-----Original Message-----
From: Andrew Herdman [mailto:andrew@xxxxxxxxx] 
Sent: Saturday, 30 January 2010 5:58 AM
To: GNU Gatekeeper Users
Subject:  H.460.18 occasionally exposes/tries to
useEndpoints Internal Address

So, further to my H.460 testing, I saw (via tcpdump) the GNUGK which is the
H.460 registrar trying to communicate with the H.460 endpoint on it's
Internal address on the firewall, and not the WAN IP I see under the
registration.

Most of the time, almost all the traffic goes to the right IP address, but
the occasional packet of a different channel (It's UDP, H.245?  
RAS?) leaks out and tries to go to the endpoints internal pre-NAT IP
address.

Then, very occasionally, but I can repeat after several tries, all the media
from the GNU/GK tries to go to the Internal pre-NAT IP address of the
endpoint.

I'm not entirely sure what's going on, as the registration information is
intact with the right outside IP, H.460.18 is indicated in the registration,
and most calls just work. 

I'm using a slightly smarter firewall (ASA5500) than the average home user,
but all the h323 inspections are turned off, so I don't think thats it.

All the packets are sourced from port 50xxx and are destined to the right
port on the Endpoint (Tandberg 150MXP), just the wrong IP.

Has anyone else run into this?  Did I simply miss something in my
configuration?  (Attached below).

Thanks and Best Regards
  Andrew

[Gatekeeper::Main]
Fortytwo=42
Name=GNUGK003
Home=127.0.0.1,10.10.10.10
Bind=127.0.0.1,10.10.10.10
TimeToLive=600
StatusPort=7000
StatusTraceLevel=1
UseBroadcastListener=0
CompareAliasType=1
CompareAliasCase=0
TimestampFormat=MySQL
TimeToLive=600

[LogFile]
Rotate=daily
RotateTime=00:00


[RoutedMode]
GKRouted=1
H245Routed=1
CallSignalPort=1720
CallSignalHandlerNumber=10
RtpHandlerNumber=4
AcceptNeighborsCalls=1
AcceptUnregisteredCalls=1
RemoveH245AddressOnTunneling=1
RemoveCallOnDRQ=0
DropCallsByReleaseComplete=1
SendReleaseCompleteOnDRQ=1
SupportNATedEndpoints=1
SupportCallingNATedEndpoints=0
TreatUnregisteredNAT=0
ForwardOnFacility=1
ShowForwarderNumber=0
Q931PortRange=20000-20999
H245PortRange=30000-30999
SetupTimeout=8000
SignalTimeout=30000
AlertingTimeout=60000
TcpKeepAlive=1
TranslateFacility=1
SocketCleanupTimeout=5000
EnableH46018=1
H46018NoNat=1


[Proxy]
Enable=1
ProxyAlways=0
InternalNetwork=10.0.0.0/8,66.0.0.0/20,127.0.0.0/8,65.0.0.0/24
T120PortRange=40000-49999
RTPPortRange=50000-59999
ProxyForNAT=1
ProxyForSameNAT=1
DisableH460Call=0
DisableRTPQueuing=1
EnableRTPMute=0

[RasSrv::LRQFeatures]
NeighborTimeout=2
SendRetries=2
ForwardHopCount=2
AcceptForwardedLRQ=1
ForwardResponse=1
ForwardLRQ=depends
AcceptNonNeighborLRQ=1
AcceptNonNeighborLCF=1


[RasSrv::RRQFeatures]
OverwriteEPOnSameAddress=1


[RoutingPolicy]
default=explicit,internal,neighbor,srv,dns


[RoutingPolicy::OnARQ]
default=explicit,internal,neighbor,srv,dns

[RoutingPolicy::OnLRQ]
default=explicit,internal,neighbor,srv,dns


[RoutingPolicy::OnSetup]
default=explicit,vqueue,internal,srv,dns

[GkStatus::Auth]
rule=allow

[RasSrv::RewriteE164]

[RasSrv::Neighbors]
GKLAB=Gnugk

[Neighbor::GKLAB]
Host=66.0.0.211
Dynamic=0
SendPrefixes=*
AcceptPrefixes=1999
ForwardHopCount=5
AcceptForwardedLRQ=1
ForwardResponse=1
ForwardLRQ=Depends


----------------------------------------------------------------------------
--
The Planet: dedicated and managed hosting, cloud storage, colocation Stay
online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________________

Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users
Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users
Homepage: http://www.gnugk.org/


------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________________

Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users
Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users
Homepage: http://www.gnugk.org/
[Index of Archives]     [SIP]     [Open H.323]     [Gnu Gatekeeper]     [Asterisk PBX]     [ISDN Cause Codes]     [Yosemite News]

  Powered by Linux