Ken; Try adding this to [Gatekeeper::Main] Home=IP Address of Ethernet ExternalIP=IP Address that is NAT to Outside I've had better luck with things. As well, not sure about your entire setup, but if you add to [Proxy] ProxyAlways=1 might help simplify your debugging, as all calls will be proxied. It may however cause issues if you have several inside endpoints calling each other. Andrew Ken Tucker wrote: > > Hi all, > > I’ve been banging my head against a wall for several days and after > numerous attempts at ini changes and google searches, I figured it was > time to come begging for help… > > I have a single gnugk system (2.3.1) behind my firewall. It only has > one (private IP) interface. It is NATed to the Internet and all the > appropriate ports are allowed in. I have endpoints in other VLANs > behind the firewall (with full IP access to/from gnugk for now). I > also have external endpoints on different networks that are NATed out. > Note that ALL endpoints are Tandbergs. > > All units register fine, either to the private IP or the NATed IP of > gnugk. However, I cannot get a call to connect from external to > internal endpoint or vice-versa. If I call from ext to int, it rings, > and as soon as the other side connects, the ext shows call > cleared/disconnected. Here’s a chunk of the logs (using –ttttt) when I > call from the external unit to the internal unit (via alias): (all IPs > have been changed J ) > > ------------------------------------------------------------------ > > 2010/05/04 23:39:29.332 3 RasSrv.cxx(2569) GK ARQ will request > bandwith of 10240 > > 2010/05/04 23:39:29.332 5 Routing.h(177) ROUTING Checking policy > Explicit for the request ARQ 2572 > > 2010/05/04 23:39:29.332 5 Routing.h(177) ROUTING Checking policy > Internal for the request ARQ 2572 > > 2010/05/04 23:39:29.332 4 RasTbl.cxx(1697) Alias match for EP > 10.1.1.1:1719 > > 2010/05/04 23:39:29.332 5 Routing.h(183) ROUTING Policy Internal > applied to the request ARQ 2572 > > 2010/05/04 23:39:29.332 2 RasTbl.cxx(3321) CallTable::Insert(CALL) > Call No. 1, total sessions : 1 > > 2010/05/04 23:39:29.332 5 RasTbl.cxx(3087) RAS > > NAT Offload (H460.23/.24) calculation inputs for Call No: 1 > > Rule : Must Proxy Media > > Calling Endpoint: > > Proxy IP: 22.22.22.22 > > Called Endpoint: > > Proxy IP: 10.1.1.1 > > 2010/05/04 23:39:29.332 4 RasTbl.cxx(3092) RAS Disable H.460.24 > Offload as neither party supports it. > > 2010/05/04 23:39:29.332 4 RasSrv.cxx(2744) RAS NAT strategy for Call > No: 1 set to Unknown Strategy > > 2010/05/04 23:39:29.332 2 RasSrv.cxx(394) > ACF|22.22.22.22:1719|5423_endp|16845|222:dialedDigits|224:dialedDigits|false|02-b2-8b-0e-26-8e-19-50-34-48-00-50-60-01-25-4a; > > 2010/05/04 23:39:29.332 3 RasSrv.cxx(236) RAS Send to 22.22.22.22:1719 > > ..... > > 2010/05/04 23:39:39.786 1 ProxyChannel.cxx(4536) H245d Could not > open/connect H.245 socket at 0.0.0.0:31001 - error 12/1073751885: > Connection refused > > 2010/05/04 23:39:39.786 3 ProxyChannel.cxx(4538) H245 10.1.1.1:11025 > DIDN'T ACCEPT THE CALL > > ------------------------------------------------------------------------- > > Few things… Why would NAT strategy be set to “Unknown Strategy”? Also > what does the connection refused for 0.0.0.0 signify? > > Here’s my config: > > [Gatekeeper::Main] > > Fortytwo=42 > > TimeToLive=600 > > ExternalIP=[nated external IP of gnugk] > > ExternalIsDynamic=0 > > [RoutedMode] > > GKRouted=1 > > H245Routed=1 > > CallSignalPort=1720 > > RemoveH245AddressOnTunneling=1 > > DropCallsByReleaseComplete=1 > > SupportNATedEndpoints=1 > > ;SupportCallingNATedEndpoints=1 > > Q931PortRange=30000-30999 > > H245PortRange=31000-31999 > > EnableH46018=1 <----- without this, I got immediate route errors > > NATStdMin=18 > > [Proxy] > > Enable=1 > > T120PortRange=50000-59999 > > RTPPortRange=50000-59999 > > InternalNetwork=[various endpoint vlans behind firewall],127.0.0.0/8 > <----- without the internal vlans, I couldn’t get a call to even start > > [GkStatus::Auth] > > rule=allow > > [RasSrv::RRQFeatures] > > SupportDynamicIP=1 > > Thank you for any hints you have for me…! > > Ken > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------------ > > ------------------------------------------------------------------------ > > _______________________________________________________ > > Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx > Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users > Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users > Homepage: http://www.gnugk.org/ ------------------------------------------------------------------------------ _______________________________________________________ Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users Homepage: http://www.gnugk.org/
