Re: NAT woes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks, Andrew. That instantly helped. I'm still having some issues but I'm light-years further than I was. Any other settings you or anyone recommend for having the gatekeeper NATed and external endpoints NATed? I still have some issues were I can call one way but not the other. Thanks!

Ken

-----Original Message-----
From: Andrew Herdman [mailto:andrew@xxxxxxxxx] 
Sent: Wednesday, May 05, 2010 6:24 AM
To: GNU Gatekeeper Users
Subject: Re:  NAT woes

Ken;

Try adding this to [Gatekeeper::Main]

Home=IP Address of Ethernet
ExternalIP=IP Address that is NAT to Outside

I've had better luck with things.

As well, not sure about your entire setup, but if you add to [Proxy]

ProxyAlways=1

might help simplify your debugging, as all calls will be proxied. It may 
however cause issues if you have several inside endpoints calling each 
other.

Andrew


Ken Tucker wrote:
>
> Hi all,
>
> I've been banging my head against a wall for several days and after 
> numerous attempts at ini changes and google searches, I figured it was 
> time to come begging for help...
>
> I have a single gnugk system (2.3.1) behind my firewall. It only has 
> one (private IP) interface. It is NATed to the Internet and all the 
> appropriate ports are allowed in. I have endpoints in other VLANs 
> behind the firewall (with full IP access to/from gnugk for now). I 
> also have external endpoints on different networks that are NATed out. 
> Note that ALL endpoints are Tandbergs.
>
> All units register fine, either to the private IP or the NATed IP of 
> gnugk. However, I cannot get a call to connect from external to 
> internal endpoint or vice-versa. If I call from ext to int, it rings, 
> and as soon as the other side connects, the ext shows call 
> cleared/disconnected. Here's a chunk of the logs (using -ttttt) when I 
> call from the external unit to the internal unit (via alias): (all IPs 
> have been changed J )
>
> ------------------------------------------------------------------
>
> 2010/05/04 23:39:29.332 3 RasSrv.cxx(2569) GK ARQ will request 
> bandwith of 10240
>
> 2010/05/04 23:39:29.332 5 Routing.h(177) ROUTING Checking policy 
> Explicit for the request ARQ 2572
>
> 2010/05/04 23:39:29.332 5 Routing.h(177) ROUTING Checking policy 
> Internal for the request ARQ 2572
>
> 2010/05/04 23:39:29.332 4 RasTbl.cxx(1697) Alias match for EP 
> 10.1.1.1:1719
>
> 2010/05/04 23:39:29.332 5 Routing.h(183) ROUTING Policy Internal 
> applied to the request ARQ 2572
>
> 2010/05/04 23:39:29.332 2 RasTbl.cxx(3321) CallTable::Insert(CALL) 
> Call No. 1, total sessions : 1
>
> 2010/05/04 23:39:29.332 5 RasTbl.cxx(3087) RAS
>
> NAT Offload (H460.23/.24) calculation inputs for Call No: 1
>
> Rule : Must Proxy Media
>
> Calling Endpoint:
>
> Proxy IP: 22.22.22.22
>
> Called Endpoint:
>
> Proxy IP: 10.1.1.1
>
> 2010/05/04 23:39:29.332 4 RasTbl.cxx(3092) RAS Disable H.460.24 
> Offload as neither party supports it.
>
> 2010/05/04 23:39:29.332 4 RasSrv.cxx(2744) RAS NAT strategy for Call 
> No: 1 set to Unknown Strategy
>
> 2010/05/04 23:39:29.332 2 RasSrv.cxx(394) 
> ACF|22.22.22.22:1719|5423_endp|16845|222:dialedDigits|224:dialedDigits|false|02-b2-8b-0e-26-8e-19-50-34-48-00-50-60-01-25-4a;
>
> 2010/05/04 23:39:29.332 3 RasSrv.cxx(236) RAS Send to 22.22.22.22:1719
>
> .....
>
> 2010/05/04 23:39:39.786 1 ProxyChannel.cxx(4536) H245d Could not 
> open/connect H.245 socket at 0.0.0.0:31001 - error 12/1073751885: 
> Connection refused
>
> 2010/05/04 23:39:39.786 3 ProxyChannel.cxx(4538) H245 10.1.1.1:11025 
> DIDN'T ACCEPT THE CALL
>
> -------------------------------------------------------------------------
>
> Few things... Why would NAT strategy be set to "Unknown Strategy"? Also 
> what does the connection refused for 0.0.0.0 signify?
>
> Here's my config:
>
> [Gatekeeper::Main]
>
> Fortytwo=42
>
> TimeToLive=600
>
> ExternalIP=[nated external IP of gnugk]
>
> ExternalIsDynamic=0
>
> [RoutedMode]
>
> GKRouted=1
>
> H245Routed=1
>
> CallSignalPort=1720
>
> RemoveH245AddressOnTunneling=1
>
> DropCallsByReleaseComplete=1
>
> SupportNATedEndpoints=1
>
> ;SupportCallingNATedEndpoints=1
>
> Q931PortRange=30000-30999
>
> H245PortRange=31000-31999
>
> EnableH46018=1 <----- without this, I got immediate route errors
>
> NATStdMin=18
>
> [Proxy]
>
> Enable=1
>
> T120PortRange=50000-59999
>
> RTPPortRange=50000-59999
>
> InternalNetwork=[various endpoint vlans behind firewall],127.0.0.0/8 
> <----- without the internal vlans, I couldn't get a call to even start
>
> [GkStatus::Auth]
>
> rule=allow
>
> [RasSrv::RRQFeatures]
>
> SupportDynamicIP=1
>
> Thank you for any hints you have for me...!
>
> Ken
>
> ------------------------------------------------------------------------
>
> ------------------------------------------------------------------------------
>   
> ------------------------------------------------------------------------
>
> _______________________________________________________
>
> Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
> Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users
> Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users
> Homepage: http://www.gnugk.org/


------------------------------------------------------------------------------
_______________________________________________________

Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users
Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users
Homepage: http://www.gnugk.org/

------------------------------------------------------------------------------
_______________________________________________________

Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users
Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users
Homepage: http://www.gnugk.org/

[Index of Archives]     [SIP]     [Open H.323]     [Gnu Gatekeeper]     [Asterisk PBX]     [ISDN Cause Codes]     [Yosemite News]

  Powered by Linux