Ken; Glad things are moving forward. The other questions, we'll need to know more about your environment, the firewall, while things may be open, if it's a state full inspection firewall it may be blocking things anyway, smart is not always better. You also don't mention which way works, and which way does not. Andrew Ken Tucker wrote: > Thanks, Andrew. That instantly helped. I'm still having some issues but I'm light-years further than I was. Any other settings you or anyone recommend for having the gatekeeper NATed and external endpoints NATed? I still have some issues were I can call one way but not the other. Thanks! > > Ken > > -----Original Message----- > From: Andrew Herdman [mailto:andrew@xxxxxxxxx] > Sent: Wednesday, May 05, 2010 6:24 AM > To: GNU Gatekeeper Users > Subject: Re: NAT woes > > Ken; > > Try adding this to [Gatekeeper::Main] > > Home=IP Address of Ethernet > ExternalIP=IP Address that is NAT to Outside > > I've had better luck with things. > > As well, not sure about your entire setup, but if you add to [Proxy] > > ProxyAlways=1 > > might help simplify your debugging, as all calls will be proxied. It may > however cause issues if you have several inside endpoints calling each > other. > > Andrew > > > Ken Tucker wrote: > >> Hi all, >> >> I've been banging my head against a wall for several days and after >> numerous attempts at ini changes and google searches, I figured it was >> time to come begging for help... >> >> I have a single gnugk system (2.3.1) behind my firewall. It only has >> one (private IP) interface. It is NATed to the Internet and all the >> appropriate ports are allowed in. I have endpoints in other VLANs >> behind the firewall (with full IP access to/from gnugk for now). I >> also have external endpoints on different networks that are NATed out. >> Note that ALL endpoints are Tandbergs. >> >> All units register fine, either to the private IP or the NATed IP of >> gnugk. However, I cannot get a call to connect from external to >> internal endpoint or vice-versa. If I call from ext to int, it rings, >> and as soon as the other side connects, the ext shows call >> cleared/disconnected. Here's a chunk of the logs (using -ttttt) when I >> call from the external unit to the internal unit (via alias): (all IPs >> have been changed J ) >> >> ------------------------------------------------------------------ >> >> 2010/05/04 23:39:29.332 3 RasSrv.cxx(2569) GK ARQ will request >> bandwith of 10240 >> >> 2010/05/04 23:39:29.332 5 Routing.h(177) ROUTING Checking policy >> Explicit for the request ARQ 2572 >> >> 2010/05/04 23:39:29.332 5 Routing.h(177) ROUTING Checking policy >> Internal for the request ARQ 2572 >> >> 2010/05/04 23:39:29.332 4 RasTbl.cxx(1697) Alias match for EP >> 10.1.1.1:1719 >> >> 2010/05/04 23:39:29.332 5 Routing.h(183) ROUTING Policy Internal >> applied to the request ARQ 2572 >> >> 2010/05/04 23:39:29.332 2 RasTbl.cxx(3321) CallTable::Insert(CALL) >> Call No. 1, total sessions : 1 >> >> 2010/05/04 23:39:29.332 5 RasTbl.cxx(3087) RAS >> >> NAT Offload (H460.23/.24) calculation inputs for Call No: 1 >> >> Rule : Must Proxy Media >> >> Calling Endpoint: >> >> Proxy IP: 22.22.22.22 >> >> Called Endpoint: >> >> Proxy IP: 10.1.1.1 >> >> 2010/05/04 23:39:29.332 4 RasTbl.cxx(3092) RAS Disable H.460.24 >> Offload as neither party supports it. >> >> 2010/05/04 23:39:29.332 4 RasSrv.cxx(2744) RAS NAT strategy for Call >> No: 1 set to Unknown Strategy >> >> 2010/05/04 23:39:29.332 2 RasSrv.cxx(394) >> ACF|22.22.22.22:1719|5423_endp|16845|222:dialedDigits|224:dialedDigits|false|02-b2-8b-0e-26-8e-19-50-34-48-00-50-60-01-25-4a; >> >> 2010/05/04 23:39:29.332 3 RasSrv.cxx(236) RAS Send to 22.22.22.22:1719 >> >> ..... >> >> 2010/05/04 23:39:39.786 1 ProxyChannel.cxx(4536) H245d Could not >> open/connect H.245 socket at 0.0.0.0:31001 - error 12/1073751885: >> Connection refused >> >> 2010/05/04 23:39:39.786 3 ProxyChannel.cxx(4538) H245 10.1.1.1:11025 >> DIDN'T ACCEPT THE CALL >> >> ------------------------------------------------------------------------- >> >> Few things... Why would NAT strategy be set to "Unknown Strategy"? Also >> what does the connection refused for 0.0.0.0 signify? >> >> Here's my config: >> >> [Gatekeeper::Main] >> >> Fortytwo=42 >> >> TimeToLive=600 >> >> ExternalIP=[nated external IP of gnugk] >> >> ExternalIsDynamic=0 >> >> [RoutedMode] >> >> GKRouted=1 >> >> H245Routed=1 >> >> CallSignalPort=1720 >> >> RemoveH245AddressOnTunneling=1 >> >> DropCallsByReleaseComplete=1 >> >> SupportNATedEndpoints=1 >> >> ;SupportCallingNATedEndpoints=1 >> >> Q931PortRange=30000-30999 >> >> H245PortRange=31000-31999 >> >> EnableH46018=1 <----- without this, I got immediate route errors >> >> NATStdMin=18 >> >> [Proxy] >> >> Enable=1 >> >> T120PortRange=50000-59999 >> >> RTPPortRange=50000-59999 >> >> InternalNetwork=[various endpoint vlans behind firewall],127.0.0.0/8 >> <----- without the internal vlans, I couldn't get a call to even start >> >> [GkStatus::Auth] >> >> rule=allow >> >> [RasSrv::RRQFeatures] >> >> SupportDynamicIP=1 >> >> Thank you for any hints you have for me...! >> >> Ken >> >> ------------------------------------------------------------------------ >> >> ------------------------------------------------------------------------------ >> >> ------------------------------------------------------------------------ >> >> _______________________________________________________ >> >> Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx >> Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users >> Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users >> Homepage: http://www.gnugk.org/ >> > > > ------------------------------------------------------------------------------ > _______________________________________________________ > > Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx > Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users > Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users > Homepage: http://www.gnugk.org/ > > ------------------------------------------------------------------------------ > _______________________________________________________ > > Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx > Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users > Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users > Homepage: http://www.gnugk.org/ > ------------------------------------------------------------------------------ _______________________________________________________ Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users Homepage: http://www.gnugk.org/
