Hi Jack, if you have a NIC without NAT into the private network, you don't need firewall traversal protocols, but you should put your gatekeeper in proxy mode and make sure your iptables rules allow outbound Q.931, RTP and in- and outbound H.245 connections on all ports, not just 1720. If you don't want to open all ports, set Q931, H245 and RTPPortRanges and open those in your iptables rules. Regards, Jan Jack Kolesar wrote: > Let me add some useful info. The problem I keep running into is Q.931 > socket connect errors. This seems to happen with PVX and PacPhone. GnuGk > is running on my Ubuntu box which is also my Asterisk Box, DHCP Server, and > NAT Translator. > > My Setup: > > Soft-Client --> GnuGK (Server with Dual NICs) --> Internet --> Tandberg-C40 > (Office) or other Direct Connected Codecs > > Current Config for GnuGK (But I think I've tried Everything): > > [Gatekeeper::Main] > Fortytwo=42 > Name=GnuGk > > [RoutedMode] > GKRouted=1 > CallSignalPort=1720 > EnableH46017=1 > EnableH46018=1 > > [GkStatus::Auth] > rule=allow > > My Current IP Tables: > > Chain INPUT (policy DROP 0 packets, 0 bytes) > pkts bytes target prot opt in out source > destination > 26 1910 ACCEPT all -- lo * 0.0.0.0/0 > 0.0.0.0/0 > 13746 2801K ACCEPT all -- eth0 * 192.168.1.0/24 > 0.0.0.0/0 > 0 0 REJECT all -- eth1 * 192.168.1.0/24 > 0.0.0.0/0 reject-with icmp-port-unreachable > 0 0 ACCEPT icmp -- eth1 * 0.0.0.0/0 > My-Extern-IP > 695 117K ACCEPT all -- eth1 * 0.0.0.0/0 > My-Extern-IP ctstate RELATED,ESTABLISHED > 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 > 0.0.0.0/0 tcp spt:68 dpt:67 > 0 0 ACCEPT udp -- eth0 * 0.0.0.0/0 > 0.0.0.0/0 udp spt:68 dpt:67 > 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 > 0.0.0.0/0 tcp spt:1720 dpt:1720 > 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 > 0.0.0.0/0 tcp spt:1721 dpt:1721 > 3 180 ACCEPT tcp -- eth1 * 0.0.0.0/0 > My-Extern-IP ctstate NEW,RELATED,ESTABLISHED tcp dpt:443 > 3 164 ACCEPT tcp -- eth1 * 0.0.0.0/0 > My-Extern-IP ctstate NEW,RELATED,ESTABLISHED tcp dpt:22 > 0 0 ACCEPT all -- eth1 * My-SIP-Provider-IP > My-Extern-IP > 0 0 ACCEPT all -- eth1 * My-Office-IP > My-Extern-IP > 1638 504K REJECT all -- * * 0.0.0.0/0 > 0.0.0.0/0 reject-with icmp-port-unreachable > > Chain FORWARD (policy DROP 0 packets, 0 bytes) > pkts bytes target prot opt in out source > destination > 0 0 ACCEPT tcp -- eth1 eth0 0.0.0.0/0 > Misc-Port-Map-IP tcp dpt:1319 ctstate NEW,RELATED,ESTABLISHED > 0 0 ACCEPT tcp -- eth1 eth0 0.0.0.0/0 > Misc-Port-Map-IP-2 tcp dpt:41795 ctstate NEW,RELATED,ESTABLISHED > 771 430K ACCEPT all -- eth1 eth0 0.0.0.0/0 > 0.0.0.0/0 ctstate RELATED,ESTABLISHED > 0 0 ACCEPT all -- eth0 eth0 0.0.0.0/0 > 0.0.0.0/0 > 827 96434 ACCEPT all -- eth0 eth1 0.0.0.0/0 > 0.0.0.0/0 > 0 0 REJECT all -- * * 0.0.0.0/0 > 0.0.0.0/0 reject-with icmp-port-unreachable > > Chain OUTPUT (policy DROP 0 packets, 0 bytes) > pkts bytes target prot opt in out source > destination > 7 476 DROP icmp -- * * 0.0.0.0/0 > 0.0.0.0/0 ctstate INVALID > 26 1910 ACCEPT all -- * lo 0.0.0.0/0 > 0.0.0.0/0 > 0 0 ACCEPT all -- * eth0 My-Extern-IP > 192.168.1.0/24 > 4262 1127K ACCEPT all -- * eth0 192.168.1.6 > 192.168.1.0/24 > 0 0 REJECT all -- * eth1 0.0.0.0/0 > 192.168.1.0/24 reject-with icmp-port-unreachable > 1294 318K ACCEPT all -- * eth1 My-Extern-IP 0.0.0.0/0 > 0 0 ACCEPT tcp -- * eth0 192.168.1.6 > 255.255.255.255 tcp spt:67 dpt:68 > 0 0 ACCEPT udp -- * eth0 192.168.1.6 > 255.255.255.255 udp spt:67 dpt:68 > 78 19898 REJECT all -- * * 0.0.0.0/0 > 0.0.0.0/0 reject-with icmp-port-unreachable > > > > > On Fri, Mar 16, 2012 at 9:44 AM, Jan Willamowius <jan@xxxxxxxxxxxxxx> wrote: > > > Hi Jack, > > > > what you are trying to do should work fine with GnuGk. > > If your only gatekeeper is in the DMZ, your endpoints will probably need > > H.460.18/.19 support. > > > > PVX usually works fine with GnuGk, except for the know IP dialing bug > > and the lack of H.460.18/.19 support. > > > > Regards, > > Jan > > > > -- > > Jan Willamowius, Founder of the GNU Gatekeeper Project > > EMail : jan@xxxxxxxxxxxxxx > > Website: http://www.gnugk.org > > Support: http://www.willamowius.com/gnugk-support.html > > > > Jack Kolesar wrote: > > > Hi, I am just getting started with GnuGk. My GK is currently on the DMZ > > > border between my public WAN and LAN. I would like to have LAN side > > > clients connect to the Gatekeeper and be able to call unregistered public > > > IP devices as well as have unregistered IP devices call internal > > registered > > > clients. Basically, I would like GnuGk to work as a combined Polycom VBP > > > and CMA or Tandber VCS Expressway / Control. Is that possible? I have > > been > > > able to make simple internal calls while registered to the gatekeeper but > > > can't get outside. Additionally, I'm trying to use Polycom PVX but I'm > > > wondering if that will have problems from what I've read. I also have > > > Polycom CMA Desktop but am not sure if that will only work with the CMA > > > server. Can anyone help with a config example or point me in the right > > > direction? Thanks! -- Jan Willamowius, jan@xxxxxxxxxxxxxx, http://www.gnugk.org/ ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure _______________________________________________________ Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users Homepage: http://www.gnugk.org/