Hi Jan,
Ok, I've understood but for now I've no means to set it up like this.
Anyway, just 3 final questions to point me in the right way:
1. the firewall rules (opened ports from the outside) to this GnuGK would be same ones that the nat.ini describes for port forwarding, correct?
2. the traversal zone should be based on http://www.gnugk.org/gnugk-manual-10.html#ss10.5?
3. from what configuration example should I base this setup?
Regards,
Joao
On Tue, Jun 25, 2013 at 2:35 PM, Jan Willamowius <jan@xxxxxxxxxxxxxx> wrote:
Hi,
you need 1 public IP total. On that runs a GnuGk.
You can register all your 7 (?) endpoints to this gatekeeper directly
if they support H.460.18, or each location has its own gatekeeper that
forms a traversal zone with the gatekeeper on the public IP.
Jan
Joao Alexandre wrote:
> Hi Jan,
>
> Thank you for your advice, but this really knocks me down.
>
> How the hell would we receive calls from outside without port forwarding to
> our GnuGK or directly to one of the endpoints (we don't have enough public
> IPs to expose endpoints or a GK to the Internet)?
>
> >From what I've heard from some IT guys with whom we had to talk and test
> VCs, they were using endpoints directly connected to the Internet and if
> you can afford that, isn't this a security concern? From what I've seen in
> our SX20 they have a lot of services running and possibly some
> vulnerabilities.
>
> By the way, do you have anymore tips regarding my questions and also David
> comments?
>
> Cheers,
>
> Joao
>
>
>
>
> On Tue, Jun 25, 2013 at 12:37 PM, Jan Willamowius <jan@xxxxxxxxxxxxxx>wrote:
>
> > Hi,
> >
> > I just want to quickly warn anybody to rely on port forwarding for any
> > production setup.
> >
> > Yes, in principle it is possible to configure port forwarding
> > correctly, but is one of the hardest things you can attempt in H.323
> > configurations and its one of the most common errors I see supporting
> > clients. In this day and age where traversal protocols are widely
> > available there really is no need to try something that hard.
> >
> > Use NAT traversal protocols (H.460.18/.19).
> >
> > Regards,
> > Jan
> >
> >
> > Joao Alexandre wrote:
> > > Hi David,
> > >
> > > Thank you very much for your quick response.
> > >
> > > > One GK per site enables you to be able to place phone
> > > > calls within one site, even if the VPN is down.
> > >
> > > This makes sense, specially in the cases where the VPN doesn't depend on
> > > Internet access or where we have more than one endpoint.
> > >
> > > >The next questions would be, how exactly shall a "NUMBER@IP" be
> > resolved
> > > >if one of your external partners calls in, or you're calling out to them
> > > >(i.e. RAS/LRQ or no RAS)? Can you dial IP addresses on your phone? Or
> > > >would you have to adjust your dial-plan to enable outgoing dialling?
> > >
> > > By the way, our endpoints are Cisco SX20 and Sony PCG-50 , so we can dial
> > > NUMBER@IP and IP#NUMBER respectively. We've also 1 LifeTime Passport.
> > >
> > > Where does or doesn't the neighbor feature fits in?
> > >
> > > Right now in production we've only one GnuGK(Debian, 3.3), nated with
> > port
> > > forwarding, and all the endpoint registered with it. We can dial outside
> > > from any endpoint (most of the time) but receiving calls from the outside
> > > doesn't work most of the time.
> > >
> > > I've done some tests with 2 GnuGK (3.3) with neighbor configuration, I
> > > could receive calls (using for test a PC with Polycom PVX) either on both
> > > GK using NUMBER@GatewayIP (wether the endpoints were registered on
> > anyone
> > > of the GKs), could dial outside to an IP, but when I tried to dial inside
> > > out to NUMBER@IP it fails saying calledPartyNotRegistered.
> > >
> > > >From your comments, I think that the best for us would be 2 GnuGK
> > (acting
> > > as gatekeeper and gateway, nated with port forwarding) at our two main
> > > sites, wether they should be configured as neighbors depends on my
> > ability
> > > to make them work.
> > >
> > > Thanks again.
> > >
> > > Regards,
> > >
> > > Joao
--
Jan Willamowius, jan@xxxxxxxxxxxxxx, http://www.gnugk.org/
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________________
Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users
Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users
Homepage: http://www.gnugk.org/
------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev
_______________________________________________________ Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users Homepage: http://www.gnugk.org/
