At this time we're in a similar situation. Although we have a block of public IP's they all have to go through the firewall. Otherwise we would need to purchase more equipment and make more network changes than we need to at this time.
To refresh my memory I did test a few calls tonight with a similar setup. I disabled all port forwarding where endpoint A is, though did ensure the unit was setup in NAT mode. Worked fine for outbound though naturally I needed the forwarding for inbound (B-to-A calls)
The network in this scenario looks like:
Endpoint A (Polycom QDX6000) -- Residential Router -- [[ internet ]] -- corporate firewall -- forward to GNUGK -- Endpoint B
The QDX is set to auto NAT, no fixed ports. H.460 and H.323 compatible are both unchecked.
Endpoint B (polycom hdx 6000) does not have any special NAT setup since it's behind the gatekeeper and firewall. Fixed ports are also left unchecked.
Hope that helps.
On Wed, Jul 1, 2015 at 1:34 AM <Oliver.Pabst@xxxxxx> wrote:
Hi Jan and Robert,------------------------------------------------------------------------------Unfortunately, i do only have one ip on the internet side and this one is taken by the router. The router does forward all these ports to the gatekeeper.
I will try to test your config today.
Thanks so far...
-- op
On 1. Juli 2015 02:14:59 MESZ, openh323gk-users-request@xxxxxxxxxxxxxxxxxxxxx wrote:
Date: Wed, 01 Jul 2015 00:14:36 +0000
From: Robert Edeker <idxman01@xxxxxxxxx>
Subject: Re: gnugk behind router problem
To: GNU Gatekeeper Users <openh323gk-users@xxxxxxxxxxxxxxxxxxxxx>
Message-ID:
<CANVo9ar_LyfreACXvM6Sff_bYg5-eHvU5zjD+MDbSrMJmUZzyw@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset="utf-8"
Hi Oliver,
I agree with Jan as it does add more complexity and moving parts to the
equation. However, this is the route we took in May/June and it's working
well. [so far]
I'm certainly not an expert on h323 or networking, but you may want to try
removing ExternalIP from the config. gnugk cannot bind to a network
adapter with that address which i believe I had issues with as well.
Also, is there anything in front of EndPoint A that would cause issues?
My config is similar, though very minimal for the most part.
Is effectively the below settings, via [ModeSelection] based on IP.
[RoutedMode]
GKRouted=1
CallSignalPort=1720
H245Routed=1
AcceptUnregisteredCalls=1
AcceptNeighborsCalls=1
[RoutingPolicy]
default=explicit,internal,enum,srv,dns,internal,parent,neighbor
[Proxy]
Enable=0
;;;(certain IP's are proxied due to how a neighbor gatekeeper operates,
etc..)
Everything else is for routing prefixes to openmcu, logging and accounting.
Though I will say that I did try quite a few other settings especially with
hardcoding port ranges. Ultimately I did not go this route since the
firewall was smart enough to handle h323 and forward only the required
ports per call. I didn't want a number of blocks sitting out there in the
open being ported in. You may or may not be able to go this route, check
the router.
Only TCP 1720, 1503 and UDP 1719 go in directly. (thinking I can remove
1503 as well)
We may change this down the road and put gnugk to the side of the firewall,
but it probably won't be anytime soon.
**********************
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/_______________________________________________________
Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users
Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users
Homepage: http://www.gnugk.org/
------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/
_______________________________________________________ Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users Homepage: http://www.gnugk.org/
