Hi Jan, the firewall is port-forwarding 50000-59999/udp to the gatekeeper. Which Firewall traversal do you mean? Thanks for the hint after ReleaseComplete. Am 01.07.15 11:35 schrieb "Jan Willamowius" unter <jan@xxxxxxxxxxxxxx>: >Hi, > >the RTP errors mean your firewall traversal isn't working and GnuGk >has trouble sending RTP. The last number in those lines is the Linux >errno. > >You can ignore the errors after the ReleaseComplete. > >Regards, >Jan > >-- >Jan Willamowius, Founder of the GNU Gatekeeper Project >EMail : jan@xxxxxxxxxxxxxx >Website: http://www.gnugk.org >Support: http://www.willamowius.com/gnugk-support.html > >Relaxed Communications GmbH >Frahmredder 91 >22393 Hamburg >Geschäftsführer: Jan Willamowius >HRB 125261 (Amtsgericht Hamburg) >USt-IdNr: DE286003584 > > >Oliver.Pabst@xxxxxx wrote: >> Hi together, >> >> I have difficulties to interpret these lines: >> >> >> 2015/07/01 10:31:29.002 3 ProxyChannel.cxx(7992) H245 Connected from >>109.44.3.126:21059 on 192.168.178.155:41002 >> >> 2015/07/01 10:31:29.003 3 ProxyChannel.cxx(8025) H245 Connect to >>192.168.178.166:5678 from 192.168.178.155:41003 successful >> >> 2015/07/01 10:31:29.545 3 ProxyChannel.cxx(11674) Received Input: >> >> 2015/07/01 10:31:31.347 3 ProxyChannel.cxx(9804) RTP >>10.177.52.56:3232<=>0.0.0.0:50010<=>192.168.178.166:2424 Error(0): >>Input/output error (12:113) >> >> 2015/07/01 10:31:32.364 3 ProxyChannel.cxx(9804) RTP >>10.177.52.56:3232<=>0.0.0.0:50010<=>192.168.178.166:2424 Error(0): >>Input/output error (12:113) >> >> 2015/07/01 10:31:32.870 3 ProxyChannel.cxx(9804) RTP >>10.177.52.56:3230<=>0.0.0.0:50008<=>192.168.178.166:2422 Error(0): >>Input/output error (12:113) >> >> 2015/07/01 10:31:33.284 3 ProxyChannel.cxx(1723) Q931s Received: >>ReleaseComplete CRV=24315 from 109.44.3.126:1578 >> >> 2015/07/01 10:31:33.285 1 RasTbl.cxx(5111) CDR|2|90 5e ac 7d 64 >>00 00 1f 13 32 83 00 39 7e df 2d|5|Wed, 01 Jul 2015 10:31:28 +02:00|Wed, >>01 Jul 2015 10:31:33 +02:00|109.44.3.126:1578| >>|192.168.178.166:1720|5530_endp|101:url_ID||OpenH323GK; >> >> >> 2015/07/01 10:31:33.285 2 gkacct.cxx(964) GKACCT Successfully >>logged event 2 for call no. 2 >> >> 2015/07/01 10:31:33.289 3 yasocket.cxx(789) ProxyRTP(0) Select read >>error: 10 >> >> 2015/07/01 10:31:33.296 3 yasocket.cxx(789) ProxyRTP(0) Select read >>error: 10 >> >> 2015/07/01 10:31:33.296 3 yasocket.cxx(789) ProxyRTP(0) Select read >>error: 10 >> >> 2015/07/01 10:31:33.297 3 yasocket.cxx(789) ProxyRTP(0) Select read >>error: 10 >> >> 2015/07/01 10:31:33.620 2 RasSrv.cxx(174) RAS Read from >>192.168.178.166:1719 >> >> >> What is the meaning gf the errors on ProxyChannel.cxx RTP with >>input/output and then on yasocket.cxx with Select read error: 10 ? >> >> Von: Robert Edeker <idxman01@xxxxxxxxx<mailto:idxman01@xxxxxxxxx>> >> Antworten an: GNU Gatekeeper Users >><openh323gk-users@xxxxxxxxxxxxxxxxxxxxx<mailto:openh323gk-users@xxxxxxxxx >>rceforge.net>> >> Datum: Mittwoch, 1. Juli 2015 09:25 >> An: GNU Gatekeeper Users >><openh323gk-users@xxxxxxxxxxxxxxxxxxxxx<mailto:openh323gk-users@xxxxxxxxx >>rceforge.net>> >> Betreff: Re: Subject: Re: gnugk behind router problem >> >> >> At this time we're in a similar situation. Although we have a block of >>public IP's they all have to go through the firewall. Otherwise we >>would need to purchase more equipment and make more network changes than >>we need to at this time. >> >> To refresh my memory I did test a few calls tonight with a similar >>setup. I disabled all port forwarding where endpoint A is, though did >>ensure the unit was setup in NAT mode. Worked fine for outbound though >>naturally I needed the forwarding for inbound (B-to-A calls) >> >> The network in this scenario looks like: >> >> Endpoint A (Polycom QDX6000) -- Residential Router -- [[ internet ]] -- >>corporate firewall -- forward to GNUGK -- Endpoint B >> >> The QDX is set to auto NAT, no fixed ports. H.460 and H.323 compatible >>are both unchecked. >> >> Endpoint B (polycom hdx 6000) does not have any special NAT setup since >>it's behind the gatekeeper and firewall. Fixed ports are also left >>unchecked. >> >> Hope that helps. >> >> >> On Wed, Jul 1, 2015 at 1:34 AM >><Oliver.Pabst@xxxxxx<mailto:Oliver.Pabst@xxxxxx>> wrote: >> Hi Jan and Robert, >> >> Unfortunately, i do only have one ip on the internet side and this one >>is taken by the router. The router does forward all these ports to the >>gatekeeper. >> >> I will try to test your config today. >> >> Thanks so far... >> >> -- op >> >> >> >> >> On 1. Juli 2015 02:14:59 MESZ, >>openh323gk-users-request@xxxxxxxxxxxxxxxxxxxxx<mailto:openh323gk-users-re >>quest@xxxxxxxxxxxxxxxxxxxxx> wrote: >> >> Date: Wed, 01 Jul 2015 00:14:36 +0000 >> From: Robert Edeker <idxman01@xxxxxxxxx<mailto:idxman01@xxxxxxxxx>> >> Subject: Re: gnugk behind router problem >> To: GNU Gatekeeper Users >><openh323gk-users@xxxxxxxxxxxxxxxxxxxxx<mailto:openh323gk-users@xxxxxxxxx >>rceforge.net>> >> Message-ID: >> >><CANVo9ar_LyfreACXvM6Sff_bYg5-eHvU5zjD+MDbSrMJmUZzyw@xxxxxxxxxxxxxx<mailt >>o:CANVo9ar_LyfreACXvM6Sff_bYg5-eHvU5zjD%2BMDbSrMJmUZzyw@xxxxxxxxxxxxxx>> >> Content-Type: text/plain; charset="utf-8" >> >> Hi Oliver, >> >> I agree with Jan as it does add more complexity and moving parts to the >> equation. However, this is the route we took in May/June and it's >>working >> well. [so far] >> >> I'm certainly not an expert on h323 or networking, but you may want to >>try >> removing ExternalIP from the config. gnugk cannot bind to a network >> adapter with that address which i believe I had issues with as well. >> >> Also, is there anything in front of EndPoint A that would cause issues? >> >> My config is similar, though very minimal for the most part. >> >> Is effectively the below settings, via [ModeSelection] based on IP. >> >> [RoutedMode] >> GKRouted=1 >> CallSignalPort=1720 >> H245Routed=1 >> AcceptUnregisteredCalls=1 >> AcceptNeighborsCalls=1 >> >> [RoutingPolicy] >> default=explicit,internal,enum,srv,dns,internal,parent,neighbor >> >> [Proxy] >> Enable=0 >> >> ;;;(certain IP's are proxied due to how a neighbor gatekeeper operates, >> etc..) >> >> Everything else is for routing prefixes to openmcu, logging and >>accounting. >> >> Though I will say that I did try quite a few other settings especially >>with >> hardcoding port ranges. Ultimately I did not go this route since the >> firewall was smart enough to handle h323 and forward only the required >> ports per call. I didn't want a number of blocks sitting out there in >>the >> open being ported in. You may or may not be able to go this route, >>check >> the router. >> >> Only TCP 1720, 1503 and UDP 1719 go in directly. (thinking I can remove >> 1503 as well) >> >> We may change this down the road and put gnugk to the side of the >>firewall, >> but it probably won't be anytime soon. >> > >-------------------------------------------------------------------------- >---- >Don't Limit Your Business. Reach for the Cloud. >GigeNET's Cloud Solutions provide you with the tools and support that >you need to offload your IT needs and focus on growing your business. >Configured For All Businesses. Start Your Cloud Today. >https://www.gigenetcloud.com/ >_______________________________________________________ > >Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx >Archive: >http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users >Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users >Homepage: http://www.gnugk.org/ ------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ _______________________________________________________ Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users Homepage: http://www.gnugk.org/
