Hello, On Sat, 24 Jul 2021, Akshat Kakkar wrote: > I have 2 vc endpoints VC1 (Make:Panasonic, IP:10.1.1.11), > VC2(make:Polycom,IP: 10.1.1.12) and 1 MCU (172.16.1.100). > > There is a Linux firewall between VCs and MCU. > > There is one to one nat configured for these 2 VCs (10.1.1.11 <--> > 172.16.1.110, 10.1.1.12 <--> 172.16.1.120) > There is no natting for MCU IP as it is routable. > > nf_nat_h323 and nf_conntrack_h323 module is enabled in the firewall. > > When VC1 and VC2 initiate call to MCU, everything works fine. Video > call is successful for both VC1 and VC2. h245 IP address for tcp in > h225: CS connect packet is correctly replaced by the natted IP. > > However, when there is a dial out from MCU to VCs (i.e. MCU initiate > call to the natted IP (i.e. 172.16.1.110 and 172.16.1.120 of VCs), > natting works fine but h245 IP address for tcp in h225:CS is replaced > correctly only for VC2 and not for VC1. For VC1, it is still its > actual IP (i.e. 10.1.1.12 and not 172.16.1.120). > > Because of this, video call is successful only with VC2 and not with > VC1, when initiated from MCU. I tried with another panasonic VC > hardware, there was no change. > > Further packet dump analysis showed that for VC1, there are 3 h225 > packets (setup, call proceeding and alert) before Connect message but > for VC2 there are only 2 h225 packets (setup and alert) before connect > message. > > Is there a bug in nf_nat_h323 module or am I missing something? It can be a bug/incompatibility with the H.323 implementation in the Panasonic device. However, first I'd make sure the MCU does not use hostname for VC1 instead of its IP address. Hostnames in the calls are not supported. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxx PGP key : https://wigner.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics H-1525 Budapest 114, POB. 49, Hungary
