Hi Jan,
Ok, I've understood but for now I've no means to set it up like this.
Anyway, just 3 final questions to point me in the right way:
1. the firewall rules (opened ports from the outside) to this GnuGK would
be same ones that the nat.ini describes for port forwarding, correct?
2. the traversal zone should be based on
http://www.gnugk.org/gnugk-manual-10.html#ss10.5?
3. from what configuration example should I base this setup?
Regards,
Joao
On Tue, Jun 25, 2013 at 2:35 PM, Jan Willamowius <[email protected]> wrote:
> Hi,
>
> you need 1 public IP total. On that runs a GnuGk.
>
> You can register all your 7 (?) endpoints to this gatekeeper directly
> if they support H.460.18, or each location has its own gatekeeper that
> forms a traversal zone with the gatekeeper on the public IP.
>
> Jan
>
> Joao Alexandre wrote:
> > Hi Jan,
> >
> > Thank you for your advice, but this really knocks me down.
> >
> > How the hell would we receive calls from outside without port forwarding
> to
> > our GnuGK or directly to one of the endpoints (we don't have enough
> public
> > IPs to expose endpoints or a GK to the Internet)?
> >
> > >From what I've heard from some IT guys with whom we had to talk and test
> > VCs, they were using endpoints directly connected to the Internet and if
> > you can afford that, isn't this a security concern? From what I've seen
> in
> > our SX20 they have a lot of services running and possibly some
> > vulnerabilities.
> >
> > By the way, do you have anymore tips regarding my questions and also
> David
> > comments?
> >
> > Cheers,
> >
> > Joao
> >
> >
> >
> >
> > On Tue, Jun 25, 2013 at 12:37 PM, Jan Willamowius <[email protected]
> >wrote:
> >
> > > Hi,
> > >
> > > I just want to quickly warn anybody to rely on port forwarding for any
> > > production setup.
> > >
> > > Yes, in principle it is possible to configure port forwarding
> > > correctly, but is one of the hardest things you can attempt in H.323
> > > configurations and its one of the most common errors I see supporting
> > > clients. In this day and age where traversal protocols are widely
> > > available there really is no need to try something that hard.
> > >
> > > Use NAT traversal protocols (H.460.18/.19).
> > >
> > > Regards,
> > > Jan
> > >
> > >
> > > Joao Alexandre wrote:
> > > > Hi David,
> > > >
> > > > Thank you very much for your quick response.
> > > >
> > > > > One GK per site enables you to be able to place phone
> > > > > calls within one site, even if the VPN is down.
> > > >
> > > > This makes sense, specially in the cases where the VPN doesn't
> depend on
> > > > Internet access or where we have more than one endpoint.
> > > >
> > > > >The next questions would be, how exactly shall a "NUMBER@IP" be
> > > resolved
> > > > >if one of your external partners calls in, or you're calling out to
> them
> > > > >(i.e. RAS/LRQ or no RAS)? Can you dial IP addresses on your phone?
> Or
> > > > >would you have to adjust your dial-plan to enable outgoing dialling?
> > > >
> > > > By the way, our endpoints are Cisco SX20 and Sony PCG-50 , so we can
> dial
> > > > NUMBER@IP and IP#NUMBER respectively. We've also 1 LifeTime
> Passport.
> > > >
> > > > Where does or doesn't the neighbor feature fits in?
> > > >
> > > > Right now in production we've only one GnuGK(Debian, 3.3), nated with
> > > port
> > > > forwarding, and all the endpoint registered with it. We can dial
> outside
> > > > from any endpoint (most of the time) but receiving calls from the
> outside
> > > > doesn't work most of the time.
> > > >
> > > > I've done some tests with 2 GnuGK (3.3) with neighbor configuration,
> I
> > > > could receive calls (using for test a PC with Polycom PVX) either on
> both
> > > > GK using NUMBER@GatewayIP (wether the endpoints were registered on
> > > anyone
> > > > of the GKs), could dial outside to an IP, but when I tried to dial
> inside
> > > > out to NUMBER@IP it fails saying calledPartyNotRegistered.
> > > >
> > > > >From your comments, I think that the best for us would be 2 GnuGK
> > > (acting
> > > > as gatekeeper and gateway, nated with port forwarding) at our two
> main
> > > > sites, wether they should be configured as neighbors depends on my
> > > ability
> > > > to make them work.
> > > >
> > > > Thanks again.
> > > >
> > > > Regards,
> > > >
> > > > Joao
>
> --
> Jan Willamowius, [email protected], http://www.gnugk.org/
>
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by Windows:
>
> Build for Windows Store.
>
> http://p.sf.net/sfu/windows-dev2dev
> _______________________________________________________
>
> Posting: mailto:[email protected]
> Archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users
> Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users
> Homepage: http://www.gnugk.org/
>
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________________
Posting: mailto:[email protected]
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users
Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users
Homepage: http://www.gnugk.org/
