Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [SOLVED]Problem with h323 video-conference

    NAT
    3
    6
    4.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      TheLoneGunman
      last edited by

      Hi guys
      I have a problem with a video-conference device behind PFSense.
      The device is a Aethra X5 and my PFSense version is 2.0.2

      The network configuration is:

      LAN: 192.168.0./24
      DMZ: 172.30.30.0/24
      WAN: 94.XX.YY.ZZ/29
      WAN2: 88.XX.YY.ZZ/29

      Aethra have a static ip on the LAN.
      The customer want video-conference pass through WAN2, buy for this service

      I make a 1:1 NAT with a public IP on the WAN2 and the Aethra's ip. I make two rules that allow all traffic from and to Aethra and Internet, but not works.

      If the device open a connection h323 to a test ip (that I now works…) anything comes... Into the log I got only a packet from Aethra's IP (port 60000 /TCP) and the h323 server's Ip (port 1720/TCP) and no other.

      Anyone help me?

      PS: if I move the NAT over a WAN's Ip anything changes
      PS2: I know that if I put a public IP directly on Aethra and bypass the firewall all works, but is not possible.

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        Seems like you got it mostly right there. The only thing that's required that's missing is putting the public IP into the video conferencing device. H.323 is a NAT-broken protocol, the real IP has to be defined somewhere in the device.

        1 Reply Last reply Reply Quote 0
        • T
          TheLoneGunman
          last edited by

          Thanks, but this solution is not available. The customer want the h323 behind the firewall…

          1 Reply Last reply Reply Quote 0
          • D
            dhatz
            last edited by

            One solution would be to sponsor the addition of a H.323-proxy package for pfsense, as I suggested a some months ago:

            GNU Gatekeeper for H.323 proxy:

            http://www.gnugk.org/h323-proxy.html

            H.323 remains by far the most popular protocol for video conferencing at companies, but unlike -recent- SIP software, H.323 can't deal with NAT thus requiring a proxy / ALG.

            1 Reply Last reply Reply Quote 0
            • C
              cmb
              last edited by

              The scenario I'm describing lets you put the device behind the firewall, you just have to configure somewhere in that device what its real public IP is. There are NAT config options in basically every H.323 device where you tell it what its NATed IP is so it uses that within packets rather than its private IP.

              1 Reply Last reply Reply Quote 0
              • T
                TheLoneGunman
                last edited by

                I resolved this issue!

                There are a problem in the customer's LAN settings. Now it's all ok.

                My working configuration is based on 1:1 NAT between the Aethra and a public IP on the WAN. I also add a rule with all allowed in both directions (this is not a major issue, because the Aethra is normally turned off).

                With this setting the h323 connections works fine

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.