4. Strange H323 NAT behaviour

Strange H323 NAT behaviour

  • E

    Hello Folks,

    i'm using PfSense for over one year now and have several FWs with pfsense out there which i manage.
    Now i installed a GNUGK for Firewall Traversal H323 Connections through the PF Firewall with PFsense.
    So far everything works, unless i only register one System out of my LAN to my external GK (for testing purposes there is no Firewall infront of the GNUGK and it has a public IP)
    But when i register 2 or more Systems in the same LAN to the IP of the Gatekeeper which obvisiouly works fine, i can't call them internally.
    When i check the registrations on the Gatekeeper i noticed every System out of my LAN ist registered with my outgoing public NAT IP (1.2.3.4). When i do some 1:1 NAT to one System an it gets another public IP (1.2.3.5) and registers with this IP at the GNUGK. Then i can call the Systems internally. So i think i've got here a little Problem with my NATing, cause the H323 Call signaling opens Port 1720 but i think the way back to the other System is blocked or something. I've already added a Pass in/out Rule for the IP of my GNUGK to the PFsense, but this has no effect.
    Can someone point me in the right direction where i should look after?
    I already enabled NAT Reflection (PureNAT) but even this Setting has no effect.

    Thanks in advance
    Edge

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy