Seven H.323 devices behind 1 public IP
-
Is this even possible? I have cerated NAT Port Forward rules and everything works if I only have 1 videoconference unit online. If I connect additional devices = sound issues, content sharing issues and so on.
When looking at Firewall Logs, I see that traffic is passed, but it passes traffic to the other H.323 devices too. I have created an Alias with all Cisco/Tandberg units on NAT Port Forward.
I have configured different RTP Port Ranges on Cisco/Tandberg but no luck… I have port forwarded all the ports needed and NAT Mode is ON for all my H.323 devices.
If I NAT 1:1 the second unit on another Virtul IP (public) - it works. But since I have 7 units, I don't have that many public IPs...
Is it possible to have multiple H.323 devices behind 1 public IP? If yes, what am I doing wrong?
-
You need an h.323 proxy which pfsense doesn't have.
-
Well, I seem to have solved this issue.
When I had one Alias containing all the Tandberg/Cisco units and allowing all the port ranges - it got messed up. I thought that the devices + pfSense would solve it on their own = port forward RTP ranges to the specific device having those RTP ports configured..
I have now solved it like this in pfSense:
Unit 1 = 192.168.2.10
Port Range: 2000 - 2200
Public IP: 94.xx.xx.xxxUnit 2 = 192.168.2.11
Port Range: 2400 - 2600
Public IP: 94.xx.xx.xxxAnd so on… It seems to work. Don't know if this will work forever but it seems OK now.
Feedback is always welcomed :)
-
You should be good actually, i misread and didn't see where you had specified the ports on each device.
In that case a proxy is not needed. Its when it's using dynamic port ranges that it has issues.