[Previo por Fecha] [Siguiente por Fecha] [Previo por Hilo] [Siguiente por Hilo]
[Hilos de Discusión] [Fecha] [Tema] [Autor]<html><div style='background-color:'><DIV> <P>Muchas gracias por la ayuda prestada la vez pasada con el forward del puerto por iptables, si me funciono, pero ahora resulta que tengo otro problema, lo que pasa es lo siguiente, resulta que ando tratando de levantar un gateway de voz sobre ip ( MultiVoip MVP210) detras de un iptables que me da un nat a mi red interna, mi servidor se conecta por infinitum y levanta un ppop y me conecto a mi red interna por mi eth0, ruteo lo que es el puerto 1720 que corresponde al del H.323, pero resulta que aunque si me da conexion con mi otro mvp no se oye nada, al andar buscando encontre lo siguiente: </P> <DIV><SPAN style="FONT-SIZE: 12pt; COLOR: red; FONT-FAMILY: Arial; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-size: 20.0pt; mso-ansi-language: ES; mso-fareast-language: ES; mso-bidi-language: AR-SA">H.323 y Programas de Seguridad (Firewalls<SPAN class=670290715-02042003>)</SPAN></SPAN></DIV> <DIV><SPAN style="FONT-SIZE: 12pt; COLOR: red; FONT-FAMILY: Arial; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-size: 20.0pt; mso-ansi-language: ES; mso-fareast-language: ES; mso-bidi-language: AR-SA"><SPAN class=670290715-02042003><SPAN style="FONT-SIZE: 12pt; COLOR: blue; FONT-FAMILY: Arial; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: ES; mso-fareast-language: ES; mso-bidi-language: AR-SA">H.323 no funciona a través de la mayoría de los programas de seguridad (firewalls) o Servidores Proxy (servidor entre una cliente y un servidor real).</SPAN></SPAN></SPAN></DIV> <DIV><SPAN style="FONT-SIZE: 12pt; COLOR: red; FONT-FAMILY: Arial; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-size: 20.0pt; mso-ansi-language: ES; mso-fareast-language: ES; mso-bidi-language: AR-SA"><SPAN class=670290715-02042003><SPAN style="FONT-SIZE: 12pt; COLOR: blue; FONT-FAMILY: Arial; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: ES; mso-fareast-language: ES; mso-bidi-language: AR-SA"><SPAN style="FONT-SIZE: 12pt; COLOR: blue; FONT-FAMILY: Arial; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: ES; mso-fareast-language: ES; mso-bidi-language: AR-SA">Razón:</SPAN></SPAN></SPAN></SPAN></DIV> <DIV><SPAN style="FONT-SIZE: 12pt; COLOR: red; FONT-FAMILY: Arial; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-size: 20.0pt; mso-ansi-language: ES; mso-fareast-language: ES; mso-bidi-language: AR-SA"><SPAN class=670290715-02042003><SPAN style="FONT-SIZE: 12pt; COLOR: blue; FONT-FAMILY: Arial; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: ES; mso-fareast-language: ES; mso-bidi-language: AR-SA"><SPAN style="FONT-SIZE: 12pt; COLOR: blue; FONT-FAMILY: Arial; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: ES; mso-fareast-language: ES; mso-bidi-language: AR-SA"><SPAN style="FONT-SIZE: 12pt; COLOR: blue; FONT-FAMILY: Arial; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-size: 10.0pt; mso-ansi-language: ES; mso-fareast-language: ES; mso-bidi-language: AR-SA">Una llamada H.323 utiliza múltiples puertos dinámicos TCP y UPD por lo que, el programa de seguridad (firewall) no sabe a dónde enrutar los paquetes.</SPAN></SPAN></SPAN>! </SPAN></SPAN></DIV> <DIV><SPAN style="FONT-SIZE: 12pt; COLOR: red; FONT-FAMILY: Arial; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-size: 20.0pt; mso-ansi-language: ES; mso-fareast-language: ES; mso-bidi-language: AR-SA"><SPAN class=670290715-02042003><SPAN style="FONT-SIZE: 12pt; COLOR: blue; FONT-FAMILY: Arial; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: ES; mso-fareast-language: ES; mso-bidi-language: AR-SA"><SPAN style="FONT-SIZE: 12pt; COLOR: blue; FONT-FAMILY: Arial; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: ES; mso-fareast-language: ES; mso-bidi-language: AR-SA"><SPAN style="FONT-SIZE: 12pt; COLOR: blue; FONT-FAMILY: Arial; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-size: 10.0pt; mso-ansi-language: ES; mso-fareast-language: ES; mso-bidi-language: AR-SA"><SPAN style="FONT-SIZE: 12pt; COLOR: blue; FONT-FAMILY: Arial; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: ES; mso-fareast-language: ES; mso-bidi-langu! age: AR-SA">Solución:</SPAN></SPAN></SPAN></SPAN></SPAN></SPAN></DIV> <DIV><SPAN style="FONT-SIZE: 12pt; COLOR: red; FONT-FAMILY: Arial; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-size: 20.0pt; mso-ansi-language: ES; mso-fareast-language: ES; mso-bidi-language: AR-SA"><SPAN class=670290715-02042003><SPAN style="FONT-SIZE: 12pt; COLOR: blue; FONT-FAMILY: Arial; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: ES; mso-fareast-language: ES; mso-bidi-language: AR-SA"><SPAN style="FONT-SIZE: 12pt; COLOR: blue; FONT-FAMILY: Arial; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: ES; mso-fareast-language: ES; mso-bidi-language: AR-SA"><SPAN style="FONT-SIZE: 12pt; COLOR: blue; FONT-FAMILY: Arial; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-size: 10.0pt; mso-ansi-language: ES; mso-fareast-language: ES; mso-bidi-language: AR-SA"><SPAN style="FONT-SIZE: 12pt; COLOR: blue; FONT-FAMILY: Arial; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: ES; mso-fareast-language: ES; mso-bidi-langu! age: AR-SA"><SPAN style="FONT-SIZE: 12pt; COLOR: blue; FONT-FAMILY: Arial; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-size: 10.0pt; mso-ansi-language: ES; mso-fareast-language: ES; mso-bidi-language: AR-SA">Instale los dispositivos H.323 fuera del programa de seguridad o firewall.</SPAN></SPAN></SPAN></SPAN></SPAN></SPAN></SPAN></DIV> <DIV><SPAN style="FONT-SIZE: 12pt; COLOR: red; FONT-FAMILY: Arial; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-size: 20.0pt; mso-ansi-language: ES; mso-fareast-language: ES; mso-bidi-language: AR-SA"><SPAN class=670290715-02042003><SPAN style="FONT-SIZE: 12pt; COLOR: blue; FONT-FAMILY: Arial; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: ES; mso-fareast-language: ES; mso-bidi-language: AR-SA"><SPAN style="FONT-SIZE: 12pt; COLOR: blue; FONT-FAMILY: Arial; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: ES; mso-fareast-language: ES; mso-bidi-language: AR-SA"><SPAN style="FONT-SIZE: 12pt; COLOR: blue; FONT-FAMILY: Arial; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-size: 10.0pt; mso-ansi-language: ES; mso-fareast-language: ES; mso-bidi-language: AR-SA"><SPAN style="FONT-SIZE: 12pt; COLOR: blue; FONT-FAMILY: Arial; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: ES; mso-fareast-language: ES; mso-bidi-langu! age: AR-SA"><SPAN style="FONT-SIZE: 12pt; COLOR: blue; FONT-FAMILY: Arial; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-size: 10.0pt; mso-ansi-language: ES; mso-fareast-language: ES; mso-bidi-language: AR-SA">O <SPAN style="FONT-SIZE: 12pt; COLOR: blue; FONT-FAMILY: Arial; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: ES; mso-fareast-language: ES; mso-bidi-language: AR-SA">puede instalarse dentro del programa de seguridad (firewall) utilizando aquellos que son compatibles con H.323.</SPAN></SPAN></SPAN></SPAN></SPAN></SPAN></SPAN></SPAN></DIV> <P>Despues invenstingando mas encontre lo siguiente:</P> <H3 style="MARGIN: auto 0cm"><SPAN lang=EN-US style="mso-ansi-language: EN-US"><FONT size=3><FONT face="Geneva, Arial, Sans-serif">Resolution 406: How do I get my MultiVOIP to work through a firewall or proxy server?<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p></FONT></FONT></SPAN></H3> <P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US style="mso-ansi-language: EN-US"><FONT face="Geneva, Arial, Sans-serif">The H.323 protocol uses dynamic ports. Current Multi-Tech proxy or firewall products do support H.323 dynamic ports when connecting the voip to the DMZ port. The H323 ports used by the MultiVOIP is as follows :<BR>H.225 listen port = 1720 (TCP). <BR>H.225 client port = Dynamic (16000 - 20000) (TCP). <BR>H.245 listen port = Dynamic (16000 - 20000) (TCP). <BR>H.245 listen port = Dynamic (16000 - 20000) (TCP). <BR>RAS client port = Dynamic (16000 - 20000) (UDP). <BR>RTP port (channel 1) = 5004 (UDP). <BR>RTCP port (channel 1) = 5005 (UDP). <BR>RTP port (channel 2) = 5014 (UDP). <BR>RTCP port (channel 2) = 5015 (UDP). <BR>RTP port (channel 3) = 5024 (UDP). <BR>RTCP port (channel 3) = 5025 (UDP). <BR>RTP port (channel 4 = 5034 (UDP). <BR>RTCP port (channel 4)= 5035 (UDP). <BR>RTP port (channel 5) = 5044 (UDP). <BR>RTCP port (channel 5) = 5045 (UD! P). <BR>RTP port (channel 6) = 5054 (UDP). <BR>RTCP port (channel 6) = 5055 (UDP). <BR>RTP port (channel 7) = 5064 (UDP). <BR>RTCP port (channel 7) = 5065 (UDP). <BR>RTP port (channel 8) = 5074 (UDP). <BR>RTCP port (channel 8)= 5075 (UDP). <BR>Proprietary port for master/slave protocol = 5000 (UDP).<BR><BR>Note: This is not a H323 standard). The Proprietary Protocol uses special UDP ports to pass information, and these ports will need to be added to your firewall or proxy server. <BR><BR>Example protocol and ports required for the MultiVOIP are listed below. <BR>Q.931 signaling, RTP and RTCP are used for call handling. <BR>Ports used: Q.931: Q.931 signaling port Channel 1 = 900 Channel 2 = 902 Channel 3 = 904 Etc. RTP: Channel 1 = 5004 Channel 2 = 5006 Channel 3 = 5008 Etc. RTCP: Channel 1 = 5005 Channel 2 = 5007 Channel 3 = 5009 Etc. <o:p></o:p></FONT></SPAN></P> <P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US style="mso-ansi-language: EN-US"><FONT face="Geneva, Arial, Sans-serif">Affected product(s): MVP400, MVP110, MVP3000, MVP410, MVP810, MVP2410, </FONT>MVP3010, MVP200, MVP2400, MVP800, MVP200A, MVP120, MVP210 <o:p></o:p></SPAN></P> <P>Por lo que se daran cuenta no tengo problema abriendo los puertos pormedio de mi iptables de los puertos indicados, pero en el caso de que usa puerto dinamicos desde el 16000 hasta el 20000 pues esta medio laborudo, mi duda en espesifico es si existe alguna manera de abrir todos los puertos a una ip interna en espesifico o lo que seria mejor si existe algo en iptables que le indique que tengo un dispositivo con protocolo h323 y que enrrute dinamicamente mis puerto conforme los vaya pidiendo, espero me puedan auxiliar, y disculpen el correo tan largo.</P> <P> </P> <P>MarioX </P></DIV></div><br clear=all><hr>Add photos to your e-mail with <a href="http://g.msn.com/8HMCEN/2746";>MSN 8.</a> Get 2 months FREE*.</html> Lista de correo linux en opensource org mx Preguntas linux-owner en opensource org mx http://www.opensource.org.mx/