H.323 with private ip addresses – D-Link DFL-2500 User Manual
Page 159
Example 6.5. H.323 with private IP addresses
In this scenario a H.323 phone is connected to the D-Link Firewall on a network with private IP addresses. To
make it possible to place a call from this phone to another H.323 phone on the Internet, and to allow H.323
phones on the Internet to call this phone, we need to configure rules. The following rules need to be added to the
rule set, make sure there are no rules disallowing or allowing the same kind of ports/traffic before these rules. As
we are using private IPs on the phone incoming traffic need to be SATed as in the example below. The object
ip-phone below should be the internal IP of the H.323 phone.
Web Interface
Outgoing Rule:
1.
Go to Rules > IP Rules > Add > IPRule
2.
Now enter:
•
Name: H323Out
•
Action: NAT
•
Service: H323
•
Source Interface: lan
•
Destination Interface: any
•
Source Network: lannet
•
Destination Network: 0.0.0.0/0 (all-nets)
•
Comment: Allow outgoing calls
3.
Click OK
Incoming Rules:
1.
Go to Rules > IP Rules > Add > IPRule
2.
Now enter:
•
Name: H323In
•
Action: SAT
•
Service: H323
•
Source Interface: any
•
Destination Interface: core
•
Source Network: 0.0.0.0/0 (all-nets)
•
Destination Network: wan_ip (external IP of the firewall)
•
Comment: Allow incoming calls to H.323 phone at ip-phone
3.
For SAT enter Translate Destination IP Address: To New IP Address: ip-phone (IP address of phone).
4.
Click OK
1.
Go to Rules > IP Rules > Add > IPRule
2.
Now enter:
•
Name: H323In
•
Action: Allow
•
Service: H323
•
Source Interface: any
6.2.8. H.323
Chapter 6. Security Mechanisms
159