le porte UDP che hai aperto e nattato sono: 20831 and 20832 giusto?. Se non ricordo male il reflector non funge da proxy per ragioni di performance, infatti nella estratto della documentazione che ti ho riportato sotto (Using the audio STReflector) è espressamente indicato di installare un altro reflector su un\'altro server...
A spanne credo che il tuo modello di riferimento dovrebbe essere questo:
http://publib.boulder.ibm.com/infocenter/sametime/v8r0/index.jsp?topic=/com.ibm.help.sametime.standard.doc/st_adm_avserv_aboutvoicechat_r.html
Using the audio STReflector
The audio Reflector is a Sametime server application (SA) which serves two purposes: the reflector implements a protocol with a stun-like feature (http://www.faqs.org/rfcs/rfc3489.html) to allow clients to discover their network configuration, and serves as an audio proxy if either of two clients cannot communicate with voice-over-IP because one or both are behind a NAT (symmetrical network address translation) firewall.
By default, the Reflector is installed on the Sametime server as part of the standard Sametime installation. However, the Reflector installed on the server should not be used as a proxy , since installing a proxy on a Sametime server risks performance degradation. This means that, to support symmetric NATs, the administrator has to install the Reflector on a separate machine. See Installing standalone STReflector Server Application.
NAT and IP detection
To enable VoIP to work, the client must be able to detect its own IP address, as seen remotely (such as from the Internet), and whether it is located behind a Symmetric NAT firewall configuration. The Reflector includes stun-like functionality to assist the client in detecting this information. The Reflector is able to receive client query request packets, and replies by sending response packets, which include the client IP, as seen from the server side. The Reflector must be able to handle requests from two different port numbers which enables the detection of a Symmetric NAT).
Installing standalone Reflector SA
To allow the Reflector to support Sametime UIM clients in NAT environments, the administrator can install the Reflector on a separate machine. Intheir own IP addresses and to support symmetrical NAT environments, the administrator installs the Reflector on a separate machine. In case of a multisite community, at least one standalone Reflector is needed per site. Also, at least one Reflector per site should be installed on a dual-IP machine, in order to allow symmetric NAT detection. The machine in which the Reflector is installed must be able to connect to the Sametime server (using a TCP connection on port 1516) and to send UDP packets to that machine from both of the local clients’ machines. It should also have a Java JRE of at least version 1.4.2. The machine environment should be configured to know where the Java JRE resides.
How to install STReflector
Windows instructions:
1. Disable the Sametime server Reflector.
2. Shut down Sametime server and Domino, if running.
3. In Windows “Administration Tools” panel, go to Services
4. Scroll down the list and right-click on the “ST Reflector” service.
5. Click Properties.
6. Stop the service if it is running.
7. Select Disable from Startup Type menu list
8. Click OK.
9. Close Windows Services, and then start the Domino and Sametime servers.
Get the STReflector files–manual steps:
Navigate to your Domino installation folder and copy the following files to the folder where the Reflector will be installed. This machine must have a routable IP address, such "NAT"ed UIM clients can send packets to it through the Internet firewall. This is commonly known as a demilitarized zone (DMZ).
* streflector.exe
* streflectorsa.jar
* sametime.ini
Next, download the Sametime Software Developer\'s Kit (available on the Passport Advantage Online site or at www.ibm.com/developerWorks) and copy the following file to the same folder where the Reflector will be installed: stcommsrvrtk.jar
Allow Access
Port 1516 should be opened for access from the Reflector machine to the Sametime server. Ports 20830-20832 should be opened to the Reflector machine for access from the outside world.
* Make sure the following port numbers on the firewall protecting the Sametime server and clients are open for UDP/TCP:
o 1516
o 20830
o 20831
o 20832
* In the Sametime server sametime.ini, set:
o VPS_TRUSTED_IPS=xx.xx.xx.xx where xx.xx.xx.xx is the IP address of the DMZ machine.
* In the DMZ machine sametime.ini, set
o o VPS_HOST=Fully_Qualified_Domain_Name of the Sametime server
Run
* Start Sametime server.
* Open a command prompt (click Start > Run > cmd > OK).
* In DMZ machine, use the "cd" command to change to the directory with the copied reflector files.
* Type:
java –cp stcommsrvrtk.jar;streflectorsa.jar
com.ibm.collaboration.realtime.multimedia.phonegrid.reflector.Launcher
Note: Do not include any blank spaces around the ";" in the first line above.
|