[Serusers] About NAThelper in iptel.org and ser.cfg

jimmy huang jimmy_huang at uni.com.tw
Wed Apr 28 09:43:25 CEST 2004 

Hi all
I am trying nathelper with rtpproxy to let client behind nat/firewall can make a call ,
I have some questions...

(1)
Client A (kphone 3.14)------------------iptel.org-----------------------------NAT-------------------------Client B (kphone 3.14)
61.217.126.64                                   195.37.77.101                           61.217.xxx.xxx                      77.77.77.17

B call A , and the call has setup , also , both A and B send rtp packet to 195.37.77.101 , and receive in the port which describe in SDP
but both client can't receive any voice ... maybe it's something wrong in client ...
so is anyone have try if this scenario can work ? or iptel.org not support client behind NAT/ firewall ??


(2)
before trying (1) , i have build the environment
Client A (kphone 3.14)-------------SIP server SER + Rtpproxy ---------------------NAT/Firewall-------------------------Client B (kphone 3.14)
private  IP                                               public IP                                                  public  IP                                          private IP

whatever A call B , or B call A , the call can setup , but after forwarding by SER
the SDP didn't modify correctly , all the same as client send 
it should modify to Ser server's ip and port , but it seems not...

i think maybe is my ser.cfg has some mistake
could anyone give some idea where should i add or modify something ?

here is my ser.cfg which refered to (http://www.informatik.uni-bremen.de/~prelle/terena/cookbook/main/ch04s07.html)

regards
jimmy

============================================================================================
#
# $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $
#
# simple quick-start config script
#

# ----------- global configuration parameters ------------------------

#debug=3         # debug level (cmd line: -dddddddddd)
#fork=yes
#log_stderror=no # (cmd line: -E)

#/* Uncomment these lines to enter debugging mode 
debug=7
#fork=no
log_stderror=yes
#*/

check_via=no # (cmd. line: -v)
dns=no           # (cmd. line: -r)
rev_dns=no      # (cmd. line: -R)
#port=5060
#children=4
fifo="/tmp/ser_fifo"

# ------------------ module loading ----------------------------------

# Uncomment this if you want to use SQL database
#loadmodule "/usr/local/lib/ser/modules/mysql.so"

loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
#++++++++++    jimmy added      ++++++++++++++++++
loadmodule "/usr/local/lib/ser/modules/textops.so"
loadmodule "/usr/local/lib/ser/modules/nathelper.so"
#----------------------------------------------------
# Uncomment this if you want digest authentication
# mysql.so must be loaded !
#loadmodule "/usr/local/lib/ser/modules/auth.so"
#loadmodule "/usr/local/lib/ser/modules/auth_db.so"

# ----------------- setting module-specific parameters ---------------

#++++++++++    jimmy added      ++++++++++++++++++
#we will you flag 6 to mark NATed contacts
modparam("registrar","nat_flag",6)
#Enable NAT pinging
modparam("nathelper","natping_interval",3)
#ping only contacts that are known to be behind NAT
modparam("nathelper","ping_nated_only",1)
#----------------------------------------------------

# -- usrloc params --

modparam("usrloc", "db_mode",   0)

# Uncomment this if you want to use SQL database 
# for persistent storage and comment the previous line
#modparam("usrloc", "db_mode", 2)

# -- auth params --
# Uncomment if you are using auth module
#
#modparam("auth_db", "calculate_ha1", yes)
#
# If you set "calculate_ha1" parameter to yes (which true in this config), 
# uncomment also the following parameter)
#
#modparam("auth_db", "password_column", "password")

# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)

# -------------------------  request routing logic -------------------

# main routing logic

route{

#++++++++++    jimmy added      ++++++++++++++++++
 if(nat_uac_test("3"))
 {
  if((method == "REGISTER") || !(search("^Record-Route:")))
  {
   log("LOG:Someone trying to register from private IP, rewriting\n");
  
   fix_nated_contact();
   if(method == "INVITE")
   {
        fix_nated_sdp("3");
   };
   force_rport();
   setflag(6);
  };
 };
#----------------------------------------------------

 # initial sanity checks -- messages with
 # max_forwards==0, or excessively long requests
 if (!mf_process_maxfwd_header("10")) {
  sl_send_reply("483","Too Many Hops");
  break;
 };
 if ( msg:len > max_len ) {
  sl_send_reply("513", "Message too big");
  break;
 };

 # we record-route all messages -- to make sure that
 # subsequent messages will go through our proxy; that's
 # particularly good if upstream and downstream entities
 # use different transport protocol
 record_route(); 
 # loose-route processing
 if (loose_route()) {
  t_relay();
  break;
 };

 # if the request is for other domain use UsrLoc
 # (in case, it does not work, use the following command
 # with proper names and addresses in it)
 if (uri==myself) {

  if (method=="REGISTER") {

# Uncomment this if you want to use digest authentication
#   if (!www_authorize("iptel.org", "subscriber")) {
#    www_challenge("iptel.org", "0");
#    break;
#   };

   save("location");
   break;
  };

  # native SIP destinations are handled using our USRLOC DB
  if (!lookup("location")) {
   sl_send_reply("404", "Not Found");
   break;
  };
 };
 # forward to current uri now; use stateful forwarding; that
 # works reliably even if we forward from TCP to UDP
 if (!t_relay()) {
  sl_reply_error();
 };

}


#++++++++++    jimmy added      +++++++++++++++++++++
route[1]
{
 if(uri=~"[@:](192\.168\.|10\.|172\.16)" && !search("^Route:"))
 {
  sl_send_reply("479","we don't forward to private IP address");
  break;
 };
 if(isflagset(6))
 {
  force_rtp_proxy();
  t_on_reply("1");
  append_hf("P-Behind-NAT: Yes\r\n");
 }
 
 if(!t_relay())
 {
  sl_reply_error();
  break;
 }
}

onreply_route[1]
{
 if(status =~ "(183)|2[0-9][0-9]")
 {
  fix_nated_contact();
  force_rtp_proxy();
 };
}
#----------------------------------------------------

============================================================================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20040428/c359dd67/attachment.htm>

More information about the sr-users mailing list