[Serusers] UA's behind the same NAT

Atle Samuelsen clona at cyberhouse.no
Thu Nov 10 11:03:03 CET 2005 

Hi Greger, 

I see your idea, nd I like it :-)

-A

* Greger V. Teigre <greger at teigre.com> [051110 08:36]:
> Atle,
> Thanks for pointing this out, I was exhausted ;-) after my long email.  We 
> have received requests for this feature at onsip.org a few times. The 
> reason why we haven't added it is exactly the issue you point out.  We have 
> at one point talked about adding an Appendix to the Getting Started 
> document called "Suggestions for additions and changes to your ser.cfg"  
> where things like this can be documented separately. People can then add 
> the feature to their configs themselves if they like.
> g-)
> 
> ----- Original Message ----- 
> From: "Atle Samuelsen" <clona at cyberhouse.no>
> To: "Greger V. Teigre" <greger at teigre.com>
> Cc: "Noel Sharpe" <noels at radnetwork.co.uk>; "'SER Users'" 
> <serusers at lists.iptel.org>
> Sent: Thursday, November 10, 2005 8:19 AM
> Subject: Re: [Serusers] UA's behind the same NAT
> 
> 
> >
> >Hi Noel,
> >
> >Just a tought,
> >(dont know if your users does this, but just to lighten the aera)
> >
> >what happens if there is a double NAT here, and you say, that users
> >behind the same nat (atleast with the logic G wrote) they would have the
> >same source-ip and the same ruri ip, but would'nt be on the same
> >physical lan..
> >
> >
> >see setup :
> >         B  C
> >         NAT-->UA2
> >    A    /
> >ser - NAT
> >        \
> >        NAT -->UA1
> >        D  E
> >
> >A= Public IP
> >B= NAT1's public IP
> >C= NAT1's Local Subnet
> >D= NAT2's public ip
> >E= NAT2's Local subnet
> >
> >The from would look like:
> >(ua2)
> >from:blabla<sip:UA2 at C>
> >(UA1)
> >from:blublu<sip:UA1 at E>
> >
> >e.request-uri would be :
> >(UA2)
> >sip:ua2 at A
> >(UA1)
> >sip:ua1 at a
> >
> >SourceIP for both request's would be A, So, you cant really (by this)
> >know if UA1 and UA2 is behind the same nat, esesially if there is a
> >double, or triple or so...
> >
> >-Atle
> >
> >
> >* Greger V. Teigre <greger at teigre.com> [051110 07:50]:
> >>Noel,
> >>If you send the config showing how you do it, it will be easier to 
> >>comment.
> >>:-)
> >>
> >>In general, what you should do is this:
> >>- Starting from onsip.org configs, there are three locations you need to
> >>change: route[4] NAT Traversal, loose route handling and onreply
> >>- I suggest creating a new route block where you test the src_ip of the
> >>message against the looked up location of ruri/domain, i.e. this only 
> >>works
> >>after a successful lookup("location") has been done. This should be the
> >>(untested) code snippet:
> >>avp_write("$ruri/domain", "i:624");
> >>if (avp_check("i:624","eq/$src_ip")) {
> >> setflag(SAME_NAT);
> >>}
> >>(NOTE: I'm not sure about how avp_write will handle $ruri/domain as :port
> >>is at the end of the domain for ruri after a lookup. You should probably
> >>turn on debugging and use avp_print)
> >>- Then run the test from the NAT traversal route, as well as the loose
> >>route (not in onreply) and check for the flag before doing 
> >>force_rtp_proxy
> >>- In onreply add && !isflagset(SAME_NAT) to the NAT if test
> >>
> >>No guarantees... This has not been tested.  However, if you can report 
> >>that
> >>it works (or whatever was wrong), I will submit the code piece as a
> >>suggestion for the ONsip.org Getting Started document.
> >>g-)
> >>
> >>
> >>----- Original Message ----- 
> >>From: "Noel Sharpe" <noels at radnetwork.co.uk>
> >>To: "'SER Users'" <serusers at lists.iptel.org>
> >>Sent: Wednesday, November 09, 2005 9:15 PM
> >>Subject: [Serusers] UA's behind the same NAT
> >>
> >>
> >>>Hi All
> >>>
> >>>I am trying to improve my proxy setup to force clients behind the same 
> >>>NAT
> >>>device to connect each other directly.  My setup is fairly complex,
> >>>(rtpproxy / NAT Helper, PSTN gateways,  different peers etc)  but it's
> >>>loosely based on the OnSip.org setup.
> >>>The current config works correctly for all clients, whether behind a NAT
> >>>or not, but I'd prefer not to have to use RTP proxy to allow UA's on the
> >>>same nat to contact each other.  I've seen the document from the AVPops
> >>>module, but I can't get the example to work.  I think the problem is 
> >>>WHERE
> >>>I put the avpops config.  As this works on FWD, I think it's possible.
> >>>Has anyone got this working?
> >>>
> >>>Noel
> >>>
> >>>
> >>>_______________________________________________
> >>>Serusers mailing list
> >>>serusers at lists.iptel.org
> >>>http://lists.iptel.org/mailman/listinfo/serusers
> >>>
> >>
> >>_______________________________________________
> >>Serusers mailing list
> >>serusers at lists.iptel.org
> >>http://lists.iptel.org/mailman/listinfo/serusers
> >>
> >
> >
> 
>

More information about the sr-users mailing list