<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2726.2500" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV>Hello,</DIV>
<DIV> </DIV>
<DIV>I have a NATed network behind a cisco PIX firewall as follows:</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV>client --- SER 1-----PIX (NAT) --------SER 2</DIV>
<DIV> </DIV>
<DIV>The client has a private address 192.168...., and is NATed to a public IP.
Because PIX has a bulit-in SIP-application-gateway, the IP of the client in
message body will be transformed to his public IP by firewall.. However, what
most strange is SER2 doesn't respond to messages from SER1.</DIV>
<DIV> </DIV>
<DIV>--------------</DIV>
<DIV>####################<BR>U 153.96.51.2:5060 -> 153.96.52.2:5060<BR>
INVITE sip:6091@153.96.52.2:5060 SIP/2.0..Record-Route:
<sip:6091574@153.96.51.2;ftag=781a5806-7443-4c67-b8a6-4ae6f9b64bc8;lr=on>..Max-Forwards:
9 .<BR> .Record-Route:
<sip:6091@192.4.3.2;ftag=781a5806-7443-4c67-b8a6-4ae6f9b64bc8;lr=on>..Via:
SIP/2.0/UDP 153.96.51.2;branch=z9hG4bK75cf.a543.0..Via: SI<BR> P/2.0/UDP
192.4.3.2;branch=0..Via: SIP/2.0/UDP 153.96.51.77:9779..From: "xia"
<sip:xia@nd.fhg.de>;tag=781a5806-7443-4c67-b8a6-4ae6f9b64bc8..To:
<s<BR> ip:6091@nd.fhg.de>..Call-ID: <A
href="mailto:9947a08e-d8c5-47ef-90a3-cdd10f3b143c@153.96.51.77..CSeq">9947a08e-d8c5-47ef-90a3-cdd10f3b143c@153.96.51.77..CSeq</A>:
1 INVITE..Contact: <sip:153.96.51.77:9779>..User-Agent: W<BR> indows
RTC/1.0..Content-Type: application/sdp..Content-Length: 457....v=0..o=yang-mobil
0 0 IN IP4 153.96.51.77..s=session..c=IN IP4 153.96.51.77..b=CT<BR>
:1000..t=0 0..m=audio 61052 RTP/AVP 97 111 112 6 0 8 4 5 3 101..a=rtpmap:97
red/8000..a=rtpmap:111 SIREN/16000..a=fmtp:111 bitrate=16000..a=rtpmap:112
G7<BR> 221/16000..a=fmtp:112 bitrate=24000..a=rtpmap:6
DVI4/16000..a=rtpmap:0 PCMU/8000..a=rtpmap:8 PCMA/8000..a=rtpmap:4
G723/8000..a=rtpmap:5 DVI4/8000..a=rtp<BR> map:3 GSM/8000..a=rtpmap:101
telephone-event/8000..a=fmtp:101 0-16..</DIV>
<DIV>----------------------------------------------</DIV>
<DIV> </DIV>
<DIV>(originally the client has an IP 192.168.44.33 and it has been transformed
to 153.96.51.77 by firewall as seen above)</DIV>
<DIV> </DIV>
<DIV>SER2 gets all messages repeatedly from SER1 but does nothing as if it
hadn't seen any messages. (no reply sent, no log written) If I change the client
to another network with not NATed adress, it works fine!</DIV>
<DIV> </DIV>
<DIV>SER1's config:</DIV>
<DIV> </DIV>
<DIV>---------------------------</DIV>
<DIV>...<BR> if
(uri=~"^sip:[0-9]*@.*"){<BR> # PSTN
call after the authorization. Authorization has been done in bolck route[2] and
[3]<BR>
if
(uri=~"^sip:00[0-9]+@.*"){<BR>
sl_send_reply("699", "Sorry, international call not
allowed");<BR>
break;<BR>
};</DIV>
<DIV> </DIV>
<DIV>
log(2, "Forward to ser2
\n");<BR>
rewritehostport("153.96.52.2:5060");<BR>
forward("153.96.51.2");<BR>
break;<BR> };<BR></DIV>
<DIV>...</DIV>
<DIV>-----------------------</DIV>
<DIV> </DIV>
<DIV>And SER2's config:</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV># ----------- global configuration parameters
------------------------</DIV>
<DIV> </DIV>
<DIV>debug=2 # debug level
(cmd line: -dddddddddd)<BR>fork=yes<BR>log_stderror=no # (cmd line: -E)</DIV>
<DIV>check_via=no # (cmd. line:
-v)<BR>dns=no #
(cmd. line: -r)<BR>rev_dns=no # (cmd. line:
-R)<BR>port=5060<BR>children=4<BR>fifo="/tmp/ser_fifo"</DIV>
<DIV> </DIV>
<DIV># ------------------ module loading
----------------------------------</DIV>
<DIV>loadmodule "/usr/local/ser/lib/ser/modules/sl.so"<BR>loadmodule
"/usr/local/ser/lib/ser/modules/tm.so"<BR>loadmodule
"/usr/local/ser/lib/ser/modules/rr.so"<BR>loadmodule
"/usr/local/ser/lib/ser/modules/maxfwd.so"<BR>loadmodule
"/usr/local/ser/lib/ser/modules/usrloc.so"<BR>loadmodule
"/usr/local/ser/lib/ser/modules/registrar.so"<BR>loadmodule
"/usr/local/ser/lib/ser/modules/nathelper.so"<BR>loadmodule
"/usr/local/ser/lib/ser/modules/textops.so"</DIV>
<DIV> </DIV>
<DIV>modparam("rr", "enable_full_lr", 1)</DIV>
<DIV> </DIV>
<DIV># ------------------------- request routing logic
-------------------</DIV>
<DIV> </DIV>
<DIV># main routing logic<BR>route{</DIV>
<DIV> </DIV>
<DIV>sl_send_reply("100","msg received, trying"); ### (not any reply was
sent as msg arrived!)</DIV>
<DIV> </DIV>
<DIV> if
(!mf_process_maxfwd_header("10"))
{<BR>
sl_send_reply("483","too many
hops");<BR>
break;<BR>
};<BR> if (len_gt( max_len ))
{<BR>
sl_send_reply("513", "msg too
big");<BR>
break;<BR> };</DIV>
<DIV> </DIV>
<DIV> record_route();<BR></DIV>
<DIV> loose_route();</DIV>
<DIV> </DIV>
<DIV> if
(search("(c|C)ontact:.*192\.168.*"))
{<BR>
fix_nated_contact();<BR>
if (method=="INVITE")
{<BR>
fix_nated_sdp("2");<BR>
};<BR> };</DIV>
<DIV> </DIV>
<DIV> if (!src_ip==10.20.0.2)
{<BR>
log(3, "Forward to inn.
ser\n");<BR>
forward("10.20.0.2");<BR>
break;<BR> };</DIV>
<DIV> </DIV>
<DIV> # if the request is for other
domain use UsrLoc<BR> if
(!t_relay())
{<BR>
sl_reply_error();<BR> };</DIV>
<DIV> </DIV>
<DIV>}</DIV>
<DIV> </DIV>
<DIV>---------------------------------------------------</DIV>
<DIV> </DIV>
<DIV>Any idea?</DIV>
<DIV> </DIV>
<DIV>Thanks</DIV>
<DIV> </DIV>
<DIV>Yang</DIV>
<DIV> </DIV>
<DIV><BR> </DIV></BODY></HTML>