<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=ISO-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.6944.0">
<TITLE>problem with NAT and mhomd SER and RTP proxy</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->
<P><FONT SIZE=2>the problem is that only one side is heard during the conversation.<BR>
Now viewing the capture of SIP session i can see that the NATed client's SDP and Contact header were changed correctly<BR>
but still the RTP proxy is listening for data from 192.168.10.14 instead of data from the NAT ip.<BR>
attached the output of RTP proxy during debug mode the ser.cfg file please help!!!<BR>
<BR>
RTP proxy was started with the command:<BR>
rtpproxy -2f -l 192.168.10.62/80.178.94.82<BR>
<BR>
RTP proxy Output:<BR>
<BR>
rtpproxy: rtpproxy started, pid 23524<BR>
rtpproxy: new session 227142944229442YbiJ-400--500@192.168.10.14, tag 1c-2023537854 requested<BR>
rtpproxy: new session on a port 64900 created, tag 1c-2023537854<BR>
rtpproxy: pre-filling caller's address with 192.168.10.14:8000<BR>
*Remark client 192.168.10.14 is behind a NAT<BR>
rtpproxy: lookup on a ports 64900/64900, session timer restarted<BR>
rtpproxy: pre-filling callee's address with 192.168.10.12:8000<BR>
rtpproxy: session timeout<BR>
rtpproxy: RTP stats: 330 in from callee, 0 in from caller, 330 relayed, 0 dropped<BR>
rtpproxy: RTCP stats: 2 in from callee, 0 in from caller, 2 relayed, 0 dropped<BR>
rtpproxy: session on ports 64900/64900 is cleaned up<BR>
<BR>
SER.cfg :<BR>
<BR>
#<BR>
#<BR>
#<BR>
<BR>
# ----------- global configuration parameters ------------------------<BR>
<BR>
/*<BR>
debug=3 # debug level (cmd line: -dddddddddd)<BR>
fork=yes<BR>
log_stderror=no # (cmd line: -E)<BR>
*/<BR>
<BR>
#Uncomment these lines to enter debugging mode<BR>
/*debug=7<BR>
fork=yes<BR>
log_stderror=yes<BR>
*/<BR>
<BR>
check_via=no # (cmd. line: -v)<BR>
dns=no # (cmd. line: -r)<BR>
rev_dns=no # (cmd. line: -R)<BR>
#port=5060<BR>
#children=4<BR>
fifo="/tmp/ser_fifo"<BR>
<BR>
listen=192.168.10.62<BR>
listen=80.178.94.82<BR>
mhomed=yes<BR>
<BR>
# ------------------ module loading ----------------------------------<BR>
<BR>
# Uncomment this if you want to use SQL database<BR>
loadmodule "/lib/ser/modules/mysql.so"<BR>
<BR>
loadmodule "/lib/ser/modules/sl.so"<BR>
loadmodule "/lib/ser/modules/tm.so"<BR>
loadmodule "/lib/ser/modules/rr.so"<BR>
loadmodule "/lib/ser/modules/maxfwd.so"<BR>
loadmodule "/lib/ser/modules/usrloc.so"<BR>
loadmodule "/lib/ser/modules/registrar.so"<BR>
loadmodule "/lib/ser/modules/textops.so"<BR>
<BR>
# Uncomment this if you want digest authentication<BR>
# mysql.so must be loaded !<BR>
loadmodule "/lib/ser/modules/auth.so"<BR>
loadmodule "/lib/ser/modules/auth_db.so"<BR>
<BR>
# !! Nathelper<BR>
loadmodule "/lib/ser/modules/nathelper.so"<BR>
<BR>
# EXEC module<BR>
#loadmodule "/lib/ser/modules/exec.so"<BR>
# ----------------- setting module-specific parameters ---------------<BR>
<BR>
# -- usrloc params --<BR>
<BR>
modparam("usrloc", "db_url", "mysql://ser:******@localhost/ser")<BR>
<BR>
modparam("usrloc", "db_mode", 1)<BR>
<BR>
# Uncomment this if you want to use SQL database<BR>
# for persistent storage and comment the previous line<BR>
#modparam("usrloc", "db_mode", 2)<BR>
<BR>
# -- auth params --<BR>
# Uncomment if you are using auth module<BR>
#<BR>
modparam("auth_db", "calculate_ha1", yes)<BR>
#<BR>
# If you set "calculate_ha1" parameter to yes (which true in this config),<BR>
# uncomment also the following parameter)<BR>
#<BR>
modparam("auth_db", "password_column", "password")<BR>
<BR>
# -- rr params --<BR>
# add value to ;lr param to make some broken UAs happy<BR>
modparam("rr", "enable_full_lr", 1)<BR>
<BR>
# !! Nathelper<BR>
modparam("registrar", "nat_flag", 6)<BR>
modparam("nathelper", "natping_interval", 10) # Ping interval 30 s<BR>
modparam("nathelper", "ping_nated_only", 1) # Ping only clients behind NAT<BR>
modparam("nathelper", "rtpproxy_sock", "/var/run/rtpproxy.sock") #rtp proxy socket<BR>
# ------------------------- request routing logic -------------------<BR>
<BR>
# main routing logic<BR>
<BR>
route{<BR>
<BR>
# initial sanity checks -- messages with<BR>
# max_forwards==0, or excessively long requests<BR>
if (!mf_process_maxfwd_header("10")) {<BR>
sl_send_reply("483","Too Many Hops");<BR>
break;<BR>
};<BR>
if (msg:len >= max_len ) {<BR>
sl_send_reply("513", "Message too big");<BR>
break;<BR>
};<BR>
<BR>
if (method !="REGISTER" && !proxy_authorize("", "subscriber")){<BR>
proxy_challenge("", "0");<BR>
break;<BR>
};<BR>
<BR>
if (method == "BYE" || method == "CANCEL")<BR>
unforce_rtp_proxy();<BR>
<BR>
# !! Nathelper<BR>
# Special handling for NATed clients; first, NAT test is<BR>
# executed: it looks for via!=received and RFC1918 addresses<BR>
# in Contact (may fail if line-folding is used); also,<BR>
# the received test should, if completed, should check all<BR>
# vias for rpesence of received<BR>
if (nat_uac_test("3") && dst_ip == 80.178.94.82) {<BR>
sl_send_reply("", "Client is behind NAT");<BR>
# Allow RR-ed requests, as these may indicate that<BR>
# a NAT-enabled proxy takes care of it; unless it is<BR>
# a REGISTER<BR>
<BR>
if (method == "REGISTER" || ! search("^Record-Route:")) {<BR>
log("LOG: Someone trying to register from private IP, rewriting\n");<BR>
<BR>
# This will work only for user agents that support symmetric<BR>
# communication. We tested quite many of them and majority is<BR>
# smart enough to be symmetric. In some phones it takes a configuration<BR>
# option. With Cisco 7960, it is called NAT_Enable=Yes, with kphone it is<BR>
# called "symmetric media" and "symmetric signalling".<BR>
<BR>
fix_nated_contact(); # Rewrite contact with source IP of signalling<BR>
if (method == "INVITE") {<BR>
sl_send_reply("", "Client is behind NAT And Requested a call");<BR>
if (fix_nated_sdp("1")) sl_send_reply("", "Client SDP Replaced"); # Add direction=active to SDP<BR>
};<BR>
force_rport(); # Add rport parameter to topmost Via<BR>
setflag(6); # Mark as NATed<BR>
};<BR>
};<BR>
<BR>
# we record-route all messages -- to make sure that<BR>
# subsequent messages will go through our proxy; that's<BR>
# particularly good if upstream and downstream entities<BR>
# use different transport protocol<BR>
if (!method=="REGISTER") record_route(); <BR>
<BR>
# subsequent messages withing a dialog should take the<BR>
# path determined by record-routing<BR>
if (loose_route()) {<BR>
sl_send_reply("", "loose route");<BR>
# mark routing logic in request<BR>
append_hf("P-hint: rr-enforced\r\n");<BR>
route(1);<BR>
break;<BR>
};<BR>
<BR>
if (!uri==myself) {<BR>
sl_send_reply("", "outbound");<BR>
# mark routing logic in request<BR>
append_hf("P-hint: outbound\r\n");<BR>
route(1);<BR>
break;<BR>
};<BR>
<BR>
# if the request is for other domain use UsrLoc<BR>
# (in case, it does not work, use the following command<BR>
# with proper names and addresses in it)<BR>
if (uri==myself) {<BR>
<BR>
if (method=="REGISTER") {<BR>
<BR>
# Uncomment this if you want to use digest authentication<BR>
if (!www_authorize("", "subscriber")) {<BR>
www_challenge("", "0");<BR>
break;<BR>
};<BR>
<BR>
if (dst_ip == 192.168.10.62){<BR>
save("secure_loc");<BR>
} else {<BR>
if (dst_ip == 80.178.94.82){<BR>
save("net_loc");<BR>
} else {<BR>
sl_send_reply("403", "Call cannot be served here");<BR>
};<BR>
};<BR>
break;<BR>
};<BR>
<BR>
lookup("aliases");<BR>
if (!uri==myself) {<BR>
sl_send_reply("", "aliases outbound");<BR>
append_hf("P-hint: outbound alias\r\n");<BR>
route(1);<BR>
break;<BR>
};<BR>
<BR>
# native SIP destinations are handled using our USRLOC DB<BR>
if (method == "INVITE") {<BR>
# exec_msg("env > /root/sip_call_env ");<BR>
if (lookup("secure_loc")) {<BR>
sl_send_reply("","secure loc");<BR>
if (dst_ip == 192.168.10.62){<BR>
sl_send_reply("","192.168.10.62");<BR>
if (force_rtp_proxy("FAII"))<BR>
t_on_reply("1");<BR>
};<BR>
if (dst_ip == 80.178.94.82){<BR>
sl_send_reply("","80.178.94.82");<BR>
if (force_rtp_proxy("FAEI"))<BR>
t_on_reply("1");<BR>
};<BR>
} else if (lookup("net_loc")) {<BR>
sl_send_reply("","net loc");<BR>
if (dst_ip == 192.168.10.62){<BR>
sl_send_reply("","192.168.10.62");<BR>
if (force_rtp_proxy("FAIE")){<BR>
t_on_reply("1");<BR>
sl_send_reply("","FAEI");<BR>
};<BR>
};<BR>
if (dst_ip == 80.178.94.82){<BR>
sl_send_reply("","80.178.94.82");<BR>
if (force_rtp_proxy("FAEE"))<BR>
t_on_reply("1");<BR>
};<BR>
} else {<BR>
sl_send_reply("403", "Call cannot be served here");<BR>
break;<BR>
};<BR>
};<BR>
};<BR>
append_hf("P-hint: usrloc applied\r\n");<BR>
route(1);<BR>
}<BR>
<BR>
route[1]<BR>
{<BR>
# send it out now; use stateful forwarding as it works reliably<BR>
# even for UDP2TCP<BR>
t_on_reply("1");<BR>
if (!t_relay()) {<BR>
sl_reply_error();<BR>
};<BR>
}<BR>
<BR>
<BR>
onreply_route[1] {<BR>
if (dst_ip == 80.178.94.82 && nat_uac_test("1")) {<BR>
fix_nated_contact();<BR>
if (status =~ "(183)|2[0-9][0-9]") fix_nated_sdp("1");<BR>
};<BR>
<BR>
if (status =~ "(183)|2[0-9][0-9]") force_rtp_proxy("FA");<BR>
}<BR>
</FONT>
</P>
</BODY>
</HTML>