<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>Message</TITLE>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2900.2722" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV>Jose,</DIV>
<DIV>I would say that the easiest (if under you control) would be to make the
two networks routable across. If that's not possible, you need to look at
the more advanced options of force_rtp_proxy. I suggest you try to look at
one network as the private and one as the public. Detection of the two
must be done by a check on IPs as nat_uac_test will just match against private
addresses.</DIV>
<DIV>g-)</DIV>
<DIV> </DIV>
<DIV>---- Original Message ----<BR>From: Jose Soler<BR>To:
serusers@lists.iptel.org<BR>Sent: Tuesday, September 20, 2005 02:20 PM<BR>Subject:
[Serusers] RTP proxy between two subnetworks with private @s<BR><BR>>
Hi,<BR>> <BR>> I am trying to figure out how to solve the follwoing
problem.<BR>> I have two subnetworks, A and B, with different private ip
adressing<BR>> schemes (IP@A) and (IP@B). <BR>> <BR>> SER is installed
in a computer with network interfaces towards both<BR>> subnetworks. <BR>>
SER's SIP signalling proxying operation works properly within the<BR>>
subnetworks and when trying to set up a communication between users<BR>> in A
and B. But in that last case, obviously there is no media at all<BR>>
circulating among the subnetworks. <BR>> <BR>> Portaone's RTP
proxy has been installed and configured in the<BR>> computer with interfaces
towards both subnetworks where SER is<BR>> installed. <BR>> <BR>>
I am trying to configure SER so that, based on the nathelper module,<BR>>
when communication between both subnetworks occurs, the RTP proxy is<BR>>
involved and the communication (also media and not only signalling)<BR>> is
possible. BUT I am making something wrong, becouse it does not<BR>> work
... <BR>> <BR>> Can anyone give me a hand
/hint?<BR>> Thanks a lot in advance / in any case.<BR>> <BR>> My SER
config file is the following:<BR>> <BR>> #<BR>> # ----------- global
configuration parameters ------------------------<BR>> /* Uncomment these
lines to enter debugging mode<BR>> debug=7<BR>> fork=no<BR>>
log_stderror=yes<BR>> */<BR>> check_via=no # (cmd. line: -v)<BR>>
dns=no # (cmd. line: -r)<BR>> rev_dns=no # (cmd. line: -R)<BR>>
fifo="/tmp/ser_fifo"<BR>> fifo_mode=0662<BR>>
alias=wirelessip.x.x.x<BR>> alias=sip..x.x.x<BR>> alias=x.x.x<BR>>
log_stderror=no<BR>> debug=3<BR>> children=3<BR>> mhomed=1<BR>> #
------------------ module loading ----------------------------------<BR>> #
Uncomment this if you want to use SQL database<BR>> loadmodule
"/lib/ser/modules/mysql.so"<BR>> loadmodule "/lib/ser/modules/sl.so"<BR>>
loadmodule "/lib/ser/modules/tm.so"<BR>> loadmodule
"/lib/ser/modules/rr.so"<BR>> loadmodule "/lib/ser/modules/maxfwd.so"<BR>>
loadmodule "/lib/ser/modules/usrloc.so"<BR>> loadmodule
"/lib/ser/modules/textops.so"<BR>> loadmodule
"/lib/ser/modules/registrar.so"<BR>> # Uncomment this if you want digest
authentication<BR>> # mysql.so must be loaded !<BR>> loadmodule
"/lib/ser/modules/auth.so"<BR>> loadmodule
"/lib/ser/modules/auth_db.so"<BR>> # For NAT support / media proxying<BR>>
loadmodule "/lib/ser/modules/nathelper.so"<BR>> # ----------------- setting
module-specific parameters ---------------<BR>> # -- usrloc params --<BR>>
#modparam("usrloc", "db_mode", 0)<BR>> # Uncomment this if you want to use
SQL database<BR>> # for persistent storage and comment the previous
line<BR>> modparam("usrloc", "db_mode", 2)<BR>> # -- auth params
--<BR>> # Uncomment if you are using auth module<BR>> modparam("auth_db",
"calculate_ha1", yes)<BR>> # If you set "calculate_ha1" parameter to yes
(which true in this<BR>> config), <BR>> # uncomment also the following
parameter)<BR>> modparam("auth_db", "password_column", "password")<BR>> #
-- rr params --<BR>> # add value to ;lr param to make some broken UAs
happy<BR>> modparam("rr", "enable_full_lr", 1)<BR>> # For NAT<BR>> # We
will use flag 6 to mark NATed contacts<BR>> modparam("registrar", "nat_flag",
6)<BR>> # Enable NAT pinging<BR>> modparam("nathelper",
"natping_interval", 60)<BR>> # Ping only contacts that are known to
be<BR>> # behind NAT<BR>> modparam("nathelper", "ping_nated_only",
1)<BR>> # ------------------------- request routing logic
-------------------<BR>> # main routing logic<BR>> route{<BR>> #
initial sanity checks -- messages with<BR>> # max_forwards==0, or excessively
long requests<BR>> if (!mf_process_maxfwd_header("10")) {<BR>>
sl_send_reply("483","Too Many Hops");<BR>> break;<BR>> };<BR>> if (
msg:len > max_len ) {<BR>> sl_send_reply("513", "Message too
big");<BR>> break;<BR>> };<BR>> # special handling for NATed clients;
first, nat test is<BR>> # executed: it looks for via!=received and RFC1918
addresses<BR>> # in Contact (may fail if line-folding used); also,<BR>> #
the received test should, if complete, should check all<BR>> # vias for
presence of received<BR>> if (nat_uac_test("3")) {<BR>> # allow RR-ed
requests, as these may indicate that<BR>> # a NAT-enabled proxy takes care of
it; unless it is<BR>> # a REGISTER<BR>> if (method == "REGISTER" || !
search("^Record-Route:")) {<BR>> log("LOG: Someone trying to register from
private IP, rewriting\n");<BR>> # This will work only for user agents that
support symmetric<BR>> # communication. We tested quite many of them and
majority is<BR>> # smart smart enough to be symmetric. In some phones,
like<BR>> # it takes a configuration option. With Cisco 7960, it is<BR>> #
called NAT_Enable=Yes, with kphone it is called<BR>> # "symmetric media" and
"symmetric signaling". (The latter<BR>> # not part of public released
yet.)<BR>> fix_nated_contact(); # Rewrite contact with source IP of
signalling<BR>> if (method == "INVITE") {<BR>> fix_nated_sdp("1"); # Add
direction=active to SDP<BR>> };<BR>> force_rport(); # Add rport parameter
to topmost Via<BR>> setflag(6); # Mark as NATed<BR>> };<BR>> };<BR>>
# we record-route all messages -- to make sure that<BR>> # subsequent
messages will go through our proxy; that's<BR>> # particularly good if
upstream and downstream entities<BR>> # use different transport
protocol<BR>> record_route();<BR>> # loose-route processing<BR>> if
(loose_route()) {<BR>> t_relay();<BR>> break;<BR>> };<BR>>
lookup("aliases");<BR>> # if the request is for other domain use
UsrLoc<BR>> # (in case, it does not work, use the following command<BR>> #
with proper names and addresses in it)<BR>> if (uri==myself) {<BR>> if
(method=="REGISTER") {<BR>> # Uncomment this if you want to use digest
authentication<BR>> if (!www_authorize("com.dtu.dk", "subscriber")) {<BR>>
www_challenge("com.dtu.dk", "0");<BR>> break;<BR>> };<BR>>
save("location");<BR>> break;<BR>> };<BR>> # native SIP destinations
are handled using our USRLOC DB<BR>> if (!lookup("location")) {<BR>>
sl_send_reply("404", "Not Found");<BR>> break;<BR>> };<BR>> };<BR>>
# forward to current uri now; use stateful forwarding; that<BR>> # works
reliably even if we forward from TCP to UDP<BR>> if (!t_relay()) {<BR>>
sl_reply_error();<BR>> };<BR>> }<BR>> #<BR>> # Forcing media relay
if necessary<BR>> #<BR>> route[1] {<BR>> #if
(uri=~"[@:](192\.168\.|10\.|172\.16)" && !search("^Route:")){<BR>> #
sl_send_reply("479", "We don't forward to private IP addresses");<BR>> #
break;<BR>> #};<BR>> #if (isflagset(6)) {<BR>> force_rtp_proxy(); # I
force everything through the proxy<BR>> t_on_reply("1");<BR>>
append_hf("P-Behind-NAT: Yes\r\n");<BR>> #};<BR>> if (!t_relay())
{<BR>> sl_reply_error();<BR>> break;<BR>> };<BR>> }<BR>>
onreply_route[1] {<BR>> if (status =~ "(183)|2[0-9][0-9]") {<BR>>
fix_nated_contact();<BR>> force_rtp_proxy();<BR>> };<BR>> }<BR>>
<BR>> <BR>> <BR>> <BR>> <BR>> <BR>> <BR>> <BR>>
_______________________________________________<BR>> Serusers mailing
list<BR>> serusers@lists.iptel.org<BR>>
http://lists.iptel.org/mailman/listinfo/serusers</DIV></BODY></HTML>