<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=windows-1251">
<META content="MSHTML 6.00.2900.2769" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT size=2>Hi,</FONT></DIV>
<DIV><FONT size=2>I am trying to run the SER as an outbound proxy. Unfortunately
I have some problems. I have used the nathelper/rtpproxy with a customized
ser.conf and the result is that the clients behind NAT are making outbound calls
with no problems. The audio is two-way and all seems best, but when I try to
react a client behind NAT I can not. It is registered in the SIP Proxy, but I
can not dial it.</FONT></DIV>
<DIV><FONT size=2>My scenario is: SER with MySQL authorization on the first PC
and SER with nathelper/rtpproxy for outbound proxy on second PC.</FONT></DIV>
<DIV><FONT size=2>Could someone give me some hint as I can not solve this
problem. The Outbound Proxy SER version is:</FONT></DIV>
<DIV><FONT size=2>version: ser 0.9.3 (i386/linux)<BR>flags: STATS: Off,
USE_IPV6, USE_TCP, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP,
PKG_MALLOC, FAST_LOCK-ADAPTIVE_WAIT<BR>ADAPTIVE_WAIT_LOOPS=1024,
MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE
65535<BR>@(#) $Id: main.c,v 1.197 2004/12/03 19:09:31 andrei Exp $<BR>main.c
compiled on 20:51:59 Jun 28 2005 with gcc 3.3</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>The ser.cfg of the Outbound Proxy SER is:</FONT></DIV>
<DIV><FONT size=2>#<BR># $Id: nathelper.cfg,v 1.1 2003/11/10 14:15:36 janakj Exp
$<BR>#<BR># simple quick-start config script including nathelper
support</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2># This default script includes nathelper support. To make it
work<BR># you will also have to install Maxim's RTP proxy. The proxy is
enforced<BR># if one of the parties is behind a NAT.<BR>#<BR># If you have an
endpoing in the public internet which is known to<BR># support symmetric RTP
(Cisco PSTN gateway or voicemail, for example),<BR># then you don't have to
force RTP proxy. If you don't want to enforce<BR># RTP proxy for some
destinations than simply use t_relay() instead of<BR># route(1)<BR>#<BR>#
Sections marked with !! Nathelper contain modifications for nathelper<BR>#<BR>#
NOTE !! This config is EXPERIMENTAL !<BR>#<BR># ----------- global configuration
parameters ------------------------</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>debug=3 #
debug level (cmd line: -dddddddddd)<BR>fork=yes<BR>log_stderror=no # (cmd
line: -E)</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>/* Uncomment these lines to enter debugging
mode<BR>fork=no<BR>log_stderror=yes<BR>*/</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>check_via=no # (cmd. line:
-v)<BR>dns=no #
(cmd. line: -r)<BR>rev_dns=no # (cmd. line:
-R)<BR>port=5082<BR>children=4<BR>fifo="/tmp/ser_fifo"</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2># ------------------ module loading
----------------------------------</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2># Uncomment this if you want to use SQL
database<BR>#loadmodule "/usr/local/lib/ser/modules/mysql.so"</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>loadmodule "/usr/local/lib/ser/modules/sl.so"<BR>loadmodule
"/usr/local/lib/ser/modules/tm.so"<BR>loadmodule
"/usr/local/lib/ser/modules/rr.so"<BR>loadmodule
"/usr/local/lib/ser/modules/maxfwd.so"<BR>loadmodule
"/usr/local/lib/ser/modules/usrloc.so"<BR>loadmodule
"/usr/local/lib/ser/modules/registrar.so"<BR>loadmodule
"/usr/local/lib/ser/modules/textops.so"</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2># Uncomment this if you want digest authentication<BR>#
mysql.so must be loaded !<BR>#loadmodule
"/usr/local/lib/ser/modules/auth.so"<BR>#loadmodule
"/usr/local/lib/ser/modules/auth_db.so"</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2># !! Nathelper<BR>loadmodule
"/usr/local/lib/ser/modules/nathelper.so"</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2># ----------------- setting module-specific parameters
---------------</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2># -- usrloc params --</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>modparam("usrloc", "db_mode", 0)</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2># Uncomment this if you want to use SQL database<BR># for
persistent storage and comment the previous line<BR>#modparam("usrloc",
"db_mode", 2)</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2># -- auth params --<BR># Uncomment if you are using auth
module<BR>#<BR>#modparam("auth_db", "calculate_ha1", yes)<BR>#<BR># If you set
"calculate_ha1" parameter to yes (which true in this config),<BR># uncomment
also the following parameter)<BR>#<BR>#modparam("auth_db", "password_column",
"password")</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2># -- rr params --<BR># add value to ;lr param to make some
broken UAs happy<BR>modparam("rr", "enable_full_lr", 1)</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2># !! Nathelper<BR>modparam("registrar", "nat_flag",
6)<BR>modparam("nathelper", "natping_interval", 60) # Ping interval 60
s<BR>modparam("nathelper", "ping_nated_only", 1) # Ping only clients
behind NAT</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2># ------------------------- request routing logic
-------------------</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2># main routing logic</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>route{</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2> # initial sanity checks -- messages with<BR> #
max_forwards==0, or excessively long requests<BR> if
(!mf_process_maxfwd_header("10")) {<BR> sl_send_reply("483","Too Many
Hops");<BR> break;<BR> };<BR> if (msg:len >=
max_len ) {<BR> sl_send_reply("513", "Message too
big");<BR> break;<BR> };</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2> # !!
Nathelper<BR> # Special handling for NATed clients; first, NAT test
is<BR> # executed: it looks for via!=received and RFC1918
addresses<BR> # in Contact (may fail if line-folding is used);
also,<BR> # the received test should, if completed, should check
all<BR> # vias for rpesence of received<BR> if (nat_uac_test("3"))
{<BR> # Allow RR-ed requests, as these may indicate
that<BR> # a NAT-enabled proxy takes care of it; unless it
is<BR> # a REGISTER</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2> if (method == "REGISTER" || !
search("^Record-Route:")) {<BR> log("LOG: Someone
trying to register from private IP, rewriting\n");</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2> # This will work only for user
agents that support symmetric<BR> # communication.
We tested quite many of them and majority is<BR> #
smart enough to be symmetric. In some phones it takes a
configuration<BR> # option. With Cisco 7960, it is
called NAT_Enable=Yes, with kphone it is<BR> #
called "symmetric media" and "symmetric signalling".</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2> fix_nated_contact(); # Rewrite
contact with source IP of signalling<BR> if
(method == "INVITE") {<BR>
fix_nated_sdp("1"); # Add direction=active to
SDP<BR> };<BR>
force_rport(); # Add rport parameter to topmost
Via<BR> setflag(6); # Mark as
NATed<BR> };<BR> };</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2> # we record-route all messages -- to make sure
that<BR> # subsequent messages will go through our proxy; that's<BR> #
particularly good if upstream and downstream entities<BR> # use different
transport protocol<BR> if (!method=="REGISTER")
record_route();</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2> # subsequent messages withing a dialog should take
the<BR> # path determined by record-routing<BR> if (loose_route())
{<BR> # mark routing logic in
request<BR> append_hf("P-hint:
rr-enforced\r\n");<BR> route(1);<BR> break;<BR> };</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2> if (!uri==myself) {<BR> # mark routing logic
in request<BR> append_hf("P-hint:
outbound\r\n");<BR> route(1);<BR> break;<BR> };</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2> # if the request is for other domain use
UsrLoc<BR> # (in case, it does not work, use the following
command<BR> # with proper names and addresses in it)<BR> if
(uri==myself) {</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2> if (method=="REGISTER") {</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT
size=2> save("location");<BR> break;<BR> };</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2> lookup("aliases");<BR> if
(!uri==myself) {<BR> append_hf("P-hint: outbound
alias\r\n");<BR> route(1);<BR> break;<BR> };</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2> # native SIP destinations are handled using our
USRLOC DB<BR> if (!lookup("location"))
{<BR> sl_send_reply("404", "Not
Found");<BR> break;<BR> };<BR> };<BR> append_hf("P-hint:
usrloc applied\r\n"); <BR> route(1);<BR>}</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>route[1] <BR>{<BR> # !! Nathelper<BR> if
(uri=~"[@:](192\.168\.|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.)" &&
!search("^Route:")){<BR> sl_send_reply("479", "We don't
forward to private IP addresses");<BR>
break;<BR> };</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2> # if client or server know to be behind a NAT, enable
relay<BR> if (isflagset(6)) {<BR>
force_rtp_proxy();<BR> };</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2> # NAT processing of replies; apply to all transactions
(for example,<BR> # re-INVITEs from public to private UA are hard to
identify as<BR> # NATed at the moment of request processing); look at
replies<BR> t_on_reply("1");</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2> # send it out now; use stateful forwarding as it works
reliably<BR> # even for UDP2TCP<BR> if (!t_relay())
{<BR> sl_reply_error();<BR> };<BR>}</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2># !! Nathelper<BR>onreply_route[1] {<BR> #
NATed transaction ?<BR> if (isflagset(6) && status =~
"(183)|2[0-9][0-9]") {<BR>
fix_nated_contact();<BR> if (!search("^Content-Length:\ 0"))
{<BR> force_rtp_proxy();<BR> };<BR> #
otherwise, is it a transaction behind a NAT and we did not<BR>
# know at time of request processing ? (RFC1918 contacts)<BR>
} else if (nat_uac_test("1")) {<BR>
fix_nated_contact();<BR> };<BR>}</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2></FONT> </DIV></BODY></HTML>