Hello all I have set up ser and I am able to use the sample config to get ser running within my NAT. Now I am trying to get external users to connect to my ser which is behind a nat device.<br><br>Whenever I use the sample config I can make calls inside my netkwork.
<br>whenever I use the nat config that I have below. I cannot even get my local devices to speak to each other. Can someone help here. <br><br><br>Whenever I start ser with this config this is what ther system does.<br>
<br><a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:serusers@lists.iptel.org">ser dead but subsys locked<br></a><br>This is the config that I am using <br><br> # ----------- global configuration parameters ------------------------
<br><br>debug=3 # debug level (cmd line: -dddddddddd)<br>fork=yes<br>log_stderror=no # (cmd line: -E)<br><br>/* Uncomment these lines to enter debugging mode <br>fork=no<br>log_stderror=yes<br>*/<br><br>check_via=no # (cmd. line: -v)
<br>dns=no # (cmd. line: -r)<br>rev_dns=no # (cmd. line: -R)<br>port=5060<br>children=4<br>fifo="/tmp/ser_fifo"<br><br># ------------------ module loading ----------------------------------<br><br>
# Uncomment this if you want to use SQL database<br>loadmodule "/usr/lib/ser/modules/mysql.so"<br><br>loadmodule "/usr/lib/ser/modules/sl.so"<br>loadmodule "/usr/lib/ser/modules/tm.so"<br>loadmodule "/usr/lib/ser/modules/rr.so"
<br>loadmodule "/usr/lib/ser/modules/maxfwd.so"<br>loadmodule "/usr/lib/ser/modules/usrloc.so"<br>loadmodule "/usr/lib/ser/modules/registrar.so"<br>loadmodule "/usr/lib/ser/modules/textops.so"
<br><br># Uncomment this if you want digest authentication<br># mysql.so must be loaded !<br>loadmodule "/usr/lib/ser/modules/auth.so"<br>loadmodule "/usr/lib/ser/modules/auth_db.so"<br><br># !! Nathelper
<br>loadmodule "/usr/lib/ser/modules/nathelper.so"<br><br># ----------------- setting module-specific parameters ---------------<br><br># -- usrloc params --<br><br>#modparam("usrloc", "db_mode", 0)
<br><br># Uncomment this if you want to use SQL database <br># for persistent storage and comment the previous line<br>modparam("usrloc", "db_mode", 2)<br><br># -- auth params --<br># Uncomment if you are using auth module
<br>#<br>modparam("auth_db", "calculate_ha1", yes)<br>#<br># If you set "calculate_ha1" parameter to yes (which true in this config), <br># uncomment also the following parameter)<br>#<br>modparam("auth_db", "password_column", "password")
<br><br># -- rr params --<br># add value to ;lr param to make some broken UAs happy<br>modparam("rr", "enable_full_lr", 1)<br><br># !! Nathelper<br>modparam("registrar", "nat_flag", 6)
<br>modparam("nathelper", "natping_interval", 30) # Ping interval 30 s<br>modparam("nathelper", "ping_nated_only", 1) # Ping only clients behind NAT<br><br># ------------------------- request routing logic -------------------
<br><br># main routing logic<br><br>route{<br><br> # initial sanity checks -- messages with<br> # max_forwards==0, or excessively long requests<br> if (!mf_process_maxfwd_header("10")) {<br>
sl_send_reply("483","Too Many Hops");<br> break;<br> };<br> if (msg:len >= max_len ) {<br> sl_send_reply("513", "Message too big");
<br> break;<br> };<br><br> # !! Nathelper<br> # Special handling for NATed clients; first, NAT test is<br> # executed: it looks for via!=received and RFC1918 addresses<br> # in Contact (may fail if line-folding is used); also,
<br> # the received test should, if completed, should check all<br> # vias for rpesence of received<br> if (nat_uac_test("3")) {<br> # Allow RR-ed requests, as these may indicate that
<br> # a NAT-enabled proxy takes care of it; unless it is<br> # a REGISTER<br><br> if (method == "REGISTER" || ! search("^Record-Route:")) {<br> log("LOG: Someone trying to register from private IP, rewriting\n");
<br><br> # This will work only for user agents that support symmetric<br> # communication. We tested quite many of them and majority is<br> # smart enough to be symmetric. In some phones it takes a configuration
<br> # option. With Cisco 7960, it is called NAT_Enable=Yes, with kphone it is<br> # called "symmetric media" and "symmetric signalling".<br><br> fix_nated_contact(); # Rewrite contact with source IP of signalling
<br> if (method == "INVITE") {<br> fix_nated_sdp("1"); # Add direction=active to SDP<br> };<br> force_rport(); # Add rport parameter to topmost Via
<br> setflag(6); # Mark as NATed<br> };<br> };<br><br> # we record-route all messages -- to make sure that<br> # subsequent messages will go through our proxy; that's
<br> # particularly good if upstream and downstream entities<br> # use different transport protocol<br> if (!method=="REGISTER") record_route();<br><br> # subsequent messages withing a dialog should take the
<br> # path determined by record-routing<br> if (loose_route()) {<br> # mark routing logic in request<br> append_hf("P-hint: rr-enforced\r\n"); <br> route(1);
<br> break;<br> };<br><br> if (!uri==myself) {<br> # mark routing logic in request<br> append_hf("P-hint: outbound\r\n"); <br> route(1);<br>
break;<br> };<br><br> # if the request is for other domain use UsrLoc<br> # (in case, it does not work, use the following command<br> # with proper names and addresses in it)<br>
if (uri==myself) {<br><br> if (method=="REGISTER") {<br><br># Uncomment this if you want to use digest authentication<br># if (!www_authorize("<a href="http://iptel.org">
iptel.org</a>", "subscriber")) {<br># www_challenge("<a href="http://iptel.org">iptel.org</a>", "0");<br># break;<br># };
<br><br> save("location");<br> break;<br> };<br><br> lookup("aliases");<br> if (!uri==myself) {<br> append_hf("P-hint: outbound alias\r\n");
<br> route(1);<br> break;<br> };<br><br> # native SIP destinations are handled using our USRLOC DB<br> if (!lookup("location")) {
<br> sl_send_reply("404", "Not Found");<br> break;<br> };<br> };<br> append_hf("P-hint: usrloc applied\r\n"); <br> route(1);
<br>}<br><br>route[1] <br>{<br> # !! Nathelper<br> if (uri=~"[@:](192\.168\.|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.)" && !search("^Route:")){<br> sl_send_reply("479", "We don't forward to private IP addresses");
<br> break;<br> };<br><br> # if client or server know to be behind a NAT, enable relay<br> if (isflagset(6)) {<br> force_rtp_proxy();<br> };<br><br> # NAT processing of replies; apply to all transactions (for example,
<br> # re-INVITEs from public to private UA are hard to identify as<br> # NATed at the moment of request processing); look at replies<br> t_on_reply("1");<br><br> # send it out now; use stateful forwarding as it works reliably
<br> # even for UDP2TCP<br> if (!t_relay()) {<br> sl_reply_error();<br> };<br>}<br><br># !! Nathelper<br>onreply_route[1] {<br> # NATed transaction ?<br> if (isflagset(6) && status =~ "(183)|2[0-9][0-9]") {
<br> fix_nated_contact();<br> force_rtp_proxy();<br> # otherwise, is it a transaction behind a NAT and we did not<br> # know at time of request processing ? (RFC1918 contacts)<br> } else if (nat_uac_test("1")) {
<br> fix_nated_contact();<br> };<br>}<br><br><br><br><br><br>