<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Search mailing lists for "running SER behind NAT"
<a class="moz-txt-link-freetext" href="http://iptel.org/listsearch">http://iptel.org/listsearch</a><br>
g-)<br>
<br>
Kirk McCalla wrote:
<blockquote
cite="mid:bdd761870706240638q2acf9b3eo991ce8b95cee6467@mail.gmail.com"
type="cite">Hello all I have set up ser and I am able to use the
sample config to get ser running within my NAT. Now I am trying to get
external users to connect to my ser which is behind a nat device.<br>
<br>
Whenever I use the sample config I can make calls inside my netkwork. <br>
whenever I use the nat config that I have below. I cannot even get my
local devices to speak to each other. Can someone help here. <br>
<br>
<br>
Whenever I start ser with this config this is what ther system does.<br>
<br>
<a moz-do-not-send="true"
onclick="return top.js.OpenExtLink(window,event,this)"
href="mailto:serusers@lists.iptel.org">ser dead but subsys locked<br>
</a><br>
This is the config that I am using <br>
<br>
# ----------- global configuration parameters ------------------------
<br>
<br>
debug=3 # debug level (cmd line: -dddddddddd)<br>
fork=yes<br>
log_stderror=no # (cmd line: -E)<br>
<br>
/* Uncomment these lines to enter debugging mode <br>
fork=no<br>
log_stderror=yes<br>
*/<br>
<br>
check_via=no # (cmd. line: -v)
<br>
dns=no # (cmd. line: -r)<br>
rev_dns=no # (cmd. line: -R)<br>
port=5060<br>
children=4<br>
fifo="/tmp/ser_fifo"<br>
<br>
# ------------------ module loading ----------------------------------<br>
<br>
# Uncomment this if you want to use SQL database<br>
loadmodule "/usr/lib/ser/modules/mysql.so"<br>
<br>
loadmodule "/usr/lib/ser/modules/sl.so"<br>
loadmodule "/usr/lib/ser/modules/tm.so"<br>
loadmodule "/usr/lib/ser/modules/rr.so"
<br>
loadmodule "/usr/lib/ser/modules/maxfwd.so"<br>
loadmodule "/usr/lib/ser/modules/usrloc.so"<br>
loadmodule "/usr/lib/ser/modules/registrar.so"<br>
loadmodule "/usr/lib/ser/modules/textops.so"
<br>
<br>
# Uncomment this if you want digest authentication<br>
# mysql.so must be loaded !<br>
loadmodule "/usr/lib/ser/modules/auth.so"<br>
loadmodule "/usr/lib/ser/modules/auth_db.so"<br>
<br>
# !! Nathelper
<br>
loadmodule "/usr/lib/ser/modules/nathelper.so"<br>
<br>
# ----------------- setting module-specific parameters ---------------<br>
<br>
# -- usrloc params --<br>
<br>
#modparam("usrloc", "db_mode", 0)
<br>
<br>
# Uncomment this if you want to use SQL database <br>
# for persistent storage and comment the previous line<br>
modparam("usrloc", "db_mode", 2)<br>
<br>
# -- auth params --<br>
# Uncomment if you are using auth module
<br>
#<br>
modparam("auth_db", "calculate_ha1", yes)<br>
#<br>
# If you set "calculate_ha1" parameter to yes (which true in this
config), <br>
# uncomment also the following parameter)<br>
#<br>
modparam("auth_db", "password_column", "password")
<br>
<br>
# -- rr params --<br>
# add value to ;lr param to make some broken UAs happy<br>
modparam("rr", "enable_full_lr", 1)<br>
<br>
# !! Nathelper<br>
modparam("registrar", "nat_flag", 6)
<br>
modparam("nathelper", "natping_interval", 30) # Ping interval 30 s<br>
modparam("nathelper", "ping_nated_only", 1) # Ping only clients
behind NAT<br>
<br>
# ------------------------- request routing logic -------------------
<br>
<br>
# main routing logic<br>
<br>
route{<br>
<br>
# initial sanity checks -- messages with<br>
# max_forwards==0, or excessively long requests<br>
if (!mf_process_maxfwd_header("10")) {<br>
sl_send_reply("483","Too Many Hops");<br>
break;<br>
};<br>
if (msg:len >= max_len ) {<br>
sl_send_reply("513", "Message too big");
<br>
break;<br>
};<br>
<br>
# !! Nathelper<br>
# Special handling for NATed clients; first, NAT test is<br>
# executed: it looks for via!=received and RFC1918 addresses<br>
# in Contact (may fail if line-folding is used); also,
<br>
# the received test should, if completed, should check all<br>
# vias for rpesence of received<br>
if (nat_uac_test("3")) {<br>
# Allow RR-ed requests, as these may indicate that
<br>
# a NAT-enabled proxy takes care of it; unless it is<br>
# a REGISTER<br>
<br>
if (method == "REGISTER" || ! search("^Record-Route:"))
{<br>
log("LOG: Someone trying to register from private
IP, rewriting\n");
<br>
<br>
# This will work only for user agents that support
symmetric<br>
# communication. We tested quite many of them and
majority is<br>
# smart enough to be symmetric. In some phones it
takes a configuration
<br>
# option. With Cisco 7960, it is called
NAT_Enable=Yes, with kphone it is<br>
# called "symmetric media" and "symmetric
signalling".<br>
<br>
fix_nated_contact(); # Rewrite contact with source
IP of signalling
<br>
if (method == "INVITE") {<br>
fix_nated_sdp("1"); # Add direction=active to
SDP<br>
};<br>
force_rport(); # Add rport parameter to topmost Via
<br>
setflag(6); # Mark as NATed<br>
};<br>
};<br>
<br>
# we record-route all messages -- to make sure that<br>
# subsequent messages will go through our proxy; that's
<br>
# particularly good if upstream and downstream entities<br>
# use different transport protocol<br>
if (!method=="REGISTER") record_route();<br>
<br>
# subsequent messages withing a dialog should take the
<br>
# path determined by record-routing<br>
if (loose_route()) {<br>
# mark routing logic in request<br>
append_hf("P-hint: rr-enforced\r\n"); <br>
route(1);
<br>
break;<br>
};<br>
<br>
if (!uri==myself) {<br>
# mark routing logic in request<br>
append_hf("P-hint: outbound\r\n"); <br>
route(1);<br>
break;<br>
};<br>
<br>
# if the request is for other domain use UsrLoc<br>
# (in case, it does not work, use the following command<br>
# with proper names and addresses in it)<br>
if (uri==myself) {<br>
<br>
if (method=="REGISTER") {<br>
<br>
# Uncomment this if you want to use digest authentication<br>
# if (!www_authorize("<a moz-do-not-send="true"
href="http://iptel.org">
iptel.org</a>", "subscriber")) {<br>
# www_challenge("<a moz-do-not-send="true"
href="http://iptel.org">iptel.org</a>", "0");<br>
# break;<br>
# };
<br>
<br>
save("location");<br>
break;<br>
};<br>
<br>
lookup("aliases");<br>
if (!uri==myself) {<br>
append_hf("P-hint: outbound alias\r\n"); <br>
route(1);<br>
break;<br>
};<br>
<br>
# native SIP destinations are handled using our USRLOC
DB<br>
if (!lookup("location")) {
<br>
sl_send_reply("404", "Not Found");<br>
break;<br>
};<br>
};<br>
append_hf("P-hint: usrloc applied\r\n"); <br>
route(1);
<br>
}<br>
<br>
route[1] <br>
{<br>
# !! Nathelper<br>
if (uri=~<a class="moz-txt-link-rfc2396E" href="mailto:[@:](192\.168\.|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.)">"[@:](192\.168\.|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.)"</a>
&& !search("^Route:")){<br>
sl_send_reply("479", "We don't forward to private IP
addresses");
<br>
break;<br>
};<br>
<br>
# if client or server know to be behind a NAT, enable relay<br>
if (isflagset(6)) {<br>
force_rtp_proxy();<br>
};<br>
<br>
# NAT processing of replies; apply to all transactions (for
example,
<br>
# re-INVITEs from public to private UA are hard to identify as<br>
# NATed at the moment of request processing); look at replies<br>
t_on_reply("1");<br>
<br>
# send it out now; use stateful forwarding as it works reliably
<br>
# even for UDP2TCP<br>
if (!t_relay()) {<br>
sl_reply_error();<br>
};<br>
}<br>
<br>
# !! Nathelper<br>
onreply_route[1] {<br>
# NATed transaction ?<br>
if (isflagset(6) && status =~ "(183)|2[0-9][0-9]") {
<br>
fix_nated_contact();<br>
force_rtp_proxy();<br>
# otherwise, is it a transaction behind a NAT and we did not<br>
# know at time of request processing ? (RFC1918 contacts)<br>
} else if (nat_uac_test("1")) {
<br>
fix_nated_contact();<br>
};<br>
}<br>
<br>
<br>
<br>
<br>
<br>
<pre wrap="">
<hr size="4" width="90%">
_______________________________________________
Serusers mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Serusers@lists.iptel.org">Serusers@lists.iptel.org</a>
<a class="moz-txt-link-freetext" href="http://lists.iptel.org/mailman/listinfo/serusers">http://lists.iptel.org/mailman/listinfo/serusers</a>
</pre>
</blockquote>
</body>
</html>