Hi mates,<br>I still need your pointers regarding my problem in this post, today i have attached the routes suspected to be involved in this saga. From my config file plz see below.<br><br> # -----------------------------------------------------------------<br>
# Unauthorized relay<br> # -----------------------------------------------------------------<br><br> if (!is_uri_host_local()) {<br> if (is_from_local()) { # We prevent unauthorised relays "clever guys we got u"<br>
append_hf("P-hint: outbound\r\n");<br><br> route(10);<br> # need to be authenticated<br> } else {<br> sl_send_reply("403", "Forbidden");<br>
};<br> return;<br> };<br><br>route[10] {<br> #-------------------------------------------------------------<br> # Default Message Handler with Proxy Authentication<br>
# -----------------------------------------------------------------<br><br> if(method=="ACK") { #these you never proxy authenticate<br> route(1);<br> return;<br> };<br>
if(method=="BYE" || method=="CANCEL") { #these you never proxy authenticate<br> route(1);<br> return;<br> };<br><br> xlog("L_INFO", "Proxy auth $fd $dP destination:$du $dd $ds");#<br>
<br> if (!route(7)) { #verify the user<br> return(0);<br> };<br> if (!is_user_in("From", "noauth")) { #no authentication required<br> if (!proxy_authorize("","subscriber")) {<br>
proxy_challenge("","0");<br> return;<br> } else if (!check_from()) {<br> sl_send_reply("403", "Use From=ID");<br> return;<br>
};<br> # consume_credentials();<br><br> };<br><br># if (is_user_in("Credentials", "local")) { # Uncomment to use the group options<br> route(1);<br>
# }else{<br># sl_send_reply("403", "Busted!!!, you are not allowed this route");<br># };<br><br>return;<br>}<br><br>With Best Regards,<br>LU.<br><br><div class="gmail_quote"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>
<br>
Message: 3<br>
Date: Tue, 20 May 2008 17:38:50 +0200<br>
From: "luzango mfupe" <<a href="mailto:luzango.mfupe@gmail.com">luzango.mfupe@gmail.com</a>><br>
Subject: [OpenSER-Users] Call failed 403 Forbiden<br>
To: <a href="mailto:users@lists.openser.org">users@lists.openser.org</a><br>
Message-ID:<br>
<<a href="mailto:9cdd611a0805200838oc11cfedg9762b7451bf543c4@mail.gmail.com">9cdd611a0805200838oc11cfedg9762b7451bf543c4@mail.gmail.com</a>><br>
Content-Type: text/plain; charset="iso-8859-1"<br>
<br>
Hi mates,<br>
Everytime i do try to make my 2 xlite clients talk (which i correctly added<br>
them into the database), i encountered with the same problm, Openser perfoms<br>
authentication and return call failed 403 forbiden signal.<br>
<br>
My setup comprise of the first box with openser 1.3 and mediaproxy the<br>
second box with Mysql and two Xlite clients in two other boxes all are in an<br>
internal network, as far as am concerned my NetAdmin have already opened<br>
ports 5060 and 3306 for me. I need your right direction on this probm.<br>
below is my ngrep snapshot<br>
<br>
mzee:/# ngrep -d eth1 -W byline port 5060<br>
interface: eth1 (<a href="http://168.172.200.0/255.255.255.0" target="_blank">168.172.200.0/255.255.255.0</a>)<br>
filter: (ip or ip6) and ( port 5060 )<br>
#<br>
U <a href="http://168.172.200.70:1824" target="_blank">168.172.200.70:1824</a> -> <a href="http://168.172.200.87:5060" target="_blank">168.172.200.87:5060</a><br>
INVITE <a href="mailto:sip%3Amusketeerm@168.172.200.87">sip:musketeerm@168.172.200.87</a> <<a href="mailto:sip%253Amusketeerm@168.172.200.87">sip%3Amusketeerm@168.172.200.87</a>>SIP/2.0.<br>
Via: SIP/2.0/UDP <a href="http://168.172.200.70:1824" target="_blank">168.172.200.70:1824</a><br>
;branch=z9hG4bK-d87543-ef08fb62b30f1a54-1--d87543-.<br>
Max-Forwards: 70.<br>
Contact: <<a href="http://sip:dreamteam@168.172.200.70:1824" target="_blank">sip:dreamteam@168.172.200.70:1824</a>>.<br>
To: "musk"<<a href="mailto:sip%3Amusketeerm@168.172.200.87">sip:musketeerm@168.172.200.87</a> <<a href="mailto:sip%253Amusketeerm@168.172.200.87">sip%3Amusketeerm@168.172.200.87</a>>>.<br>
From: "dream"<<a href="mailto:sip%3Adreamteam@168.172.200.87">sip:dreamteam@168.172.200.87</a> <<a href="mailto:sip%253Adreamteam@168.172.200.87">sip%3Adreamteam@168.172.200.87</a>><br>
>;tag=af4bd714.<br>
Call-ID: OTAyNWJhOTdiZjBlNmUwNDYyZWI0YzdkM2JhZTUxMTU..<br>
CSeq: 1 INVITE.<br>
Session-Expires: 95.<br>
Min-SE: 90.<br>
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE,<br>
INFO.<br>
Content-Type: application/sdp.<br>
Supported: timer.<br>
User-Agent: X-Lite release 1011s stamp 41150.<br>
Content-Length: 426.<br>
.<br>
v=0.<br>
o=- 9 2 IN IP4 <a href="http://168.172.200.70" target="_blank">168.172.200.70</a>.<br>
s=CounterPath X-Lite 3.0.<br>
c=IN IP4 <a href="http://168.172.200.70" target="_blank">168.172.200.70</a>.<br>
t=0 0.<br>
m=audio 52166 RTP/AVP 107 119 100 106 0 105 98 8 101.<br>
a=alt:1 1 : uZB2dYm+ NKBRK8Ep <a href="http://168.172.200.70" target="_blank">168.172.200.70</a> 52166.<br>
a=fmtp:101 0-15.<br>
a=rtpmap:107 BV32/16000.<br>
a=rtpmap:119 BV32-FEC/16000.<br>
a=rtpmap:100 SPEEX/16000.<br>
a=rtpmap:106 SPEEX-FEC/16000.<br>
a=rtpmap:105 SPEEX-FEC/8000.<br>
a=rtpmap:98 iLBC/8000.<br>
a=rtpmap:101 telephone-event/8000.<br>
a=sendrecv.<br>
#<br>
U <a href="http://168.172.200.87:5060" target="_blank">168.172.200.87:5060</a> -> <a href="http://168.172.200.70:1824" target="_blank">168.172.200.70:1824</a><br>
SIP/2.0 403 Forbidden.<br>
Via: SIP/2.0/UDP <a href="http://168.172.200.70:1824" target="_blank">168.172.200.70:1824</a><br>
;branch=z9hG4bK-d87543-ef08fb62b30f1a54-1--d87543-.<br>
To: "musk"<<a href="mailto:sip%3Amusketeerm@168.172.200.87">sip:musketeerm@168.172.200.87</a> <<a href="mailto:sip%253Amusketeerm@168.172.200.87">sip%3Amusketeerm@168.172.200.87</a>><br>
>;tag=9a17bd4180f96d7136f8b30b25c6947e.d7e9.<br>
From: "dream"<<a href="mailto:sip%3Adreamteam@168.172.200.87">sip:dreamteam@168.172.200.87</a> <<a href="mailto:sip%253Adreamteam@168.172.200.87">sip%3Adreamteam@168.172.200.87</a>><br>
>;tag=af4bd714.<br>
Call-ID: OTAyNWJhOTdiZjBlNmUwNDYyZWI0YzdkM2JhZTUxMTU..<br>
CSeq: 1 INVITE.<br>
Server: OpenSER (1.3.0-notls (i386/linux)).<br>
Content-Length: 0.<br>
.<br>
#<br>
U <a href="http://168.172.200.70:1824" target="_blank">168.172.200.70:1824</a> -> <a href="http://168.172.200.87:5060" target="_blank">168.172.200.87:5060</a><br>
ACK <a href="mailto:sip%3Amusketeerm@168.172.200.87">sip:musketeerm@168.172.200.87</a> <<a href="mailto:sip%253Amusketeerm@168.172.200.87">sip%3Amusketeerm@168.172.200.87</a>> SIP/2.0.<br>
Via: SIP/2.0/UDP <a href="http://168.172.200.70:1824" target="_blank">168.172.200.70:1824</a><br>
;branch=z9hG4bK-d87543-ef08fb62b30f1a54-1--d87543-.<br>
To: "musk"<<a href="mailto:sip%3Amusketeerm@168.172.200.87">sip:musketeerm@168.172.200.87</a> <<a href="mailto:sip%253Amusketeerm@168.172.200.87">sip%3Amusketeerm@168.172.200.87</a>><br>
>;tag=9a17bd4180f96d7136f8b30b25c6947e.d7e9.<br>
From: "dream"<<a href="mailto:sip%3Adreamteam@168.172.200.87">sip:dreamteam@168.172.200.87</a> <<a href="mailto:sip%253Adreamteam@168.172.200.87">sip%3Adreamteam@168.172.200.87</a>><br>
>;tag=af4bd714.<br>
Call-ID: OTAyNWJhOTdiZjBlNmUwNDYyZWI0YzdkM2JhZTUxMTU..<br>
CSeq: 1 ACK.<br>
Content-Length: 0.<br>
<br>
WBR,<br>
LU.<br>
<br></blockquote></div><br>