3 Jun
2004
3 Jun
'04
4:32 p.m.
Hello Adrian,
Thanks for your answers. They were very clarifying. I test in my lab
test environment where i do not have any firewalls or other possible
problem initiators.
The ser.cfg example that comes with the source with mediaproxy does not
allow non nated EP's to register. Is it possible for you to update the
example config file so non nated ep's can also register and do not use
mediaproxy when traffic is between non nated ep's.
NATed -- NATed mediaproxy
Public C -- NATed mediaproxy.
Public C -- Public C no mediaproxy.
Please just hint me in the correct direction.
Here is my current ser.cfg It is not working the way i want like
mentioned above. .
#
# $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $
#
# simple quick-start config script
#
# ----------- global configuration parameters ------------------------
#debug=3 # debug level (cmd line: -dddddddddd)
#fork=yes
#log_stderror=no # (cmd line: -E)
/* Uncomment these lines to enter debugging mode
debug=7
fork=no
log_stderror=yes
*/
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
#port=5060
#children=4
fifo="/tmp/ser_fifo"
# ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database
loadmodule "/usr/local/lib/ser/modules/mysql.so"
loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
loadmodule "/usr/local/lib/ser/modules/textops.so"
loadmodule "/usr/local/lib/ser/modules/domain.so"
loadmodule "/usr/local/lib/ser/modules/mediaproxy.so"
# Uncomment this if you want digest authentication
# mysql.so must be loaded !
#loadmodule "/usr/local/lib/ser/modules/auth.so"
#loadmodule "/usr/local/lib/ser/modules/auth_db.so"
# ----------------- setting module-specific parameters ---------------
# -- usrloc params --
#modparam("usrloc", "db_mode", 0)
#modparam("domain", "db_url", "sql:ser:heslo@localhost/ser")
//now using
default
# Uncomment this if you want to use SQL database
# for persistent storage and comment the previous line
#modparam("usrloc", "db_mode", 1)
# -- auth params --
# Uncomment if you are using auth module
#
#modparam("auth_db", "calculate_ha1", yes)
#
# If you set "calculate_ha1" parameter to yes (which true in this
config),
# uncomment also the following parameter)
#
#modparam("auth_db", "password_column", "password")
# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)
# ------------------------- request routing logic -------------------
# main routing logic
modparam("mediaproxy", "natping_interval", 60)
route{
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too many hops");
break;
};
if (msg:len >= max_len) {
sl_send_reply("513", "Message too big");
break;
};
if (client_nat_test("3")) {
if (method == "REGISTER" || ! search("^Record-Route:")) {
fix_contact();
force_rport();
};
if (method=="INVITE") {
use_media_proxy();
t_on_reply("1");
};
};
if (method=="REGISTER") {
# Uncomment this if you want to use digest authentication
# if (!www_authorize("200.84.12.12", "subscriber")) {
# www_challenge("200.84.12.12", "0");
# break;
# };
save("location");
break;
};
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
break;
};
if (method == "BYE" || method == "CANCEL") {
end_media_session();
};
if (loose_route()) {
t_relay();
break;
};
if (method == "INVITE") {
record_route();
};
if (!t_relay()) {
sl_reply_error();
};
}
onreply_route[1] {
if (status=~"(183)|2[0-9][0-9]") {
if (client_nat_test("1")) {
fix_contact();
};
use_media_proxy();
};
if (status=~"[3-4]0[0-9]") {
end_media_session();
break;
};
}
On Fri, 2004-06-04 at 00:48, Adrian Georgescu wrote:
Tjapko,
See answers inline.
On Jun 4, 2004, at 12:16 AM, Tjapko ITS Consult@ncy wrote:
Thanks a lot,
Still I am lost. Mediaproxy works fine when Nated Ep's are calling out
to
PSTN or not NAted Ep's but I can't call to any NATed EP with te example
ser.cfg that comes with mediaproxy.
The examples from the documentation are used in production platforms.
They do work.
Mediaproxy is trying hard and doesn't give
any error message but in the
sessions.py and the log I can see that the destination address for the
NAted
IP (EP) is missing.
It could be that your end points are behind a blocked firewall. You may
start calls from inside to a public gateway but nobody from outside
could initiate connections to inside.
I read the readme and tried everything possible
but unfortunately
without
the desired result.
Nathelper seems clear on this using the modparam ("registrar",
"natflag",
6).
The set of such flag is not mandatory.
Like the example in the answer from Klaus,
registration from any nated
ep
will be flagged. Calling to any nated EP will be easy because the
destination address is flagged and saved during registration and the
t_on_reply will check if the flag is set and subsequently force proxy
on the
recorded address. At least this is how I understand it.
Studying the readme for mediaproxy tells that nat_uac_test() has to be
replaced with client_nat_test() but according the readme the only
difference
between the 2 is that the latter function will NOT check if the SDP
body has
private IP's.
How can I use mediaproxy so that when calling to an NATed EP
mediaproxy will
be able to generate the correct destination address. Does anybody has a
snippet from a succesfull ser.cfg for me that I can study. The comment
from
Adrian to replace fixed_nated_contact with fixed_contact I understand
but
not in relation with the setflag mentioned in the same snippet. IMHO
setflag
is a nathelper modparam. There must be something else that I overlook.
Your location table might contain private IP addresses, did you check?
Make sure you save the rewritten contacts during REGISTER:
if (client_nat_test("3")) {
if (method == "REGISTER" || ! search("^Record-Route:")) {
force_rport();
fix_contact();
};
};
Another issue that I like confirmed is that the
readme states that the
Nated
EP should have outbound proxy server configured for a symmetric EP not
an
a-symmetric EP. . Is this true?
To make a long story short...How can call TO a NATed EP with
mediaproxy so
it knows the correct destination address and is it neccesary to
configure
outbound proxy for a symmetric NAted EP's.
Just set the outbound proxy to be the same as the SIP Proxy.
My gateway provider tells me to drop all this and use a STUN server in
stead. :-(
STUN will not cross your NAT for both signaling and media, it will just
give the UA the information of how it looks from the outside world. Try
it anyway as you will gain more experience, chose what's best for your
network setup.
Any comments will be appriciated,
To wrap it up, it could be a problem with the NAT boxes depending their
firewall policies. Try nathelper/rtpproxy combination for a change. If
that works there is a problem with mediaproxy if it doesn't there is a
problem with your config or your network configuration.
Try narrow it to something simple that works and then grow your
configuration at the same pace with the experience you are building
using SER.
Adrian
Tjapko.
-----Original Message-----
From: serusers-bounces(a)iptel.org [mailto:serusers-bounces@lists.iptel.org]On
Behalf Of Klaus Darilion
Sent: Martes, 01 de Junio de 2004 07:10 p.m.
To: Adrian Georgescu
Cc: serusers(a)lists.iptel.org
Subject: Re: [Serusers] SER and NAT
oops, sorry. I'ver never used the mediaproxy module.
klaus
Adrian Georgescu wrote:
Function fix_contact() is available within
mediaproxy.so with same
meaning as its nathelper.so counterpart.
Adrian
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.693 / Virus Database: 454 - Release Date: 31/05/2004
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.698 / Virus Database: 455 - Release Date: 02/06/2004
You have to rewrite the REGISTER message before saving the
locations!
if (nat_uac_test("2")) {
force_rport();
fix_nated_contact(); # from nathelper module
append_hf("P-Behind-NAT: Yes\r\n");
setflag(5); #natflag
.....
.....
save(location); # user with natflag set will be
# pinged to keep NAT binding alive
regards,
klaus
Tjapko ITS Consult at ncy wrote:
/ Hello List,
/>/
/>/ In my fierce battle to overcome the NAT problem I have now running
SER and
/>/ Mediaproxy without any problem. Whenever any Nated EP like to call
to PSTN
/>/ or a non nated EP the call goes ok. Whenever I try to call from a
non nated
/>/ EP to a NATed EP the call does not go through.
/>/
/>/ It seems like that the destination address is not known by
mediaproxy so it
/>/ can't forward the call to the correct EP.
/>/
/>/ My question is whether this problem might be caused by my ser.cfg
or
that
/>/ this is typical SIP behaviour.
/>/
/>/ In other words is it possible to call to any EP that is behind
Symmetric
/>/ NAT.
/
----------------------------------------------------------------------
--
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers