Hello Adrian,
Thanks for your answers. They were very clarifying. I test in my lab test environment where i do not have any firewalls or other possible problem initiators.
The ser.cfg example that comes with the source with mediaproxy does not allow non nated EP's to register. Is it possible for you to update the example config file so non nated ep's can also register and do not use mediaproxy when traffic is between non nated ep's.
NATed -- NATed mediaproxy Public C -- NATed mediaproxy. Public C -- Public C no mediaproxy.
Please just hint me in the correct direction.
Here is my current ser.cfg It is not working the way i want like mentioned above. .
# # $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $ # # simple quick-start config script #
# ----------- global configuration parameters ------------------------
#debug=3 # debug level (cmd line: -dddddddddd) #fork=yes #log_stderror=no # (cmd line: -E)
/* Uncomment these lines to enter debugging mode debug=7 fork=no log_stderror=yes */
check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) #port=5060 #children=4 fifo="/tmp/ser_fifo"
# ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database loadmodule "/usr/local/lib/ser/modules/mysql.so"
loadmodule "/usr/local/lib/ser/modules/sl.so" loadmodule "/usr/local/lib/ser/modules/tm.so" loadmodule "/usr/local/lib/ser/modules/rr.so" loadmodule "/usr/local/lib/ser/modules/maxfwd.so" loadmodule "/usr/local/lib/ser/modules/usrloc.so" loadmodule "/usr/local/lib/ser/modules/registrar.so" loadmodule "/usr/local/lib/ser/modules/textops.so" loadmodule "/usr/local/lib/ser/modules/domain.so" loadmodule "/usr/local/lib/ser/modules/mediaproxy.so"
# Uncomment this if you want digest authentication # mysql.so must be loaded ! #loadmodule "/usr/local/lib/ser/modules/auth.so" #loadmodule "/usr/local/lib/ser/modules/auth_db.so"
# ----------------- setting module-specific parameters ---------------
# -- usrloc params --
#modparam("usrloc", "db_mode", 0)
#modparam("domain", "db_url", "sql:ser:heslo@localhost/ser") //now using default
# Uncomment this if you want to use SQL database # for persistent storage and comment the previous line #modparam("usrloc", "db_mode", 1)
# -- auth params -- # Uncomment if you are using auth module # #modparam("auth_db", "calculate_ha1", yes) # # If you set "calculate_ha1" parameter to yes (which true in this config), # uncomment also the following parameter) # #modparam("auth_db", "password_column", "password")
# -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1)
# ------------------------- request routing logic -------------------
# main routing logic
modparam("mediaproxy", "natping_interval", 60)
route{ if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too many hops"); break; };
if (msg:len >= max_len) { sl_send_reply("513", "Message too big"); break; };
if (client_nat_test("3")) { if (method == "REGISTER" || ! search("^Record-Route:")) { fix_contact(); force_rport(); };
if (method=="INVITE") { use_media_proxy(); t_on_reply("1"); }; };
if (method=="REGISTER") {
# Uncomment this if you want to use digest authentication # if (!www_authorize("200.84.12.12", "subscriber")) { # www_challenge("200.84.12.12", "0"); # break; # };
save("location"); break; };
# native SIP destinations are handled using our USRLOC DB if (!lookup("location")) { sl_send_reply("404", "Not Found"); break; };
if (method == "BYE" || method == "CANCEL") { end_media_session(); };
if (loose_route()) { t_relay(); break; };
if (method == "INVITE") { record_route(); };
if (!t_relay()) { sl_reply_error(); }; }
onreply_route[1] {
if (status=~"(183)|2[0-9][0-9]") { if (client_nat_test("1")) { fix_contact(); }; use_media_proxy(); };
if (status=~"[3-4]0[0-9]") { end_media_session(); break; }; }
On Fri, 2004-06-04 at 00:48, Adrian Georgescu wrote:
Tjapko,
See answers inline.
On Jun 4, 2004, at 12:16 AM, Tjapko ITS Consult@ncy wrote:
Thanks a lot,
Still I am lost. Mediaproxy works fine when Nated Ep's are calling out to PSTN or not NAted Ep's but I can't call to any NATed EP with te example ser.cfg that comes with mediaproxy.
The examples from the documentation are used in production platforms. They do work.
Mediaproxy is trying hard and doesn't give any error message but in the sessions.py and the log I can see that the destination address for the NAted IP (EP) is missing.
It could be that your end points are behind a blocked firewall. You may start calls from inside to a public gateway but nobody from outside could initiate connections to inside.
I read the readme and tried everything possible but unfortunately without the desired result.
Nathelper seems clear on this using the modparam ("registrar", "natflag", 6).
The set of such flag is not mandatory.
Like the example in the answer from Klaus, registration from any nated ep will be flagged. Calling to any nated EP will be easy because the destination address is flagged and saved during registration and the t_on_reply will check if the flag is set and subsequently force proxy on the recorded address. At least this is how I understand it.
Studying the readme for mediaproxy tells that nat_uac_test() has to be replaced with client_nat_test() but according the readme the only difference between the 2 is that the latter function will NOT check if the SDP body has private IP's.
How can I use mediaproxy so that when calling to an NATed EP mediaproxy will be able to generate the correct destination address. Does anybody has a snippet from a succesfull ser.cfg for me that I can study. The comment from Adrian to replace fixed_nated_contact with fixed_contact I understand but not in relation with the setflag mentioned in the same snippet. IMHO setflag is a nathelper modparam. There must be something else that I overlook.
Your location table might contain private IP addresses, did you check? Make sure you save the rewritten contacts during REGISTER:
if (client_nat_test("3")) { if (method == "REGISTER" || ! search("^Record-Route:")) { force_rport(); fix_contact(); }; };Another issue that I like confirmed is that the readme states that the Nated EP should have outbound proxy server configured for a symmetric EP not an a-symmetric EP. . Is this true?
To make a long story short...How can call TO a NATed EP with mediaproxy so it knows the correct destination address and is it neccesary to configure outbound proxy for a symmetric NAted EP's.
Just set the outbound proxy to be the same as the SIP Proxy.
My gateway provider tells me to drop all this and use a STUN server in stead. :-(
STUN will not cross your NAT for both signaling and media, it will just give the UA the information of how it looks from the outside world. Try it anyway as you will gain more experience, chose what's best for your network setup.
Any comments will be appriciated,
To wrap it up, it could be a problem with the NAT boxes depending their firewall policies. Try nathelper/rtpproxy combination for a change. If that works there is a problem with mediaproxy if it doesn't there is a problem with your config or your network configuration.
Try narrow it to something simple that works and then grow your configuration at the same pace with the experience you are building using SER.
Adrian
Tjapko.
-----Original Message----- From: serusers-bounces@iptel.org [mailto:serusers-bounces@lists.iptel.org]On Behalf Of Klaus Darilion Sent: Martes, 01 de Junio de 2004 07:10 p.m. To: Adrian Georgescu Cc: serusers@lists.iptel.org Subject: Re: [Serusers] SER and NAT
oops, sorry. I'ver never used the mediaproxy module.
klaus
Adrian Georgescu wrote:
Function fix_contact() is available within mediaproxy.so with same meaning as its nathelper.so counterpart.
Adrian
You have to rewrite the REGISTER message before saving the
locations!
if (nat_uac_test("2")) { force_rport(); fix_nated_contact(); # from nathelper module append_hf("P-Behind-NAT: Yes\r\n"); setflag(5); #natflag ..... ..... save(location); # user with natflag set will be # pinged to keep NAT binding alive
regards, klaus Tjapko ITS Consult at ncy wrote:
/ Hello List,
/>/ />/ In my fierce battle to overcome the NAT problem I have now running SER and />/ Mediaproxy without any problem. Whenever any Nated EP like to call to PSTN />/ or a non nated EP the call goes ok. Whenever I try to call from a non nated />/ EP to a NATed EP the call does not go through. />/ />/ It seems like that the destination address is not known by mediaproxy so it />/ can't forward the call to the correct EP. />/ />/ My question is whether this problem might be caused by my ser.cfg or that />/ this is typical SIP behaviour. />/ />/ In other words is it possible to call to any EP that is behind Symmetric />/ NAT.
/
--
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.693 / Virus Database: 454 - Release Date: 31/05/2004
Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.698 / Virus Database: 455 - Release Date: 02/06/2004