hi all,
i've been banging on this for a while now, and still can't figure out
things properly. here's my scenario:
1. SER behind NAT
2. Clients behind NAT
3. Full control of firewall in front of SER so i can open up whatever
ports necessary
4. No control for client firewalls
I've tried various ser.cfg gleaned from the mailing list, but no luck
-- calls can connect but no audio passes through. Right now i'm using
the nathelper and mangle modules to no effect.
I'm at my wit's end, hoping someone can help out, i've included my
ser.cfg below.
thousands of thanks in advance.
flynn
-----------------------------------------
# ----------- global configuration parameters ------------------------
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
port=5060
children=4
fifo="/tmp/ser_fifo"
listen=192.168.1.130
# ------------------ module loading ----------------------------------
loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
loadmodule "/usr/local/lib/ser/modules/textops.so"
# !! NAT stuff
loadmodule "/usr/local/lib/ser/modules/nathelper.so"
loadmodule "/usr/local/lib/ser/modules/mangler.so"
# ----------------- setting module-specific parameters ---------------
# -- usrloc params --
modparam("usrloc", "db_mode", 0)
modparam("rr", "enable_full_lr", 1)
# !! NAT STUFF
modparam("registrar", "nat_flag", 6)
modparam("nathelper", "natping_interval", 30)
modparam("nathelper", "ping_nated_only", 1)
modparam("mangler","contact_flds_separator","*")
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
break;
};
if (msg:len >= max_len ) {
sl_send_reply("513", "Message too big");
break;
};
if (uri=~"MY-DOMAIN.COM") {
if (nat_uac_test("3")) {
sdp_mangle_ip("0.0.0.0/0",
"XXX.XXX.XXX.XXX");
if (method == "REGISTER" || !
search("^Record-Route:")) {
fix_nated_contact(); # Rewrite contact
with source IP of signalling
if (method == "INVITE") {
fix_nated_sdp("3");
};
force_rport(); # Add rport parameter to topmost Via
setflag(6); # Mark as NATed
};
};
if (method=="REGISTER") {
save("location");
break;
};
if (!method=="REGISTER") {
if (search("Contact: .*(a)(10\.|111\.)")) {
encode_contact("enc_prefix","XXX.XXX.XXX.XXX");
};
#if ser is behind a NAT and NAT box has port forwarding
#on port 5060 set to our ser private address ...
record_route_preset("XXX.XXX.XXX.XXX:5060");
};
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
break;
};
route(1);
}
}
route[1]
{
# !! Nathelper
if (uri=~"[@:](192\.168\.|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.)"
&& search("^Route:")) {
sl_send_reply("479", "We don't forward to private IP
addresses");
break;
};
# if client or server know to be behind a NAT, enable relay
if (isflagset(6)) {
force_rtp_proxy();
};
# NAT processing of replies;
t_on_reply("1");
# send it out now; use stateful forwarding as it works reliably
# even for UDP2TCP
if (!t_relay()) {
sl_reply_error();
};
}
# !! Nathelper
onreply_route[1] {
# NATed transaction ?
if (isflagset(6) && status =~ "(183)|2[0-9][0-9]") {
fix_nated_contact();
force_rtp_proxy();
}
# otherwise, is it a transaction behind a NAT and we did not
# know at time of request processing ? (RFC1918 contacts)
else {
fix_nated_contact();
};
}