Re: [Serusers] nat test based on rfc1918 address in call-id field

8 Dec 2004

...
    One thing though: For example Grandstream will use
stun to keep nat
 open on
 all but symmetric NAT.  If incoming keepalives (from the SIP
 server) are discarded, the NAT port assignment will time out.  GS
 must be configured with NAT Yes and empty STUN server and it will
 send keepalives to the SIP server.  I'm not sure why this is not
 done automatically when SNAT is detected...  Incoming keepalives would not refresh
the conntrack timer, only an
 outbound packet can. For this reason, we already disable the
 nat-ping in ser. We rely on the UA to send out keepalive. 
 Are you sure? The initial REGISTER is the oubound packet and the nat
 pings are "replies" from the conntrack point of view. The
 corresponding conntrack entry should be in the ESTABLISHED or ASSURED
 state, if the timeouts are low enough (or the nat pings are sent
 often enough, <<30s).

 (see udp_packet() in ip_conntrack_proto_udp.c and ip_conntrack_in() in
 ip_conntrack_core.c) 

Our experience is that for most symmetric NATs the SIP server NAT pings work 
ok, however, we have had problems with LinkSys where inbound pings every 20 
s do not seem to be able to keep the connection open.
g-) 

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

Re: [Serusers] nat test based on rfc1918 address in call-id field