[Serusers] Problem with ATA186 and NAT (Linksys).

SER version Sip EXpress router (0.8.12 (i386/linux)) Below is my ser.cfg file (IP addresses changed, of course). My situation is pretty simple: ATA186 --A-- Linksys router --B-- Cable modem --C-- SER ATA sends out invite with 5060 as src and dest. (verified through ethereal on lan segment A) Linksys translates the 5060 to 15060 (verified at Lan segment C with tethereal) SER tries to respond with "Authorization required", but is sending the respond to 5060 instead of 10560. Linksys receives the packet to 5060, but isn't expecting it so it goes nowhere. What the heck am I doing wrong? FYI, This config produces the following entries in /var/log/messages: Jun 4 16:38:03 VShost1 /usr/sbin/ser[4208]: Checking for ATA Jun 4 16:38:03 VShost1 /usr/sbin/ser[4208]: Cisco user agent detected - fix contact Jun 4 16:38:03 VShost1 /usr/sbin/ser[4208]: Cisco user agent detected - fix sdp Jun 4 16:38:03 VShost1 /usr/sbin/ser[4208]: ERROR: extract_mediaip: no `c=' in SDP Jun 4 16:38:03 VShost1 /usr/sbin/ser[4214]: Checking for ATA Jun 4 16:38:03 VShost1 /usr/sbin/ser[4214]: Cisco user agent detected - fix contact Jun 4 16:38:03 VShost1 /usr/sbin/ser[4214]: Cisco user agent detected - fix sdp Jun 4 16:38:03 VShost1 /usr/sbin/ser[4214]: ERROR: extract_mediaip: no `c=' in SDP Jun 4 16:38:04 VShost1 /usr/sbin/ser[4208]: Checking for ATA Jun 4 16:38:04 VShost1 /usr/sbin/ser[4208]: Cisco user agent detected - fix contact Jun 4 16:38:04 VShost1 /usr/sbin/ser[4208]: Cisco user agent detected - fix sdp Jun 4 16:38:04 VShost1 /usr/sbin/ser[4208]: ERROR: extract_mediaip: no `c=' in SDP Jun 4 16:38:06 VShost1 /usr/sbin/ser[4214]: Checking for ATA Jun 4 16:38:06 VShost1 /usr/sbin/ser[4214]: Cisco user agent detected - fix contact Jun 4 16:38:06 VShost1 /usr/sbin/ser[4214]: Cisco user agent detected - fix sdp Jun 4 16:38:06 VShost1 /usr/sbin/ser[4214]: ERROR: extract_mediaip: no `c=' in SDP Tom #debug=3 # debug level (cmd line: -dddddddddd) #fork=yes #log_stderror=no # (cmd line: -E) /* Uncomment these lines to enter debugging mode debug=7 fork=no log_stderror=yes */ debug=3 check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) #port=5060 children=4 sip_warning=no # FIFO fifo="/tmp/ser_fifo" # ------------------ module loading ---------------------------------- # Uncomment this if you want to use SQL database loadmodule "/usr/lib/ser/modules/mysql.so" loadmodule "/usr/lib/ser/modules/sl.so" loadmodule "/usr/lib/ser/modules/tm.so" loadmodule "/usr/lib/ser/modules/rr.so" loadmodule "/usr/lib/ser/modules/maxfwd.so" loadmodule "/usr/lib/ser/modules/usrloc.so" loadmodule "/usr/lib/ser/modules/registrar.so" loadmodule "/usr/lib/ser/modules/acc.so" # NAT Helper loadmodule "/usr/lib/ser/modules/nathelper.so" # Module that allows search loadmodule "/usr/lib/ser/modules/textops.so" # Uncomment this if you want digest authentication # mysql.so must be loaded ! loadmodule "/usr/lib/ser/modules/auth.so" loadmodule "/usr/lib/ser/modules/auth_db.so" # ----------------- setting module-specific parameters --------------- # -- usrloc params -- #modparam("usrloc", "db_mode", 0) # Uncomment this if you want to use SQL database # for persistent storage and comment the previous line modparam("usrloc", "db_mode", 2) # Access to the DB -- leave default for now #modparam("auth_db","db_url","sql://ser:MySQLPW@DomainBLA-BLA/ser") # -- auth params -- # Uncomment if you are using auth module # modparam("auth_db", "calculate_ha1", yes) # # If you set "calculate_ha1" parameter to yes (which true in this config), # uncomment also the following parameter) # modparam("auth_db", "password_column", "password") # # Accounting # modparam("acc","log_level",1) modparam("acc","log_flag",1) #modparam("acc","db_flag",1) #modparam("acc","failed_transactions",1) # -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1) # NAT pinging modparam("nathelper","natping_interval",60) # ------------------------- request routing logic ------------------- # main routing logic route{ # initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); break; }; if ( msg:len > max_len ) { sl_send_reply("513", "Message too big"); break; }; # we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol record_route(); # loose-route processing if (loose_route()) { t_relay(); break; }; # if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) log(1,"Checking for ATA\n"); # Do NAT fixing if (search("ATA")) { log(1,"Cisco user agent detected - fix contact\n"); fix_nated_contact(); if (method=="INVITE") { log(1,"Cisco user agent detected - fix sdp\n"); fix_nated_sdp("3"); }; }; if (uri==myself) { if (method=="REGISTER") { # Uncomment this if you want to use digest authentication if (!www_authorize("111.111.111.13", "subscriber")) { www_challenge("111.111.111.13", "0"); break; }; save("location"); break; }; }; # PSTN vs SIP traffic #Find canonical username lookup("aliases"); #PSTN #if ( (uri=~"^sip:911@.*") | (uri=~"^sip:9911@.*") | (uri=~"^sip:[0-9][0-8].*@.*")) { if ( (uri=~"^sip:911@.*") | (uri=~"^sip:9911@.*") ) { route(3); break; }; #off-line or non-existent users if (!lookup("location")) { route(4); }; # Relay to SIP destination setflag(1); if (!t_relay()) { sl_reply_error(); break; }; } # ------------- process traffic leaving Internet for PSTN route[3] { # all calls through the gateway must be record routed to assure # acl acceptance on the gateway -- this is already done in initial routing # record_route(); #Authenticate call if (!proxy_authorize("111.111.111.13","subscriber")) { proxy_challenge("111.111.111.13","0"); break; }; rewritehostport("111.111.111.11:5060"); setflag(1); if (!t_relay()) { sl_reply_error(); break; }; } #-----------Process calls for users offline route[4] { if (!t_newtran()) { sl_reply_error(); }; if (!t_reply("404","Not Found")) { sl_reply_error(); }; break; }