Hi!
-----Original Message----- From: Martin Anderberg [mailto:martin@namnupplysaren.net] Sent: Thursday, December 04, 2003 5:26 PM To: serusers@lists.iptel.org Subject: [Serusers] symmetric nat/ broadband routers
Howdy!
I'm having some trouble with the nathelper module and certain types of broadband routers (ie d-link 604 & d-link 624). I'll try to explain the situation below and hope that someone is willing to help me out, because i'm stuck.
In short, the setup is a ata-186 box (which is symmetric) behind a d-link 604 (which isn't symmetric at all times).
The nathelper module included in the distribution (both 0.8.11 and 0.8.12) has a function called fix_nated_contact(). fix_nated_contact() rewrites the contact-header with the source-ip & source-port of the packet.
However, in some cases (ie non-symmetric d-link router between the ata-box and the internet) this is a problem since the d-link router sometimes rewrites the source-port which is then used as a location in ser. When the session has timed out on the d-link (doesn't really seem to help with the natping) the location-information in ser is no longer valid.
Is there any reason why the nathelper rewrites the port in the contact-header? If the client is symmetric the source-port and the port in the contact-header shouldn't differ anyway? I trust there is a reason, i just dont see it ;)
Yes, the ports at the client are identical, but the NAT router uses other ports at the public interface, e.g. if the client behind the NAT uses port 5060 for SIP (send&receive), the NATs publice interface may user for example port 50000. Therefore, the client listen on port 5060, but the packets have to be sent to port 50000 of the public IP address and then the NAT router rewrites the port back to 5060. Hence, the nathelper modules rewrites the IP address and the port in the contact header before saving them in the location database.
If the session in the NAT router times out although using natping, thats a pit. Maybe it helps to ping the proxy from the client, e.g. the budgetone phones support keep alive pinging.
Klaus
On a side-note, when glancing at nathelper.c it looks as if the int len is calculated with the original values of the header, then filled through snprintf with values which are not 100% positively the same length (msg->rcv.src_port). Isn't it for example possible that the port in the header is 5060 but the source_port is 22444 (which is one character longer than the length of len is calculated to).
I hope someone can shed some light over the matter.
/Martin
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers