Yes, that's an issue. The client will never reeive the error message
(and the challenge).
I use
if (client_nat_test("3")) {
force_rport(); ...
for every incoming request in the beginning of further processing to
avoid this.
regards
klaus
Andreas Granig wrote:
Hi,
While experimenting with the example config nat-mediaproxy.5.0.cfg of
onsip.org's GettingStarted document I discovered a problem with NAT
handling. Don't blame me if I'm completely wrong, but here is what
happens and how it is solved:
I've two phones behind the same NAT (address of phone A is a:5060 and
that of phone B is b:5060, the NAT device has ip c) contacting a SER
with a public IP.
If A makes a call, it's NATed to c:5060, SER responds with 407 to
c:5060, and it's correctly forwarded to a:5060.
If B makes a call, it's NATed to c:1025, but SER responds to c:5060 too,
so B never gets the reply.
The original config looks like this:
181 # ----------------------------------------------------------
182 # INVITE Message Handler
183 # ----------------------------------------------------------
184
185 if (!proxy_authorize("","subscriber")) {
186 proxy_challenge("","0");
187 break;
188 } else if (!check_from()) {
189 sl_send_reply("403", "Use From=ID");
190 break;
191 };
192
193 consume_credentials();
194
195 if (client_nat_test("3")) {
196 setflag(7);
197 force_rport();
198 fix_nated_contact();
199 };
So the autorization is done before NAT is handled, and I think this is
the problem. Because if I move the lines 195-199 before 185, everything
works as expected.
Could anyone please be so kind and check that?
Andy
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers