At 09:30 PM 9/7/2003, Felix Schmid wrote:
I am mainly asking because I am looking for an
answer for the following
phenomenon:
I have SER running on my home network (on the gateway). When I try to
send an IM to my account at
iptel.org using kphone and I use my gateway
SER as an outbound proxy, everything runs smoothly; I get a message back
from
iptel.org that the IM will be delivered to me as soon as I login
the next time (what will not happen until I solved the NAT problem ;)).
Now, when I try the same without using my gateway as an outbound proxy,
I get the beloved message from
iptel.org that it doesn't like my private
Contact address.
I hope that's easy to explain. We deny requests with private-IP addresses
in their contact header field. Such requests can't be followed up by
subsequent requests -- private IP addresses maky subsequent conversation
non-routable. We better deny and tell you it would break rather than
let it break later.
We except cases in which record-route was applied as we assume that
record-routing is used in a smart way to get subsequent requests over
NATs.
But his record-route entrys are broken too. So we should fix our config to
protect us from guys like Felix ;-)
Felix: maybe you should try 'mhomed=yes' in your config to get correct
record-route and via headers in the requests which pass your gateway.
Greetings
Nils