4 Jun
2004
4 Jun
'04
4:20 a.m.
On Jun 3, 2004, at 10:32 PM, XeloQ Communications wrote:
Hello Adrian,
Thanks for your answers. They were very clarifying. I test in my lab
test environment where i do not have any firewalls or other possible
problem initiators.
The ser.cfg example that comes with the source with mediaproxy does
not
allow non nated EP's to register. Is it possible for you to update the
example config file so non nated ep's can also register
Its there in ser.cfg at line 30
and do not use
mediaproxy when traffic is between non nated ep's.
We did not use such configuration yet. If you make it work please let
me know your tested configuration to update the documentation.
NATed -- NATed mediaproxy
Public C -- NATed mediaproxy.
Public C -- Public C no mediaproxy.
Please just hint me in the correct direction.
Here is my current ser.cfg It is not working the way i want like
mentioned above. .
#
# $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $
#
# simple quick-start config script
#
# ----------- global configuration parameters ------------------------
#debug=3 # debug level (cmd line: -dddddddddd)
#fork=yes
#log_stderror=no # (cmd line: -E)
/* Uncomment these lines to enter debugging mode
debug=7
fork=no
log_stderror=yes
*/
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
#port=5060
#children=4
fifo="/tmp/ser_fifo"
# ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database
loadmodule "/usr/local/lib/ser/modules/mysql.so"
loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
loadmodule "/usr/local/lib/ser/modules/textops.so"
loadmodule "/usr/local/lib/ser/modules/domain.so"
loadmodule "/usr/local/lib/ser/modules/mediaproxy.so"
# Uncomment this if you want digest authentication
# mysql.so must be loaded !
#loadmodule "/usr/local/lib/ser/modules/auth.so"
#loadmodule "/usr/local/lib/ser/modules/auth_db.so"
# ----------------- setting module-specific parameters ---------------
# -- usrloc params --
#modparam("usrloc", "db_mode", 0)
#modparam("domain", "db_url",
"sql:ser:heslo@localhost/ser") //now
using
default
# Uncomment this if you want to use SQL database
# for persistent storage and comment the previous line
#modparam("usrloc", "db_mode", 1)
# -- auth params --
# Uncomment if you are using auth module
#
#modparam("auth_db", "calculate_ha1", yes)
#
# If you set "calculate_ha1" parameter to yes (which true in this
config),
# uncomment also the following parameter)
#
#modparam("auth_db", "password_column", "password")
# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)
# ------------------------- request routing logic -------------------
# main routing logic
modparam("mediaproxy", "natping_interval", 60)
route{
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too many hops");
break;
};
if (msg:len >= max_len) {
sl_send_reply("513", "Message too big");
break;
};
if (client_nat_test("3")) {
if (method == "REGISTER" || ! search("^Record-Route:")) {
fix_contact();
force_rport();
};
if (method=="INVITE") {
use_media_proxy();
t_on_reply("1");
};
};
if (method=="REGISTER") {
# Uncomment this if you want to use digest authentication
# if (!www_authorize("200.84.12.12", "subscriber")) {
# www_challenge("200.84.12.12", "0");
# break;
# };
save("location");
break;
};
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
break;
};
if (method == "BYE" || method == "CANCEL") {
end_media_session();
};
if (loose_route()) {
t_relay();
break;
};
if (method == "INVITE") {
record_route();
};
if (!t_relay()) {
sl_reply_error();
};
}
onreply_route[1] {
if (status=~"(183)|2[0-9][0-9]") {
if (client_nat_test("1")) {
fix_contact();
};
use_media_proxy();
};
if (status=~"[3-4]0[0-9]") {
end_media_session();
break;
};
}
On Fri, 2004-06-04 at 00:48, Adrian Georgescu wrote:
Tjapko,
See answers inline.
On Jun 4, 2004, at 12:16 AM, Tjapko ITS Consult@ncy wrote:
Thanks a lot,
Still I am lost. Mediaproxy works fine when Nated Ep's are calling
out
to
PSTN or not NAted Ep's but I can't call to any NATed EP with te
example
ser.cfg that comes with mediaproxy.
The examples from the documentation are used in production platforms.
They do work.
Mediaproxy is trying hard and doesn't give
any error message but in
the
sessions.py and the log I can see that the destination address for
the
NAted
IP (EP) is missing.
It could be that your end points are behind a blocked firewall. You
may
start calls from inside to a public gateway but nobody from outside
could initiate connections to inside.
I read the readme and tried everything possible
but unfortunately
without
the desired result.
Nathelper seems clear on this using the modparam ("registrar",
"natflag",
6).
The set of such flag is not mandatory.
Like the example in the answer from Klaus,
registration from any
nated
ep
will be flagged. Calling to any nated EP will be easy because the
destination address is flagged and saved during registration and the
t_on_reply will check if the flag is set and subsequently force proxy
on the
recorded address. At least this is how I understand it.
Studying the readme for mediaproxy tells that nat_uac_test() has to
be
replaced with client_nat_test() but according the readme the only
difference
between the 2 is that the latter function will NOT check if the SDP
body has
private IP's.
How can I use mediaproxy so that when calling to an NATed EP
mediaproxy will
be able to generate the correct destination address. Does anybody
has a
snippet from a succesfull ser.cfg for me that I can study. The
comment
from
Adrian to replace fixed_nated_contact with fixed_contact I understand
but
not in relation with the setflag mentioned in the same snippet. IMHO
setflag
is a nathelper modparam. There must be something else that I
overlook.
Your location table might contain private IP addresses, did you check?
Make sure you save the rewritten contacts during REGISTER:
if (client_nat_test("3")) {
if (method == "REGISTER" || ! search("^Record-Route:")) {
force_rport();
fix_contact();
};
};
Another issue that I like confirmed is that the
readme states that
the
Nated
EP should have outbound proxy server configured for a symmetric EP
not
an
a-symmetric EP. . Is this true?
To make a long story short...How can call TO a NATed EP with
mediaproxy so
it knows the correct destination address and is it neccesary to
configure
outbound proxy for a symmetric NAted EP's.
Just set the outbound proxy to be the same as the SIP Proxy.
My gateway provider tells me to drop all this and use a STUN server
in
stead. :-(
STUN will not cross your NAT for both signaling and media, it will
just
give the UA the information of how it looks from the outside world.
Try
it anyway as you will gain more experience, chose what's best for your
network setup.
Any comments will be appriciated,
To wrap it up, it could be a problem with the NAT boxes depending
their
firewall policies. Try nathelper/rtpproxy combination for a change. If
that works there is a problem with mediaproxy if it doesn't there is a
problem with your config or your network configuration.
Try narrow it to something simple that works and then grow your
configuration at the same pace with the experience you are building
using SER.
Adrian
Tjapko.
-----Original Message-----
From: serusers-bounces(a)lists.iptel.org
[mailto:serusers-bounces@lists.iptel.org]On
Behalf Of Klaus Darilion
Sent: Martes, 01 de Junio de 2004 07:10 p.m.
To: Adrian Georgescu
Cc: serusers(a)lists.iptel.org
Subject: Re: [Serusers] SER and NAT
oops, sorry. I'ver never used the mediaproxy module.
klaus
Adrian Georgescu wrote:
Function fix_contact() is available within
mediaproxy.so with same
meaning as its nathelper.so counterpart.
Adrian
>
> You have to rewrite the REGISTER message before saving the
locations!
if (nat_uac_test("2")) {
force_rport();
fix_nated_contact(); # from nathelper module
append_hf("P-Behind-NAT: Yes\r\n");
setflag(5); #natflag
.....
.....
save(location); # user with natflag set will be
# pinged to keep NAT binding alive
regards,
klaus
Tjapko ITS Consult at ncy wrote:
> / Hello List,
/>/
/>/ In my fierce battle to overcome the NAT problem I have now
running
SER and
/>/ Mediaproxy without any problem. Whenever any Nated EP like to
call
to PSTN
/>/ or a non nated EP the call goes ok. Whenever I try to call from
a
non nated
/>/ EP to a NATed EP the call does not go through.
/>/
/>/ It seems like that the destination address is not known by
mediaproxy so it
/>/ can't forward the call to the correct EP.
/>/
/>/ My question is whether this problem might be caused by my
ser.cfg
or
that
/>/ this is typical SIP behaviour.
/>/
/>/ In other words is it possible to call to any EP that is behind
Symmetric
/>/ NAT.
/
--------------------------------------------------------------------
--
--
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.693 / Virus Database: 454 - Release Date: 31/05/2004
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.698 / Virus Database: 455 - Release Date: 02/06/2004