[Serusers] Review ser.cfg - SER NAT RTPProxy PSTN Gateway

Hello, I have a question regarding my ser.cfg. First let me explain our situation. I have a SER server (actually openser) behind a NAT firewall (Cisco PIX, which is doing SIP ALG). The SER server has ip address 10.254.254.1 which is translated by de NAT Firewall to a public IP address. Behind the SER we have a connect with a telco who provides us a SIP PSTN gateway. It's IP address is 10.166.38.108 (so, also private). Remote clients connect to our SER via the public IP address of the SER. For this to work, I use RTPProxy for all sessions. So I do NO client_nat tests or whatsoever. Most of the time, all calls go well. However sometimes when a UAC retransmits INVITE requests, the retransmitted responses display the wrong proxy-address (for RTPProxy). For example, when the UAC does 4 INVITE request (so 1 request, and 3 retransmissions), 3 of the responses have SDP with 10.254.254.1 in their body. The last one doesn't change the SDP address, but has 10.166.38.108 in its body. What could be causing this? Clients obviously don't get audio in their conversation. Next, since I wrote the ser.cfg by my own, it would be nice if some of you could review my ser.cfg and, if needed, give me some suggestions etc. Thank you all very much in advance, My ser.cfg: ######################################################################## ###################################### debug=3 fork=yes log_stderror=no #debug=4 #fork=no #log_stderror=yes listen=10.254.254.1 port=5060 children=4 dns=no rev_dns=no fifo="/tmp/openser_fifo" fifo_db_url="mysql://XXX:XXX@localhost/ser" fifo_mode=0666 loadmodule "/usr/local/lib/openser/modules/mysql.so" loadmodule "/usr/local/lib/openser/modules/sl.so" loadmodule "/usr/local/lib/openser/modules/tm.so" loadmodule "/usr/local/lib/openser/modules/rr.so" loadmodule "/usr/local/lib/openser/modules/maxfwd.so" loadmodule "/usr/local/lib/openser/modules/usrloc.so" loadmodule "/usr/local/lib/openser/modules/registrar.so" loadmodule "/usr/local/lib/openser/modules/auth.so" loadmodule "/usr/local/lib/openser/modules/auth_db.so" loadmodule "/usr/local/lib/openser/modules/uri.so" loadmodule "/usr/local/lib/openser/modules/uri_db.so" loadmodule "/usr/local/lib/openser/modules/mediaproxy.so" loadmodule "/usr/local/lib/openser/modules/nathelper.so" loadmodule "/usr/local/lib/openser/modules/textops.so" loadmodule "/usr/local/lib/openser/modules/domain.so" loadmodule "/usr/local/lib/openser/modules/permissions.so" loadmodule "/usr/local/lib/openser/modules/acc.so" loadmodule "/usr/local/lib/openser/modules/xlog.so" loadmodule "/usr/local/lib/openser/modules/exec.so" loadmodule "/usr/local/lib/openser/modules/group.so" modparam("auth_db|permissions|uri_db|usrloc|acc|domain|group", "db_url", "mysql://XXX:XXX@localhost/ser") modparam("auth_db", "calculate_ha1", 1) modparam("auth_db", "password_column", "password") modparam("nathelper", "natping_interval", 30) modparam("nathelper", "ping_nated_only", 1) modparam("nathelper", "rtpproxy_sock", "/var/run/rtpproxy.sock") modparam("usrloc", "db_mode", 2) modparam("registrar", "nat_flag", 6) modparam("rr", "enable_full_lr", 1) modparam("rr", "append_fromtag", 1) modparam("tm", "fr_inv_timer", 27) modparam("tm", "fr_inv_timer_avp", "inv_timeout") modparam("permissions", "db_mode", 1) modparam("permissions", "trusted_table", "trusted") modparam("acc", "log_level", 1) modparam("acc", "log_flag", 1) modparam("acc", "db_flag", 1) route { # ----------------------------------------------------------------- # Sanity Check Section # ----------------------------------------------------------------- if (search("User-Agent: Grandstream")) { replace("UPDATE,", ""); } if (search("Server: Cisco ATA.*")) { replace(", UPDATE", ""); } if (search("User-Agent: Cisco ATA.*")) { replace(", UPDATE", ""); } if (!mf_process_maxfwd_header("10")) { sl_send_reply("483", "Too Many Hops"); exit; }; if (msg:len > max_len) { sl_send_reply("513", "Message Overflow"); exit; }; # ----------------------------------------------------------------- # Record Route Section # ----------------------------------------------------------------- if (method!="REGISTER") { record_route(); }; # ----------------------------------------------------------------- # Call Tear Down Section # ----------------------------------------------------------------- if (method=="BYE" || method=="CANCEL") { unforce_rtp_proxy(); }; # ----------------------------------------------------------------- # Loose Route Section # ----------------------------------------------------------------- if (loose_route()) { if (has_totag() && (method=="INVITE" || method=="ACK")) { setflag(6); force_rport(); fix_nated_contact(); force_rtp_proxy(); }; route(1); exit; }; # ----------------------------------------------------------------- # Call Type Processing Section # ----------------------------------------------------------------- if (!is_uri_host_local()) { if (is_from_local() || src_ip=="10.166.38.108") { route(4); route(1); } else { sl_send_reply("403", "Forbidden"); }; exit; }; if (method=="CANCEL") { route(1); exit; } else if (method=="INVITE") { route(3); exit; } else if (method=="REGISTER") { route(2); exit; } else if (method=="ACK") { # Added 28-3-06: I won't send a reply for ACK! route(1); exit; }; lookup("aliases"); if (uri!=myself) { route(4); route(1); exit; }; if (!lookup("location")) { sl_send_reply("404", "User Not Found"); exit; }; route(1); } route[1] { # ----------------------------------------------------------------- # Default Message Handler # ----------------------------------------------------------------- t_on_reply("1"); setflag(1); if (!t_relay()) { if (method=="INVITE" || method=="ACK") { unforce_rtp_proxy(); }; sl_reply_error(); }; } route[2] { # ----------------------------------------------------------------- # REGISTER Message Handler # ----------------------------------------------------------------- sl_send_reply("100", "Trying"); if (!search("^Contact:[ ]*\*")) { setflag(6); fix_nated_register(); force_rport(); }; if (!www_authorize("","subscriber")) { www_challenge("","0"); return; }; if (!check_to()) { sl_send_reply("401", "Unauthorized"); return; }; consume_credentials(); if (!save("location")) { sl_reply_error(); }; } route[3] { # ----------------------------------------------------------------- # INVITE Message Handler # ----------------------------------------------------------------- if (!src_ip=="10.166.38.108") { if (!proxy_authorize("","subscriber")) { proxy_challenge("","0"); return; }; consume_credentials(); }; setflag(6); lookup("aliases"); if (uri!=myself) { route(4); route(1); return; }; if (!lookup("location")) { if (uri=~"^sip:0[0-9]*@") { # PSTN route(5); return; }; sl_send_reply("404", "User Not Found"); return; }; route(4); route(1); } route[4] { # ----------------------------------------------------------------- # NAT Traversal Section # ----------------------------------------------------------------- if (isflagset(6)) { force_rport(); fix_nated_contact(); force_rtp_proxy(); }; } route[5] { # ----------------------------------------------------------------- # PSTN Handler # ----------------------------------------------------------------- rewritehost("10.166.38.108"); # INSERT YOUR PSTN GATEWAY IP ADDRESS avp_write("i:45", "inv_timeout"); route(4); route(1); } onreply_route[1] { if (search("Server: Cisco ATA.*")) { replace(", UPDATE", ""); } if (search("User-Agent: Grandstream")) { replace("UPDATE,", ""); } if (isflagset(6) && (status=~"180|183|2[0-9][0-9]")) { if (search("application/sdp")) { force_rtp_proxy(); }; }; fix_nated_contact(); } ######################################################################## ################ Regards, Ronald