hi all,
i've been banging on this for a while now, and still can't figure out things properly. here's my scenario:
1. SER behind NAT 2. Clients behind NAT 3. Full control of firewall in front of SER so i can open up whatever ports necessary 4. No control for client firewalls
I've tried various ser.cfg gleaned from the mailing list, but no luck -- calls can connect but no audio passes through. Right now i'm using the nathelper and mangle modules to no effect.
I'm at my wit's end, hoping someone can help out, i've included my ser.cfg below.
thousands of thanks in advance. flynn
----------------------------------------- # ----------- global configuration parameters ------------------------
check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) port=5060 children=4 fifo="/tmp/ser_fifo" listen=192.168.1.130
# ------------------ module loading ----------------------------------
loadmodule "/usr/local/lib/ser/modules/sl.so" loadmodule "/usr/local/lib/ser/modules/tm.so" loadmodule "/usr/local/lib/ser/modules/rr.so" loadmodule "/usr/local/lib/ser/modules/maxfwd.so" loadmodule "/usr/local/lib/ser/modules/usrloc.so" loadmodule "/usr/local/lib/ser/modules/registrar.so" loadmodule "/usr/local/lib/ser/modules/textops.so"
# !! NAT stuff loadmodule "/usr/local/lib/ser/modules/nathelper.so" loadmodule "/usr/local/lib/ser/modules/mangler.so"
# ----------------- setting module-specific parameters ---------------
# -- usrloc params -- modparam("usrloc", "db_mode", 0)
modparam("rr", "enable_full_lr", 1)
# !! NAT STUFF modparam("registrar", "nat_flag", 6) modparam("nathelper", "natping_interval", 30) modparam("nathelper", "ping_nated_only", 1) modparam("mangler","contact_flds_separator","*")
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); break; }; if (msg:len >= max_len ) { sl_send_reply("513", "Message too big"); break; };
if (uri=~"MY-DOMAIN.COM") { if (nat_uac_test("3")) { sdp_mangle_ip("0.0.0.0/0", "XXX.XXX.XXX.XXX");
if (method == "REGISTER" || ! search("^Record-Route:")) { fix_nated_contact(); # Rewrite contact with source IP of signalling if (method == "INVITE") { fix_nated_sdp("3"); }; force_rport(); # Add rport parameter to topmost Via setflag(6); # Mark as NATed }; };
if (method=="REGISTER") { save("location"); break; };
if (!method=="REGISTER") { if (search("Contact: .*@(10.|111.)")) { encode_contact("enc_prefix","XXX.XXX.XXX.XXX"); };
#if ser is behind a NAT and NAT box has port forwarding #on port 5060 set to our ser private address ... record_route_preset("XXX.XXX.XXX.XXX:5060"); };
if (!lookup("location")) { sl_send_reply("404", "Not Found"); break; };
route(1); } }
route[1] { # !! Nathelper if (uri=~"[@:](192.168.|10.|172.(1[6-9]|2[0-9]|3[0-1]).)" && search("^Route:")) { sl_send_reply("479", "We don't forward to private IP addresses"); break; };
# if client or server know to be behind a NAT, enable relay if (isflagset(6)) { force_rtp_proxy(); };
# NAT processing of replies; t_on_reply("1");
# send it out now; use stateful forwarding as it works reliably # even for UDP2TCP if (!t_relay()) { sl_reply_error(); }; }
# !! Nathelper onreply_route[1] { # NATed transaction ? if (isflagset(6) && status =~ "(183)|2[0-9][0-9]") { fix_nated_contact(); force_rtp_proxy(); } # otherwise, is it a transaction behind a NAT and we did not # know at time of request processing ? (RFC1918 contacts) else { fix_nated_contact(); }; }
-
Ahmad Faiz