It's my turn for nat troubles now ;) I've looked at the examples for nat helper and am trying to setup a rtp proxy (which I eventually want to be able to scale/get off the ser host). However, I'm using the attached setup (cut the used parts) but when my client tries to Register, the ser box sends back the reply to the internal IP of my UA? So ser receives a REGISTER message via 1.2.3.4 and replies to 192.168.0.x ?
Kind regards,
E. Versaevel
On Nov 25, 2004 at 16:20, E. Versaevel erik@infopact.nl wrote:
It's my turn for nat troubles now ;) I've looked at the examples for nat helper and am trying to setup a rtp proxy (which I eventually want to be able to scale/get off the ser host). However, I'm using the attached setup (cut the used parts) but when my client tries to Register, the ser box sends back the reply to the internal IP of my UA? So ser receives a REGISTER message via 1.2.3.4 and replies to 192.168.0.x ?
Please send a packet dump.
Andrei
The only thing you would see in the packet dump is:
Id Src ip Dst ip Content 1 212.X.X.X.X ser.box REGISTER sip:mydomain.com 2 ser.box 192.168.0.64 SIP:401 Unauthorized 3 212.X.X.X.X ser.box REGISTER sip:mydomain.com 4 ser.box 192.168.0.64 SIP:401 Unauthorized 5 212.X.X.X.X ser.box REGISTER sip:mydomain.com 6 ser.box 192.168.0.64 SIP:401 Unauthorized
It seems that the www_challenge is sending the 401 to the internal IP, however I can see that fix_nated_contact() is called before the www_challenge in the routing script.
Kind regards,
E. Versaevel
-----Oorspronkelijk bericht----- Van: Andrei Pelinescu-Onciul [mailto:pelinescu-onciul@fokus.fraunhofer.de] Verzonden: donderdag 25 november 2004 19:43 Aan: E. Versaevel CC: serusers@lists.iptel.org Onderwerp: Re: [Serusers] NAT troubles
On Nov 25, 2004 at 16:20, E. Versaevel erik@infopact.nl wrote:
It's my turn for nat troubles now ;) I've looked at the examples for nat helper and am trying to setup a rtp proxy (which I eventually want to be able to scale/get off the ser host). However, I'm using the attached setup (cut the used parts) but when my client tries to Register, the ser box sends back the reply to the internal IP of my UA? So ser receives a REGISTER message via 1.2.3.4 and replies to 192.168.0.x
?
Please send a packet dump.
Andrei
Both the mediaproxy and the Nathelper module seem to act like this, so I'm thinking it's a config error, but I can't find it.
Erik
-----Oorspronkelijk bericht----- Van: serusers-bounces@iptel.org [mailto:serusers-bounces@lists.iptel.org] Namens E. Versaevel Verzonden: vrijdag 26 november 2004 9:57 Aan: 'Andrei Pelinescu-Onciul' CC: serusers@lists.iptel.org Onderwerp: RE: [Serusers] NAT troubles
The only thing you would see in the packet dump is:
Id Src ip Dst ip Content 1 212.X.X.X.X ser.box REGISTER sip:mydomain.com 2 ser.box 192.168.0.64 SIP:401 Unauthorized 3 212.X.X.X.X ser.box REGISTER sip:mydomain.com 4 ser.box 192.168.0.64 SIP:401 Unauthorized 5 212.X.X.X.X ser.box REGISTER sip:mydomain.com 6 ser.box 192.168.0.64 SIP:401 Unauthorized
It seems that the www_challenge is sending the 401 to the internal IP, however I can see that fix_nated_contact() is called before the www_challenge in the routing script.
Kind regards,
E. Versaevel
-----Oorspronkelijk bericht----- Van: Andrei Pelinescu-Onciul [mailto:pelinescu-onciul@fokus.fraunhofer.de] Verzonden: donderdag 25 november 2004 19:43 Aan: E. Versaevel CC: serusers@lists.iptel.org Onderwerp: Re: [Serusers] NAT troubles
On Nov 25, 2004 at 16:20, E. Versaevel erik@infopact.nl wrote:
It's my turn for nat troubles now ;) I've looked at the examples for nat helper and am trying to setup a rtp proxy (which I eventually want to be able to scale/get off the ser host). However, I'm using the attached setup (cut the used parts) but when my client tries to Register, the ser box sends back the reply to the internal IP of my UA? So ser receives a REGISTER message via 1.2.3.4 and replies to 192.168.0.x
?
Please send a packet dump.
Andrei
_______________________________________________ Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
A bit further, I've fired up the xlog module and added a few debug lines, I'm using the following peace of config file:
[cut] xlog("L_CRIT", "Incomming sip packet\n\t\tTime [%Tf]\n\t\tMethod <%rm>\n\t\tr-uri <%ru>\n\t\tTo uri <%tu>\n\t\tSource IP: <%is>\n\n");
loose_route();
#log(1, "Incomming SIP Packet\n");
if (client_nat_test("3")) { log(1, "\tWe are behind NAT, oh boy \n"); if (method == "REGISTER" || !search("^Record-Route:")) { xlog("L_CRIT", "\t\tSomeone trying to register from private IP, rewriting\n\t\t\t\tContact: <%ct>\n"); if(fix_contact()) # Rewrite contact with source IP of signalling { xlog("L_CRIT", "\t\t\tRewritten Contact header, it now is: \n\t\t\t\t\t<%ct>\n"); } else { log(1,"\t\t\tRewrite unsuccesfull\n"); }
if (method == "INVITE") { log(1, "\t\tWe are Inviting from behind NAT, oh boy \n"); #fix_nated_sdp("1"); # Add direction=active to SDP }; force_rport(); # Add rport parameter to topmost Via setflag(6); # Mark as NATed }; }; [/cut]
However, the xlog output I get is this: [cut] 0(29075) Incomming sip packet Time [Fri Nov 26 15:40:09 2004] Method <REGISTER> r-uri <infopact.com> To uri sip:0187485751@infopact.com Source IP: <1.2.3.4>
0(29075) We are behind NAT, oh boy 0(29075) Someone trying to register from private IP, rewriting Contact: <"1234" sip:1234@192.168.0.64:5061> 0(29075) Rewritten Contact header, it now is: <"1234" sip:1234@192.168.0.64:5061> [/cut]
As you can see the contact HF is not being rewritten although I did call the fix_contact() function. The source IP is correct, so the contact headerfield should read: Contact: "1234" sip:1234@1.2.3.4:5061
Any ideas on the error I'm making?
Kind regards,
E. Versaevel
-----Oorspronkelijk bericht----- Van: E. Versaevel [mailto:erik@infopact.nl] Verzonden: vrijdag 26 november 2004 12:17 Aan: 'E. Versaevel'; 'Andrei Pelinescu-Onciul' CC: serusers@lists.iptel.org Onderwerp: RE: [Serusers] NAT troubles
Both the mediaproxy and the Nathelper module seem to act like this, so I'm thinking it's a config error, but I can't find it.
Erik
-----Oorspronkelijk bericht----- Van: serusers-bounces@iptel.org [mailto:serusers-bounces@lists.iptel.org] Namens E. Versaevel Verzonden: vrijdag 26 november 2004 9:57 Aan: 'Andrei Pelinescu-Onciul' CC: serusers@lists.iptel.org Onderwerp: RE: [Serusers] NAT troubles
The only thing you would see in the packet dump is:
Id Src ip Dst ip Content 1 212.X.X.X.X ser.box REGISTER sip:mydomain.com 2 ser.box 192.168.0.64 SIP:401 Unauthorized 3 212.X.X.X.X ser.box REGISTER sip:mydomain.com 4 ser.box 192.168.0.64 SIP:401 Unauthorized 5 212.X.X.X.X ser.box REGISTER sip:mydomain.com 6 ser.box 192.168.0.64 SIP:401 Unauthorized
It seems that the www_challenge is sending the 401 to the internal IP, however I can see that fix_nated_contact() is called before the www_challenge in the routing script.
Kind regards,
E. Versaevel
-----Oorspronkelijk bericht----- Van: Andrei Pelinescu-Onciul [mailto:pelinescu-onciul@fokus.fraunhofer.de] Verzonden: donderdag 25 november 2004 19:43 Aan: E. Versaevel CC: serusers@lists.iptel.org Onderwerp: Re: [Serusers] NAT troubles
On Nov 25, 2004 at 16:20, E. Versaevel erik@infopact.nl wrote:
It's my turn for nat troubles now ;) I've looked at the examples for nat helper and am trying to setup a rtp proxy (which I eventually want to be able to scale/get off the ser host). However, I'm using the attached setup (cut the used parts) but when my client tries to Register, the ser box sends back the reply to the internal IP of my UA? So ser receives a REGISTER message via 1.2.3.4 and replies to 192.168.0.x
?
Please send a packet dump.
Andrei
_______________________________________________ Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
On Nov 26, 2004 at 15:42, E. Versaevel erik@infopact.nl wrote:
A bit further, I've fired up the xlog module and added a few debug lines, I'm using the following peace of config file:
[cut] xlog("L_CRIT", "Incomming sip packet\n\t\tTime [%Tf]\n\t\tMethod <%rm>\n\t\tr-uri <%ru>\n\t\tTo uri <%tu>\n\t\tSource
[...]
Contact: <"1234"
sip:1234@192.168.0.64:5061> 0(29075) Rewritten Contact header, it now is: <"1234" sip:1234@192.168.0.64:5061> [/cut]
As you can see the contact HF is not being rewritten although I did call the fix_contact() function.
The contact will be re-written when the message will be sent (you can't see the modified version with xlog, you will see it only if you dump the packet on the wire).
Anyway the contact has nothing to do with the replies going to another ip. The replies go always to the source ip of the request. The only exceptions is if you set reply_to_via to 1, in which case the reply will go to the host part of the Via header.
Are you sure you are not seeing some unrelated replies, or you have some strange DNAT rules on your sip proxy or firewall?
Andrei
On Nov 26, 2004 at 15:42, E. Versaevel erik@infopact.nl wrote:
A bit further, I've fired up the xlog module and added a few debug lines, I'm using the following peace of config file:
[cut] xlog("L_CRIT", "Incomming sip packet\n\t\tTime [%Tf]\n\t\tMethod <%rm>\n\t\tr-uri <%ru>\n\t\tTo uri <%tu>\n\t\tSource
[...]
Contact: <"1234"
sip:1234@192.168.0.64:5061> 0(29075) Rewritten Contact header, it now is: <"1234" sip:1234@192.168.0.64:5061> [/cut]
As you can see the contact HF is not being rewritten although I did call
the
fix_contact() function.
The contact will be re-written when the message will be sent (you can't see the modified version with xlog, you will see it only if you dump the packet on the wire).
Anyway the contact has nothing to do with the replies going to another ip. The replies go always to the source ip of the request. The only exceptions is if you set reply_to_via to 1, in which case the reply will go to the host part of the Via header.
Are you sure you are not seeing some unrelated replies, or you have some strange DNAT rules on your sip proxy or firewall?
No but there was a reply_to_via in my config at the top :D