the problem is that only one side is heard during the conversation. Now viewing the capture of SIP session i can see that the NATed client's SDP and Contact header were changed correctly but still the RTP proxy is listening for data from 192.168.10.14 instead of data from the NAT ip. attached the output of RTP proxy during debug mode the ser.cfg file please help!!!
RTP proxy was started with the command: rtpproxy -2f -l 192.168.10.62/80.178.94.82
RTP proxy Output:
rtpproxy: rtpproxy started, pid 23524 rtpproxy: new session 227142944229442YbiJ-400--500@192.168.10.14, tag 1c-2023537854 requested rtpproxy: new session on a port 64900 created, tag 1c-2023537854 rtpproxy: pre-filling caller's address with 192.168.10.14:8000 *Remark client 192.168.10.14 is behind a NAT rtpproxy: lookup on a ports 64900/64900, session timer restarted rtpproxy: pre-filling callee's address with 192.168.10.12:8000 rtpproxy: session timeout rtpproxy: RTP stats: 330 in from callee, 0 in from caller, 330 relayed, 0 dropped rtpproxy: RTCP stats: 2 in from callee, 0 in from caller, 2 relayed, 0 dropped rtpproxy: session on ports 64900/64900 is cleaned up
SER.cfg :
# # #
# ----------- global configuration parameters ------------------------
/* debug=3 # debug level (cmd line: -dddddddddd) fork=yes log_stderror=no # (cmd line: -E) */
#Uncomment these lines to enter debugging mode /*debug=7 fork=yes log_stderror=yes */
check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) #port=5060 #children=4 fifo="/tmp/ser_fifo"
listen=192.168.10.62 listen=80.178.94.82 mhomed=yes
# ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database loadmodule "/lib/ser/modules/mysql.so"
loadmodule "/lib/ser/modules/sl.so" loadmodule "/lib/ser/modules/tm.so" loadmodule "/lib/ser/modules/rr.so" loadmodule "/lib/ser/modules/maxfwd.so" loadmodule "/lib/ser/modules/usrloc.so" loadmodule "/lib/ser/modules/registrar.so" loadmodule "/lib/ser/modules/textops.so"
# Uncomment this if you want digest authentication # mysql.so must be loaded ! loadmodule "/lib/ser/modules/auth.so" loadmodule "/lib/ser/modules/auth_db.so"
# !! Nathelper loadmodule "/lib/ser/modules/nathelper.so"
# EXEC module #loadmodule "/lib/ser/modules/exec.so" # ----------------- setting module-specific parameters ---------------
# -- usrloc params --
modparam("usrloc", "db_url", "mysql://ser:******@localhost/ser")
modparam("usrloc", "db_mode", 1)
# Uncomment this if you want to use SQL database # for persistent storage and comment the previous line #modparam("usrloc", "db_mode", 2)
# -- auth params -- # Uncomment if you are using auth module # modparam("auth_db", "calculate_ha1", yes) # # If you set "calculate_ha1" parameter to yes (which true in this config), # uncomment also the following parameter) # modparam("auth_db", "password_column", "password")
# -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1)
# !! Nathelper modparam("registrar", "nat_flag", 6) modparam("nathelper", "natping_interval", 10) # Ping interval 30 s modparam("nathelper", "ping_nated_only", 1) # Ping only clients behind NAT modparam("nathelper", "rtpproxy_sock", "/var/run/rtpproxy.sock") #rtp proxy socket # ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); break; }; if (msg:len >= max_len ) { sl_send_reply("513", "Message too big"); break; };
if (method !="REGISTER" && !proxy_authorize("", "subscriber")){ proxy_challenge("", "0"); break; };
if (method == "BYE" || method == "CANCEL") unforce_rtp_proxy(); # !! Nathelper # Special handling for NATed clients; first, NAT test is # executed: it looks for via!=received and RFC1918 addresses # in Contact (may fail if line-folding is used); also, # the received test should, if completed, should check all # vias for rpesence of received if (nat_uac_test("3") && dst_ip == 80.178.94.82) { sl_send_reply("", "Client is behind NAT"); # Allow RR-ed requests, as these may indicate that # a NAT-enabled proxy takes care of it; unless it is # a REGISTER
if (method == "REGISTER" || ! search("^Record-Route:")) { log("LOG: Someone trying to register from private IP, rewriting\n");
# This will work only for user agents that support symmetric # communication. We tested quite many of them and majority is # smart enough to be symmetric. In some phones it takes a configuration # option. With Cisco 7960, it is called NAT_Enable=Yes, with kphone it is # called "symmetric media" and "symmetric signalling".
fix_nated_contact(); # Rewrite contact with source IP of signalling if (method == "INVITE") { sl_send_reply("", "Client is behind NAT And Requested a call"); if (fix_nated_sdp("1")) sl_send_reply("", "Client SDP Replaced"); # Add direction=active to SDP }; force_rport(); # Add rport parameter to topmost Via setflag(6); # Mark as NATed }; };
# we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol if (!method=="REGISTER") record_route();
# subsequent messages withing a dialog should take the # path determined by record-routing if (loose_route()) { sl_send_reply("", "loose route"); # mark routing logic in request append_hf("P-hint: rr-enforced\r\n"); route(1); break; };
if (!uri==myself) { sl_send_reply("", "outbound"); # mark routing logic in request append_hf("P-hint: outbound\r\n"); route(1); break; };
# if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) if (uri==myself) {
if (method=="REGISTER") {
# Uncomment this if you want to use digest authentication if (!www_authorize("", "subscriber")) { www_challenge("", "0"); break; };
if (dst_ip == 192.168.10.62){ save("secure_loc"); } else { if (dst_ip == 80.178.94.82){ save("net_loc"); } else { sl_send_reply("403", "Call cannot be served here"); }; }; break; };
lookup("aliases"); if (!uri==myself) { sl_send_reply("", "aliases outbound"); append_hf("P-hint: outbound alias\r\n"); route(1); break; };
# native SIP destinations are handled using our USRLOC DB if (method == "INVITE") { # exec_msg("env > /root/sip_call_env "); if (lookup("secure_loc")) { sl_send_reply("","secure loc"); if (dst_ip == 192.168.10.62){ sl_send_reply("","192.168.10.62"); if (force_rtp_proxy("FAII")) t_on_reply("1"); }; if (dst_ip == 80.178.94.82){ sl_send_reply("","80.178.94.82"); if (force_rtp_proxy("FAEI")) t_on_reply("1"); }; } else if (lookup("net_loc")) { sl_send_reply("","net loc"); if (dst_ip == 192.168.10.62){ sl_send_reply("","192.168.10.62"); if (force_rtp_proxy("FAIE")){ t_on_reply("1"); sl_send_reply("","FAEI"); }; }; if (dst_ip == 80.178.94.82){ sl_send_reply("","80.178.94.82"); if (force_rtp_proxy("FAEE")) t_on_reply("1"); }; } else { sl_send_reply("403", "Call cannot be served here"); break; }; }; }; append_hf("P-hint: usrloc applied\r\n"); route(1); }
route[1] { # send it out now; use stateful forwarding as it works reliably # even for UDP2TCP t_on_reply("1"); if (!t_relay()) { sl_reply_error(); }; }
onreply_route[1] { if (dst_ip == 80.178.94.82 && nat_uac_test("1")) { fix_nated_contact(); if (status =~ "(183)|2[0-9][0-9]") fix_nated_sdp("1"); };
if (status =~ "(183)|2[0-9][0-9]") force_rtp_proxy("FA"); }
On Sep 22, 2004 at 11:21, Shi Hoch shi@i-p-hi.com wrote:
the problem is that only one side is heard during the conversation. Now viewing the capture of SIP session i can see that the NATed client's SDP and Contact header were changed correctly but still the RTP proxy is listening for data from 192.168.10.14 instead of data from the NAT ip. attached the output of RTP proxy during debug mode the ser.cfg file please help!!!
A quick guess: force_rtp_proxy("FA"); in the reply route (you should use A only for un-natted clients, the effect of A is that the SDP address is trusted).
Andrei
RTP proxy was started with the command: rtpproxy -2f -l 192.168.10.62/80.178.94.82
RTP proxy Output:
rtpproxy: rtpproxy started, pid 23524 rtpproxy: new session 227142944229442YbiJ-400--500@192.168.10.14, tag 1c-2023537854 requested rtpproxy: new session on a port 64900 created, tag 1c-2023537854 rtpproxy: pre-filling caller's address with 192.168.10.14:8000 *Remark client 192.168.10.14 is behind a NAT rtpproxy: lookup on a ports 64900/64900, session timer restarted rtpproxy: pre-filling callee's address with 192.168.10.12:8000 rtpproxy: session timeout rtpproxy: RTP stats: 330 in from callee, 0 in from caller, 330 relayed, 0 dropped rtpproxy: RTCP stats: 2 in from callee, 0 in from caller, 2 relayed, 0 dropped rtpproxy: session on ports 64900/64900 is cleaned up
SER.cfg :
# # #
# ----------- global configuration parameters ------------------------
/* debug=3 # debug level (cmd line: -dddddddddd) fork=yes log_stderror=no # (cmd line: -E) */
#Uncomment these lines to enter debugging mode /*debug=7 fork=yes log_stderror=yes */
check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) #port=5060 #children=4 fifo="/tmp/ser_fifo"
listen=192.168.10.62 listen=80.178.94.82 mhomed=yes
# ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database loadmodule "/lib/ser/modules/mysql.so"
loadmodule "/lib/ser/modules/sl.so" loadmodule "/lib/ser/modules/tm.so" loadmodule "/lib/ser/modules/rr.so" loadmodule "/lib/ser/modules/maxfwd.so" loadmodule "/lib/ser/modules/usrloc.so" loadmodule "/lib/ser/modules/registrar.so" loadmodule "/lib/ser/modules/textops.so"
# Uncomment this if you want digest authentication # mysql.so must be loaded ! loadmodule "/lib/ser/modules/auth.so" loadmodule "/lib/ser/modules/auth_db.so"
# !! Nathelper loadmodule "/lib/ser/modules/nathelper.so"
# EXEC module #loadmodule "/lib/ser/modules/exec.so" # ----------------- setting module-specific parameters ---------------
# -- usrloc params --
modparam("usrloc", "db_url", "mysql://ser:******@localhost/ser")
modparam("usrloc", "db_mode", 1)
# Uncomment this if you want to use SQL database # for persistent storage and comment the previous line #modparam("usrloc", "db_mode", 2)
# -- auth params -- # Uncomment if you are using auth module # modparam("auth_db", "calculate_ha1", yes) # # If you set "calculate_ha1" parameter to yes (which true in this config), # uncomment also the following parameter) # modparam("auth_db", "password_column", "password")
# -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1)
# !! Nathelper modparam("registrar", "nat_flag", 6) modparam("nathelper", "natping_interval", 10) # Ping interval 30 s modparam("nathelper", "ping_nated_only", 1) # Ping only clients behind NAT modparam("nathelper", "rtpproxy_sock", "/var/run/rtpproxy.sock") #rtp proxy socket # ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); break; }; if (msg:len >= max_len ) { sl_send_reply("513", "Message too big"); break; };
if (method !="REGISTER" && !proxy_authorize("", "subscriber")){ proxy_challenge("", "0"); break; };
if (method == "BYE" || method == "CANCEL") unforce_rtp_proxy();
# !! Nathelper # Special handling for NATed clients; first, NAT test is # executed: it looks for via!=received and RFC1918 addresses # in Contact (may fail if line-folding is used); also, # the received test should, if completed, should check all # vias for rpesence of received if (nat_uac_test("3") && dst_ip == 80.178.94.82) { sl_send_reply("", "Client is behind NAT"); # Allow RR-ed requests, as these may indicate that # a NAT-enabled proxy takes care of it; unless it is # a REGISTER
if (method == "REGISTER" || ! search("^Record-Route:")) { log("LOG: Someone trying to register from private IP, rewriting\n"); # This will work only for user agents that support symmetric # communication. We tested quite many of them and majority is # smart enough to be symmetric. In some phones it takes a configuration # option. With Cisco 7960, it is called NAT_Enable=Yes, with kphone it is # called "symmetric media" and "symmetric signalling". fix_nated_contact(); # Rewrite contact with source IP of signalling if (method == "INVITE") { sl_send_reply("", "Client is behind NAT And Requested a call"); if (fix_nated_sdp("1")) sl_send_reply("", "Client SDP Replaced"); # Add direction=active to SDP }; force_rport(); # Add rport parameter to topmost Via setflag(6); # Mark as NATed };
};
# we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol if (!method=="REGISTER") record_route();
# subsequent messages withing a dialog should take the # path determined by record-routing if (loose_route()) { sl_send_reply("", "loose route"); # mark routing logic in request append_hf("P-hint: rr-enforced\r\n"); route(1); break; };
if (!uri==myself) { sl_send_reply("", "outbound"); # mark routing logic in request append_hf("P-hint: outbound\r\n"); route(1); break; };
# if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) if (uri==myself) {
if (method=="REGISTER") {
# Uncomment this if you want to use digest authentication if (!www_authorize("", "subscriber")) { www_challenge("", "0"); break; };
if (dst_ip == 192.168.10.62){ save("secure_loc"); } else { if (dst_ip == 80.178.94.82){ save("net_loc"); } else { sl_send_reply("403", "Call cannot be served here"); }; }; break; }; lookup("aliases"); if (!uri==myself) { sl_send_reply("", "aliases outbound"); append_hf("P-hint: outbound alias\r\n"); route(1); break; }; # native SIP destinations are handled using our USRLOC DB if (method == "INVITE") {
# exec_msg("env > /root/sip_call_env "); if (lookup("secure_loc")) { sl_send_reply("","secure loc"); if (dst_ip == 192.168.10.62){ sl_send_reply("","192.168.10.62"); if (force_rtp_proxy("FAII")) t_on_reply("1"); }; if (dst_ip == 80.178.94.82){ sl_send_reply("","80.178.94.82"); if (force_rtp_proxy("FAEI")) t_on_reply("1"); }; } else if (lookup("net_loc")) { sl_send_reply("","net loc"); if (dst_ip == 192.168.10.62){ sl_send_reply("","192.168.10.62"); if (force_rtp_proxy("FAIE")){ t_on_reply("1"); sl_send_reply("","FAEI"); }; }; if (dst_ip == 80.178.94.82){ sl_send_reply("","80.178.94.82"); if (force_rtp_proxy("FAEE")) t_on_reply("1"); }; } else { sl_send_reply("403", "Call cannot be served here"); break; }; }; }; append_hf("P-hint: usrloc applied\r\n"); route(1); }
route[1] { # send it out now; use stateful forwarding as it works reliably # even for UDP2TCP t_on_reply("1"); if (!t_relay()) { sl_reply_error(); }; }
onreply_route[1] { if (dst_ip == 80.178.94.82 && nat_uac_test("1")) { fix_nated_contact(); if (status =~ "(183)|2[0-9][0-9]") fix_nated_sdp("1"); };
if (status =~ "(183)|2[0-9][0-9]") force_rtp_proxy("FA"); }
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers