24 Apr
2004
24 Apr
'04
6:44 a.m.
Hi i checked it
and implemented rtpproxy also....
now what i am doing is.....if i take sample conf for rtpproxy it works but
if i put it in my ser.cfg
it doens't. ring goes for device behind NAT but can't hear.
i am pasting my ser.cg for your reference...
i have written one call module also and its function is to work on call
allow function, call deny, forward etc and it is working without including
NAT moduel....but if i include NAT...public ip's can still talk but private
can't only ring goes for them
log_stderror=yes
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
#port=5060
#children=4
fifo="/tmp/ser_fifo"
# ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database
loadmodule "/usr/local/lib/ser/modules/mysql.so"
loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
loadmodule "/usr/local/lib/ser/modules/textops.so"
# Uncomment this if you want digest authentication
# mysql.so must be loaded !
loadmodule "/usr/local/lib/ser/modules/auth.so"
loadmodule "/usr/local/lib/ser/modules/auth_db.so"
#added by kapil
loadmodule "/usr/local/lib/ser/modules/call.so"
loadmodule "/usr/local/lib/ser/modules/vm.so"
# !! Nathelper
loadmodule "/usr/local/lib/ser/modules/nathelper.so"
#added by kapil
# ----------------- setting module-specific parameters ---------------
# -- usrloc params --
#modparam("usrloc", "db_mode", 0)
# Uncomment this if you want to use SQL database
# for persistent storage and comment the previous line
modparam("usrloc", "db_mode", 2)
# -- auth params --
# Uncomment if you are using auth module
#
modparam("auth_db", "calculate_ha1", yes)
#
# If you set "calculate_ha1" parameter to yes (which true in this config),
# uncomment also the following parameter)
#
modparam("auth_db", "password_column", "password")
# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)
# !! Nathelper
modparam("registrar", "nat_flag", 6)
modparam("nathelper", "natping_interval", 30) # Ping interval 30 s
modparam("nathelper", "ping_nated_only", 1) # Ping only clients
behind NAT
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
break;
};
if ( msg:len > max_len ) {
sl_send_reply("513", "Message too big");
break;
};
# !! Nathelper
# Special handling for NATed clients; first, NAT test is
# executed: it looks for via!=received and RFC1918 addresses
# in Contact (may fail if line-folding is used); also,
# the received test should, if completed, should check all
# vias for rpesence of received
if (nat_uac_test("3")) {
# Allow RR-ed requests, as these may indicate that
# a NAT-enabled proxy takes care of it; unless it is
# a REGISTER
if (method == "REGISTER" || ! search("^Record-Route:")) {
log("LOG: Someone trying to register from private IP, rewriting\n");
# This will work only for user agents that support symmetric
# communication. We tested quite many of them and majority is
# smart enough to be symmetric. In some phones it takes a
configuration
# option. With Cisco 7960, it is called NAT_Enable=Yes, with kphone it
is
# called "symmetric media" and "symmetric signalling".
fix_nated_contact(); # Rewrite contact with source IP of signalling
if (method == "INVITE") {
fix_nated_sdp("1"); # Add direction=active to SDP
};
force_rport(); # Add rport parameter to topmost Via
setflag(6); # Mark as NATed
};
};
# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol
if (!method=="REGISTER") record_route();
# loose-route processing
if (loose_route()) {
# mark routing logic in request
append_hf("P-hint: rr-enforced\r\n");
route(1);
break;
};
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
if (uri==myself) {
if (method=="REGISTER") {
# Uncomment this if you want to use digest authentication
if (!www_authorize("", "subscriber")) {
www_challenge("", "0");
break;
};
save("location");
break;
};
if (method=="INVITE" || method=="ACK" || method=="BYE" ||
method=="CANCEL")
{
if(call_feature()){
if(uri=~"sip:7@")
{
if(!call_redial())
{
sl_send_reply("404", "Not Found");
break;
};
}
else if(uri=~"sip:00*")
{
if(call_pstn())
{
break;
};
}
else
{
if(!call_speeddial())
{
sl_send_reply("404", "Not Found");
break;
};
};
}
else
{
if(!call_sip()){
sl_send_reply("404", "Not Found");
break;
};
};
};
};
append_hf("P-hint: usrloc applied\r\n");
route(1);
}
route[1]
{
# !! Nathelper
if (uri=~"[@:](192\.168\.|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.)" &&
!search("^Route:")){
sl_send_reply("479", "We don't forward to private IP
addresses");
break;
};
# if client or server know to be behind a NAT, enable relay
if (isflagset(6)) {
force_rtp_proxy();
};
# NAT processing of replies; apply to all transactions (for example,
# re-INVITEs from public to private UA are hard to identify as
# NATed at the moment of request processing); look at replies
t_on_reply("1");
# send it out now; use stateful forwarding as it works reliably
# even for UDP2TCP
# forward to current uri now; use stateful forwarding; that
# works reliably even if we forward from TCP to UDP
if(call_flag("1"))
{
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
break;
};
if (!t_relay()) {
sl_reply_error();
};
break;
};
if(call_flag("2"))
{
break;
};
if(call_flag("3"))
{
if (!t_newtran()) {
log("could not create new transaction\n");
sl_send_reply("500","could not create new
transaction");
break;
};
t_reply("100","Trying -- just wait a minute !");
if(!vm("/tmp/am_fifo","voicemail")){
log("could not contact the answer machine\n");
t_reply("500","could not contact the answer
machine");
};
break;
};
}
# !! Nathelper
onreply_route[1] {
# NATed transaction ?
if (isflagset(6) && status =~ "(183)|2[0-9][0-9]") {
fix_nated_contact();
force_rtp_proxy();
# otherwise, is it a transaction behind a NAT and we did not
# know at time of request processing ? (RFC1918 contacts)
} else if (nat_uac_test("1")) {
fix_nated_contact();
};
}
From: Atle Samuelsen <clona(a)camaro.no>
To: Kapil Dhawan <sersavvy(a)hotmail.com>
CC: serusers(a)lists.iptel.org
Subject: Re: [Serusers] NAT Solution
Date: Sat, 24 Apr 2004 12:18:55 +0200
Hi!
www.google.com and search for "ser +nat :host mail.iptel.org"
otherstuff, rtpproxy, mediaproxy etc.
btw. Check the list for common queristions :-)
-Atle
* Kapil Dhawan <sersavvy(a)hotmail.com> [040424 07:07]:
_________________________________________________________________
Ready cash in just 72 hours. Apply Now !!!
http://go.msnserver.com/IN/46922.asp
Hi
Could you pls suggest me some solution for implementing NAT. I have
almost
> all the devices behind NAT. Pls suggest me that where can i get the
> documentation for that too...
>
> Regards
>
> _________________________________________________________________
> Deals can't get any better. Products at Lowest Prices.
> http://go.msnserver.com/IN/47508.asp Only on baazee.com
>
> _______________________________________________
> Serusers mailing list
> serusers(a)lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
> 
25 Apr
25 Apr
11:39 a.m.
New subject: [Serusers] NAT Solution
The best way how to start debugging this is looking at the SIP message
dumps and if you can't find out what's wrong then sending them to the
list.
Jan.
On 24-04 10:44, Kapil Dhawan wrote:
Hi i checked it
and implemented rtpproxy also....
now what i am doing is.....if i take sample conf for rtpproxy it works but
if i put it in my ser.cfg
it doens't. ring goes for device behind NAT but can't hear.
i am pasting my ser.cg for your reference...
i have written one call module also and its function is to work on call
allow function, call deny, forward etc and it is working without including
NAT moduel....but if i include NAT...public ip's can still talk but private
can't only ring goes for them
log_stderror=yes
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
#port=5060
#children=4
fifo="/tmp/ser_fifo"
# ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database
loadmodule "/usr/local/lib/ser/modules/mysql.so"
loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
loadmodule "/usr/local/lib/ser/modules/textops.so"
# Uncomment this if you want digest authentication
# mysql.so must be loaded !
loadmodule "/usr/local/lib/ser/modules/auth.so"
loadmodule "/usr/local/lib/ser/modules/auth_db.so"
#added by kapil
loadmodule "/usr/local/lib/ser/modules/call.so"
loadmodule "/usr/local/lib/ser/modules/vm.so"
# !! Nathelper
loadmodule "/usr/local/lib/ser/modules/nathelper.so"
#added by kapil
# ----------------- setting module-specific parameters ---------------
# -- usrloc params --
#modparam("usrloc", "db_mode", 0)
# Uncomment this if you want to use SQL database
# for persistent storage and comment the previous line
modparam("usrloc", "db_mode", 2)
# -- auth params --
# Uncomment if you are using auth module
#
modparam("auth_db", "calculate_ha1", yes)
#
# If you set "calculate_ha1" parameter to yes (which true in this config),
# uncomment also the following parameter)
#
modparam("auth_db", "password_column", "password")
# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)
# !! Nathelper
modparam("registrar", "nat_flag", 6)
modparam("nathelper", "natping_interval", 30) # Ping interval 30 s
modparam("nathelper", "ping_nated_only", 1) # Ping only clients
behind NAT
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
break;
};
if ( msg:len > max_len ) {
sl_send_reply("513", "Message too big");
break;
};
# !! Nathelper
# Special handling for NATed clients; first, NAT test is
# executed: it looks for via!=received and RFC1918 addresses
# in Contact (may fail if line-folding is used); also,
# the received test should, if completed, should check all
# vias for rpesence of received
if (nat_uac_test("3")) {
# Allow RR-ed requests, as these may indicate that
# a NAT-enabled proxy takes care of it; unless it is
# a REGISTER
if (method == "REGISTER" || ! search("^Record-Route:")) {
log("LOG: Someone trying to register from private IP,
rewriting\n");
# This will work only for user agents that support
symmetric
# communication. We tested quite many of them and
majority is
# smart enough to be symmetric. In some phones it takes
a configuration
# option. With Cisco 7960, it is called NAT_Enable=Yes,
with kphone it is
# called "symmetric media" and "symmetric signalling".
fix_nated_contact(); # Rewrite contact with source IP of
signalling
if (method == "INVITE") {
fix_nated_sdp("1"); # Add direction=active to SDP
};
force_rport(); # Add rport parameter to topmost Via
setflag(6); # Mark as NATed
};
};
# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol
if (!method=="REGISTER") record_route();
# loose-route processing
if (loose_route()) {
# mark routing logic in request
append_hf("P-hint: rr-enforced\r\n");
route(1);
break;
};
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
if (uri==myself) {
if (method=="REGISTER") {
# Uncomment this if you want to use digest authentication
if (!www_authorize("", "subscriber")) {
www_challenge("", "0");
break;
};
save("location");
break;
};
if (method=="INVITE" || method=="ACK" || method=="BYE" ||
method=="CANCEL") {
if(call_feature()){
if(uri=~"sip:7@")
{
if(!call_redial())
{
sl_send_reply("404", "Not Found");
break;
};
}
else if(uri=~"sip:00*")
{
if(call_pstn())
{
break;
};
}
else
{
if(!call_speeddial())
{
sl_send_reply("404", "Not Found");
break;
};
};
}
else
{
if(!call_sip()){
sl_send_reply("404", "Not Found");
break;
};
};
};
};
append_hf("P-hint: usrloc applied\r\n");
route(1);
}
route[1]
{
# !! Nathelper
if (uri=~"[@:](192\.168\.|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.)" &&
!search("^Route:")){
sl_send_reply("479", "We don't forward to private IP
addresses");
break;
};
# if client or server know to be behind a NAT, enable relay
if (isflagset(6)) {
force_rtp_proxy();
};
# NAT processing of replies; apply to all transactions (for example,
# re-INVITEs from public to private UA are hard to identify as
# NATed at the moment of request processing); look at replies
t_on_reply("1");
# send it out now; use stateful forwarding as it works reliably
# even for UDP2TCP
# forward to current uri now; use stateful forwarding; that
# works reliably even if we forward from TCP to UDP
if(call_flag("1"))
{
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
break;
};
if (!t_relay()) {
sl_reply_error();
};
break;
};
if(call_flag("2"))
{
break;
};
if(call_flag("3"))
{
if (!t_newtran()) {
log("could not create new transaction\n");
sl_send_reply("500","could not create new
transaction");
break;
};
t_reply("100","Trying -- just wait a minute !");
if(!vm("/tmp/am_fifo","voicemail")){
log("could not contact the answer machine\n");
t_reply("500","could not contact the answer
machine");
};
break;
};
}
# !! Nathelper
onreply_route[1] {
# NATed transaction ?
if (isflagset(6) && status =~ "(183)|2[0-9][0-9]") {
fix_nated_contact();
force_rtp_proxy();
# otherwise, is it a transaction behind a NAT and we did not
# know at time of request processing ? (RFC1918 contacts)
} else if (nat_uac_test("1")) {
fix_nated_contact();
};
}
From: Atle Samuelsen <clona(a)camaro.no>
To: Kapil Dhawan <sersavvy(a)hotmail.com>
CC: serusers(a)lists.iptel.org
Subject: Re: [Serusers] NAT Solution
Date: Sat, 24 Apr 2004 12:18:55 +0200
Hi!
www.google.com and search for "ser +nat :host mail.iptel.org"
otherstuff, rtpproxy, mediaproxy etc.
btw. Check the list for common queristions :-)
-Atle
* Kapil Dhawan <sersavvy(a)hotmail.com> [040424 07:07]:
_________________________________________________________________
Ready cash in just 72 hours. Apply Now !!!
http://go.msnserver.com/IN/46922.asp
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers Hi
Could you pls suggest me some solution for implementing NAT. I have
almost
> all the devices behind NAT. Pls suggest me that where can i get the
> documentation for that too...
>
> Regards
>
> _________________________________________________________________
> Deals can't get any better. Products at Lowest Prices.
> http://go.msnserver.com/IN/47508.asp Only on baazee.com
>
> _______________________________________________
> Serusers mailing list
> serusers(a)lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>
7568
days inactive
7569
days old
1 comments
2 participants
participants (2)
-
Jan Janak -
Kapil Dhawan