RE: [Serusers] NAT vs. NoNat authentication - sr-users

20 Jul 2004


      There are 3 possible points where the private IP might have been replaced with the ADSL gateway's public address.
1. On the client itself (using STUN?)
2. On the ADSL gateway (Is it SIP aware?)
3. Misconfigured SER (I think this is not the case - since it works for port 5070).
To confirm if it is (1) - run a sniffer like ethereal or tcpdump to capture packets as it leaves the client machine - both for port 5060 and 5070. See if the client is doing anything smart - replacing private IP with gateway IP while using 5060 and not for 5070?
To confirm if it is (2) - run a sniffer on the same collission domain or on the same machine where SER is running and capture the registration request packets. If (1) is false and still the private IP is getting modified, its the ADSL gateway that's doing some proxying of SIP traffic (port 5060).
Which ADSL gateway are you using?
Dhiraj
-----Original Message-----
From: serusers-bounces@iptel.org [mailto:serusers-bounces@lists.iptel.org]On
Behalf Of Bart Van Daal
Sent: 20 July 2004 09:16
To: serusers@lists.iptel.org
Subject: RE: [Serusers] NAT vs. NoNat authentication
Hello I'll post the answers to the two replies:
...
Andrei>  Do you have another UA behind the same nat, using 5060?
No it's only 1 Phone ---- ADSLRouter(NAT) ------- Internet ---------- Ser
Dhiraj > ..i'l post the two ngreps again:
I'm sorry for the long post. What I can see is, when ser runs on port 5070
the register contains a private ip in the 'Via:' header. When it runs on
5060
The 'Via:' header contains the public IP of the router and an unprivileged
port.
----------------------------------------------- 5070
-----------------------------------------------
filter: ip and ( port 5070 )
#
U 213.219.137.137:5070 -> 212.71.0.60:5070
REGISTER sip:ser.edpnet.net:5070 SIP/2.0.
Via: SIP/2.0/UDP 10.0.0.2:5070.
Supported: replaces.
User-Agent: SIP201 (lp201sip.100a).
Contact: sip:bart@10.0.0.2:5070;expires=60.
From: sip:bart@ser.edpnet.net ;tag=a000002-13ce-0-42e-7fea.
To: sip:bart@ser.edpnet.net.
Call-ID: a000002-13ce-0-406-79bf-1.
CSeq: 1 REGISTER.
Content-Length:0.
.
#
U 212.71.0.60:5070 -> 213.219.137.137:5070
SIP/2.0 401 Unauthorized.
Via: SIP/2.0/UDP 10.0.0.2:5070;rport=5070;received=213.219.137.137.
From: sip:bart@ser.edpnet.net ;tag=a000002-13ce-0-42e-7fea.
To: sip:bart@ser.edpnet.net;tag=2497a39c629b119dac83769f58cd2b29.1cd2.
Call-ID: a000002-13ce-0-406-79bf-1.
CSeq: 1 REGISTER.
WWW-Authenticate: Digest realm="ser.edpnet.net",
nonce="40fcce4ec4ab3796c95cb2c87a9d94a05651ed08".
Server: Sip EXpress router (0.8.13-dev-33-usrloc (i386/linux)).
Content-Length: 0.
Warning: 392 212.71.0.60:5070 "Noisy feedback tells:  pid=18743
req_src_ip=213.219.137.137 req_src_port=5070 in_uri=sip:ser.edpnet.net:5070
out_uri=sip:ser.edpnet.net:5070 via_cnt==1".
.
#
U 213.219.137.137:5070 -> 212.71.0.60:5070
REGISTER sip:ser.edpnet.net:5070 SIP/2.0.
Via: SIP/2.0/UDP 10.0.0.2:5070.
Supported: replaces.
User-Agent: SIP201 (lp201sip.100a).
Contact: sip:bart@10.0.0.2:5070;expires=60.
Authorization: Digest username="bart", realm="ser.edpnet.net",
nonce="40fcce4ec4ab3796c95cb2c87a9d94a05651ed08",
uri="sip:ser.edpnet.net:5070", response="ea0329c8f3a4d199230733feb750d3a1",
algorithm=MD5.
From: sip:bart@ser.edpnet.net ;tag=a000002-13ce-40fccd8d-1991-7051.
To: sip:bart@ser.edpnet.net.
Call-ID: a000002-13ce-0-406-79bf-1.
CSeq: 2 REGISTER.
Content-Length:0.
.
#
U 212.71.0.60:5070 -> 213.219.137.137:5070
SIP/2.0 200 OK.
Via: SIP/2.0/UDP 10.0.0.2:5070;rport=5070;received=213.219.137.137.
From: sip:bart@ser.edpnet.net ;tag=a000002-13ce-40fccd8d-1991-7051.
To: sip:bart@ser.edpnet.net;tag=2497a39c629b119dac83769f58cd2b29.1cd2.
Call-ID: a000002-13ce-0-406-79bf-1.
CSeq: 2 REGISTER.
Contact: sip:bart@213.219.137.137:5070;expires=60.
Server: Sip EXpress router (0.8.13-dev-33-usrloc (i386/linux)).
Content-Length: 0.
Warning: 392 212.71.0.60:5070 "Noisy feedback tells:  pid=18743
req_src_ip=213.219.137.137 req_src_port=5070 in_uri=sip:ser.edpnet.net:5070
out_uri=sip:ser.edpnet.net:5070 via_cnt==1".
.
----------------------------------------------- 5060
-----------------------------------------------
filter: ip and ( port 5060 )
#
U 213.219.137.137:5060 -> 212.71.0.60:5060
REGISTER sip:ser.edpnet.net:5060 SIP/2.0.
Via: SIP/2.0/UDP 213.219.137.137:47726.
Supported: replaces.
User-Agent: SIP201 (lp201sip.100a).
Contact: sip:bart@10.0.0.2:5060;expires=60.
From: sip:bart@ser.edpnet.net ;tag=a000002-13c4-0-429-495.
To: sip:bart@ser.edpnet.net.
Call-ID: a000002-13c4-0-401-719e-1.
CSeq: 1 REGISTER.
Content-Length:0.
.
#
U 212.71.0.60:5060 -> 213.219.137.137:5060
SIP/2.0 401 Unauthorized.
Via: SIP/2.0/UDP 213.219.137.137:47726;rport=5060.
From: sip:bart@ser.edpnet.net ;tag=a000002-13c4-0-429-495.
To: sip:bart@ser.edpnet.net;tag=61a88e7fd5f0561d96cde0cc9ecba6d7.2508.
Call-ID: a000002-13c4-0-401-719e-1.
CSeq: 1 REGISTER.
WWW-Authenticate: Digest realm="ser.edpnet.net",
nonce="40fcccbe3b4e06bc429de0a886d7b43409cb8427".
Server: Sip EXpress router (0.8.13-dev-33-usrloc (i386/linux)).
Content-Length: 0.
Warning: 392 212.71.0.60:5060 "Noisy feedback tells:  pid=18727
req_src_ip=213.219.137.137 req_src_port=5060 in_uri=sip:ser.edpnet.net:5060
out_uri=sip:ser.edpnet.net:5060 via_cnt==1".
_______________________________________________
Serusers mailing list
serusers@lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers