I have a Linux box at home acting as a masquerading/NAT gateway for a few Windows PCs, and have installed SER on there in order to use MS Messenger to talk to people outside.
SER appears to be working in that I can get Messenger up on two PCs, connect to SER and set up a voice connection between the two PCs. However, I cannot connect to people offsite.
Relevant IPChains entries are target prot opt source destination ports ACCEPT udp ----l- anywhere anywhere any -> 5060 ACCEPT udp ------ anywhere anywhere any -> 7070:7080
I have made no changes to the default SIP configuration; it is working as installed by the rpm package ser-0.8.10-1.i386.rpm. A browse through the mailing list archive and through the admin guide doesn't show anything obvious. No errors are reported to /etc/messages or /etc/syslog and serctl moni does not show anything that looks relevant.
Does anyone have any suggestions?
-- Dr. Craig Graham, Software Engineer Advanced Analysis and Integration Limited, UK. http://www.aail.co.uk/
Craigh,
the problem unfortunately lives deeper than in SER -- it is about SIP interaction with NATs. SIP advertises IP addresses and port numbers in its messages, a technique which does not work along with NATs. What happens is that SIP messages from your private network get out to the public Internet, still carry private IP addresses in it, and attempts of other call parties to use these private IP addresses will fail.
A preview of the .11 documentation mentions these issues. (I hope the correct link is www.iptel.org/ser/doc/, I'm offline now.)
I'm unfortunately not aware of a method that would be able to traverse Linux-NAT for Messengers. All of the methods I'm aware of take some kind of NAT-support in end-devices, SIP-support in NATs or both. They include ALG (i.e., SIP awareness in NATs,for example intertex NATs do that), STUN (phones' ability to "fool" NATs, for example k-phone or snom do it), UPnP (must be supported by both phone and NAT), manual configuration (one must have "tweakable" phones and NATs and the ability to actually tweak both), or "symmetric phones" (like Cisco's ATA).
-Jiri
At 11:28 AM 1/14/2003, Craig Graham wrote:
I have a Linux box at home acting as a masquerading/NAT gateway for a few Windows PCs, and have installed SER on there in order to use MS Messenger to talk to people outside.
SER appears to be working in that I can get Messenger up on two PCs, connect to SER and set up a voice connection between the two PCs. However, I cannot connect to people offsite.
Relevant IPChains entries are target prot opt source destination ports ACCEPT udp ----l- anywhere anywhere any -> 5060 ACCEPT udp ------ anywhere anywhere any -> 7070:7080
I have made no changes to the default SIP configuration; it is working as installed by the rpm package ser-0.8.10-1.i386.rpm. A browse through the mailing list archive and through the admin guide doesn't show anything obvious. No errors are reported to /etc/messages or /etc/syslog and serctl moni does not show anything that looks relevant.
Does anyone have any suggestions?
-- Dr. Craig Graham, Software Engineer Advanced Analysis and Integration Limited, UK. http://www.aail.co.uk/
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-- Jiri Kuthan http://iptel.org/~jiri/
I would suggest a cisco router to act as a NAT. it can read the SIP messages properly. Though I'm still undergoing some tests with it, so far sa good :)
-----Original Message----- From: serusers-admin@iptel.org [mailto:serusers-admin@lists.iptel.org] On Behalf Of Jiri Kuthan Sent: Tuesday, January 14, 2003 9:46 PM To: Craig Graham; serusers@lists.iptel.org Subject: Re: [Serusers] SER on masqueraded/NAT connection
Craigh,
the problem unfortunately lives deeper than in SER -- it is about SIP interaction with NATs. SIP advertises IP addresses and port numbers in its messages, a technique which does not work along with NATs. What happens is that SIP messages from your private network get out to the public Internet, still carry private IP addresses in it, and attempts of other call parties to use these private IP addresses will fail.
A preview of the .11 documentation mentions these issues. (I hope the correct link is www.iptel.org/ser/doc/, I'm offline now.)
I'm unfortunately not aware of a method that would be able to traverse Linux-NAT for Messengers. All of the methods I'm aware of take some kind of NAT-support in end-devices, SIP-support in NATs or both. They include ALG (i.e., SIP awareness in NATs,for example intertex NATs do that), STUN (phones' ability to "fool" NATs, for example k-phone or snom do it), UPnP (must be supported by both phone and NAT), manual configuration (one must have "tweakable" phones and NATs and the ability to actually tweak both), or "symmetric phones" (like Cisco's ATA).
-Jiri
At 11:28 AM 1/14/2003, Craig Graham wrote:
I have a Linux box at home acting as a masquerading/NAT gateway for a few Windows PCs, and have installed SER on there in order to use MS Messenger to talk to people outside.
SER appears to be working in that I can get Messenger up on two PCs, connect to SER and set up a voice connection between the two PCs. However, I cannot connect to people offsite.
Relevant IPChains entries are target prot opt source destination
ports
ACCEPT udp ----l- anywhere anywhere any
->
5060 ACCEPT udp ------ anywhere anywhere any
->
7070:7080
I have made no changes to the default SIP configuration; it is working as installed by the rpm package ser-0.8.10-1.i386.rpm. A browse through
the mailing list archive and through the admin guide doesn't show anything obvious. No errors are reported to /etc/messages or /etc/syslog and serctl moni does not show anything that looks relevant.
Does anyone have any suggestions?
-- Dr. Craig Graham, Software Engineer Advanced Analysis and Integration Limited, UK. http://www.aail.co.uk/
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-- Jiri Kuthan http://iptel.org/~jiri/
_______________________________________________ Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
That's indeed one possibility for NAT traversal. It takes upgrading a NAT with a SIP-aware NAT. Cisco PIX is told to support SIP. I was told it did not support PPPoE, which some people may miss. The smallest PIX is becoming affordable. Another device is Intextex (w/PPPoE).
Again -- other possibilities are UPnP, STUN, twist&tweak.
-Jiri
At 03:23 AM 1/15/2003, Kelvin Chua wrote:
I would suggest a cisco router to act as a NAT. it can read the SIP messages properly. Though I'm still undergoing some tests with it, so far sa good :)
-----Original Message----- From: serusers-admin@iptel.org [mailto:serusers-admin@lists.iptel.org] On Behalf Of Jiri Kuthan Sent: Tuesday, January 14, 2003 9:46 PM To: Craig Graham; serusers@lists.iptel.org Subject: Re: [Serusers] SER on masqueraded/NAT connection
Craigh,
the problem unfortunately lives deeper than in SER -- it is about SIP interaction with NATs. SIP advertises IP addresses and port numbers in its messages, a technique which does not work along with NATs. What happens is that SIP messages from your private network get out to the public Internet, still carry private IP addresses in it, and attempts of other call parties to use these private IP addresses will fail.
A preview of the .11 documentation mentions these issues. (I hope the correct link is www.iptel.org/ser/doc/, I'm offline now.)
I'm unfortunately not aware of a method that would be able to traverse Linux-NAT for Messengers. All of the methods I'm aware of take some kind of NAT-support in end-devices, SIP-support in NATs or both. They include ALG (i.e., SIP awareness in NATs,for example intertex NATs do that), STUN (phones' ability to "fool" NATs, for example k-phone or snom do it), UPnP (must be supported by both phone and NAT), manual configuration (one must have "tweakable" phones and NATs and the ability to actually tweak both), or "symmetric phones" (like Cisco's ATA).
-Jiri
At 11:28 AM 1/14/2003, Craig Graham wrote:
I have a Linux box at home acting as a masquerading/NAT gateway for a few Windows PCs, and have installed SER on there in order to use MS Messenger to talk to people outside.
SER appears to be working in that I can get Messenger up on two PCs, connect to SER and set up a voice connection between the two PCs. However, I cannot connect to people offsite.
Relevant IPChains entries are target prot opt source destination
ports
ACCEPT udp ----l- anywhere anywhere any
->
5060 ACCEPT udp ------ anywhere anywhere any
->
7070:7080
I have made no changes to the default SIP configuration; it is working as installed by the rpm package ser-0.8.10-1.i386.rpm. A browse through
the mailing list archive and through the admin guide doesn't show anything obvious. No errors are reported to /etc/messages or /etc/syslog and serctl moni does not show anything that looks relevant.
Does anyone have any suggestions?
-- Dr. Craig Graham, Software Engineer Advanced Analysis and Integration Limited, UK. http://www.aail.co.uk/
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-- Jiri Kuthan http://iptel.org/~jiri/
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-- Jiri Kuthan http://iptel.org/~jiri/
Thanks for the responses.
An Intertex box is an option, as we have one in the office and I know how to use it. However, it's a bit of a sledgehammer to crack a nut and as such is a last resort. Given I have text messaging to the office when I work from home already, and we have telephones, the cost of an IX66 just for the trendiness factor is difficult to justify.
I'm currently trying to get Partysip to work. Well, to compile with the required options at least, since that can talk to IPTables and apparently can be made to work reasonably well. Scaleability is of little importance to a single house setup :)
-- Dr. Craig Graham, Software Engineer Advanced Analysis and Integration Limited, UK. http://www.aail.co.uk/
----- Original Message ----- From: "Jiri Kuthan" jiri@iptel.org To: "Kelvin Chua" kchua@up.edu.ph; "'Craig Graham'" craig@twolips-translations.co.uk; serusers@lists.iptel.org Sent: Wednesday, January 15, 2003 9:33 AM Subject: RE: [Serusers] SER on masqueraded/NAT connection
That's indeed one possibility for NAT traversal. It takes upgrading a NAT with a SIP-aware NAT. Cisco PIX is told to support SIP. I was told it did not support PPPoE, which some people may miss. The smallest PIX is
becoming
affordable. Another device is Intextex (w/PPPoE).
Again -- other possibilities are UPnP, STUN, twist&tweak.
-Jiri
At 03:23 AM 1/15/2003, Kelvin Chua wrote:
I would suggest a cisco router to act as a NAT. it can read the SIP messages properly. Though I'm still undergoing some tests with it, so far sa good :)
-----Original Message----- From: serusers-admin@iptel.org [mailto:serusers-admin@lists.iptel.org] On Behalf Of Jiri Kuthan Sent: Tuesday, January 14, 2003 9:46 PM To: Craig Graham; serusers@lists.iptel.org Subject: Re: [Serusers] SER on masqueraded/NAT connection
Craigh,
the problem unfortunately lives deeper than in SER -- it is about SIP interaction with NATs. SIP advertises IP addresses and port numbers in its messages, a technique which does not work along with NATs. What happens is that SIP messages from your private network get out to the public Internet, still carry private IP addresses in it, and attempts of other call parties to use these private IP addresses will fail.
A preview of the .11 documentation mentions these issues. (I hope the correct link is www.iptel.org/ser/doc/, I'm offline now.)
I'm unfortunately not aware of a method that would be able to traverse Linux-NAT for Messengers. All of the methods I'm aware of take some kind of NAT-support in end-devices, SIP-support in NATs or both. They include ALG (i.e., SIP awareness in NATs,for example intertex NATs do that), STUN (phones' ability to "fool" NATs, for example k-phone or snom do it), UPnP (must be supported by both phone and NAT), manual configuration (one must have "tweakable" phones and NATs and the ability to actually tweak both), or "symmetric phones" (like Cisco's ATA).
-Jiri
At 11:28 AM 1/14/2003, Craig Graham wrote:
I have a Linux box at home acting as a masquerading/NAT gateway for a few Windows PCs, and have installed SER on there in order to use MS Messenger to talk to people outside.
SER appears to be working in that I can get Messenger up on two PCs, connect to SER and set up a voice connection between the two PCs. However, I cannot connect to people offsite.
Relevant IPChains entries are target prot opt source destination
ports
ACCEPT udp ----l- anywhere anywhere any
->
5060 ACCEPT udp ------ anywhere anywhere any
->
7070:7080
I have made no changes to the default SIP configuration; it is working as installed by the rpm package ser-0.8.10-1.i386.rpm. A browse through
the mailing list archive and through the admin guide doesn't show anything obvious. No errors are reported to /etc/messages or /etc/syslog and serctl moni does not show anything that looks relevant.
Does anyone have any suggestions?
-- Dr. Craig Graham, Software Engineer Advanced Analysis and Integration Limited, UK. http://www.aail.co.uk/
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-- Jiri Kuthan http://iptel.org/~jiri/
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-- Jiri Kuthan http://iptel.org/~jiri/
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
BTW it exist an UPnP implementation for iptables. I'm not sure but this UPnP server maybe could solve NAT traversal with the Windows Messenger for one or more people. Also i don't recommed the use of this UPnP server because i could create very big security holes in you firewall.
Greetings Nils
On Wednesday 15 January 2003 10:33, Jiri Kuthan wrote:
That's indeed one possibility for NAT traversal. It takes upgrading a NAT with a SIP-aware NAT. Cisco PIX is told to support SIP. I was told it did not support PPPoE, which some people may miss. The smallest PIX is becoming affordable. Another device is Intextex (w/PPPoE).
Again -- other possibilities are UPnP, STUN, twist&tweak.
-Jiri
At 03:23 AM 1/15/2003, Kelvin Chua wrote:
I would suggest a cisco router to act as a NAT. it can read the SIP messages properly. Though I'm still undergoing some tests with it, so far sa good :)
-----Original Message-----
From: serusers-admin@iptel.org [mailto:serusers-admin@lists.iptel.org] On
Behalf Of Jiri Kuthan Sent: Tuesday, January 14, 2003 9:46 PM To: Craig Graham; serusers@lists.iptel.org Subject: Re: [Serusers] SER on masqueraded/NAT connection
Craigh,
the problem unfortunately lives deeper than in SER -- it is about SIP interaction with NATs. SIP advertises IP addresses and port numbers in its messages, a technique which does not work along with NATs. What happens is that SIP messages from your private network get out to the public Internet, still carry private IP addresses in it, and attempts of other call parties to use these private IP addresses will fail.
A preview of the .11 documentation mentions these issues. (I hope the correct link is www.iptel.org/ser/doc/, I'm offline now.)
I'm unfortunately not aware of a method that would be able to traverse Linux-NAT for Messengers. All of the methods I'm aware of take some kind of NAT-support in end-devices, SIP-support in NATs or both. They include ALG (i.e., SIP awareness in NATs,for example intertex NATs do that), STUN (phones' ability to "fool" NATs, for example k-phone or snom do it), UPnP (must be supported by both phone and NAT), manual configuration (one must have "tweakable" phones and NATs and the ability to actually tweak both), or "symmetric phones" (like Cisco's ATA).
-Jiri
At 11:28 AM 1/14/2003, Craig Graham wrote:
I have a Linux box at home acting as a masquerading/NAT gateway for a few Windows PCs, and have installed SER on there in order to use MS Messenger to talk to people outside.
SER appears to be working in that I can get Messenger up on two PCs, connect to SER and set up a voice connection between the two PCs. However, I cannot connect to people offsite.
Relevant IPChains entries are target prot opt source destination
ports
ACCEPT udp ----l- anywhere anywhere any
->
5060 ACCEPT udp ------ anywhere anywhere any
->
7070:7080
I have made no changes to the default SIP configuration; it is working as installed by the rpm package ser-0.8.10-1.i386.rpm. A browse through
the mailing list archive and through the admin guide doesn't show anything obvious. No errors are reported to /etc/messages or /etc/syslog and serctl moni does not show anything that looks relevant.
Does anyone have any suggestions?
-- Dr. Craig Graham, Software Engineer Advanced Analysis and Integration Limited, UK. http://www.aail.co.uk/
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-- Jiri Kuthan http://iptel.org/~jiri/
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-- Jiri Kuthan http://iptel.org/~jiri/
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
- -- gpg-key: http://www.ohlmeier.org/public_key.asc
This was the first path I took. Unfortunately, I need to talk to people who are behind two different Intertex IX66 boxes, which do not support UPnP.
-- Dr. Craig Graham, Software Engineer Advanced Analysis and Integration Limited, UK. http://www.aail.co.uk/
----- Original Message ----- From: "Nils Ohlmeier" nils@ohlmeier.de To: serusers@lists.iptel.org Cc: "Jiri Kuthan" jiri@iptel.org Sent: Thursday, January 16, 2003 2:54 AM Subject: Re: [Serusers] SER on masqueraded/NAT connection
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
BTW it exist an UPnP implementation for iptables. I'm not sure but this UPnP server maybe could solve NAT traversal with the Windows Messenger for one or more people. Also i don't recommed the use of this UPnP server because i could create
very
big security holes in you firewall.
-
Craig Graham -
Jiri Kuthan -
Kelvin Chua -
Nils Ohlmeier