[Serusers] symmetric nat/ broadband routers

Klaus Darilion darilion at ict.tuwien.ac.at
Thu Dec 4 17:43:22 CET 2003 

Hi!

> -----Original Message-----
> From: Martin Anderberg [mailto:martin at namnupplysaren.net] 
> Sent: Thursday, December 04, 2003 5:26 PM
> To: serusers at lists.iptel.org
> Subject: [Serusers] symmetric nat/ broadband routers
> 
> 
> 
> Howdy!
> 
> I'm having some trouble with the nathelper module and certain 
> types of 
> broadband routers (ie d-link 604 & d-link 624). I'll try to 
> explain the 
> situation below and hope that someone is willing to help me 
> out, because 
>   i'm stuck.
> 
> In short, the setup is a ata-186 box (which is symmetric) behind a 
> d-link 604 (which isn't symmetric at all times).
> 
> The nathelper module included in the distribution (both 0.8.11 and 
> 0.8.12) has a function called fix_nated_contact(). 
> fix_nated_contact() 
> rewrites the contact-header with the source-ip & source-port 
> of the packet.
> 
> However, in some cases (ie non-symmetric d-link router between the 
> ata-box and the internet) this is a problem since the d-link router 
> sometimes rewrites the source-port which is then used as a 
> location in 
> ser. When the session has timed out on the d-link (doesn't 
> really seem 
> to help with the natping) the location-information in ser is 
> no longer 
> valid.
> 
> Is there any reason why the nathelper rewrites the port in the 
> contact-header? If the client is symmetric the source-port 
> and the port 
> in the contact-header shouldn't differ anyway? I trust there is a 
> reason, i just dont see it ;)
> 

Yes, the ports at the client are identical, but the NAT router uses
other ports at the public interface, e.g. if the client behind the NAT
uses port 5060 for SIP (send&receive), the NATs publice interface may
user for example port 50000. Therefore, the client listen on port 5060,
but the packets have to be sent to port 50000 of the public IP address
and then the NAT router rewrites the port back to 5060. Hence, the
nathelper modules rewrites the IP address and the port in the contact
header before saving them in the location database.

If the session in the NAT router times out although using natping, thats
a pit. Maybe it helps to ping the proxy from the client, e.g. the
budgetone phones support keep alive pinging.

Klaus

> On a side-note, when glancing at nathelper.c it looks as if 
> the int len 
> is calculated with the original values of the header, then filled 
> through snprintf with values which are not 100% positively the same 
> length (msg->rcv.src_port). Isn't it for example possible 
> that the port 
> in the header is 5060 but the source_port is 22444 (which is one 
> character longer than the length of len is calculated to).
> 
> I hope someone can shed some light over the matter.
> 
> /Martin
> 
> 
> 
> 
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
> 
>

More information about the sr-users mailing list