[Serusers] problem getting calls to my gateway
Rick Gocher
rgocher at coptalk.com
Mon Dec 8 01:19:29 CET 2003
Hi everyone, thank you for your responses. Here is the latest copy of my
ngrep. I seem to have the ATA box trying to register with both ports (uid0
Rick and uid1 6044844000) however when ser tries to forward to my
gateway, I get the Method not allowed. I also noticed that no numbers I
try to dial ever get passed to the gateway, is that because it's failing
initial auth? I have registered the user Rick using serctl and placed the
uid into the free-pstn and local groups...
I'm including my ser.cfg as I may have changed things since last time....
thanks again,
Rick
##
U 64.189.165.2065060 -> 64.189.165.2055060REGISTER sip:64.189.165.205
SIP/2.0..Via SIP/2.0/UDP 64.189.165.2065060..From
sip:Rick at 64.189.165.205;tag=3484959312..To sip:Rick at 64.189.165.205..Call-ID
3859574384 at 64.189.165.206..CSeq 3 REGISTER..Contact <sip:Rick@
64.189.165.2065060;transport=udp>;expires=3600..User-Agent Cisco ATA
186 v2.16.2 ata18x (030909a)..Content-Length
0....
#
U 64.189.165.2055060 -> 65.189.155.1015060 REGISTER sip:64.189.165.205
SIP/2.0..Max-Forwards 10..Via SIP/2.0/UDP 64.189.165.205;branch=0..Via
SIP/2.0/UDP 64.189.165.2065060..From
sip:Rick at 64.189.165.205;tag=3484959312..To sip:Rick at 64.189.165.205..Call-ID
3859574384 at 64.189.165.206..CSeq
3REGISTER..Contact<sip:Rick at 64.189.165.2065060;
transport=udp>;expires=3600..User-Agent Cisco ATA 186 v2.16.2 ata18x
(030909a)..Content-Length
0....
#
U 65.189.155.1015060 -> 64.189.165.2055060SIP/2.0 405 Method Not
Allowed..Via SIP/2.0/UDP 64.189.165.205;branch=0,SIP/2.0/UDP
64.189.165.2065060..From sip:Rick at 64.189.165.205;tag=3484959312..To
sip:Rick at 64.189.165.205..Call-ID 3859574384 at 64.189.165.206..CSeq 3
REGISTER..Allow INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, COMET, REFER,
SUBSCRIBE, NOTIFY, INFO..Content-Length
0....
#
U 64.189.165.2055060 -> 64.189.165.2065060 SIP/2.0 405 Method Not
Allowed..Via SIP/2.0/UDP 64.189.165.2065060..From
sip:Rick at 64.189.165.205;tag=3484959312..To sip:Rick@
64.189.165.205..Call-ID 3859574384 at 64.189.165.206..CSeq 3 REGISTER..Allow
INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, COMET, REFER, SUBSCRIBE, NOTIFY,
INFO..Content-Length0....
#
U 64.189.165.2065060 -> 64.189.165.2055060REGISTER sip:64.189.165.205
SIP/2.0..Via SIP/2.0/UDP 64.189.165.2065060..From
<sip:6044844000 at 64.189.165.205;user=phone>;tag=4073070426..To
<sip:6044844000 at 64.189.165.205;user=phone>..Call-ID
3464081553 at 64.189.165.206..CSeq 3 REGISTER..Contact
<sip:6044844000 at 64.189.165.2065060;user=phone;
transport=udp>;expires=3600..User-Agent Cisco ATA 186 v2.16.2 ata18x
(030909a)..Content-Length
0....
#
U 64.189.165.2055060 -> 65.189.155.1015060REGISTER sip64.189.165.205
SIP/2.0..Max-Forwards 10..Via SIP/2.0/UDP 64.189.165.205;branch=0..Via
SIP/2.0/UDP 64.189.165.206
5060..From<sip:6044844000 at 64.189.165.205;user=phone>; tag=4073070426..To
<sip:6044844000 at 64.189.165.205;user=phone>..Call-ID
3464081553 at 64.189.165.206..CSeq 3 REGISTER..Contact
<sip:6044844000 at 64.189.165.2065060;user=phone;transport=udp>;expires=3600..User-Agent
Cisco ATA 186 v2.16.2 ata18x
(030909a)..Content-Length
0....
#
U 65.189.155.1015060 -> 64.189.165.2055060 SIP/2.0 405 Method Not
Allowed..Via SIP/2.0/UDP 64.189.165.205;branch=0,SIP/2.0/UDP
64.189.165.2065060..From
<sip:6044844000 at 64.189.165.205;user=phone>;tag=4073070426..To<sip:6044844000 at 64.189.165.205;user=
phone>..Call-ID 3464081553 at 64.189.165.206..CSeq 3 REGISTER..Allow INVITE,
OPTIONS, BYE, CANCEL, ACK, PRACK, COMET, REFER, SUBSCRIBE, NOTIFY,
INFO..Content-Length 0....
#
U 64.189.165.2055060 -> 64.189.165.2065060 SIP/2.0 405 Method Not
Allowed..Via SIP/2.0/UDP 64.189.165.2065060..From
<sip:6044844000 at 64.189.165.205;user=phone>;tag=4073070426..To
<sip:6044844000 at 64.189.165.205;user=phone>..Call-ID
3464081553 at 64.189.165.206..CSeq 3 REGISTER..Allow INVITE, OPTIONS, BYE,
CANCEL, ACK, PRACK, COMET, REFER, SUBSCRIBE, NOTIFY, INFO..Content-Length
0....
# ----------- global configuration parameters ------------------------
debug=7 # debug level (cmd line: -dddddddddd)
fork=yes
log_stderror=yes # (cmd line: -E)
#/* Uncomment these lines to enter debugging mode
#fork=no
#log_stderror=yes
#*/
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
port=5060
children=4
fifo="/tmp/ser_fifo"
#
# $Id: pstn.cfg,v 1.2 2003/06/03 03:18:12 jiri Exp $
#
#
# ------------------ module loading ----------------------------------
loadmodule "/usr/lib/ser/modules/tm.so"
loadmodule "/usr/lib/ser/modules/sl.so"
loadmodule "/usr/lib/ser/modules/acc.so"
loadmodule "/usr/lib/ser/modules/rr.so"
loadmodule "/usr/lib/ser/modules/usrloc.so"
loadmodule "/usr/lib/ser/modules/uri.so"
loadmodule "/usr/lib/ser/modules/registrar.so"
loadmodule "/usr/lib/ser/modules/maxfwd.so"
loadmodule "/usr/lib/ser/modules/mysql.so"
loadmodule "/usr/lib/ser/modules/auth.so"
loadmodule "/usr/lib/ser/modules/auth_db.so"
loadmodule "/usr/lib/ser/modules/textops.so"
loadmodule "/usr/lib/ser/modules/group.so"
modparam("auth_db", "db_url","sql://ser:secret@localhost/ser")
modparam("usrloc", "db_url", "sql://ser:secret@localhost/ser")
# ----------------- setting module-specific parameters ---------------
modparam("auth_db", "calculate_ha1", yes)
modparam("auth_db", "password_column", "password")
modparam("usrloc", "db_mode", 2)
# -- acc params --
# modparam("acc", "log_level", 1)
# that is the flag for which we will account -- don't forget to
# set the same one :-)
# modparam("acc", "log_flag", 1 )
# ------------------------- request routing logic -------------------
# main routing logic
route{
/* ********* ROUTINE CHECKS ********************************** */
# filter too old messages
if (!mf_process_maxfwd_header("10")) {
log("LOG: Too many hops\n");
sl_send_reply("483","Too Many Hops");
break;
};
if (msg:len >= max_len ) {
sl_send_reply("513", "Message too big");
break;
};
/* ********* RR ********************************** */
/* grant Route routing if route headers present */
if (loose_route()) { t_relay(); break; };
/* record-route INVITEs -- all subsequent requests must visit us */
if (method=="INVITE") {
record_route();
};
# now check if it really is a PSTN destination which should be handled
# by our gateway; if not, and the request is an invitation, drop it --
# we cannot terminate it in PSTN; relay non-INVITE requests -- it may
# be for example BYEs sent by gateway to call originator
if (!uri=~"sip:\+?[0-9]+ at .*") {
if (method=="INVITE") {
sl_send_reply("403", "Call cannot be served here");
} else {
# forward(uri:host, uri:port);
forward(65.189.155.101, 5060);
};
break;
};
# account completed transactions via syslog
setflag(1);
# free call destinations ... no authentication needed
if ( is_user_in("Request-URI", "free-pstn") /* free destinations */
# | uri=~"sip:[79][0-9][0-9][0-9]@.*" /* local PBX */
| uri=~"sip:[9][0-9][0-9][0-9]@.*" /* local PBX */
| uri=~"sip:98[0-9][0-9][0-9][0-9]") {
log("free call");
} else if (src_ip==65.189.155.101) {
# our gateway doesn't support digest authentication;
# verify that a request is coming from it by source
# address
log("gateway-originated request");
} else {
# in all other cases, we need to check the request against
# access control lists; first of all, verify request
# originator's identity
if (!proxy_authorize( "gateway" /* realm */,
"subscriber" /* table name */)) {
proxy_challenge( "gateway" /* realm */, "0" /* no
qop */ );
break;
};
# authorize only for INVITEs -- RR/Contact may result in weird
# things showing up in d-uri that would break our logic; our
# major concern is INVITE which causes PSTN costs
if (method=="INVITE") {
# does the authenticated user have a permission for
local
# calls (destinations beginning with a single zero)?
# (i.e., is he in the "local" group?)
if (uri=~"sip:0[1-9][0-9]+ at .*") {
if (!is_user_in("credentials", "local")) {
sl_send_reply("403", "No permission
for local calls");
break;
};
# the same for long-distance (destinations begin
with two zeros")
} else if (uri=~"sip:00[1-9][0-9]+ at .*") {
if (!is_user_in("credentials", "ld")) {
sl_send_reply("403", " no
permission for LD ");
break;
};
# the same for international calls (three zeros)
} else if (uri=~"sip:000[1-9][0-9]+ at .*") {
if (!is_user_in("credentials", "int")) {
sl_send_reply("403", "International
permissions needed");
break;
};
# everything else (e.g., interplanetary calls) is denied
} else {
sl_send_reply("403", "Forbidden");
break;
};
}; # INVITE to authorized PSTN
}; # authorized PSTN
# if you have passed through all the checks, let your call go to GW!
rewritehostport("65.189.155.101:5060");
# forward the request now
if (!t_relay()) {
sl_reply_error();
break;
};
if (uri=~"^sip:[0-9]*@.*") {
log("Forwarding to PSTN\n");
t_relay_to_udp ("65.189.155.101","5060");
t_relay_to_tcp ("65.189.155.101","5060");
break;
};
}
More information about the sr-users
mailing list