[Serusers] SER on masqueraded/NAT connection
Jiri Kuthan
jiri at iptel.org
Tue Jan 14 14:46:07 CET 2003
Craigh,
the problem unfortunately lives deeper than in SER -- it is
about SIP interaction with NATs. SIP advertises IP addresses
and port numbers in its messages, a technique which does not
work along with NATs. What happens is that SIP messages from
your private network get out to the public Internet, still
carry private IP addresses in it, and attempts of other call
parties to use these private IP addresses will fail.
A preview of the .11 documentation mentions these issues.
(I hope the correct link is www.iptel.org/ser/doc/, I'm offline
now.)
I'm unfortunately not aware of a method that would be able
to traverse Linux-NAT for Messengers. All of the methods
I'm aware of take some kind of NAT-support in end-devices,
SIP-support in NATs or both. They include ALG (i.e., SIP
awareness in NATs,for example intertex NATs do that), STUN
(phones' ability to "fool" NATs, for example k-phone or
snom do it), UPnP (must be supported by both phone and NAT),
manual configuration (one must have "tweakable" phones
and NATs and the ability to actually tweak both), or
"symmetric phones" (like Cisco's ATA).
-Jiri
At 11:28 AM 1/14/2003, Craig Graham wrote:
>I have a Linux box at home acting as a masquerading/NAT gateway for a few
>Windows PCs, and have installed SER on there in order to use MS Messenger to
>talk to people outside.
>
>SER appears to be working in that I can get Messenger up on two PCs, connect
>to SER and set up a voice connection between the two PCs. However, I cannot
>connect to people offsite.
>
>Relevant IPChains entries are
>target prot opt source destination ports
>ACCEPT udp ----l- anywhere anywhere any ->
>5060
>ACCEPT udp ------ anywhere anywhere any ->
>7070:7080
>
>I have made no changes to the default SIP configuration; it is working as
>installed by the rpm package ser-0.8.10-1.i386.rpm. A browse through the
>mailing list archive and through the admin guide doesn't show anything
>obvious. No errors are reported to /etc/messages or /etc/syslog and serctl
>moni does not show anything that looks relevant.
>
>Does anyone have any suggestions?
>
>--
>Dr. Craig Graham, Software Engineer
>Advanced Analysis and Integration Limited, UK. http://www.aail.co.uk/
>
>
>
>_______________________________________________
>Serusers mailing list
>serusers at lists.iptel.org
>http://lists.iptel.org/mailman/listinfo/serusers
--
Jiri Kuthan http://iptel.org/~jiri/
More information about the sr-users
mailing list