[Serusers] SER on masqueraded/NAT connection

Jiri Kuthan jiri at iptel.org
Wed Jan 15 10:33:57 CET 2003 

That's indeed one possibility for NAT traversal. It takes upgrading a NAT 
with a SIP-aware NAT. Cisco PIX is told to support SIP. I was told it did
not support PPPoE, which some people may miss. The smallest PIX is becoming
affordable. Another device is Intextex (w/PPPoE).

Again -- other possibilities are UPnP, STUN, twist&tweak.

-Jiri

At 03:23 AM 1/15/2003, Kelvin Chua wrote:
>I would suggest a cisco router to act as a NAT. it can read the SIP
>messages properly. Though I'm still undergoing some tests with it, so
>far sa good :)
>
>-----Original Message-----
>From: serusers-admin at iptel.org [mailto:serusers-admin at lists.iptel.org] On
>Behalf Of Jiri Kuthan
>Sent: Tuesday, January 14, 2003 9:46 PM
>To: Craig Graham; serusers at lists.iptel.org
>Subject: Re: [Serusers] SER on masqueraded/NAT connection
>
>
>Craigh,
>
>the problem unfortunately lives deeper than in SER -- it is about SIP
>interaction with NATs. SIP advertises IP addresses and port numbers in
>its messages, a technique which does not work along with NATs. What
>happens is that SIP messages from your private network get out to the
>public Internet, still carry private IP addresses in it, and attempts of
>other call parties to use these private IP addresses will fail.
>
>A preview of the .11 documentation mentions these issues.
>(I hope the correct link is www.iptel.org/ser/doc/, I'm offline
>now.)
>
>I'm unfortunately not aware of a method that would be able
>to traverse Linux-NAT for Messengers. All of the methods 
>I'm aware of take some kind of NAT-support in end-devices, SIP-support
>in NATs or both. They include ALG (i.e., SIP awareness in NATs,for
>example intertex NATs do that), STUN (phones' ability to "fool" NATs,
>for example k-phone or snom do it), UPnP (must be supported by both
>phone and NAT), manual configuration (one must have "tweakable" phones 
>and NATs and the ability to actually tweak both), or
>"symmetric phones" (like Cisco's ATA).
>
>-Jiri
>
>At 11:28 AM 1/14/2003, Craig Graham wrote:
>>I have a Linux box at home acting as a masquerading/NAT gateway for a 
>>few Windows PCs, and have installed SER on there in order to use MS 
>>Messenger to talk to people outside.
>>
>>SER appears to be working in that I can get Messenger up on two PCs, 
>>connect to SER and set up a voice connection between the two PCs. 
>>However, I cannot connect to people offsite.
>>
>>Relevant IPChains entries are
>>target     prot opt     source                destination
>ports
>>ACCEPT     udp  ----l-  anywhere             anywhere              any
>->
>>5060
>>ACCEPT     udp  ------  anywhere             anywhere              any
>->
>>7070:7080
>>
>>I have made no changes to the default SIP configuration; it is working 
>>as installed by the rpm package ser-0.8.10-1.i386.rpm. A browse through
>
>>the mailing list archive and through the admin guide doesn't show 
>>anything obvious. No errors are reported to /etc/messages or 
>>/etc/syslog and serctl moni does not show anything that looks relevant.
>>
>>Does anyone have any suggestions?
>>
>>--
>>Dr. Craig Graham, Software Engineer
>>Advanced Analysis and Integration Limited, UK. http://www.aail.co.uk/
>>
>>
>>
>>_______________________________________________
>>Serusers mailing list
>>serusers at lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
>
>--
>Jiri Kuthan            http://iptel.org/~jiri/ 
>
>_______________________________________________
>Serusers mailing list
>serusers at lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers

--
Jiri Kuthan            http://iptel.org/~jiri/

More information about the sr-users mailing list