[Serusers] SER on masqueraded/NAT connection

Nils Ohlmeier nils at ohlmeier.de
Thu Jan 16 03:54:23 CET 2003 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

BTW it exist an UPnP implementation for iptables.
I'm not sure but this UPnP server maybe could solve NAT traversal with the 
Windows Messenger for one or more people.
Also i don't recommed the use of this UPnP server because i could create very 
big security holes in you firewall.

Greetings
  Nils

On Wednesday 15 January 2003 10:33, Jiri Kuthan wrote:
> That's indeed one possibility for NAT traversal. It takes upgrading a NAT
> with a SIP-aware NAT. Cisco PIX is told to support SIP. I was told it did
> not support PPPoE, which some people may miss. The smallest PIX is becoming
> affordable. Another device is Intextex (w/PPPoE).
>
> Again -- other possibilities are UPnP, STUN, twist&tweak.
>
> -Jiri
>
> At 03:23 AM 1/15/2003, Kelvin Chua wrote:
> >I would suggest a cisco router to act as a NAT. it can read the SIP
> >messages properly. Though I'm still undergoing some tests with it, so
> >far sa good :)
> >
> >-----Original Message-----
>
> From: serusers-admin at iptel.org [mailto:serusers-admin at lists.iptel.org] On
>
> >Behalf Of Jiri Kuthan
> >Sent: Tuesday, January 14, 2003 9:46 PM
> >To: Craig Graham; serusers at lists.iptel.org
> >Subject: Re: [Serusers] SER on masqueraded/NAT connection
> >
> >
> >Craigh,
> >
> >the problem unfortunately lives deeper than in SER -- it is about SIP
> >interaction with NATs. SIP advertises IP addresses and port numbers in
> >its messages, a technique which does not work along with NATs. What
> >happens is that SIP messages from your private network get out to the
> >public Internet, still carry private IP addresses in it, and attempts of
> >other call parties to use these private IP addresses will fail.
> >
> >A preview of the .11 documentation mentions these issues.
> >(I hope the correct link is www.iptel.org/ser/doc/, I'm offline
> >now.)
> >
> >I'm unfortunately not aware of a method that would be able
> >to traverse Linux-NAT for Messengers. All of the methods
> >I'm aware of take some kind of NAT-support in end-devices, SIP-support
> >in NATs or both. They include ALG (i.e., SIP awareness in NATs,for
> >example intertex NATs do that), STUN (phones' ability to "fool" NATs,
> >for example k-phone or snom do it), UPnP (must be supported by both
> >phone and NAT), manual configuration (one must have "tweakable" phones
> >and NATs and the ability to actually tweak both), or
> >"symmetric phones" (like Cisco's ATA).
> >
> >-Jiri
> >
> >At 11:28 AM 1/14/2003, Craig Graham wrote:
> >>I have a Linux box at home acting as a masquerading/NAT gateway for a
> >>few Windows PCs, and have installed SER on there in order to use MS
> >>Messenger to talk to people outside.
> >>
> >>SER appears to be working in that I can get Messenger up on two PCs,
> >>connect to SER and set up a voice connection between the two PCs.
> >>However, I cannot connect to people offsite.
> >>
> >>Relevant IPChains entries are
> >>target     prot opt     source                destination
> >
> >ports
> >
> >>ACCEPT     udp  ----l-  anywhere             anywhere              any
> >
> >->
> >
> >>5060
> >>ACCEPT     udp  ------  anywhere             anywhere              any
> >
> >->
> >
> >>7070:7080
> >>
> >>I have made no changes to the default SIP configuration; it is working
> >>as installed by the rpm package ser-0.8.10-1.i386.rpm. A browse through
> >>
> >>the mailing list archive and through the admin guide doesn't show
> >>anything obvious. No errors are reported to /etc/messages or
> >>/etc/syslog and serctl moni does not show anything that looks relevant.
> >>
> >>Does anyone have any suggestions?
> >>
> >>--
> >>Dr. Craig Graham, Software Engineer
> >>Advanced Analysis and Integration Limited, UK. http://www.aail.co.uk/
> >>
> >>
> >>
> >>_______________________________________________
> >>Serusers mailing list
> >>serusers at lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
> >
> >--
> >Jiri Kuthan            http://iptel.org/~jiri/
> >
> >_______________________________________________
> >Serusers mailing list
> >serusers at lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
>
> --
> Jiri Kuthan            http://iptel.org/~jiri/
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers

- -- 
gpg-key: http://www.ohlmeier.org/public_key.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+Jh7fx8PydbrWykARArqwAJ9kaqIldl85J30FzV22JYz035nNZgCeI8PX
clDpNb1Agf5id9+RnywbzHk=
=VvqR
-----END PGP SIGNATURE-----

More information about the sr-users mailing list