[Serusers] ser does not respond to messages with NATed address

Yang Xiang yang.xiang at iitb.fraunhofer.de
Mon Oct 27 20:46:43 CET 2003 

Hello,

I have a NATed network behind a cisco PIX firewall as follows:


client --- SER 1-----PIX (NAT) --------SER 2

The client has a private address 192.168...., and is NATed to a public IP. Because PIX has a bulit-in SIP-application-gateway, the IP of the client in message body will be transformed to his public IP by firewall.. However, what most strange is SER2 doesn't respond to messages from SER1.

--------------
####################
U 153.96.51.2:5060 -> 153.96.52.2:5060
  INVITE sip:6091 at 153.96.52.2:5060 SIP/2.0..Record-Route: <sip:6091574 at 153.96.51.2;ftag=781a5806-7443-4c67-b8a6-4ae6f9b64bc8;lr=on>..Max-Forwards: 9 .
  .Record-Route: <sip:6091 at 192.4.3.2;ftag=781a5806-7443-4c67-b8a6-4ae6f9b64bc8;lr=on>..Via: SIP/2.0/UDP 153.96.51.2;branch=z9hG4bK75cf.a543.0..Via: SI
  P/2.0/UDP 192.4.3.2;branch=0..Via: SIP/2.0/UDP 153.96.51.77:9779..From: "xia" <sip:xia at nd.fhg.de>;tag=781a5806-7443-4c67-b8a6-4ae6f9b64bc8..To: <s
  ip:6091 at nd.fhg.de>..Call-ID: 9947a08e-d8c5-47ef-90a3-cdd10f3b143c at 153.96.51.77..CSeq: 1 INVITE..Contact: <sip:153.96.51.77:9779>..User-Agent: W
  indows RTC/1.0..Content-Type: application/sdp..Content-Length: 457....v=0..o=yang-mobil 0 0 IN IP4 153.96.51.77..s=session..c=IN IP4 153.96.51.77..b=CT
  :1000..t=0 0..m=audio 61052 RTP/AVP 97 111 112 6 0 8 4 5 3 101..a=rtpmap:97 red/8000..a=rtpmap:111 SIREN/16000..a=fmtp:111 bitrate=16000..a=rtpmap:112 G7
  221/16000..a=fmtp:112 bitrate=24000..a=rtpmap:6 DVI4/16000..a=rtpmap:0 PCMU/8000..a=rtpmap:8 PCMA/8000..a=rtpmap:4 G723/8000..a=rtpmap:5 DVI4/8000..a=rtp
  map:3 GSM/8000..a=rtpmap:101 telephone-event/8000..a=fmtp:101 0-16..
----------------------------------------------

(originally the client has an IP 192.168.44.33 and it has been transformed to 153.96.51.77 by  firewall as seen above)

SER2 gets all messages repeatedly from SER1 but does nothing as if it hadn't seen any messages. (no reply sent, no log written) If I change the client to another network with not NATed adress, it works fine!

SER1's config:

---------------------------
...
        if (uri=~"^sip:[0-9]*@.*"){
        # PSTN call after the authorization. Authorization has been done in bolck route[2] and [3]
                if (uri=~"^sip:00[0-9]+ at .*"){
                       sl_send_reply("699", "Sorry, international call not allowed");
                       break;
                       };

                log(2, "Forward to ser2 \n");
                rewritehostport("153.96.52.2:5060");
                forward("153.96.51.2");
                break;
         };

...
-----------------------

And SER2's config:


# ----------- global configuration parameters ------------------------

debug=2          # debug level (cmd line: -dddddddddd)
fork=yes
log_stderror=no # (cmd line: -E)
check_via=no    # (cmd. line: -v)
dns=no           # (cmd. line: -r)
rev_dns=no      # (cmd. line: -R)
port=5060
children=4
fifo="/tmp/ser_fifo"

# ------------------ module loading ----------------------------------
loadmodule "/usr/local/ser/lib/ser/modules/sl.so"
loadmodule "/usr/local/ser/lib/ser/modules/tm.so"
loadmodule "/usr/local/ser/lib/ser/modules/rr.so"
loadmodule "/usr/local/ser/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/ser/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/ser/lib/ser/modules/registrar.so"
loadmodule "/usr/local/ser/lib/ser/modules/nathelper.so"
loadmodule "/usr/local/ser/lib/ser/modules/textops.so"

modparam("rr", "enable_full_lr", 1)

# -------------------------  request routing logic -------------------

# main routing logic
route{

sl_send_reply("100","msg received, trying");  ### (not any reply was sent as msg arrived!)

        if (!mf_process_maxfwd_header("10")) {
                sl_send_reply("483","too many hops");
                break;
        };
        if (len_gt( max_len )) {
                sl_send_reply("513", "msg too big");
                break;
        };

        record_route();

        loose_route();

        if (search("(c|C)ontact:.*192\.168.*")) {
                fix_nated_contact();
                if (method=="INVITE") {
                        fix_nated_sdp("2");
                 };
        };

        if (!src_ip==10.20.0.2) {
                log(3, "Forward to inn. ser\n");
                forward("10.20.0.2");
                break;
        };

        # if the request is for other domain use UsrLoc
         if (!t_relay()) {
                sl_reply_error();
        };

}

---------------------------------------------------

Any idea?

Thanks

Yang



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20031027/37b0c2f2/attachment.htm>

More information about the sr-users mailing list