[Serusers] NAT & RTPPRoxy

Jan Janak jan at iptel.org
Wed Sep 3 11:33:36 CEST 2003


Hello, comments inline. All the NAT stuff is quite complicated and
whether it would work or not depends on many factors.

On 03-09 09:55, Gary Brewer wrote:
> Hi,
> 
> I have come across a similar problem. I want to use the A/V facilities of
> Windows Messenger if one or both of my clients are behind a NAT. I realise
> that it seems to be impossible to get this to work if the NAT is symmetric.
> (See: RFC3489 "Applicability Statement")

  That depends. It could work even with symmetric NAT if the client you
  are using does support symmetric signalling and RTP (I am not sure Windows 
  Messenger is). That means the user agent must be ready to receive SIP 
  requests and responses on the same port which was used as the source port 
  for sending SIP messages. Also it must support symmetric RTP to make
  media work.

  Also the user agent must create REGISTERs containing public IP of the
  NAT (can be determined using STUN, for example), or you would have to
  use nathelper module on the server.

> If only one of my clients is behind a NAT then it would seem I would have to
> communicate my NATs external address and port mapping to the non-NAT'd
> client (possibly with the help of STUN) in my SIP Invite SDP message. I

   Yes, but Windows Messenger doesn't support STUN.

> would also have to setup UDP mappings for SIP, RTP/RTCP Audio Video on my
> NAT. Are my A/V port mappings also included in the Invite SDP message?

  In case of symmetrict RTP, the client in the public internet will
  ignore what it receives in SDP and will send media back to the same IP
  and port from which it comes from the other side. That makes the
  communication through a NAT possible, but the client behind the NAT
  must send first media package (that packet will open a pinhole in the
  NAT). Also both sides must support symmetrict RTP and the client
  behind the NAT must signal that it is using this approach.

  If the clients do not support symmetric signalling, then some kind of
  "NAT configuration" would be necesarry.

  For example, many user agents can be configured to use ports from a
  specified port range only for RTP (let's say ports 10000-10100). You
  can then configure your NAT box to forward all the ports from the
  range back to your user agent.

> If both clients are NAT'd then what is the approach? I don't see how I
> register with the SIP server using an external NAT address (my guess is this
> is what I would have to use if I wanted anyone on the other side of the NAT
> to be able to see me). MSFT have seemed to got around this problem by
> recommended everyone to use uPnP enabled NATs, which will automatically bind
> to an external address on the NAT and, I assume, use this when they register
> with the SIP server.

  If both clients are behind NATs then you would probably have to use an
  RTP proxy which will be placed in the public internet.

> RTPProxy is here https://demo.portaone.com/~sobomax/PortaSIP/ how does
> RTPProxy help in the NAT situation, does it at all?

  See the previous insertion. It could help in the case when both
  clients are behind NATs and it could possibly help in some other cases
  too.

> Please correct me where I am wrong, I am still trying to get my head around
> all of this! Has anyone successfully been able to get any of the scenarios
> above working (with AV)?

  There is a couple of people who are running their clients behind NATs
  on the mailing list, so I hope they could give you some advice.

  Jan.




More information about the sr-users mailing list