[Serusers] nat_uac_test
C.K
ckng128 at yahoo.com
Tue Aug 10 10:05:19 CEST 2004
Hello,
The following is my configuration.
UA1 -> NAT1 -> INTERNET -> NAT2 -> asterisk -> NAT2 ->
INTERNET -> NAT1/3 -> UA2.
When I run it with the following configuration, the
nat_uac_test doesn't detect that I am behind the NAT,
could any help ?
# ------------------- global configuration parameters
------------------------
debug=3 # debug level (cmd line: -dddddddddd)
fork=yes
log_stderror=no # (cmd line: -E)
#debug=7
#fork=no
#log_stderror=yes
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
port=5060
children=4
fifo="/tmp/ser_fifo"
alias=detone
alias=detone.ghl.com
alias=202.129.171.223
# ------------------- module loading
------------------
loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
loadmodule "/usr/local/lib/ser/modules/exec.so"
loadmodule "/usr/local/lib/ser/modules/xlog.so"
loadmodule "/usr/local/lib/ser/modules/mysql.so"
loadmodule "/usr/local/lib/ser/modules/auth.so"
loadmodule "/usr/local/lib/ser/modules/auth_db.so"
loadmodule "/usr/local/lib/ser/modules/nathelper.so"
loadmodule "/usr/local/lib/ser/modules/textops.so"
# ----------------- setting module-specific parameters
---------------
modparam("usrloc", "db_mode", 2)
modparam("auth_db", "calculate_ha1", yes)
modparam("auth_db", "password_column", "password")
modparam("usrloc", "db_mode", 0)
modparam("rr", "enable_full_lr", 1)
# ------------------ NAThelper ----------------
modparam("registrar", "nat_flag", 6)
modparam("nathelper", "natping_interval", 30) # Ping
interval 30 s
modparam("nathelper", "ping_nated_only", 1) # Ping
only clients behind NAT
# ------------------------- request routing logic
-------------------
route{
# initial sanity checks -- messages with
# max_forwards==0, or excessively long
requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
break;
};
if ( msg:len > max_len ) {
sl_send_reply("513", "Message too
big");
break;
};
# Special handling for NATed clients; first, NAT test
is
# executed: it looks for via!=received and
RFC1918 addresses
# in Contact (may fail if line-folding is
used); also,
# the received test should, if completed,
should check all
# vias for rpesence of received
xlog("L_NOTICE", "Checking...behind the NAT ?\n");
if (nat_uac_test("1")) {
xlog("L_NOTICE", "nat_uac_test=1\n");
}
if (nat_uac_test("2")) {
xlog("L_NOTICE", "nat_uac_test=2\n");
}
if (nat_uac_test("3")) {
xlog("L_NOTICE", "nat_uac_test == 3\n");
# Allow RR-ed requests, as these may
indicate that
# a NAT-enabled proxy takes care of
it; unless it is
# a REGISTER
if (method == "REGISTER" || !
search("^Record-Route:")) {
xlog("L_NOTICE", "Someone trying
to register from private IP, rewriting\n");
# This will work only for user
agents that support symmetric
# communication. We tested quite
many of them and majority is
# smart enough to be symmetric. In
some phones it takes a configuration
# option. With Cisco 7960, it is
called NAT_Enable=Yes, with kphone it is
# called "symmetric media" and
"symmetric signalling".
fix_nated_contact(); # Rewrite
contact with source IP of signalling
if (method == "INVITE") {
xlog("L_NOTICE", "invite behind NAT.\n");
fix_nated_sdp("1"); # Add
direction=active to SDP
};
force_rport(); # Add rport
parameter to topmost Via
setflag(6); # Mark as NATed
};
};
# we record-route all messages -- to make sure that
# subsequent messages will go through our
proxy; that's
# particularly good if upstream and downstream
entities
# use different transport protocol
record_route();
# loose-route processing
if (loose_route()) {
xlog("L_NOTICE", "loose route.\n");
# append_hf("P-hint: rr-enforced\r\n");
t_relay();
break;
};
if
(uri=~"^sip:[0-9][0-9][0-9]*@202.129.171.223") {
xlog("L_NOTICE", "forward to asterisk.\n");
forward(10.38.38.14, 5070);
break;
};
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the
following command
# with proper names and addresses in it)
xlog("L_NOTICE", "uri==myself?\n");
if (uri==myself){
if (method=="REGISTER") {
xlog("L_NOTICE", "register but no NAT.\n");
sl_send_reply("200", "ok");
save("location");
break;
};
# native SIP destinations are handled
using our USRLOC DB
xlog("L_NOTICE", "lookup for USRLOC.\n");
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
break;
};
};
xlog("L_NOTICE", "checking....INVITE\n");
if (method == "INVITE") {
xlog("L_NOTICE", "Invite from not NAT.\n");
record_route();
if (isflagset(4) && isflagset(5)) {
xlog("L_NOTICE", "UA behind different NAT
devices, forcing rtpproxy\n");
force_rtp_proxy();
t_on_reply("2");
} else {
xlog("L_NOTICE", "UAs behind same NAT
devicea\n");
t_on_reply("3");
}
# for other conditions route here...
}
# forward to current uri now; use stateful
forwarding; that
# works reliably even if we forward from TCP
to UDP
if (!t_relay()) {
sl_reply_error();
};
}
onreply_route[1] {
if (status =~ "[12][0-9][0-9]"){
fix_nated_contact();
force_rtp_proxy();
}
}
onreply_route[2] {
if (status == "200" || status == "183"){
if (isflagset(5)) {
fix_nated_contact();
};
force_rtp_proxy();
}
}
onreply_route[3] {
if (status == "200" || status == "183"){
if (isflagset(5)) {
fix_nated_contact();
};
force_rtp_proxy();
}
}
More information about the sr-users
mailing list