[Serusers] Listening on multiple ports

Andres andres at telesip.net
Mon Aug 16 18:36:07 CEST 2004 

Linus Surguy wrote:

>I've configured ser to listen on two ports, in the ser.cfg:
>
>listen=a.b.c.d:5060
>listen=a.b.c.d:5062
>
>The idea is that 'normal' public traffic and traffic that can be handled by
>normal 'nat' detectors will be directed to port 5060, but traffic that I
>know is difficult is directed to register and use a.b.c.d:5062 as the SIP
>server.
>
>This all works great in the NAT (inside) -> SER -> somewhere direction, but
>I've discovered that when any device which registers to the 5062 port, the
>fact that it arrived on an alternative port doesnt seem to be remembered.
>
>Therefore, when I have a somewhere -> SER -> NAT (inside) call, (on a 5062
>registered device) although SER remembers the port on the NAT device to
>forward the INVITE to, it sends it from port 5060 - which at least on my
>test nat router is enough for it to reject the packet and not pass it
>inside.
>  
>
Hi Linus,

I can confirm your observations.  We suffer the same problem.  The only 
difference is that we use the "alternate" port only for the broken SIP 
Aware NAT implementations.  For everybody else, we use port 5060.  We 
deal with the "difficult" NAT traffic by creating a special SER group 
called rtpproxy and inserting these special users in it.  
Outgoing/Incoming calls from these users will be handled by rtpproxy. 

The code snippet would look like:

        # Check if caller is on the rtp_proxy group
        if ((is_user_in("From", "rtp_proxy"))) {
                setflag(2);
                force_rport();
                fix_nated_contact();
.
.
        };

        # Check if called user is on the rtp_proxy group
        if ((is_user_in("To", "rtp_proxy")) & !(isflagset(2))) {
                setflag(2);
                force_rport();
.      };
.

This would greatly reduce the number of problems you are having.  For 
our part, if we keep on finding more and more of these broken SIP Aware 
NAT implementations we might just have to switch all our network to a 
port different from 5060.  This is getting pretty ridiculous, every day 
we seem to find more and more of these bad NATs.

Ricardo.


>Any thoughts? Is this a configuration item I've missed, or is this a current
>issue with SER?
>
>Linus
>
>(* The other reason for using port 5062 is that it 'SIP aware' but possibily
>broken NAT routers won't rewrite the traffic if its not on port 5060)
>
>_______________________________________________
>Serusers mailing list
>serusers at lists.iptel.org
>http://lists.iptel.org/mailman/listinfo/serusers
>
>  
>

More information about the sr-users mailing list