[Serusers] nat test based on rfc1918 address in call-id field
Richard
richard at o-matrix.org
Fri Dec 3 09:52:26 CET 2004
> -----Original Message-----
> From: Greger V. Teigre [mailto:greger at teigre.com]
> Sent: Thursday, December 02, 2004 10:45 PM
> To: Richard; serusers at lists.iptel.org
> Subject: Re: [Serusers] nat test based on rfc1918 address in call-id field
>
> Sorry. I was a bit quick there. Do you have any particular UAs/scenarios
> in
> mind where this test will be more appropriate than the existing?
> g-)
Stun doesn't work well with linux firewall.
http://www.netfilter.org/documentation/conferences/nf-workshop-2004-summary.
html#AEN106
> Richard wrote:
> > ________________________________________
> > From: Greger V. Teigre [mailto:greger at teigre.com]
> > Sent: Thursday, December 02, 2004 9:00 PM
> > To: Richard; serusers at lists.iptel.org
> > Subject: Re: [Serusers] nat test based on rfc1918 address in call-id
> > field
> >
> >> If I understand you correctly, you are talking about test 16 found
> >> in nathelper cvs. You may want to have a look at that test first.
> >> You call nat_uac-test("19") to trigger the test.
> >> g-)
> >
> > eh. test 16 is different. it tests if the source port is different
> > from the port in Via.
> >
> > The proposed test checks the private ip in Call-ID field.
> >
> >>> Hi,
> >>> I am thinking about having more NAT test on a sip packet. Just want
> >>> to find out if it is useful.
> >>> I run into some situations that some 'smart' UAs try to detect its
> >>> external IP and put the external IP address into the sip packet.
> >>> Depending on the network and NAT firewall setup, it may or may not
> >>> set the right external IP and port in the packet. If it is not, but
> >>> pretends to be on the public internet, then there is most likely a
> >>> one-way voice or no voice issue. I'd like to be able to detect and
> >>> force it to use a nat proxy. By checking these packets, I found that
> >>> the only trace is the private IP address in the call-id header
> >>> field. It will be useful to check if a RFC1918 address is used in
> >>> the call-id. I understand that it is not a thorough test for NAT,
> >>> well, just like any other NAT test.
> >>> Can someone please comment if it is a good test?
More information about the sr-users
mailing list