[Serusers] rtpproxy/nathelper configuration issues. i think.

Eric C. Snowdeal III eric at snowdeal.org
Mon Feb 2 04:56:41 CET 2004 

while i can certainly appreciate the view that it might seem dopey to 
route RTP traffic to the external proxy with UAs that are behind the 
same nat, i have a set of use cases that require that i do so.

on a separate note, i'm also trying to determine that i have the rtp 
proxy configured correctly, using a setup where both clients are behind 
the same lan.  but perhaps i'm best served testing the proxy with 
clients behind different lans and dealing with use cases differently?

thanks -

- eric

Nils Ohlmeier wrote:

> If the UAs are sitting behind the same NAT then the nathelper module may help 
> you (but that is not the intention of the module). But you should give up the 
> idea to use the external RTP proxy IMHO. It simply does not make much sence 
> to route the traffic of the two UAs through the internet when the can talk to 
> each other directly in the same LAN (i mean only the RTP part not the 
> signaling part).
> 
> Regards
>   Nils
> 
> On Monday 02 February 2004 02:44, Eric C. Snowdeal III wrote:
> 
>>i've been getting my sea legs with SER and am having trouble getting
>>rtpproxy to nathelper to work correctly with my setup.  since everything
>>works fine if i test the scenario with a freeworld dialup account, i'm
>>assuming that my problems are solely due to the vastness of my ignorance
>>on how to configure SER correctly.
>>
>>i have three x-lite clients [ one is running on windows 2000 not sure of
>>the build number, but it's the latest download from the website; the
>>other two clients are both build 1101 on mac 10.2.3. SER running on a
>>rh9 box on a public IP with rtpproxy. i installed ser-0.8.12-0.i386.rpm
>>which i downloaded from the ftp server.  the x-lite clients are sitting
>>behind a linksys befw11s4 nat router.
>>
>>i can run SER without nathelper/rtpproxy and make and receive calls to
>>clients outside the my network.  however, things fall apart quickly when
>>i try to run more than one client behind the nat [ lost audio, timeouts
>>etc] which i presume is what nathelper is supposed to deal with.  if try
>>to run to use nathelper, i can't make a call from a one client to
>>another client behind the lan.  the calls won't go through - they simply
>>timeout.
>>
>>i downloaded and compiled rtpproxy which i obtained from the portaone
>>website and simply started it from the command line.  i can't figure out
>>how to get any debugging messages from rtpproxy, but i can see that the
>>process exists and /var/run/rtpproxy.sock is created.
>>
>>i altered ser.cfg using the template i found in the ser-0.8.12_src
>>tarball [ /modules/nathelper/nathelper.cfg ].  see my config below [1].
>>  i understand that things have changed quite a bit in the CVS head, but
>>i tried to compile and install the latest CVS version, but i ran into a
>>host of config errors using the nathelper.cfg supplied, so i decided to
>>backtrack, gather my wits, and stick with the released version.
>>
>>the x-lite clients appear to register appropriately with the server [2 -
>>public ip addresses have been changed to protect the innocent].  to my
>>untrained eye, these messages look the same as what i see when i test
>>things using freeworld dialup accounts and i can make a call to another
>>client on the same lan segment - i.e. the internal IP addresses are
>>being sent. the location database also shows that the internal IP
>>addresses are being used [3], but i don't know if this is what i want or
>>not.  oh.  i'm also using my.public.box - a FQDN - as in the x-lite
>>fields where it asks for "Domain/Realm", "SIP Proxy" and "Out Bound Proxy".
>>
>>so anyone care to grab me by the lapels and point out what i'm obviously
>>doing wrong :-)
>>
>>
>>[1]
>>#
>># $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $
>>#
>># simple quick-start config script
>>#
>>
>># ----------- global configuration parameters ------------------------
>>
>>#debug=3         # debug level (cmd line: -dddddddddd)
>>#fork=yes
>>#log_stderror=no        # (cmd line: -E)
>>
>>/* Uncomment these lines to enter debugging mode
>>debug=7
>>fork=no
>>log_stderror=yes
>>*/
>>
>>check_via=no    # (cmd. line: -v)
>>dns=no           # (cmd. line: -r)
>>rev_dns=no      # (cmd. line: -R)
>>#port=5060
>>#children=4
>>fifo="/tmp/ser_fifo"
>>
>># ------------------ module loading ----------------------------------
>>
>># Uncomment this if you want to use SQL database
>>#loadmodule "/usr/lib/ser/modules/mysql.so"
>>
>>loadmodule "/usr/lib/ser/modules/nathelper.so"
>>
>>loadmodule "/usr/lib/ser/modules/sl.so"
>>loadmodule "/usr/lib/ser/modules/tm.so"
>>loadmodule "/usr/lib/ser/modules/rr.so"
>>loadmodule "/usr/lib/ser/modules/maxfwd.so"
>>loadmodule "/usr/lib/ser/modules/usrloc.so"
>>loadmodule "/usr/lib/ser/modules/registrar.so"
>>
>># Uncomment this if you want digest authentication
>># mysql.so must be loaded !
>>#loadmodule "/usr/lib/ser/modules/auth.so"
>>#loadmodule "/usr/lib/ser/modules/auth_db.so"
>>
>># ----------------- setting module-specific parameters ---------------
>>
>># -- usrloc params --
>>
>>modparam("usrloc", "db_mode",   0)
>>
>># Uncomment this if you want to use SQL database
>># for persistent storage and comment the previous line
>>#modparam("usrloc", "db_mode", 2)
>>
>># -- auth params --
>># Uncomment if you are using auth module
>>#
>>#modparam("auth_db", "calculate_ha1", yes)
>>#
>># If you set "calculate_ha1" parameter to yes (which true in this config),
>># uncomment also the following parameter)
>>#
>>#modparam("auth_db", "password_column", "password")
>>
>># -- rr params --
>># add value to ;lr param to make some broken UAs happy
>>modparam("rr", "enable_full_lr", 1)
>>
>>alias="my.public.box"
>>
>># -------------------------  request routing logic -------------------
>>
>># main routing logic
>>
>>route{
>>
>>         # initial sanity checks -- messages with
>>         # max_forwards==0, or excessively long requests
>>         if (!mf_process_maxfwd_header("10")) {
>>                 sl_send_reply("483","Too Many Hops");
>>                 break;
>>         };
>>         if ( msg:len > max_len ) {
>>                 sl_send_reply("513", "Message too big");
>>                 break;
>>         };
>>
>>
>>         # compulsory processing of Route header fields and adding RR
>>         loose_route();
>>
>>         /* registration (uses rewritten contacts) */
>>         if (method=="REGISTER") {
>>                 save("location");
>>                 break;
>>         };
>>
>>         if (method=="INVITE") {
>>                 record_route();
>>                 if (isflagset(1)) { # ATA ?
>>                         fix_nated_sdp("3");
>>                 };
>>                 /* set up reply processing */
>>                 t_on_reply("1");
>>         };
>>
>>         if (method == "INVITE" || method == "CANCEL") {
>>                 if (!lookup("location")) {
>>                         sl_send_reply("404", "Not Found");
>>                         break;
>>                 };
>>         };
>>
>>         /* set up reply processing and forward statefuly */
>>         t_relay();
>>}
>>
>># all incoming replies for t_onrepli-ed transactions enter here
>>onreply_route[1] {
>>         if (status=~"2[0-9][0-9]")
>>                 fix_nated_contact();
>>                 fix_nated_sdp("3");
>>}
>>
>>[2]
>>
>>Established SIP protocol listen on: 192.168.1.100:5060
>>
>>Discovered Restricted Cone NAT Firewall
>>
>>SIP: 192.168.1.100:5060
>>RTP: 192.168.1.100:8000
>>NAT: my.router.public.ip
>>
>>PROXY#0: ser.public.ip:5060
>>
>>OUTBOUND-PROXY#0: ser.public.ip:5060
>>
>>
>>SEND >> ser.public.ip:5060
>>REGISTER sip:my.public.box SIP/2.0
>>Via: SIP/2.0/UDP
>>192.168.1.100:5060;rport;branch=z9hG4bK9DF27D98551C11D882E3000393B930BA
>>From: snowdeal <sip:123 at my.public.box>
>>To: snowdeal <sip:123 at my.public.box>
>>Contact: "snowdeal" <sip:123 at 192.168.1.100:5060>
>>Call-ID: 9DA51D06551C11D882E3000393B930BA at my.public.box
>>CSeq: 56648 REGISTER
>>Expires: 1800
>>Max-Forwards: 70
>>User-Agent: X-Lite build 1101
>>Content-Length: 0
>>
>>
>>RECEIVE << ser.public.ip:5060
>>SIP/2.0 200 OK
>>Via: SIP/2.0/UDP
>>192.168.1.100:5060;rport=5060;branch=z9hG4bK9DF27D98551C11D882E3000393B930B
>>A;received=my.router.public.ip From: snowdeal <sip:123 at my.public.box>
>>To: snowdeal
>><sip:123 at my.public.box>;tag=b27e1a1d33761e85846fc98f5f3a7e58.3894
>>Call-ID: 9DA51D06551C11D882E3000393B930BA at my.public.box
>>CSeq: 56648 REGISTER
>>Contact: <sip:123 at 192.168.1.100:5060>;q=0.00;expires=1800
>>Server: Sip EXpress router (0.8.12 (i386/linux))
>>Content-Length: 0
>>Warning: 392 ser.public.ip:5060 "Noisy feedback tells:  pid=21653
>>req_src_ip=my.router.public.ip req_src_port=5060
>>in_uri=sip:my.public.box out_uri=sip:my.public.box via_cnt==1"
>>
>>
>>----------
>>
>>
>>Established SIP protocol listen on: 192.168.1.101:5060
>>
>>Discovered Restricted Cone NAT Firewall
>>
>>SIP: 192.168.1.101:5060
>>RTP: 192.168.1.101:8000
>>NAT: my.router.public.ip
>>
>>PROXY#0: 69.55.224.151:5060
>>
>>OUTBOUND-PROXY#0: 69.55.224.151:5060
>>
>>
>>SEND >> ser.public.ip:5060
>>REGISTER sip:my.public.box SIP/2.0
>>Via: SIP/2.0/UDP
>>192.168.1.101:5060;rport;branch=z9hG4bKAC7BFFFD551C11D8B317000A957BC13A
>>From: kristine <sip:456 at my.public.box>
>>To: kristine <sip:456 at my.public.box>
>>Contact: "kristine" <sip:456 at 192.168.1.101:5060>
>>Call-ID: AC7B8E18551C11D8B317000A957BC13A at my.public.box
>>CSeq: 55034 REGISTER
>>Expires: 1800
>>Max-Forwards: 70
>>User-Agent: X-Lite build 1101
>>Content-Length: 0
>>
>>
>>RECEIVE << ser.public.ip:5060
>>SIP/2.0 200 OK
>>Via: SIP/2.0/UDP
>>192.168.1.101:5060;rport=15060;branch=z9hG4bKAC7BFFFD551C11D8B317000A957BC1
>>3A;received=my.router.public.ip From: kristine <sip:456 at my.public.box>
>>To: kristine
>><sip:456 at my.public.box>;tag=b27e1a1d33761e85846fc98f5f3a7e58.b0ef
>>Call-ID: AC7B8E18551C11D8B317000A957BC13A at my.public.box
>>CSeq: 55034 REGISTER
>>Contact: <sip:456 at 192.168.1.101:5060>;q=0.00;expires=1800
>>Server: Sip EXpress router (0.8.12 (i386/linux))
>>Content-Length: 0
>>Warning: 392 ser.public.ip:5060 "Noisy feedback tells: pid=21658
>>req_src_ip=my.router.public.ip req_src_port=15060
>>in_uri=sip:my.public.box out_uri=sip:my.public.box via_cnt==1
>>
>>[3]
>>
>>===Domain list===
>>---Domain---
>>name : 'location'
>>size : 512
>>table: 0x402d60d8
>>d_ll {
>>     n    : 2
>>     first: 0x402d80e0
>>     last : 0x402d81c8
>>}
>>
>>...Record(0x402d80e0)...
>>domain: 'location'
>>aor   : '123'
>>~~~Contact(0x402d8120)~~~
>>domain : 'location'
>>aor    : '123'
>>Contact: 'sip:123 at 192.168.1.100:5060'
>>Expires: 583
>>q      :       0.00
>>Call-ID: '9DA51D06551C11D882E3000393B930BA at my.public.box'
>>CSeq   : 56648
>>replic : 0
>>State  : CS_NEW
>>Flags  : 0
>>next   : (nil)
>>prev   : (nil)
>>~~~/Contact~~~~
>>.../Record...
>>...Record(0x402d81c8)...
>>domain: 'location'
>>aor   : '456'
>>~~~Contact(0x402d8208)~~~
>>domain : 'location'
>>aor    : '456'
>>Contact: 'sip:456 at 192.168.1.101:5060'
>>Expires: 614
>>q      :       0.00
>>Call-ID: 'AC7B8E18551C11D8B317000A957BC13A at my.public.box'
>>CSeq   : 55034
>>replic : 0
>>State  : CS_NEW
>>Flags  : 0
>>next   : (nil)
>>prev   : (nil)
>>~~~/Contact~~~~
>>.../Record...
>>
>>---/Domain---
>>===/Domain list===
>>
>>_______________________________________________
>>Serusers mailing list
>>serusers at lists.iptel.org
>>http://lists.iptel.org/mailman/listinfo/serusers

More information about the sr-users mailing list