[Serusers] NAT vs. NoNat authentication

dhiraj.2.bhuyan at bt.com dhiraj.2.bhuyan at bt.com
Tue Jul 20 11:06:42 CEST 2004 

There are 3 possible points where the private IP might have been replaced with the ADSL gateway's public address.

1. On the client itself (using STUN?)
2. On the ADSL gateway (Is it SIP aware?)
3. Misconfigured SER (I think this is not the case - since it works for port 5070).

To confirm if it is (1) - run a sniffer like ethereal or tcpdump to capture packets as it leaves the client machine - both for port 5060 and 5070. See if the client is doing anything smart - replacing private IP with gateway IP while using 5060 and not for 5070?

To confirm if it is (2) - run a sniffer on the same collission domain or on the same machine where SER is running and capture the registration request packets. If (1) is false and still the private IP is getting modified, its the ADSL gateway that's doing some proxying of SIP traffic (port 5060).

Which ADSL gateway are you using?

Dhiraj


-----Original Message-----
From: serusers-bounces at iptel.org [mailto:serusers-bounces at lists.iptel.org]On
Behalf Of Bart Van Daal
Sent: 20 July 2004 09:16
To: serusers at lists.iptel.org
Subject: RE: [Serusers] NAT vs. NoNat authentication


Hello I'll post the answers to the two replies:

>Andrei>  Do you have another UA behind the same nat, using 5060?
No it's only 1 Phone ---- ADSLRouter(NAT) ------- Internet ---------- Ser

Dhiraj > ..i'l post the two ngreps again:
I'm sorry for the long post. What I can see is, when ser runs on port 5070
the register contains a private ip in the 'Via:' header. When it runs on
5060
The 'Via:' header contains the public IP of the router and an unprivileged
port.


----------------------------------------------- 5070
-----------------------------------------------
filter: ip and ( port 5070 )
#
U 213.219.137.137:5070 -> 212.71.0.60:5070
REGISTER sip:ser.edpnet.net:5070 SIP/2.0.
Via: SIP/2.0/UDP 10.0.0.2:5070.
Supported: replaces.
User-Agent: SIP201 (lp201sip.100a).
Contact: <sip:bart at 10.0.0.2:5070>;expires=60.
From: <sip:bart at ser.edpnet.net> ;tag=a000002-13ce-0-42e-7fea.
To: <sip:bart at ser.edpnet.net>.
Call-ID: a000002-13ce-0-406-79bf-1.
CSeq: 1 REGISTER.
Content-Length:0.
.

#
U 212.71.0.60:5070 -> 213.219.137.137:5070
SIP/2.0 401 Unauthorized.
Via: SIP/2.0/UDP 10.0.0.2:5070;rport=5070;received=213.219.137.137.
From: <sip:bart at ser.edpnet.net> ;tag=a000002-13ce-0-42e-7fea.
To: <sip:bart at ser.edpnet.net>;tag=2497a39c629b119dac83769f58cd2b29.1cd2.
Call-ID: a000002-13ce-0-406-79bf-1.
CSeq: 1 REGISTER.
WWW-Authenticate: Digest realm="ser.edpnet.net",
nonce="40fcce4ec4ab3796c95cb2c87a9d94a05651ed08".
Server: Sip EXpress router (0.8.13-dev-33-usrloc (i386/linux)).
Content-Length: 0.
Warning: 392 212.71.0.60:5070 "Noisy feedback tells:  pid=18743
req_src_ip=213.219.137.137 req_src_port=5070 in_uri=sip:ser.edpnet.net:5070
out_uri=sip:ser.edpnet.net:5070 via_cnt==1".
.

#
U 213.219.137.137:5070 -> 212.71.0.60:5070
REGISTER sip:ser.edpnet.net:5070 SIP/2.0.
Via: SIP/2.0/UDP 10.0.0.2:5070.
Supported: replaces.
User-Agent: SIP201 (lp201sip.100a).
Contact: <sip:bart at 10.0.0.2:5070>;expires=60.
Authorization: Digest username="bart", realm="ser.edpnet.net",
nonce="40fcce4ec4ab3796c95cb2c87a9d94a05651ed08",
uri="sip:ser.edpnet.net:5070", response="ea0329c8f3a4d199230733feb750d3a1",
algorithm=MD5.
From: <sip:bart at ser.edpnet.net> ;tag=a000002-13ce-40fccd8d-1991-7051.
To: <sip:bart at ser.edpnet.net>.
Call-ID: a000002-13ce-0-406-79bf-1.
CSeq: 2 REGISTER.
Content-Length:0.
.

#
U 212.71.0.60:5070 -> 213.219.137.137:5070
SIP/2.0 200 OK.
Via: SIP/2.0/UDP 10.0.0.2:5070;rport=5070;received=213.219.137.137.
From: <sip:bart at ser.edpnet.net> ;tag=a000002-13ce-40fccd8d-1991-7051.
To: <sip:bart at ser.edpnet.net>;tag=2497a39c629b119dac83769f58cd2b29.1cd2.
Call-ID: a000002-13ce-0-406-79bf-1.
CSeq: 2 REGISTER.
Contact: <sip:bart at 213.219.137.137:5070>;expires=60.
Server: Sip EXpress router (0.8.13-dev-33-usrloc (i386/linux)).
Content-Length: 0.
Warning: 392 212.71.0.60:5070 "Noisy feedback tells:  pid=18743
req_src_ip=213.219.137.137 req_src_port=5070 in_uri=sip:ser.edpnet.net:5070
out_uri=sip:ser.edpnet.net:5070 via_cnt==1".
.

----------------------------------------------- 5060
-----------------------------------------------
filter: ip and ( port 5060 )
#
U 213.219.137.137:5060 -> 212.71.0.60:5060
REGISTER sip:ser.edpnet.net:5060 SIP/2.0.
Via: SIP/2.0/UDP 213.219.137.137:47726.
Supported: replaces.
User-Agent: SIP201 (lp201sip.100a).
Contact: <sip:bart at 10.0.0.2:5060>;expires=60.
From: <sip:bart at ser.edpnet.net> ;tag=a000002-13c4-0-429-495.
To: <sip:bart at ser.edpnet.net>.
Call-ID: a000002-13c4-0-401-719e-1.
CSeq: 1 REGISTER.
Content-Length:0.
.

#
U 212.71.0.60:5060 -> 213.219.137.137:5060
SIP/2.0 401 Unauthorized.
Via: SIP/2.0/UDP 213.219.137.137:47726;rport=5060.
From: <sip:bart at ser.edpnet.net> ;tag=a000002-13c4-0-429-495.
To: <sip:bart at ser.edpnet.net>;tag=61a88e7fd5f0561d96cde0cc9ecba6d7.2508.
Call-ID: a000002-13c4-0-401-719e-1.
CSeq: 1 REGISTER.
WWW-Authenticate: Digest realm="ser.edpnet.net",
nonce="40fcccbe3b4e06bc429de0a886d7b43409cb8427".
Server: Sip EXpress router (0.8.13-dev-33-usrloc (i386/linux)).
Content-Length: 0.
Warning: 392 212.71.0.60:5060 "Noisy feedback tells:  pid=18727
req_src_ip=213.219.137.137 req_src_port=5060 in_uri=sip:ser.edpnet.net:5060
out_uri=sip:ser.edpnet.net:5060 via_cnt==1".

_______________________________________________
Serusers mailing list
serusers at lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers

More information about the sr-users mailing list