[Serusers] Problem with ATA186 and NAT (Linksys).

Gregory D. Burns greg.burns at dslextreme.com
Fri Jun 4 23:38:09 CEST 2004 

What are you SIP setting in the ATA? You need your Firewall's IP in the
NATIP field. 

-Greg
-----Original Message-----
From: serusers-bounces at iptel.org [mailto:serusers-bounces at lists.iptel.org] On
Behalf Of Tom Lowe
Sent: Friday, June 04, 2004 2:11 PM
To: serusers at lists.iptel.org
Subject: [Serusers] Problem with ATA186 and NAT (Linksys).

SER version Sip EXpress router (0.8.12 (i386/linux))

Below is my ser.cfg file  (IP addresses changed, of course).  My
situation is pretty simple:

ATA186 --A--  Linksys router   --B-- Cable modem   --C--   SER

ATA sends out invite  with 5060 as src and dest.  (verified through
ethereal on lan segment A)
Linksys translates the 5060 to 15060   (verified at Lan segment C with
tethereal)
SER tries to respond with "Authorization required", but is sending the
respond to 5060 instead of 10560.
Linksys receives the packet to 5060, but isn't expecting it so it goes
nowhere.

What the heck am I doing wrong?

FYI, This config produces the following entries in /var/log/messages:

Jun  4 16:38:03 VShost1 /usr/sbin/ser[4208]: Checking for ATA 
Jun  4 16:38:03 VShost1 /usr/sbin/ser[4208]: Cisco user agent detected -
fix contact 
Jun  4 16:38:03 VShost1 /usr/sbin/ser[4208]: Cisco user agent detected -
fix sdp 
Jun  4 16:38:03 VShost1 /usr/sbin/ser[4208]: ERROR: extract_mediaip: no
`c=' in SDP 
Jun  4 16:38:03 VShost1 /usr/sbin/ser[4214]: Checking for ATA 
Jun  4 16:38:03 VShost1 /usr/sbin/ser[4214]: Cisco user agent detected -
fix contact 
Jun  4 16:38:03 VShost1 /usr/sbin/ser[4214]: Cisco user agent detected -
fix sdp 
Jun  4 16:38:03 VShost1 /usr/sbin/ser[4214]: ERROR: extract_mediaip: no
`c=' in SDP 
Jun  4 16:38:04 VShost1 /usr/sbin/ser[4208]: Checking for ATA 
Jun  4 16:38:04 VShost1 /usr/sbin/ser[4208]: Cisco user agent detected -
fix contact 
Jun  4 16:38:04 VShost1 /usr/sbin/ser[4208]: Cisco user agent detected -
fix sdp 
Jun  4 16:38:04 VShost1 /usr/sbin/ser[4208]: ERROR: extract_mediaip: no
`c=' in SDP 
Jun  4 16:38:06 VShost1 /usr/sbin/ser[4214]: Checking for ATA 
Jun  4 16:38:06 VShost1 /usr/sbin/ser[4214]: Cisco user agent detected -
fix contact 
Jun  4 16:38:06 VShost1 /usr/sbin/ser[4214]: Cisco user agent detected -
fix sdp 
Jun  4 16:38:06 VShost1 /usr/sbin/ser[4214]: ERROR: extract_mediaip: no
`c=' in SDP 


Tom







#debug=3         # debug level (cmd line: -dddddddddd)
#fork=yes
#log_stderror=no        # (cmd line: -E)

/* Uncomment these lines to enter debugging mode 
debug=7
fork=no
log_stderror=yes
*/
debug=3

check_via=no    # (cmd. line: -v)
dns=no           # (cmd. line: -r)
rev_dns=no      # (cmd. line: -R)
#port=5060
children=4
sip_warning=no
# FIFO
fifo="/tmp/ser_fifo"

# ------------------ module loading ----------------------------------

# Uncomment this if you want to use SQL database
loadmodule "/usr/lib/ser/modules/mysql.so"

loadmodule "/usr/lib/ser/modules/sl.so"
loadmodule "/usr/lib/ser/modules/tm.so"
loadmodule "/usr/lib/ser/modules/rr.so"
loadmodule "/usr/lib/ser/modules/maxfwd.so"
loadmodule "/usr/lib/ser/modules/usrloc.so"
loadmodule "/usr/lib/ser/modules/registrar.so"
loadmodule "/usr/lib/ser/modules/acc.so"
# NAT Helper
loadmodule "/usr/lib/ser/modules/nathelper.so"
# Module that allows search
loadmodule "/usr/lib/ser/modules/textops.so"

# Uncomment this if you want digest authentication
# mysql.so must be loaded !
loadmodule "/usr/lib/ser/modules/auth.so"
loadmodule "/usr/lib/ser/modules/auth_db.so"

# ----------------- setting module-specific parameters ---------------

# -- usrloc params --

#modparam("usrloc", "db_mode",   0)

# Uncomment this if you want to use SQL database 
# for persistent storage and comment the previous line
modparam("usrloc", "db_mode", 2)
# Access to the DB -- leave default for now
#modparam("auth_db","db_url","sql://ser:MySQLPW@DomainBLA-BLA/ser")




# -- auth params --
# Uncomment if you are using auth module
#
modparam("auth_db", "calculate_ha1", yes)
#
# If you set "calculate_ha1" parameter to yes (which true in this
config), 
# uncomment also the following parameter)
#
modparam("auth_db", "password_column", "password")

#
# Accounting
#
modparam("acc","log_level",1)
modparam("acc","log_flag",1)
#modparam("acc","db_flag",1)
#modparam("acc","failed_transactions",1)

# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)

# NAT pinging
modparam("nathelper","natping_interval",60)

# -------------------------  request routing logic -------------------

# main routing logic

route{

        # initial sanity checks -- messages with
        # max_forwards==0, or excessively long requests
        if (!mf_process_maxfwd_header("10")) {
                sl_send_reply("483","Too Many Hops");
                break;
        };
        if ( msg:len > max_len ) {
                sl_send_reply("513", "Message too big");
                break;
        };

        # we record-route all messages -- to make sure that
        # subsequent messages will go through our proxy; that's
        # particularly good if upstream and downstream entities
        # use different transport protocol
        record_route();
        # loose-route processing
        if (loose_route()) {
                t_relay();
                break;
        };
        # if the request is for other domain use UsrLoc
        # (in case, it does not work, use the following command
        # with proper names and addresses in it)

        log(1,"Checking for ATA\n");
        # Do NAT fixing
        if (search("ATA")) {
                log(1,"Cisco user agent detected - fix contact\n");
                fix_nated_contact();
                if (method=="INVITE") {
                       log(1,"Cisco user agent detected - fix sdp\n");
                        fix_nated_sdp("3");
                };
        };


        if (uri==myself) {

                if (method=="REGISTER") {

# Uncomment this if you want to use digest authentication
                        if (!www_authorize("111.111.111.13",
"subscriber")) {
                                www_challenge("111.111.111.13", "0");
                                break;
                        };

                        save("location");
                        break;
                };
        };

        # PSTN vs SIP traffic
        #Find canonical username
        lookup("aliases");

        #PSTN
        #if ( (uri=~"^sip:911 at .*") | (uri=~"^sip:9911 at .*") |
(uri=~"^sip:[0-9][0-8].*@.*")) {
        if ( (uri=~"^sip:911 at .*") | (uri=~"^sip:9911 at .*") ) {
                route(3);
                break;
        };

        #off-line or non-existent users
        if (!lookup("location")) {
                route(4);
        };

# Relay to SIP destination
        setflag(1);
        if (!t_relay()) {
                sl_reply_error();
                break;
        };
}

# ------------- process traffic leaving Internet for PSTN

route[3] {

  # all calls through the gateway must be record routed to assure
  # acl acceptance on the gateway -- this is already done in initial
routing
  # record_route();


#Authenticate call
if (!proxy_authorize("111.111.111.13","subscriber")) {
  proxy_challenge("111.111.111.13","0");
  break;
};

  rewritehostport("111.111.111.11:5060");
  setflag(1);
  if (!t_relay()) {
    sl_reply_error();
    break;
  };
}


#-----------Process calls for users offline
route[4] {

        if (!t_newtran()) {
                sl_reply_error();
        };

        if (!t_reply("404","Not Found")) {
                sl_reply_error();
        };
        break;

}

_______________________________________________
Serusers mailing list
serusers at lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers

More information about the sr-users mailing list