[Serusers] Problem with ATA186 and NAT (Linksys).

Tom Lowe tom at comprotech.com
Sat Jun 5 22:15:14 CEST 2004 

Hello Andrei.

Perfect.  That seems to have done the trick!   (adding force_rport() to
the NAT section)

Thanks both of you for your help!

Tom


 
Tom Lowe, President/CTO
Compro Technologies, Inc.
512 South Main Street
Forked River, NJ  08731
My Phone:  +1-609-290-0544
Main Phone:  +1-609-242-2211
Fax:  +1-609-242-2212
Email:  tom at comprotech.com
Web: www.comprotech.com



-----Original Message-----
From: Andrei Pelinescu-Onciul
[mailto:pelinescu-onciul at fokus.fraunhofer.de] 
Sent: Saturday, June 05, 2004 3:36 AM
To: Tom Lowe
Cc: Gregory D. Burns; serusers at lists.iptel.org
Subject: Re: [Serusers] Problem with ATA186 and NAT (Linksys).


On Jun 04, 2004 at 18:21, Tom Lowe <tom at comprotech.com> wrote:
> 
> I actually tried that once, but I tried it again just to be sure.
> 
> My linksys is LAN side is 192.168.51.X.  So my Linksys is 192.168.51.1

> and my ATA is 192.168.51.153.  I put 192.168.51.1 in the NATIP field. 
> It worked....so to prove that's the solution, I removed it, and it 
> still works.  So that's not the solution.
> 
> Out of curiosity, Can anyone say what this NATIP field actually 
> accomplishes?  Asterisk doesn't require you to populate that field 
> with anything.
> 
> My understanding of the mechanics behind NAT is that, if the router 
> receives a request for a port that is already mapped to another user,
it
> will assign a new port.  That's what was happening here.   5060 was
> already mapped to another user (I believe a softphone on my PC), so it

> used 15060.
> 
> So, it sends to SER 5060 from 15060.  SER should respond to 15060 from

> 5060, Router will tranlate the 15060 to 5060 and deliver it to my ATA.

> The problem was that SER was sending to 5060 instead of 15060.

No, ser should respond to the port in Via, or if rport is present to the
source port of the packet. Your CISCO ATA doesn't include rport (it
seems they don't support it),
Solution: in your ser.cfg nat block add force_rport() (this will force
ser to behave as if rport was present).

> 
> I suspect that the original mapping in the router expired, so now it's

> using 5060 instead of 15060, which is allowing it to work.
> 
> So, to test this theory, I fired up XTEN on my PC.  Sure enough, it's
> mapping another, but now, SER is responding with the proper port.   

Because xten includes rport in its Via.
> 
> I'm wondering if that section of code in my ser.cfg file that is 
> calling the nathelper commands if the originator is an ATA is actually
causing
> damage rather than fixing things?   (I got that code from someone else
> who suposedly got this all working with ATA behind a NAT)  I'm going 
> to have to wait until this mapping times out again to try it back 
> around the other way.

You should have a section dealing with all kinds of natted UACs, not
only ATA. See nat_uac_test(...), it can test in various ways if an
icoming request is comming from behind a nat.


Andrei

More information about the sr-users mailing list