[Serusers] nat_ping problems
Jev
jev at ecad.org
Thu Jun 24 20:12:02 CEST 2004
Hi all,
Following up on my post a couple days ago;
http://lists.iptel.org/pipermail/serusers/2004-June/008936.html
I have now tested with rtpproxy/nathelper and mediaproxy and I seem to
be having the same results.
As of now my test environment is as follows;
I have two networks,
192.168.123.0/24 SER server
192.168.100.0/24 UAC (Grandstream HardPhone)
Currently I have a D-Link NAT router separating both networks. I have
SER (CVS checkout from HEAD as of ~22nd June) running on FreeBSD 5.2.1-R
I have had the same issue with both Maxims nathelper/rtproxy and Adrians
mediaproxy. The below traces are from mediaproxy, as my most recent
testing has been done here. I would like to have done the same analysis
with nathelper/rtpproxy but I live under time constraints...
09:48:06 Register From UAC through NAT to ser Completed
09:48:44 UDP Ping Ser -> Nat Firewall -> UAC
09:49:44 UDP Ping Ser -> Nat Firewall -> UAC
09:50:45 UDP Ping Ser -> Nat Firewall -> UAC
09:51:45 UDP Ping Ser -> Nat Firewall -> XXXXX
09:52:46 UDP Ping Ser -> Nat Firewall -> XXXXX
09:53:47 UDP Ping Ser -> Nat Firewall -> XXXXX
09:54:47 UDP Ping Ser -> Nat Firewall -> XXXXX
.
.
.
.
.
10:12:58 UDP Ping Ser -> Nat Firewall -> XXXXX
Example of two UDP packet from SER to Nat Firewall:
09:48:44.151998 bottom.example.com.5060 > dlinknat.example.com.60408:
udp 4 [tos 0x10]
0x0000 4510 0020 7c7d 0000 4011 8627 c0a8 7b65 E...|}.. at ..'..{e
0x0010 c0a8 7b62 13c4 ebf8 000c 8800 0000 0000 ..{b............
0x0020 0000 0000 0000 0000 0000 0000 0000 ..............
09:49:44.752972 bottom.example.com.5060 > dlinknat.example.com.60408:
udp 4 [tos 0x10]
0x0000 4510 0020 7c83 0000 4011 8621 c0a8 7b65 E...|... at ..!..{e
0x0010 c0a8 7b62 13c4 ebf8 000c 8800 0000 0000 ..{b............
0x0020 0000 0000 0000 0000 0000 0000 0000 ..............
Example of the two corresponding UDP packets inside
the NAT Firewall from NAT Firewall to the UAC
09:48:44.199818 bottom.example.com.5060 > 192.168.0.101.5060: udp 4 [tos
0x10]
0x0000 4510 0020 7c7d 0000 3f11 0225 c0a8 7b65 E...|}..?..%..{e
0x0010 c0a8 0065 13c4 13c4 000c db32 0000 0000 ...e.......2....
0x0020 0000 0000 0000 0000 0000 0000 0000 ..............
09:49:44.807148 bottom.example.com.5060 > 192.168.0.101.5060: udp 4 [tos
0x10]
0x0000 4510 0020 7c83 0000 3f11 021f c0a8 7b65 E...|...?.....{e
0x0010 c0a8 0065 13c4 13c4 000c db32 0000 0000 ...e.......2....
0x0020 0000 0000 0000 0000 0000 0000 0000 ..............
Here is an example of two packets that get sent from
SER to the NAT Firewall but never get past the NAT firewall.
10:18:01.579051 bottom.example.com.5060 > dlinknat.example.com.60408:
udp 4 [tos 0x10]
0x0000 4510 0020 8193 0000 4011 8111 c0a8 7b65 E....... at .....{e
0x0010 c0a8 7b62 13c4 ebf8 000c 8800 0000 0000 ..{b............
0x0020 0000 0000 0000 0000 0000 0000 0000 ..............
10:19:02.179829 bottom.example.com.5060 > dlinknat.example.com.60408:
udp 4 [tos 0x10]
0x0000 4510 0020 8198 0000 4011 810c c0a8 7b65 E....... at .....{e
0x0010 c0a8 7b62 13c4 ebf8 000c 8800 0000 0000 ..{b............
0x0020 0000 0000 0000 0000 0000 0000 0000 ..............
It appears that the NAT firewall stops transmitting the packets, nor
does it reject them, they just silently get dropped, and ser just
continues to send them with no idea if they are getting through or not.
If I set the phone to a very low register time then everything works
fine, as it keeps the nat mapping current, and I can make calls from
outside the nat to the UAC on the inside.
I have attached my current config (mediaproxy) file.
Finally, I have had the same problems while Cisco IOS, and a cheap U.S.
Robotics (Lucent based I think) for natting, which makes me assume that
this is not a nat router specific issue.
Is there something basic I'm missing here? How have people made this
configuration work? Is there anyone actual using nathelper/rtpproxy or
mediaproxy in production?
If anyone wants more specific debug information then just let me know! :)
Thanks for your help,
-Jev
More information about the sr-users
mailing list