[Serusers] nat_ping problems

Jev jev at ecad.org
Fri Jun 25 08:30:30 CEST 2004 

Hi Zeus,

I'm afraid I have even tested with the nat ping interval set at 5 
seconds, and I have had the same results.

Do you have this, or a similar set up implemented and working?

Thanks,
-Jev

Zeus Ng wrote:
> Some (but not all) NAT devices have a UDP timeout of 60s. So, if nothing
> comes through the port mapping within that 60s, the association will be
> deleted from the NAT device memory. After that, any packet from the WAN side
> with this association will be dropped.
> 
> I notice that your nat ping interval is exactly 60s. Maybe you can try
> something smaller than that, say 55s. I have a good result with 50s for most
> residential ADSL routers.
> 
> Like Andres said, the best way to deal with NAT is to turn on keep-live on
> the UA. 
> 
> 
> Zeus
> 
> 
>>-----Original Message-----
>>From: serusers-bounces at lists.iptel.org 
>>[mailto:serusers-bounces at lists.iptel.org] On Behalf Of Jev
>>Sent: Friday, 25 June 2004 4:12 AM
>>To: serusers at lists.iptel.org
>>Subject: [Serusers] nat_ping problems
>>
>>
>>Hi all,
>>
>>Following up on my post a couple days ago; 
>>http://lists.iptel.org/pipermail/serusers/2004-June/008936.html
>>
>>I have now tested with rtpproxy/nathelper and mediaproxy and 
>>I seem to 
>>be having the same results.
>>
>>As of now my test environment is as follows;
>>
>>I have two networks,
>>192.168.123.0/24	SER server
>>192.168.100.0/24	UAC (Grandstream HardPhone)
>>
>>Currently I have a D-Link NAT router separating both networks. I have 
>>SER (CVS checkout from HEAD as of ~22nd June) running on 
>>FreeBSD 5.2.1-R
>>
>>I have had the same issue with both Maxims nathelper/rtproxy 
>>and Adrians 
>>mediaproxy. The below traces are from mediaproxy, as my most recent 
>>testing has been done here. I would like to have done the 
>>same analysis 
>>with nathelper/rtpproxy but I live under time constraints...
>>
>>
>>09:48:06 Register From UAC through NAT to ser Completed 
>>09:48:44 UDP Ping Ser -> Nat Firewall -> UAC 09:49:44 UDP 
>>Ping Ser -> Nat Firewall -> UAC 09:50:45 UDP Ping Ser -> Nat 
>>Firewall -> UAC 09:51:45 UDP Ping Ser -> Nat Firewall -> 
>>XXXXX 09:52:46 UDP Ping Ser -> Nat Firewall -> XXXXX 09:53:47 
>>UDP Ping Ser -> Nat Firewall -> XXXXX 09:54:47 UDP Ping Ser 
>>-> Nat Firewall -> XXXXX . . . . . 10:12:58 UDP Ping Ser -> 
>>Nat Firewall -> XXXXX
>>
>>
>>Example of two UDP packet from SER to Nat Firewall:
>>
>>
>>09:48:44.151998 bottom.example.com.5060 > dlinknat.example.com.60408: 
>>udp 4 [tos 0x10]
>>0x0000   4510 0020 7c7d 0000 4011 8627 c0a8 7b65        
>>E...|}.. at ..'..{e
>>0x0010   c0a8 7b62 13c4 ebf8 000c 8800 0000 0000        
>>..{b............
>>0x0020   0000 0000 0000 0000 0000 0000 0000             ..............
>>09:49:44.752972 bottom.example.com.5060 > dlinknat.example.com.60408: 
>>udp 4 [tos 0x10]
>>0x0000   4510 0020 7c83 0000 4011 8621 c0a8 7b65        
>>E...|... at ..!..{e
>>0x0010   c0a8 7b62 13c4 ebf8 000c 8800 0000 0000        
>>..{b............
>>0x0020   0000 0000 0000 0000 0000 0000 0000             ..............
>>
>>Example of the two corresponding UDP packets inside
>>the NAT Firewall from NAT Firewall to the UAC
>>
>>09:48:44.199818 bottom.example.com.5060 > 192.168.0.101.5060: 
>>udp 4 [tos 
>>0x10]
>>0x0000   4510 0020 7c7d 0000 3f11 0225 c0a8 7b65        
>>E...|}..?..%..{e
>>0x0010   c0a8 0065 13c4 13c4 000c db32 0000 0000        
>>...e.......2....
>>0x0020   0000 0000 0000 0000 0000 0000 0000             ..............
>>09:49:44.807148 bottom.example.com.5060 > 192.168.0.101.5060: 
>>udp 4 [tos 
>>0x10]
>>0x0000   4510 0020 7c83 0000 3f11 021f c0a8 7b65        
>>E...|...?.....{e
>>0x0010   c0a8 0065 13c4 13c4 000c db32 0000 0000        
>>...e.......2....
>>0x0020   0000 0000 0000 0000 0000 0000 0000             ..............
>>
>>
>>Here is an example of two packets that get sent from
>>SER to the NAT Firewall but never get past the NAT firewall.
>>
>>10:18:01.579051 bottom.example.com.5060 > dlinknat.example.com.60408: 
>>udp 4 [tos 0x10]
>>0x0000   4510 0020 8193 0000 4011 8111 c0a8 7b65        
>>E....... at .....{e
>>0x0010   c0a8 7b62 13c4 ebf8 000c 8800 0000 0000        
>>..{b............
>>0x0020   0000 0000 0000 0000 0000 0000 0000             ..............
>>10:19:02.179829 bottom.example.com.5060 > dlinknat.example.com.60408: 
>>udp 4 [tos 0x10]
>>0x0000   4510 0020 8198 0000 4011 810c c0a8 7b65        
>>E....... at .....{e
>>0x0010   c0a8 7b62 13c4 ebf8 000c 8800 0000 0000        
>>..{b............
>>0x0020   0000 0000 0000 0000 0000 0000 0000             ..............
>>
>>
>>It appears that the NAT firewall stops transmitting the packets, nor 
>>does it reject them, they just silently get dropped, and ser just 
>>continues to send them with no idea if they are getting 
>>through or not. 
>>If I set the phone to a very low register time then everything works 
>>fine, as it keeps the nat mapping current, and I can make calls from 
>>outside the nat to the UAC on the inside.
>>
>>I have attached my current config (mediaproxy) file.
>>
>>Finally, I have had the same problems while Cisco IOS, and a 
>>cheap U.S. 
>>Robotics (Lucent based I think) for natting, which makes me 
>>assume that 
>>this is not a nat router specific issue.
>>
>>Is there something basic I'm missing here? How have people made this 
>>configuration work? Is there anyone actual using 
>>nathelper/rtpproxy or 
>>mediaproxy in production?
>>
>>If anyone wants more specific debug information then just let 
>>me know! :)
>>
>>Thanks for your help,
>>-Jev
>>
>>_______________________________________________
>>Serusers mailing list
>>serusers at lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
>>
> 
> 
>

More information about the sr-users mailing list