[Serusers] TCP endpoints behind NAT

Martin Rusnak mafo at cyberspace.sk
Mon May 31 20:39:55 CEST 2004 

>>
>>if (uri==myself) {
>>  if (method=="REGISTER") {
>>    # digest authentication
>>    if (!www_authorize("i-tel.sk", "subscriber")) {
>>      log(1, "Authorization failed\n");
>>      www_challenge("i-tel.sk", "0");
>>      log(1, "www_challenge sent\n");
>>      break;
>>    };
>>
>>    # symmetric but don't advertise it -- force use of rport
>>    if (client_nat_test("3")) {
>>      log(1, "Client is behind a NAT\n");
>>      if (! search("^Record-Route:")) {
>>        fix_contact();
>>        force_rport();
>>      };
>>    };
>>
>>    log(1, "Forcing tcp alias\n");
>>    force_tcp_alias();
>>
>>    save("location");
>>    break;
>>  };
>>};
> 
> 
> Make sure you do the nat tests/modification for the other requests and
> replies (not only for REGISTER). Start with a config that worked for
> udp.
> 
> Also note that rport is not so important for tcp. In fact if your tcp
> connections are not closed, rport is not needed (it willnot be used).
> The replies are always sent through the same tcp connection the original
> request came through, if the connection is still alive (using the "i"
> parameter which is added to the Via header of forwarded tcp requests).
> 
> 
>>My undersanding is that the function force_tcp_alias() should add
>>the source port of the tcp connection to the list of aliases.
>>Then later existing connections are searched by userid and port
>>to be reused. Please correct me if I'm wrong.
> 
> 
> No, force_tcp_alias adds the via port to the aliases list.
> The connection is identified by (ip_address, source_port). force_tcp_alias
> adds an alias (ip_address, via_port) for (ip_address, source_port).
>

I had another problem: there was always private address in contact
of the TCP users behind NAT. The problem was that the function
fix_contact() from module mediaproxy works only for the UDP requests.
So I modified the source file modules/mediaproxy/functions.h,
commented out the statement on line 116:

     // if (uri.proto != PROTO_UDP && uri.proto != PROTO_NONE)
     //    return -1;

Now the TCP routing works correctly.

More information about the sr-users mailing list