[Serusers] [Newbie question] - NAT/port messed up

Tamas J thomasj at eworld.hu
Fri Nov 12 12:26:24 CET 2004 

Friday, November 12, 2004, 10:02:06 AM, Andrei wrote:

APO> On Nov 11, 2004 at 00:04, Thomas <thomasj at eworld.hu> wrote:
>> 
>> Hello!
>> 
>> I'm trying to make my 1st SIP-based system working. I use SER-0.8.14
>> on Linux Sarge. I have usually UAs behind NAT firewalls.
>> 
>> I found a case, when UAs are working very oddly, I can't call from one
>> of them, after sime time I can't reach one of them from outside, after
>> some time when I call one UA, the 2nd is answering (and the same time
>> when I call 2nd UA, the 2nd is answering).
>> 
>> I have 2 UAs [Grandstream BT100 & X-Lite v2.0] behind a linux NAT
>> firewall. Both UAs use the same STUN and SER server.
>> I did some tcpdumps and I found an interesting thing:
>> 
>> Internet Protocol, Src Addr: <FWPUBLICIP> (<FWPUBLICIP>), Dst Addr:  <SERIP> (<SERIP>)
>> User Datagram Protocol, Src Port: 1024 (1024), Dst Port: 5060 (5060)
>> Session Initiation Protocol
>>     Request-Line: REGISTER sip:<MYDOMAIN> SIP/2.0
>>         Method: REGISTER
>>         Resent Packet: True
>>         Suspected resend of frame: 31
>>     Message Header
>>         Via: SIP/2.0/UDP
>> <FWPUBLICIP>;branch=z9hG4bK0dbeeb499dbd416e
APO> [...]
>> What is interesting is that REGISTER message went out from port 1024
>> but 200 OK came to port 5060. Is this OK? I think here is some problem
>> and this can make the phones working oddly.

APO> If the phone wanted the answer on 1024, it should have advertised it in
APO> the REGISTER's via. A least it should have added a rport parameter to
APO> the Via.

APO> You can try using force_rport() in ser config for all requests (or for
APO> requests comming from this phone). This might break asymmetric UAs
APO> though (not very common these days).


APO> Andrei

Hello!

Thank you for your fast answer.
force_rport() is already present in config (for REGISTER). Where
should I put it? (maybe I have in wrong place)
How could I trace the problem? What would help me/you to say where is
the problem? Maybe the NAT firewall messes up those ports? (that is a
classical NAT firewall based on linux and netfilter, nothing special)
Unfortunately I don't have much experience with SIP (just 1 week),
however I'm reading manuals, but it looks, too hard problem at the
beginning for me. But I will keep trying ;)

Thanks in advance!

Kind regards,
        Tamas J.

More information about the sr-users mailing list