[Serusers] NAT

Java Rockx javarockx at yahoo.com
Mon Nov 15 13:36:10 CET 2004 

Andrei,

Thanks for the info. But if I understand you're comments correctly you're saying that either of
these configurations work *without* putting holes in the client's firewalls:

Option 1) Use nathelper and rtpproxy

Option 2) Use mediaproxy

IMHO, I'd be surprised if my config was wrong when I attempted "Option 1" because I used nothing
more than the example ser.cfg that comes with the source distro. My results were not good because
all client side firewalls required specific UDP ports to be opened. I tried with the following
UA's behind a 2wire DSL router:

Grandstream ATA 486
Grandstream BudgeTone BT100
UTstarcom iAN-02EX
Sipura ATA
Cisco 7960G
Cisco ATA 186

So if my config was wrong, then does that also mean that the
<ser-src>/modules/nathelper/nathelper.cfg file is wrong? Should I have used one of the other
example nathelper CFG files? 

All I know is that as soon as I switched to mediaproxy all my NAT issues evaporated.

Now assuming that my configuration for nathelper/rtpproxy was wrong, let me as this question;
which method provides better scalability, nathelper or mediaproxy?

Regards,
Paul

--- Andrei Pelinescu-Onciul <pelinescu-onciul at fokus.fraunhofer.de> wrote:

> On Nov 13, 2004 at 15:09, Java Rockx <javarockx at yahoo.com> wrote:
> > What I actually meant was using either rtpproxy with nathelper **OR** using mediaproxy.
> > 
> > I've had better success with mediaproxy because rtpproxy/nathelper seem to still require users
> to
> > open UDP ports for SIP and RTP in their firewall whereas mediaproxy does not require end users
> to
> > do anything to their firewall. 
> 
> You're wrong. There is no difference from the firewall point of view
> between mediaproxy and nathelper. 
> If one setup works with one of them it should work also with the other.
> You probably misconfigured somehow nathelper, or your test setup was a
> little different.
> The only other possibility I can think of, is somehow the RTP ports
> allocated by default by rtpproxy are blocked by your firewall and the
> ones allocated by mediaproxy are not (lucky coincidence).
> 
> 
> > 
> > My experience has been that when using mediaproxy a STUN server isn't necessary, although I'm
> have
> > some problems right now with sems/sipums voicemail because it is trying to send RTP media to
> NATed
> > clients on non-routeable IP addresses.
> 
> Yes, STUN is not necessary, but if you can use it it has some
> advantages (you get less traffic and RTP has lower delay). On the other
> hand there are situations when STUN will missdetect a NAT type, or it
> won't ever try to detect it (very common with some UAs). Using
> nat_uac_test("19") might help catching some of these cases.
> 
> Bottom line: mediaproxy / nathelper will work in almost all cases, STUN
> will not work always, you can combine the two of them.
> 
> 
> Andrei
> 


		
__________________________________ 
Do you Yahoo!? 
Check out the new Yahoo! Front Page. 
www.yahoo.com

More information about the sr-users mailing list