[Serusers] grandstream behind nat does no get media thruogh ser media proxy from a cisco pstn gateway

Decebal Topala dectopala at gmail.com
Sat Oct 9 14:29:12 CEST 2004 

Hi there:
I have the following network diagram:

                                SER on the real IP
                                  |              Internet
-------------------------------------------------------------------------------
|                |                          |
                  |
Liksys NAT      Linux NAT         PIX         CISCO IOS
|                             |              |                |
         Grand stream         Grand stream          Xlite           PSTN
                                          XTEN PRO
On the ser I am using a conguration with a mediaproxy module enabled.
Here are some tests  i did in this configuration and results:

1) Call from GS/NAT  to GS/ NAT through SER/Mediaproxy worksk fine
2) Call from PSTN to a DIN assigned to a XLITE(behind any nat ) is fine
3) Calls from PSTN to a DIN assigned to a GS / NAT (Linux nat, Linksys
nat ), only the phone ringing but meddia is not going through .

Here are my config files:

------------------------------------------------------------------------------
#
# $Id: serconf.sh,v 1.2 2003/08/13 20:53:04 jiri Exp $
#
# autogenerated SER configuration
#
# user: uid=500(ser) gid=500(ser) groups=500(ser)
# system: Linux ast 2.6.5-1.358smp #1 SMP Sat May 8 09:25:36 EDT 2004
i686 i686 i386 GNU/Linux
# date: Tue Oct  5 00:49:29 EDT 2004
#

# ----------- global configuration parameters ------------------------

debug=4
fork=yes
port=5060
log_stderror=yes
memlog=5

mhomed=yes

fifo="/tmp/ser_fifo"

alias=iptel.org

check_via=no            # (cmd. line: -v)
dns=no              # (cmd. line: -r)
rev_dns=yes          # (cmd. line: -R)
children=2
# if changing fifo mode to a more restrictive value, put
# decimal value in there, e.g. dec(rw|rw|rw)=dec(666)=438
#fifo_mode=438

# ------------------ module loading ----------------------------------

loadmodule "/home/ser/lib/ser/modules/tm.so"
loadmodule "/home/ser/lib/ser/modules/sl.so"
#loadmodule "/home/ser/lib/ser/modules/acc.so"
loadmodule "/home/ser/lib/ser/modules/rr.so"
loadmodule "/home/ser/lib/ser/modules/maxfwd.so"
loadmodule "/home/ser/lib/ser/modules/mysql.so"
loadmodule "/home/ser/lib/ser/modules/usrloc.so"
loadmodule "/home/ser/lib/ser/modules/registrar.so"
loadmodule "/home/ser/lib/ser/modules/auth.so"
loadmodule "/home/ser/lib/ser/modules/auth_db.so"
loadmodule "/home/ser/lib/ser/modules/textops.so"
loadmodule "/home/ser/lib/ser/modules/uri.so"
loadmodule "/home/ser/lib/ser/modules/group.so"
loadmodule "/home/ser/lib/ser/modules/msilo.so"
loadmodule "/home/ser/lib/ser/modules/enum.so"
# loadmodule "/home/ser/lib/ser/modules/nathelper.so"
loadmodule "/home/ser/lib/ser/modules/mediaproxy.so"
loadmodule "/home/ser/lib/ser/modules/domain.so"
loadmodule "/home/ser/lib/ser/modules/xlog.so"

# ----------------- setting module-specific parameters ---------------
# Media proxy ..

modparam("mediaproxy", "natping_interval", 60)
modparam("mediaproxy", "mediaproxy_socket","/var/run/proxydispatcher.sock")
modparam("mediaproxy", "sip_asymmetrics",
"/home/ser/etc/ser/sip-asymmetrics-clients")
modparam("mediaproxy", "rtp_asymmetrics",
"/home/ser/etc/ser/rtp-asymmetrics-clients")
modparam("registrar",  "nat_flag",         2)

# all DB urls here
modparam("usrloc|acc|auth_db|group|msilo|uri", "db_url",
    "sql://ser:heslo@localhost/ser")

# -- usrloc params --
/* 0 -- dont use mysql, 1 -- write_through, 2--write_back */
modparam("usrloc", "db_mode",   2)
modparam("usrloc", "timer_interval", 10)

# -- auth params --

modparam("auth_db", "calculate_ha1", yes)
#modparam("auth_db", "user_column",   "user_id")
modparam("auth_db", "password_column",   "password")
modparam("auth", "nonce_expire",  300)

# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)

# -- acc params --
# that is the flag for which we will account -- don't forget to
# modparam("acc", "db_flag", 1 )
# modparam("acc", "db_missed_flag", 3 )

# -- tm params --
modparam("tm", "fr_timer", 20 )
modparam("tm", "fr_inv_timer", 90 )
modparam("tm", "wt_timer", 20 )

# -- msilo params
modparam("msilo", "registrar", "sip:registrar at iptel.org")

# -- enum params --
#
# modparam("enum", "domain_suffix", "e164.arpa.")

modparam("xlog", "buf_size", 8192)

# -------------------------  request routing logic -------------------

# main routing logic

route{

    /* ********* ROUTINE CHECKS  ********************************** */

    # filter too old messages
    if (!mf_process_maxfwd_header("10")) {
            log("LOG: Too many hops\n");
            if (method!="ACK") {
            sl_send_reply("483","Alas Too Many Hops");
            }
            break;
    };
    # if (len_gt( max_len )) {
    if (msg:len > max_len) {
            sl_send_reply("513", "Message too large sorry");
            break;
    };

if (method=="REGISTER") { #     REGISTER IF
            # log("REGISTER request");

if (is_from_local()) {  # IS FROM LOCAL
        # Mark as NAT'ed
        if (client_nat_test("3")) {
            setflag(2);
            force_rport();
            fix_contact();
        };

        if (!www_authorize("", "subscriber")) {
            www_challenge("", "0");
            break;
        } else if (!check_to()) {
            sl_send_reply("403", "Username!=To not allowed");
            break;
        };

        if (!save("location")) {
            sl_reply_error();
        };
    }
             else
    {
            sl_send_reply("403", "This domain is not served here");
    }; # IS FROM LOCAL
    break;
};   #REGISTER  IF

if (method=="INVITE") { #  INVITE IF

            if (!(is_from_local() || is_uri_host_local())) {
                    sl_send_reply("403", "Relaying is forbidden");
                    break;
            };
            t_on_failure("1");

} else
            if (method == "BYE" || method == "CANCEL")  #INFITE
END BYE START
{
            end_media_session();
}; #BYE STOP

if (loose_route()) {

    if (method=="INVITE" || method=="ACK") {
             use_media_proxy();
    };
    # end media session for BYE and CANCEL is done above
    # before entering the loose route. no need to call it here
    t_relay();
    break;
};

# Force subsequent messages to pass trough this proxy
if (method == "INVITE") {
            record_route();
};

if (client_nat_test("3") && !search("^Record-Route:")) {
            # Mark as NAT'ed
            force_rport();
            fix_contact();
};
    if (method=="INVITE") {
            t_on_reply("1");
    };

    if (is_uri_host_local()) {
            if (!lookup("location")) {
                    sl_send_reply("404", "User not found");
                    break;
            };
    };

    if (method=="INVITE" || method=="ACK") {
     use_media_proxy();
    };

    if (!t_relay()) {
            if (method=="INVITE" || method=="ACK") {
            end_media_session();
            };
            sl_reply_error();
    };

}

failure_route[1] {
end_media_session();
}

onreply_route[1] {
 if (status=~"(183)|(2[0-9][0-9])") {
    if (client_nat_test("1")) {
    fix_contact();
     };
  use_media_proxy();
};
}

--------------------------------------------------------------------
Also i attached the log of ser files
and the ngrep logs from ser box and from linux box .
I run ser as "ser:ser"  user and media proxy as root on the same box ..
But i do not think that this might be the issue since i am able to have
media through in the 2 cases.
I would appreciate if some one will give me some help ..
Thanks again
Decebal

PS 
Have also  the logs and ngrep but message will get too big and will be
held by mail man,
so if you need it please le me know.
I will send them also.
Thank You

More information about the sr-users mailing list