[Serusers] ser mediaproxy and grandstream behing the nat
Decebal Topala
dectopala at gmail.com
Sat Oct 9 16:57:53 CEST 2004
Hi there:
I have the following network diagram:
SER on the real IP
| Internet
-------------------------------------------------------------------------------
| | |
|
Liksys NAT Linux NAT PIX CISCO IOS
| | | |
Grand stream Grand stream Xlite PSTN
XTEN PRO
On the ser I am using a conguration with a mediaproxy module enabled.
Here are some tests i did in this configuration and results:
1) Call from GS/NAT to GS/ NAT through SER/Mediaproxy worksk fine
2) Call from PSTN to a DIN assigned to a XLITE(behind any nat ) is fine
3) Calls from PSTN to a DIN assigned to a GS / NAT (Linux nat, Linksys
nat ), only the phone ringing but meddia is not going through .
Here are my config files:
------------------------------------------------------------------------------
#
# $Id: serconf.sh,v 1.2 2003/08/13 20:53:04 jiri Exp $
#
# autogenerated SER configuration
#
# user: uid=500(ser) gid=500(ser) groups=500(ser)
# system: Linux ast 2.6.5-1.358smp #1 SMP Sat May 8 09:25:36 EDT 2004
i686 i686 i386 GNU/Linux
# date: Tue Oct 5 00:49:29 EDT 2004
#
# ----------- global configuration parameters ------------------------
debug=4
fork=yes
port=5060
log_stderror=yes
memlog=5
mhomed=yes
fifo="/tmp/ser_fifo"
alias=iptel.org
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=yes # (cmd. line: -R)
children=2
# if changing fifo mode to a more restrictive value, put
# decimal value in there, e.g. dec(rw|rw|rw)=dec(666)=438
#fifo_mode=438
# ------------------ module loading ----------------------------------
loadmodule "/home/ser/lib/ser/modules/tm.so"
loadmodule "/home/ser/lib/ser/modules/sl.so"
#loadmodule "/home/ser/lib/ser/modules/acc.so"
loadmodule "/home/ser/lib/ser/modules/rr.so"
loadmodule "/home/ser/lib/ser/modules/maxfwd.so"
loadmodule "/home/ser/lib/ser/modules/mysql.so"
loadmodule "/home/ser/lib/ser/modules/usrloc.so"
loadmodule "/home/ser/lib/ser/modules/registrar.so"
loadmodule "/home/ser/lib/ser/modules/auth.so"
loadmodule "/home/ser/lib/ser/modules/auth_db.so"
loadmodule "/home/ser/lib/ser/modules/textops.so"
loadmodule "/home/ser/lib/ser/modules/uri.so"
loadmodule "/home/ser/lib/ser/modules/group.so"
loadmodule "/home/ser/lib/ser/modules/msilo.so"
loadmodule "/home/ser/lib/ser/modules/enum.so"
# loadmodule "/home/ser/lib/ser/modules/nathelper.so"
loadmodule "/home/ser/lib/ser/modules/mediaproxy.so"
loadmodule "/home/ser/lib/ser/modules/domain.so"
loadmodule "/home/ser/lib/ser/modules/xlog.so"
# ----------------- setting module-specific parameters ---------------
# Media proxy ..
modparam("mediaproxy", "natping_interval", 60)
modparam("mediaproxy", "mediaproxy_socket","/var/run/proxydispatcher.sock")
modparam("mediaproxy", "sip_asymmetrics",
"/home/ser/etc/ser/sip-asymmetrics-clients")
modparam("mediaproxy", "rtp_asymmetrics",
"/home/ser/etc/ser/rtp-asymmetrics-clients")
modparam("registrar", "nat_flag", 2)
# all DB urls here
modparam("usrloc|acc|auth_db|group|msilo|uri", "db_url",
"sql://ser:heslo@localhost/ser")
# -- usrloc params --
/* 0 -- dont use mysql, 1 -- write_through, 2--write_back */
modparam("usrloc", "db_mode", 2)
modparam("usrloc", "timer_interval", 10)
# -- auth params --
modparam("auth_db", "calculate_ha1", yes)
#modparam("auth_db", "user_column", "user_id")
modparam("auth_db", "password_column", "password")
modparam("auth", "nonce_expire", 300)
# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)
# -- acc params --
# that is the flag for which we will account -- don't forget to
# modparam("acc", "db_flag", 1 )
# modparam("acc", "db_missed_flag", 3 )
# -- tm params --
modparam("tm", "fr_timer", 20 )
modparam("tm", "fr_inv_timer", 90 )
modparam("tm", "wt_timer", 20 )
# -- msilo params
modparam("msilo", "registrar", "sip:registrar at iptel.org")
# -- enum params --
#
# modparam("enum", "domain_suffix", "e164.arpa.")
modparam("xlog", "buf_size", 8192)
# ------------------------- request routing logic -------------------
# main routing logic
route{
/* ********* ROUTINE CHECKS ********************************** */
# filter too old messages
if (!mf_process_maxfwd_header("10")) {
log("LOG: Too many hops\n");
if (method!="ACK") {
sl_send_reply("483","Alas Too Many Hops");
}
break;
};
# if (len_gt( max_len )) {
if (msg:len > max_len) {
sl_send_reply("513", "Message too large sorry");
break;
};
if (method=="REGISTER") { # REGISTER IF
# log("REGISTER request");
if (is_from_local()) { # IS FROM LOCAL
# Mark as NAT'ed
if (client_nat_test("3")) {
setflag(2);
force_rport();
fix_contact();
};
if (!www_authorize("", "subscriber")) {
www_challenge("", "0");
break;
} else if (!check_to()) {
sl_send_reply("403", "Username!=To not allowed");
break;
};
if (!save("location")) {
sl_reply_error();
};
}
else
{
sl_send_reply("403", "This domain is not served here");
}; # IS FROM LOCAL
break;
}; #REGISTER IF
if (method=="INVITE") { # INVITE IF
if (!(is_from_local() || is_uri_host_local())) {
sl_send_reply("403", "Relaying is forbidden");
break;
};
t_on_failure("1");
} else
if (method == "BYE" || method == "CANCEL") #INFITE
END BYE START
{
end_media_session();
}; #BYE STOP
if (loose_route()) {
if (method=="INVITE" || method=="ACK") {
use_media_proxy();
};
# end media session for BYE and CANCEL is done above
# before entering the loose route. no need to call it here
t_relay();
break;
};
# Force subsequent messages to pass trough this proxy
if (method == "INVITE") {
record_route();
};
if (client_nat_test("3") && !search("^Record-Route:")) {
# Mark as NAT'ed
force_rport();
fix_contact();
};
if (method=="INVITE") {
t_on_reply("1");
};
if (is_uri_host_local()) {
if (!lookup("location")) {
sl_send_reply("404", "User not found");
break;
};
};
if (method=="INVITE" || method=="ACK") {
use_media_proxy();
};
if (!t_relay()) {
if (method=="INVITE" || method=="ACK") {
end_media_session();
};
sl_reply_error();
};
}
failure_route[1] {
end_media_session();
}
onreply_route[1] {
if (status=~"(183)|(2[0-9][0-9])") {
if (client_nat_test("1")) {
fix_contact();
};
use_media_proxy();
};
}
------------------------------------------------
run ser as "ser:ser" user and media proxy as root on the same box ..
But i do not think that this might be the issue since i am able to have
media through in the 2 cases.
I would appreciate if some one will give me some help ..
Thanks again
Decebal
PS
Have also the logs and ngrep but message will get too big and will be
held by mail man,
so if you need it please le me know.
I will send them also.
Thank You
More information about the sr-users
mailing list