[Serusers] Record-Route behind NAT

Jan Janak jan at iptel.org
Sun Sep 12 20:59:00 CEST 2004


If the SIP server listens on the private IP address only then you have
to force it to use the public IP explicitely because it does not know
it.

You can use record_route_preset("200.24.99.131;lr");

  Jan.

On 11-09 11:29, Andrés Parra L. wrote:
> I have a little problem, i need to force the UA
> (outside NAT with public IP address) to send the BYE
> messages 
> to my Sip Server so I can account them in the acc
> table. 
> I use record_route() to acomplish that but the thing
> is the 
> Record-Route field in the message that an UA recieve,
> the IP address is 
> the SIP SERVER LOCAL IP ADDRESS BEHIND NAT
> (Record-Route:
> <sip:5000022 at 192.168.0.2;ftag=192550680;lr=on>) 
> which means, of course, that the message will not pass
> trough the SIP Server.
> How Could i force the server to write in the
> Record-Route field the valid
> IP address of my Sip Server (200.24.99.131)????
> 
> Example message sent by the Sip Proxy:
> RECEIVE TIME: 1420109
> RECEIVE << 200.24.99.131:5060
> SIP/2.0 180 Ringing
> Via: SIP/2.0/UDP
> 200.71.103.253:5060;rport=5060;branch=z9hG4bK725C92055C654839934F043974F39E1F
> From: Andres Parra
> <sip:3304076 at ipsofactum.com>;tag=192550680
> To: <sip:5000022 at ipsofactum.com>;tag=2391513217
> Contact: <sip:5000022 at 68.38.237.35:32805>
> Record-Route:
> <sip:5000022 at 192.168.0.2;ftag=192550680;lr=on>
> Call-ID:
> 31517648-DF5F-4A12-BE74-5B1026B4C39D at 200.71.103.253
> CSeq: 29855 INVITE
> Server: X-Lite release 1103m
> Content-Length: 0
> 
> Ser.cfg:
> 
> #
> # $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei
> Exp $
> #
> # simple quick-start config script
> #
> 
> # ----------- global configuration parameters
> ------------------------
> 
> #debug=3         # debug level (cmd line: -dddddddddd)
> #fork=yes
> #log_stderror=no	# (cmd line: -E)
> 
> /* Uncomment these lines to enter debugging mode 
> debug=7
> fork=no
> log_stderror=yes
> */
> 
> check_via=no	# (cmd. line: -v)
> dns=no           # (cmd. line: -r)
> rev_dns=no      # (cmd. line: -R)
> #port=5060
> #children=4
> fifo="/tmp/ser_fifo"
> 
> 
> # ------------------ module loading
> ----------------------------------
> 
> # Uncomment this if you want to use SQL database
> loadmodule "/usr/local/lib/ser/modules/mysql.so"
> 
> loadmodule "/usr/local/lib/ser/modules/sl.so"
> loadmodule "/usr/local/lib/ser/modules/tm.so"
> loadmodule "/usr/local/lib/ser/modules/rr.so"
> loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
> loadmodule "/usr/local/lib/ser/modules/usrloc.so"
> loadmodule "/usr/local/lib/ser/modules/registrar.so"
> 
> # Uncomment this if you want digest authentication
> # mysql.so must be loaded !
> loadmodule "/usr/local/lib/ser/modules/auth.so"
> loadmodule "/usr/local/lib/ser/modules/auth_db.so"
> loadmodule "/usr/local/lib/ser/modules/acc.so"
> loadmodule "/usr/local/lib/ser/modules/textops.so"
> 
> # Uncomment this if you want to use SQL database
> 
> 
> # ----------------- setting module-specific parameters
> ---------------
> 
> # -- usrloc params --
> 
> #modparam("usrloc", "db_mode",   0)
> 
> # Uncomment this if you want to use SQL database 
> # for persistent storage and comment the previous line
> modparam("usrloc", "db_mode", 2)
> 
> # -- auth params --
> # Uncomment if you are using auth module
> #
> modparam("auth_db", "calculate_ha1", yes)
> #
> # If you set "calculate_ha1" parameter to yes (which
> true in this config), 
> # uncomment also the following parameter)
> #
> modparam("auth_db", "password_column", "password")
> 
> # -- rr params --
> # add value to ;lr param to make some broken UAs happy
> modparam("rr", "enable_full_lr", 1)
> 
> # -- acc params -
> modparam("acc", "log_missed_flag", 3)
> modparam("acc", "log_level", 1)
> modparam("acc", "log_flag", 1)
> modparam("acc", "db_flag", 1)
> modparam("acc", "db_missed_flag", 3)
> 
> 
> 
> 
> 
> # -------------------------  request routing logic
> -------------------
> 
> # main routing logic
> 
> route{
> 
> 	# initial sanity checks -- messages with
> 	# max_forwards==0, or excessively long requests
> 	if (!mf_process_maxfwd_header("10")) {
> 		sl_send_reply("483","Too Many Hops");
> 		break;
> 	};
> 	if ( msg:len > max_len ) {
> 		sl_send_reply("513", "Mensaje demasiado grande");
> 		break;
> 	};
> 	# prevents private ip space from being used
>   	if (search("^(Contact|m):
> .*@(192\.168\.|10\.|172\.16)")) {
>     		if (method=="REGISTER") {
>       		log(1, "LOG: Someone trying to register from
> private IP\n");
>       		sl_send_reply("479", "Por favor no utilice
> direcciones IP privadas" );
>       		break;
>     		};
>   	};
> 	# loose-route processing
> 	if (loose_route()) {
> 		t_relay();
> 		break;
> 	};
> 	# labeled all transaction for accounting
> 	setflag(1);
> 	
> 	# we record-route all messages -- to make sure that
> 	# subsequent messages will go through our proxy;
> that's
> 	# particularly good if upstream and downstream
> entities
> 	# use different transport protocol
> 	
> 	# record-route INVITES to make sure BYEs will visit
> our server too
> 	if (method=="INVITE") record_route();
> 	
> 	
> 
> 	# if the request is for other domain use UsrLoc
> 	# (in case, it does not work, use the following
> command
> 	# with proper names and addresses in it)
> 	if (uri=~"ipsofactum.com" ){#||
> !(uri=~"^sip:(192\.168\.|10\.|172\.16)")) {
> 
> 		if (method=="REGISTER") {
> 
> 			# Uncomment this if you want to use digest
> authentication
> 			if (!www_authorize("ipsofactum.com", "subscriber"))
> {
> 				www_challenge("ipsofactum.com", "0");
> 				break;
> 			};
> 			setflag(3);
> 			save("location");
> 			break;
> 		};
> 		
> 		
> 				
> 		# native SIP destinations are handled using our
> USRLOC DB
> 		if (!lookup("location")){ #&&
> !lookup("subscribers"))  {
> 			# call invitations to off-line users are reported
> using the
>      			# acc_request action; to avoid duplicate
> reports on request
>      			# retransmissions, request is processed
> statefuly (t_newtran,
>      			# t_reply)
>      			if ((method=="INVITE" || method=="ACK") &&
> t_newtran() ) {
>           			t_reply("404", "Usuario no registrado!,
> contacte el directorio de usuarios registrados");
>           			acc_db_request("404 Not
> Found","missed_calls");
>           			break;
>      			};
>      			# all other requests to off-line users are
> simply replied
>      			# statelesslyeth0 and no reports are issued
>     			#sl_send_reply("404", "Usuario no existente!,
> contacte el directorio de usuarios suscritos");
>     			#break;
> 			} else {
> 			
> 			
> 			
>      			# user on-line; report on failed transactions;
> mark the
>      			# transaction for reporting using the same
> number as 
>      			# configured above; if the call is really
> missed, a report
>      			# will be issued
> 			
>      			setflag(3);
>      			# forward to user's current destination
>      			t_relay();
>      			break;
> 			};
> 	};
> 	
> 	
> 	
> 	# forward to current uri now; use stateful
> forwarding; that
> 	# works reliably even if we forward from TCP to UDP
> 	if (!t_relay()) {
> 		sl_reply_error();
> 	};
> 
> }
> 
> 
> 
> 		
> _______________________________
> Do you Yahoo!?
> Shop for Back-to-School deals on Yahoo! Shopping.
> http://shopping.yahoo.com/backtoschool
> 
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers




More information about the sr-users mailing list