[Serusers] Public IP Register Problem !!!

Iqbal iqbal at gigo.co.uk
Thu Apr 28 22:30:40 CEST 2005 

if (method=="REGISTER") {
log(1, "REGISTER message received\n");
# Uncomment this if you want to use digest authentication
if (!www_authorize("192.168.4.10", "subscriber")) {
www_challenge("192.168.4.10", "0");
break;
};


dont u need to change the IP above, infact why not use the domain they
are coming from, and in ur IP phones set that as the realm

Iqbal

On 4/28/2005, "Felipe Martins" <fmartins at mundivox.com> wrote:

>Hi guys,
>
>	I have 2 SER Servers talking to each other, working in a Private network using 192.168.4.0/16 authenticating at a mysql server (everything is for test, so the configuration is very basic). Everything works perfect, I have 4 users registered in each server, and everybody is talking to each other with no problem.
>	My next step was to test my architecture with public IPs, so I've changed my ser.cfg to reflect my ip changes, and also configured 4 clientes (2 at each server) with public IPs, but my clients now, can't register, none of them in any server. I can see at the logs that the REGISTER Request reaches my server but the clients can't register. I also tried to use some other private network at some clients but they can't register either. So, any network could be used to make it work, but 192.168.4.0/16.
>	I know it's probably a configuration error I've made, but I can't find where the error is. I'm sending my ser.cfg for you to see. Any hand will be pleased.
>
>Best Regards
>
>
># -------------- SER.CFG ------------------------
>
>#
># $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $
>#
># simple quick-start config script
>#
>
># ----------- global configuration parameters ------------------------
>
># Uncomment these lines to enter debugging mode
>debug=9
>fork=yes
>log_stderror=no
>#listen=200.142.96.218
>listen=192.168.4.10
>port=5060
>
>alias="mundivox.com"
>alias="sipserver.com"
>#alias="200.201.187.254"
>alias="192.168.4.10"
>
># sip_warning - Should replies include extensive warnings? By default
># yes, it is good for trouble-shooting
>#sip_warnings=yes
>
># server_signature - Should locally-generated messages include server's
># signature? By default yes, it is good for trouble-shooting.
> server_signature=yes
>
># reply_to_via - A hint reply modules whether they should send reply
>
># to IP advertised in Via. Turned off by default, which means that
># replies are sent to IP address from which requests came.
># reply_to_via=no
>
># mhomed -- enable calculation of outbound interface; useful on
># multihomed servers.
># mhomed=0
>
>check_via=yes		# (cmd. line: -v)
>dns=yes           	# (cmd. line: -r)
>rev_dns=yes      	# (cmd. line: -R)
>children=4
>fifo_mode=0666
>fifo="/tmp/ser_fifo"
>
># ------------------ module loading ----------------------------------
># ------------- external module loading
>loadmodule "/usr/local/lib/ser/modules/mysql.so"
>loadmodule "/usr/local/lib/ser/modules/sl.so"
>loadmodule "/usr/local/lib/ser/modules/tm.so"
>loadmodule "/usr/local/lib/ser/modules/rr.so"
>loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
>loadmodule "/usr/local/lib/ser/modules/usrloc.so"
>loadmodule "/usr/local/lib/ser/modules/registrar.so"
>loadmodule "/usr/local/lib/ser/modules/auth.so"
>loadmodule "/usr/local/lib/ser/modules/auth_db.so"
>loadmodule "/usr/local/lib/ser/modules/acc.so"
>loadmodule "/usr/local/lib/ser/modules/exec.so"
>loadmodule "/usr/local/lib/ser/modules/group.so"
>loadmodule "/usr/local/lib/ser/modules/msilo.so"
>#loadmodule "/usr/local/lib/ser/modules/print.so"
>loadmodule "/usr/local/lib/ser/modules/enum.so"
>loadmodule "/usr/local/lib/ser/modules/textops.so"
>#loadmodule "/usr/local/lib/ser/modules/nathelper.so"
>loadmodule "/usr/local/lib/ser/modules/uri.so"
>#loadmodule "/usr/local/lib/ser/modules/uri_db.so"
>loadmodule "/usr/local/lib/ser/modules/domain.so"
>loadmodule "/usr/local/lib/ser/modules/xlog.so"
>#loadmodule "/usr/local/lib/ser/modules/speeddial.so"
>#loadmodule "/usr/local/lib/ser/modules/options.so"
>#loadmodule "/usr/local/lib/ser/modules/rtpproxy.so"
>
># ----------------- setting module-specific parameters ---------------
>
># ------------- db_url setting
>#modparam("acc|auth_db|domain|group|speeddial|uri_db|usrloc",
>#         "db_url", "mysql://ser:heslo@localhost/ser")
>modparam("auth_db", "db_url", "mysql://ser:heslo@localhost/ser")
>
># ------------- use_domain setting
>modparam("auth_db|group|speeddial|uri_db|usrloc", "use_domain", 1)
>
># ------------- accounting parameters
>modparam("acc", "log_level", 1)
>modparam("acc", "log_flag", 1)
>#modparam("acc", "db_flag", 1)
>#modparam("acc", "db_missed_flag", 1)
>#modparam("acc", "log_fmt", "cdfimorstup")
>#modparam("acc", "failed_transactions", 1)
>#modparam("acc", "report_cancels", 1)
>#modparam("acc", "report_ack", 0)
>
># ------------- auth parameters
># allows clear text passwords in the mysql database
>modparam("auth_db", "calculate_ha1", yes)
>modparam("auth_db", "password_column", "password")
>
># ------------- domain parameters
>modparam("domain", "db_mode", 1)
>
># ------------- exec parameters
>modparam("exec", "setvars", 1)
>modparam("exec", "time_to_kill", 10)
>
># ------------- registration parameters
>modparam("registrar", "nat_flag", 2)
>modparam("registrar", "min_expires", 60)
>modparam("registrar", "max_expires", 86400)
>modparam("registrar", "default_expires", 3600)
>modparam("registrar", "desc_time_order", 1)
>modparam("registrar", "append_branches", 1)
>modparam("registrar", "use_domain", 1)
>
>#-------------- nathelper parameters
>#modparam("nathelper", "natping_interval", 30)
>#modparam("nathelper", "ping_nated_only", 1)
>
># ------------- rr parameters
># set ";lr" tag to lr=true
>modparam("rr", "enable_full_lr", 1)
>
># ------------- tm parameters
>modparam("tm", "fr_timer", 20)
>modparam("tm", "fr_inv_timer", 40)
>modparam("tm", "wt_timer", 5)
>
># ------------- usrloc parameters
># 0 = disable
># 1 = write-through
># 2 = write-back
>modparam("usrloc", "db_mode", 2)
>modparam("usrloc", "timer_interval", 60)
>modparam("usrloc", "desc_time_order", 1)
>
># ------------- logging parameters
>modparam("xlog", "buf_size", 8192)
>
>
># Checking for Username Column
>#modparam("auth_db", "user_column", "username")
>
># Checking for Domain Column
>#modparam("auth_db", "domain_column", "domain")
>
># ------------- logging parameters
>modparam("xlog", "buf_size", 8192)
>
>
># -------------------------  request routing logic -------------------
>
># main routing logic
>
>route  {
>
>	# ----------------------------------------------------------------------------
>	# Sanity Checks -- messages with max_forwards==0, or excessively long requests
>	#-----------------------------------------------------------------------------
>	if (!mf_process_maxfwd_header("10")) {
>		sl_send_reply("483","Too Many Hops");
>		break;
>	};
>	if ( msg:len > max_len ) {
>		sl_send_reply("513", "Message too big");
>		break;
>	};
>
>	# ------------------------------------------------------------------------
>	# NOTIFY Keep-Alive Section
>	# ------------------------------------------------------------------------
>	if ((method=="NOTIFY") && search("^Event: keep-alive")) {
>		sl_send_reply("200", "OK");
>		break;
>	};
>
>	if ((method=="NOTIFY") && (uri=~"^sip:700@")) {
>		sl_send_reply("200", "OK");
>		break;
>	};
>
>
>
>	# ------------------------------------------------------------
>	# OPTIONS Section
>	#
>	# This is used by sipsak to monitor the heath of our sip proxy
>	#-------------------------------------------------------------
>
>#	if (search("^From: sip:sipsak@") &&
>#	   (method=="OPTIONS") && (!uri=~"sip:.*[@]+.*"))  {
>#		options_reply();
>#		break;
>#	};
>
>	# ------------------------------------------------------------
>	# Registration Section
>	# ------------------------------------------------------------
>#	if (method=="REGISTER")  {
>#
>#	if (!is_from_local()) {
>#
>#			sl_send_reply("403", "Unknown Domain");
>#			break;
>#		};
>#
>#		if (is_user_in("Request-URI", "disabled"))  {
>#
>#			sl_send_reply("403", "Your evaluation period has expired");
>#			break;
>#		};
>#
>#		if (!www_authorize("", "subscriber"))  {
>#
>#			www_challenge("", "0");
>#			break;
>#		};
>#
>#		if (!check_to())  {
>#
>#			sl_send_reply("401", "Unauthorized");
>#			break;
>#		};
>#
>#		if (!save("location"))  {
>#
>#			sl_reply_error();
>#		};
>#
>#		break;
>#
>#	};
>
>	# -----------------------------------------------------------------
>	# Open Relay Section
>	# -----------------------------------------------------------------
>#	if (method=="INVITE")  {
>#
>#		if (!(is_from_local() || is_uri_host_local())) {
>#			sl_send_reply("403", "Please register to use our service");
>#			break;
>#		};
>#	};
>
>	# -----------------------------------------------------------------
>	# Accounting Section
>	# -----------------------------------------------------------------
>#	if (method=="INVITE" || method=="BYE") {
>#		setflag(1);
>#	};
>
>	# -----------------------------------------------------------------
>	# Record Route Section
>	#
>	# we record-route all messages -- to make sure that subsequent messages
>	# will go through our proxy; that's particularly good if upstream and
>	# donwstream entities use different transport protocol
>	# -----------------------------------------------------------------
>	if (!method=="REGISTER") {
>		record_route();
>	};
>
>	if (method=="INVITE") record_route();
>	log(1, "INVITE message received\n");
>
>
>	# -----------------------------------------------------------------
>	# Loose Route Section
>	#
>	# Grant route routing if route headers present
>	# -----------------------------------------------------------------
>	if (loose_route())  {
>		route(2);
>		break;
>	};
>
>	# -----------------------------------------------------------------
>	# Alias Routing Section
>	# -----------------------------------------------------------------
>	lookup("aliases");
>	if (!uri==myself) {
>		route(2);
>		break;
>	};
>
>	# ------------------------------------------------------------------------
>	# Anonymous Call Rejection Section
>	# ------------------------------------------------------------------------
>	if (isflagset(24) && (method=="INVITE") && search("^(f|F)rom:.*(a|A)nonymous")) {
>		route(8);
>		break;
>	};
>
>
>	# ------------------------------------------------------------------------
>	# Call Block Section
>	# ------------------------------------------------------------------------
>#	if (is_caller_blocked()) {
>#		route(7);
>#		break;
>#	};
>
>	# ------------------------------------------------------------------------
>	# Do Not Disturb Section
>	# ------------------------------------------------------------------------
>#	if (avp_db_load("$ruri/username", "s:donotdisturb")) {
>#		if (avp_check("s:donotdisturb", "eq/y/i")) {
>#			route(5);
>#			break;
>#		};
>#	};
>
>	# we record-route all messages -- to make sure that
>	# subsequent messages will go through our proxy; that's
>	# particularly good if upstream and downstream entities
>	# use different transport protocol
>	#record_route();
>	# loose-route processing
>	if (loose_route()) {
>		t_relay();
>		break;
>	};
>
>
>
>	# Rota usada para guardar Logs no CDRTool - Billing
>#	if (method=="REGISTER" || method=="INVITE" || method=="BYE" || method=="CANCEL") {
>#		# Salvar mensagens no myslq para o CDRTool
>#		exec_msg("/var/www/html/serweb/sertrace.py; exit 1");
>#	};
>
>
>
>	# if the request is for other domain use UsrLoc
>	# (in case, it does not work, use the following command
>	# with proper names and addresses in it)
>	# uri==myself retorna true se o nome de dominio URI for igual ao nome do
>	# host ao qual SER esta rodando. Para configurar quais domain names o ser
>	# aceita, deve-se configurar os ALIASES do sistema para tais nomes.
>	if (uri==myself) {
>
>		if (method=="REGISTER") {
>		log(1, "REGISTER message received\n");
>			# Uncomment this if you want to use digest authentication
>			if (!www_authorize("192.168.4.10", "subscriber")) {
>				www_challenge("192.168.4.10", "0");
>				break;
>			};
>			save("location");
>			break;
>		};
>
>		# Repassando Chamadas Internacionais para Asterisk
>	        if (uri=~"^sip:[2][0-9].*@") {
>                	log(1, "Forwarding to Another Gateway - SIPProxy2 to SIPProxy1\n");
>			setflag(1);     # MARK FOR ACCOUNTING
>			rewritehost("192.168.4.11");
>			forward(192.168.4.11,5060);
>                	t_relay();
>			break;
>		}
>
>
>
>	# ----------------------------------------------------------------
>	# Call Routing Section
>	# ----------------------------------------------------------------
>		if (!lookup("location")) {
>
>			sl_send_reply("404", "User Not Found");
>			break;
>		};
>	};
>
>	# forward to current uri now; use stateful forwarding; that
>	# works reliably even if we forward from TCP to UDP
>	if (!t_relay()) {
>		sl_reply_error();
>	};
>
>}
>
>
># ------------------ EOF -------------------------
>
>
>
>
>--
>Felipe Martins
>Mundivox Communications
>Tecnologia e Projetos
>fmartins at mundivox.com
>
>Tel.: +55 +21 +3820 8839
>Cel.: +55 +21 +9823 8602
>Fax.: +55 +21 +3820 8844
>www.mundivox.com
>
>
>_______________________________________________
>Serusers mailing list
>serusers at lists.iptel.org
>http://lists.iptel.org/mailman/listinfo/serusers
>
>

More information about the sr-users mailing list