[Serusers] Port Restricted Cone NAT
Sebastian Kühner
skuehner at veraza.com
Thu Jul 21 23:10:28 CEST 2005
Hi all!
Somone can give me an example how to forward calls to a (Cisco) PSTN Gateway
with rtpproxy? The user is behind a Port Restricted Cone Nat and I have no
idea how to solve the problem, that I have a one way audio stream.
I'm using the following code:
# special handling for NATed clients; first, nat test is
# executed: it looks for via!=received and RFC1918 addresses
# in Contact (may fail if line-folding used); also,
# the received test should, if complete, should check all
# vias for presence of received
if (nat_uac_test("3")) {
# allow RR-ed requests, as these may indicate that
# a NAT-enabled proxy takes care of it; unless it is
# a REGISTER
if (method == "REGISTER" || ! search("^Record-Route:")) {
log("LOG: Someone trying to register from private
IP, rewriting\n");
# This will work only for user agents that support
symmetric
# communication. We tested quite many of them and
majority is
# smart smart enough to be symmetric. In some
phones, like
# it takes a configuration option. With Cisco 7960,
it is
# called NAT_Enable=Yes, with kphone it is called
# "symmetric media" and "symmetric signaling". (The
latter
# not part of public released yet.)
fix_nated_contact(); # Rewrite contact with source
IP of signalling
if (method == "INVITE") {
fix_nated_sdp("1"); # Add direction=active
to SDP
};
force_rport(); # Add rport parameter to topmost Via
setflag(6); # Mark as NATed
};
};
[....]
rewritehostport("xxx.xxx.xxx.xxx:5060"); #forward to the gateway
[....]
if (isflagset(6)) {
force_rtp_proxy();
t_on_reply("2");
append_hf("P-Behind-NAT: Yes\r\n");
append_hf("P-hint: GATEWAY\r\n");
};
if (!t_relay()) {
sl_reply_error();
break;
};
[....]
onreply_route[2] {
if (status=~"2[0-9][0-9]") {
force_rport();
fix_nated_contact();
fix_nated_sdp("2");
force_rtp_proxy();
};
}
Has anyone of you experience with this? How you can imagine... I can't put
the gateway on the ser proxy :-(
Before the OK from the gateway reaches, the phone receives many UDP messages
directly from the gateway... then the conversation is "switching".
I made a ngrep on the messages to the PSTN and the media stream goes out
like this... I'm wondering why the OK message has the IP information twice:
INVITE:
---------
v=0.
o=- 3330963367 3330963367 IN IP4 192.168.1.101.
s=SJphone.
c=IN IP4 xxx.xxx.xxx.xxx. <-- ser server IP
address
t=0 0.
a=direction:active.
m=audio 35076 RTP/AVP 3 8 0 101.
a=rtpmap:3 GSM/8000.
a=rtpmap:8 PCMA/8000.
a=rtpmap:0 PCMU/8000.
a=rtpmap:101 telephone-event/8000.
a=fmtp:101 0-11,16.
a=direction:active.
a=nortpproxy:yes.
OK (from GW to ser)
----------------------
v=0.
o=CiscoSystemsSIP-GW-UserAgent 9220 7434 IN IP4 xxx.xxx.xxx.xxx.
<-- IP of Gateway
s=SIP Call.
c=IN IP4 xxx.xxx.xxx.xxx. <-- IP of Gateway
t=0 0.
m=audio 16460 RTP/AVP 3 101.
c=IN IP4 xxx.xxx.xxx.xxx. <-- IP of Gateway
a=rtpmap:3 GSM/8000.
a=rtpmap:101 telephone-event/8000.
a=fmtp:101 0-11,16.
OK (from ser to phone):
------------------------
v=0.
o=CiscoSystemsSIP-GW-UserAgent 7310 9703 IN IP4 xxx.xxx.xxx.xxx.
<-- IP of the gateway
s=SIP Call.
c=IN IP4 xxx.xxx.xxx.xxx. <-- IP of us
t=0 0.
m=audio 35078 RTP/AVP 3 101.
c=IN IP4 xxx.xxx.xxx.xxx.
a=rtpmap:3 GSM/8000.
a=rtpmap:101 telephone-event/8000.
a=fmtp:101 0-11,16.
a=nortpproxy:yes.
Thanks for your help! I hope there is a solution for this!!
Sebastian
More information about the sr-users
mailing list