[Serusers] UA's behind the same NAT
Atle Samuelsen
clona at cyberhouse.no
Thu Nov 10 08:19:52 CET 2005
Hi Noel,
Just a tought,
(dont know if your users does this, but just to lighten the aera)
what happens if there is a double NAT here, and you say, that users
behind the same nat (atleast with the logic G wrote) they would have the
same source-ip and the same ruri ip, but would'nt be on the same
physical lan..
see setup :
B C
NAT-->UA2
A /
ser - NAT
\
NAT -->UA1
D E
A= Public IP
B= NAT1's public IP
C= NAT1's Local Subnet
D= NAT2's public ip
E= NAT2's Local subnet
The from would look like:
(ua2)
from:blabla<sip:UA2 at C>
(UA1)
from:blublu<sip:UA1 at E>
e.request-uri would be :
(UA2)
sip:ua2 at A
(UA1)
sip:ua1 at a
SourceIP for both request's would be A, So, you cant really (by this)
know if UA1 and UA2 is behind the same nat, esesially if there is a
double, or triple or so...
-Atle
* Greger V. Teigre <greger at teigre.com> [051110 07:50]:
> Noel,
> If you send the config showing how you do it, it will be easier to comment.
> :-)
>
> In general, what you should do is this:
> - Starting from onsip.org configs, there are three locations you need to
> change: route[4] NAT Traversal, loose route handling and onreply
> - I suggest creating a new route block where you test the src_ip of the
> message against the looked up location of ruri/domain, i.e. this only works
> after a successful lookup("location") has been done. This should be the
> (untested) code snippet:
> avp_write("$ruri/domain", "i:624");
> if (avp_check("i:624","eq/$src_ip")) {
> setflag(SAME_NAT);
> }
> (NOTE: I'm not sure about how avp_write will handle $ruri/domain as :port
> is at the end of the domain for ruri after a lookup. You should probably
> turn on debugging and use avp_print)
> - Then run the test from the NAT traversal route, as well as the loose
> route (not in onreply) and check for the flag before doing force_rtp_proxy
> - In onreply add && !isflagset(SAME_NAT) to the NAT if test
>
> No guarantees... This has not been tested. However, if you can report that
> it works (or whatever was wrong), I will submit the code piece as a
> suggestion for the ONsip.org Getting Started document.
> g-)
>
>
> ----- Original Message -----
> From: "Noel Sharpe" <noels at radnetwork.co.uk>
> To: "'SER Users'" <serusers at lists.iptel.org>
> Sent: Wednesday, November 09, 2005 9:15 PM
> Subject: [Serusers] UA's behind the same NAT
>
>
> >Hi All
> >
> >I am trying to improve my proxy setup to force clients behind the same NAT
> >device to connect each other directly. My setup is fairly complex,
> >(rtpproxy / NAT Helper, PSTN gateways, different peers etc) but it's
> >loosely based on the OnSip.org setup.
> >The current config works correctly for all clients, whether behind a NAT
> >or not, but I'd prefer not to have to use RTP proxy to allow UA's on the
> >same nat to contact each other. I've seen the document from the AVPops
> >module, but I can't get the example to work. I think the problem is WHERE
> >I put the avpops config. As this works on FWD, I think it's possible.
> >Has anyone got this working?
> >
> >Noel
> >
> >
> >_______________________________________________
> >Serusers mailing list
> >serusers at lists.iptel.org
> >http://lists.iptel.org/mailman/listinfo/serusers
> >
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>
More information about the sr-users
mailing list