[Serusers] NAT-Issue in onsip.org's GettingStarted?

Thu Oct 13 20:51:21 CEST 2005

Hi,

While experimenting with the example config nat-mediaproxy.5.0.cfg of 
onsip.org's GettingStarted document I discovered a problem with NAT 
handling. Don't blame me if I'm completely wrong, but here is what 
happens and how it is solved:

I've two phones behind the same NAT (address of phone A is a:5060 and 
that of phone B is b:5060, the NAT device has ip c) contacting a SER 
with a public IP.

If A makes a call, it's NATed to c:5060, SER responds with 407 to 
c:5060,  and it's correctly forwarded to a:5060.

If B makes a call, it's NATed to c:1025, but SER responds to c:5060 too, 
so B never gets the reply.

The original config looks like this:

     181     # ----------------------------------------------------------
     182     # INVITE Message Handler
     183     # ----------------------------------------------------------
     184
     185     if (!proxy_authorize("","subscriber")) {
     186         proxy_challenge("","0");
     187         break;
     188     } else if (!check_from()) {
     189         sl_send_reply("403", "Use From=ID");
     190         break;
     191     };
     192
     193     consume_credentials();
     194
     195     if (client_nat_test("3")) {
     196         setflag(7);
     197         force_rport();
     198         fix_nated_contact();
     199     };

So the autorization is done before NAT is handled, and I think this is 
the problem. Because if I move the lines 195-199 before 185, everything 
works as expected.

Could anyone please be so kind and check that?

Andy