[Serusers] NAT-Issue in onsip.org's GettingStarted?

Klaus Darilion klaus.mailinglists at pernau.at
Fri Oct 14 12:59:44 CEST 2005


Yes, that's an issue. The client will never reeive the error message 
(and the challenge).

I use
	if (client_nat_test("3")) {
		force_rport(); ...

for every incoming request in the beginning of further processing to 
avoid this.

regards
klaus

Andreas Granig wrote:
> Hi,
> 
> While experimenting with the example config nat-mediaproxy.5.0.cfg of 
> onsip.org's GettingStarted document I discovered a problem with NAT 
> handling. Don't blame me if I'm completely wrong, but here is what 
> happens and how it is solved:
> 
> I've two phones behind the same NAT (address of phone A is a:5060 and 
> that of phone B is b:5060, the NAT device has ip c) contacting a SER 
> with a public IP.
> 
> If A makes a call, it's NATed to c:5060, SER responds with 407 to 
> c:5060,  and it's correctly forwarded to a:5060.
> 
> If B makes a call, it's NATed to c:1025, but SER responds to c:5060 too, 
> so B never gets the reply.
> 
> The original config looks like this:
> 
>     181     # ----------------------------------------------------------
>     182     # INVITE Message Handler
>     183     # ----------------------------------------------------------
>     184
>     185     if (!proxy_authorize("","subscriber")) {
>     186         proxy_challenge("","0");
>     187         break;
>     188     } else if (!check_from()) {
>     189         sl_send_reply("403", "Use From=ID");
>     190         break;
>     191     };
>     192
>     193     consume_credentials();
>     194
>     195     if (client_nat_test("3")) {
>     196         setflag(7);
>     197         force_rport();
>     198         fix_nated_contact();
>     199     };
> 
> So the autorization is done before NAT is handled, and I think this is 
> the problem. Because if I move the lines 195-199 before 185, everything 
> works as expected.
> 
> Could anyone please be so kind and check that?
> 
> Andy
> 
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
> 
> 




More information about the sr-users mailing list