[Serusers] NAT-Issue in onsip.org's GettingStarted?
Klaus Darilion
klaus.mailinglists at pernau.at
Fri Oct 14 12:59:44 CEST 2005
Yes, that's an issue. The client will never reeive the error message
(and the challenge).
I use
if (client_nat_test("3")) {
force_rport(); ...
for every incoming request in the beginning of further processing to
avoid this.
regards
klaus
Andreas Granig wrote:
> Hi,
>
> While experimenting with the example config nat-mediaproxy.5.0.cfg of
> onsip.org's GettingStarted document I discovered a problem with NAT
> handling. Don't blame me if I'm completely wrong, but here is what
> happens and how it is solved:
>
> I've two phones behind the same NAT (address of phone A is a:5060 and
> that of phone B is b:5060, the NAT device has ip c) contacting a SER
> with a public IP.
>
> If A makes a call, it's NATed to c:5060, SER responds with 407 to
> c:5060, and it's correctly forwarded to a:5060.
>
> If B makes a call, it's NATed to c:1025, but SER responds to c:5060 too,
> so B never gets the reply.
>
> The original config looks like this:
>
> 181 # ----------------------------------------------------------
> 182 # INVITE Message Handler
> 183 # ----------------------------------------------------------
> 184
> 185 if (!proxy_authorize("","subscriber")) {
> 186 proxy_challenge("","0");
> 187 break;
> 188 } else if (!check_from()) {
> 189 sl_send_reply("403", "Use From=ID");
> 190 break;
> 191 };
> 192
> 193 consume_credentials();
> 194
> 195 if (client_nat_test("3")) {
> 196 setflag(7);
> 197 force_rport();
> 198 fix_nated_contact();
> 199 };
>
> So the autorization is done before NAT is handled, and I think this is
> the problem. Because if I move the lines 195-199 before 185, everything
> works as expected.
>
> Could anyone please be so kind and check that?
>
> Andy
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>
>
More information about the sr-users
mailing list