[Serusers] RTP proxy between two subnetworks with private @s

[Klaus Darilion]

AFAIK you have to use the bridging mode (I never used it myself)
http://lists.iptel.org/pipermail/serusers/2004-March/006514.html

regards
klaus

Joao Pereira wrote:
> Hello, did you made it to put the clients of networks A and B to call 
> each other?
> I  want to do the same, and tried a lot of SER/RTPproxy configurations, 
> including the one in:
> /ser-0.9.0/modules/nathelper/examples/alg.cfg
> and also tried to run rtpproxy with the "-l 10.0.0.135/193.136.2.2" option.
> But I just was able to ring the phones (wen calling between networks), 
> but the RTP doesnt pass...
> If you found the solution, please tell me.
> Thanks
> Joao Pereia
> www.fccn.pt
> 
> 
> Jose Soler wrote:
> 
>> Hi,
>>  
>> I am trying to figure out how to solve the follwoing problem.
>> I have two subnetworks, A and B, with different private ip adressing 
>> schemes (IP at A <mailto:IP at A>) and (IP at B <mailto:IP at B>).
>>  
>> SER is installed in a computer with network interfaces towards both 
>> subnetworks.
>> SER's SIP signalling proxying operation works properly within the 
>> subnetworks and when trying to set up a communication between users in 
>> A and B. But in that last case, obviously there is no media at all 
>> circulating among the subnetworks.
>>  
>> Portaone's RTP proxy has been installed and configured in the computer 
>> with interfaces towards both subnetworks where SER is installed.  
>> I am trying to configure SER so that, based on the nathelper module, 
>> when communication between both subnetworks occurs, the RTP proxy is 
>> involved and the communication (also media and not only signalling) is 
>> possible. BUT I am making something wrong, becouse it does not work ...
>>  
>> Can anyone give me  a hand /hint?
>> Thanks a lot in advance / in any case.  
>> My SER config file is the following:
>>  
>>
>> #
>>
>> # ----------- global configuration parameters ------------------------
>>
>> /* Uncomment these lines to enter debugging mode
>>
>> debug=7
>>
>> fork=no
>>
>> log_stderror=yes
>>
>> */
>>
>> check_via=no # (cmd. line: -v)
>>
>> dns=no # (cmd. line: -r)
>>
>> rev_dns=no # (cmd. line: -R)
>>
>> fifo="/tmp/ser_fifo"
>>
>> fifo_mode=0662
>>
>> alias=wirelessip.x.x.x
>>
>> alias=sip..x.x.x
>>
>> alias=x.x.x
>>
>> log_stderror=no
>>
>> debug=3
>>
>> children=3
>>
>> mhomed=1
>>
>> # ------------------ module loading ----------------------------------
>>
>> # Uncomment this if you want to use SQL database
>>
>> loadmodule "/lib/ser/modules/mysql.so"
>>
>> loadmodule "/lib/ser/modules/sl.so"
>>
>> loadmodule "/lib/ser/modules/tm.so"
>>
>> loadmodule "/lib/ser/modules/rr.so"
>>
>> loadmodule "/lib/ser/modules/maxfwd.so"
>>
>> loadmodule "/lib/ser/modules/usrloc.so"
>>
>> loadmodule "/lib/ser/modules/textops.so"
>>
>> loadmodule "/lib/ser/modules/registrar.so"
>>
>> # Uncomment this if you want digest authentication
>>
>> # mysql.so must be loaded !
>>
>> loadmodule "/lib/ser/modules/auth.so"
>>
>> loadmodule "/lib/ser/modules/auth_db.so"
>>
>> # For NAT support / media proxying
>>
>> loadmodule "/lib/ser/modules/nathelper.so"
>>
>> # ----------------- setting module-specific parameters ---------------
>>
>> # -- usrloc params --
>>
>> #modparam("usrloc", "db_mode", 0)
>>
>> # Uncomment this if you want to use SQL database
>>
>> # for persistent storage and comment the previous line
>>
>> modparam("usrloc", "db_mode", 2)
>>
>> # -- auth params --
>>
>> # Uncomment if you are using auth module
>>
>> modparam("auth_db", "calculate_ha1", yes)
>>
>> # If you set "calculate_ha1" parameter to yes (which true in this 
>> config),
>>
>> # uncomment also the following parameter)
>>
>> modparam("auth_db", "password_column", "password")
>>
>> # -- rr params --
>>
>> # add value to ;lr param to make some broken UAs happy
>>
>> modparam("rr", "enable_full_lr", 1)
>>
>> # For NAT
>>
>> # We will use flag 6 to mark NATed contacts
>>
>> modparam("registrar", "nat_flag", 6)
>>
>> # Enable NAT pinging
>>
>> modparam("nathelper", "natping_interval", 60)
>>
>> # Ping only contacts that are known to be
>>
>> # behind NAT
>>
>> modparam("nathelper", "ping_nated_only", 1)
>>
>> # ------------------------- request routing logic -------------------
>>
>> # main routing logic
>>
>> route{
>>
>> # initial sanity checks -- messages with
>>
>> # max_forwards==0, or excessively long requests
>>
>> if (!mf_process_maxfwd_header("10")) {
>>
>> sl_send_reply("483","Too Many Hops");
>>
>> break;
>>
>> };
>>
>> if ( msg:len > max_len ) {
>>
>> sl_send_reply("513", "Message too big");
>>
>> break;
>>
>> };
>>
>> # special handling for NATed clients; first, nat test is
>>
>> # executed: it looks for via!=received and RFC1918 addresses
>>
>> # in Contact (may fail if line-folding used); also,
>>
>> # the received test should, if complete, should check all
>>
>> # vias for presence of received
>>
>> if (nat_uac_test("3")) {
>>
>> # allow RR-ed requests, as these may indicate that
>>
>> # a NAT-enabled proxy takes care of it; unless it is
>>
>> # a REGISTER
>>
>> if (method == "REGISTER" || ! search("^Record-Route:")) {
>>
>> log("LOG: Someone trying to register from private IP, rewriting\n");
>>
>> # This will work only for user agents that support symmetric
>>
>> # communication. We tested quite many of them and majority is
>>
>> # smart smart enough to be symmetric. In some phones, like
>>
>> # it takes a configuration option. With Cisco 7960, it is
>>
>> # called NAT_Enable=Yes, with kphone it is called
>>
>> # "symmetric media" and "symmetric signaling". (The latter
>>
>> # not part of public released yet.)
>>
>> fix_nated_contact(); # Rewrite contact with source IP of signalling
>>
>> if (method == "INVITE") {
>>
>> fix_nated_sdp("1"); # Add direction=active to SDP
>>
>> };
>>
>> force_rport(); # Add rport parameter to topmost Via
>>
>> setflag(6); # Mark as NATed
>>
>> };
>>
>> };
>>
>> # we record-route all messages -- to make sure that
>>
>> # subsequent messages will go through our proxy; that's
>>
>> # particularly good if upstream and downstream entities
>>
>> # use different transport protocol
>>
>> record_route();
>>
>> # loose-route processing
>>
>> if (loose_route()) {
>>
>> t_relay();
>>
>> break;
>>
>> };
>>
>> lookup("aliases");
>>
>> # if the request is for other domain use UsrLoc
>>
>> # (in case, it does not work, use the following command
>>
>> # with proper names and addresses in it)
>>
>> if (uri==myself) {
>>
>> if (method=="REGISTER") {
>>
>> # Uncomment this if you want to use digest authentication
>>
>> if (!www_authorize("com.dtu.dk", "subscriber")) {
>>
>> www_challenge("com.dtu.dk", "0");
>>
>> break;
>>
>> };
>>
>> save("location");
>>
>> break;
>>
>> };
>>
>> # native SIP destinations are handled using our USRLOC DB
>>
>> if (!lookup("location")) {
>>
>> sl_send_reply("404", "Not Found");
>>
>> break;
>>
>> };
>>
>> };
>>
>> # forward to current uri now; use stateful forwarding; that
>>
>> # works reliably even if we forward from TCP to UDP
>>
>> if (!t_relay()) {
>>
>> sl_reply_error();
>>
>> };
>>
>> }
>>
>> #
>>
>> # Forcing media relay if necessary
>>
>> #
>>
>> route[1] {
>>
>> #if (uri=~"[@:](192\.168\.|10\.|172\.16)" && !search("^Route:")){
>>
>> # sl_send_reply("479", "We don't forward to private IP addresses");
>>
>> # break;
>>
>> #};
>>
>> #if (isflagset(6)) {
>>
>> force_rtp_proxy(); # I force everything through the proxy
>>
>> t_on_reply("1");
>>
>> append_hf("P-Behind-NAT: Yes\r\n");
>>
>> #};
>>
>> if (!t_relay()) {
>>
>> sl_reply_error();
>>
>> break;
>>
>> };
>>
>> }
>>
>> onreply_route[1] {
>>
>> if (status =~ "(183)|2[0-9][0-9]") {
>>
>> fix_nated_contact();
>>
>> force_rtp_proxy();
>>
>> };
>>
>> }
>>
>>  
>>
>>  
>>    
>>  
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Serusers mailing list
>> serusers at lists.iptel.org
>> http://lists.iptel.org/mailman/listinfo/serusers
>>  
>>
> 
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
> 
>