[Serusers] RTP proxy between two subnetworks with private @s

Joao Pereira joao.pereira at fccn.pt
Wed Oct 19 22:33:50 CEST 2005


Then, do you mean that bridging is different than proxying?
I thought that RTPproxy purpose was to force RTP to pass through SER.
Joao

Klaus Darilion wrote:

> AFAIK you have to use the bridging mode (I never used it myself)
> http://lists.iptel.org/pipermail/serusers/2004-March/006514.html
>
> regards
> klaus
>
> Joao Pereira wrote:
>
>> Hello, did you made it to put the clients of networks A and B to call 
>> each other?
>> I  want to do the same, and tried a lot of SER/RTPproxy 
>> configurations, including the one in:
>> /ser-0.9.0/modules/nathelper/examples/alg.cfg
>> and also tried to run rtpproxy with the "-l 10.0.0.135/193.136.2.2" 
>> option.
>> But I just was able to ring the phones (wen calling between 
>> networks), but the RTP doesnt pass...
>> If you found the solution, please tell me.
>> Thanks
>> Joao Pereia
>> www.fccn.pt
>>
>>
>> Jose Soler wrote:
>>
>>> Hi,
>>>  
>>> I am trying to figure out how to solve the follwoing problem.
>>> I have two subnetworks, A and B, with different private ip adressing 
>>> schemes (IP at A <mailto:IP at A>) and (IP at B <mailto:IP at B>).
>>>  
>>> SER is installed in a computer with network interfaces towards both 
>>> subnetworks.
>>> SER's SIP signalling proxying operation works properly within the 
>>> subnetworks and when trying to set up a communication between users 
>>> in A and B. But in that last case, obviously there is no media at 
>>> all circulating among the subnetworks.
>>>  
>>> Portaone's RTP proxy has been installed and configured in the 
>>> computer with interfaces towards both subnetworks where SER is 
>>> installed.  I am trying to configure SER so that, based on the 
>>> nathelper module, when communication between both subnetworks 
>>> occurs, the RTP proxy is involved and the communication (also media 
>>> and not only signalling) is possible. BUT I am making something 
>>> wrong, becouse it does not work ...
>>>  
>>> Can anyone give me  a hand /hint?
>>> Thanks a lot in advance / in any case.  My SER config file is the 
>>> following:
>>>  
>>>
>>> #
>>>
>>> # ----------- global configuration parameters ------------------------
>>>
>>> /* Uncomment these lines to enter debugging mode
>>>
>>> debug=7
>>>
>>> fork=no
>>>
>>> log_stderror=yes
>>>
>>> */
>>>
>>> check_via=no # (cmd. line: -v)
>>>
>>> dns=no # (cmd. line: -r)
>>>
>>> rev_dns=no # (cmd. line: -R)
>>>
>>> fifo="/tmp/ser_fifo"
>>>
>>> fifo_mode=0662
>>>
>>> alias=wirelessip.x.x.x
>>>
>>> alias=sip..x.x.x
>>>
>>> alias=x.x.x
>>>
>>> log_stderror=no
>>>
>>> debug=3
>>>
>>> children=3
>>>
>>> mhomed=1
>>>
>>> # ------------------ module loading ----------------------------------
>>>
>>> # Uncomment this if you want to use SQL database
>>>
>>> loadmodule "/lib/ser/modules/mysql.so"
>>>
>>> loadmodule "/lib/ser/modules/sl.so"
>>>
>>> loadmodule "/lib/ser/modules/tm.so"
>>>
>>> loadmodule "/lib/ser/modules/rr.so"
>>>
>>> loadmodule "/lib/ser/modules/maxfwd.so"
>>>
>>> loadmodule "/lib/ser/modules/usrloc.so"
>>>
>>> loadmodule "/lib/ser/modules/textops.so"
>>>
>>> loadmodule "/lib/ser/modules/registrar.so"
>>>
>>> # Uncomment this if you want digest authentication
>>>
>>> # mysql.so must be loaded !
>>>
>>> loadmodule "/lib/ser/modules/auth.so"
>>>
>>> loadmodule "/lib/ser/modules/auth_db.so"
>>>
>>> # For NAT support / media proxying
>>>
>>> loadmodule "/lib/ser/modules/nathelper.so"
>>>
>>> # ----------------- setting module-specific parameters ---------------
>>>
>>> # -- usrloc params --
>>>
>>> #modparam("usrloc", "db_mode", 0)
>>>
>>> # Uncomment this if you want to use SQL database
>>>
>>> # for persistent storage and comment the previous line
>>>
>>> modparam("usrloc", "db_mode", 2)
>>>
>>> # -- auth params --
>>>
>>> # Uncomment if you are using auth module
>>>
>>> modparam("auth_db", "calculate_ha1", yes)
>>>
>>> # If you set "calculate_ha1" parameter to yes (which true in this 
>>> config),
>>>
>>> # uncomment also the following parameter)
>>>
>>> modparam("auth_db", "password_column", "password")
>>>
>>> # -- rr params --
>>>
>>> # add value to ;lr param to make some broken UAs happy
>>>
>>> modparam("rr", "enable_full_lr", 1)
>>>
>>> # For NAT
>>>
>>> # We will use flag 6 to mark NATed contacts
>>>
>>> modparam("registrar", "nat_flag", 6)
>>>
>>> # Enable NAT pinging
>>>
>>> modparam("nathelper", "natping_interval", 60)
>>>
>>> # Ping only contacts that are known to be
>>>
>>> # behind NAT
>>>
>>> modparam("nathelper", "ping_nated_only", 1)
>>>
>>> # ------------------------- request routing logic -------------------
>>>
>>> # main routing logic
>>>
>>> route{
>>>
>>> # initial sanity checks -- messages with
>>>
>>> # max_forwards==0, or excessively long requests
>>>
>>> if (!mf_process_maxfwd_header("10")) {
>>>
>>> sl_send_reply("483","Too Many Hops");
>>>
>>> break;
>>>
>>> };
>>>
>>> if ( msg:len > max_len ) {
>>>
>>> sl_send_reply("513", "Message too big");
>>>
>>> break;
>>>
>>> };
>>>
>>> # special handling for NATed clients; first, nat test is
>>>
>>> # executed: it looks for via!=received and RFC1918 addresses
>>>
>>> # in Contact (may fail if line-folding used); also,
>>>
>>> # the received test should, if complete, should check all
>>>
>>> # vias for presence of received
>>>
>>> if (nat_uac_test("3")) {
>>>
>>> # allow RR-ed requests, as these may indicate that
>>>
>>> # a NAT-enabled proxy takes care of it; unless it is
>>>
>>> # a REGISTER
>>>
>>> if (method == "REGISTER" || ! search("^Record-Route:")) {
>>>
>>> log("LOG: Someone trying to register from private IP, rewriting\n");
>>>
>>> # This will work only for user agents that support symmetric
>>>
>>> # communication. We tested quite many of them and majority is
>>>
>>> # smart smart enough to be symmetric. In some phones, like
>>>
>>> # it takes a configuration option. With Cisco 7960, it is
>>>
>>> # called NAT_Enable=Yes, with kphone it is called
>>>
>>> # "symmetric media" and "symmetric signaling". (The latter
>>>
>>> # not part of public released yet.)
>>>
>>> fix_nated_contact(); # Rewrite contact with source IP of signalling
>>>
>>> if (method == "INVITE") {
>>>
>>> fix_nated_sdp("1"); # Add direction=active to SDP
>>>
>>> };
>>>
>>> force_rport(); # Add rport parameter to topmost Via
>>>
>>> setflag(6); # Mark as NATed
>>>
>>> };
>>>
>>> };
>>>
>>> # we record-route all messages -- to make sure that
>>>
>>> # subsequent messages will go through our proxy; that's
>>>
>>> # particularly good if upstream and downstream entities
>>>
>>> # use different transport protocol
>>>
>>> record_route();
>>>
>>> # loose-route processing
>>>
>>> if (loose_route()) {
>>>
>>> t_relay();
>>>
>>> break;
>>>
>>> };
>>>
>>> lookup("aliases");
>>>
>>> # if the request is for other domain use UsrLoc
>>>
>>> # (in case, it does not work, use the following command
>>>
>>> # with proper names and addresses in it)
>>>
>>> if (uri==myself) {
>>>
>>> if (method=="REGISTER") {
>>>
>>> # Uncomment this if you want to use digest authentication
>>>
>>> if (!www_authorize("com.dtu.dk", "subscriber")) {
>>>
>>> www_challenge("com.dtu.dk", "0");
>>>
>>> break;
>>>
>>> };
>>>
>>> save("location");
>>>
>>> break;
>>>
>>> };
>>>
>>> # native SIP destinations are handled using our USRLOC DB
>>>
>>> if (!lookup("location")) {
>>>
>>> sl_send_reply("404", "Not Found");
>>>
>>> break;
>>>
>>> };
>>>
>>> };
>>>
>>> # forward to current uri now; use stateful forwarding; that
>>>
>>> # works reliably even if we forward from TCP to UDP
>>>
>>> if (!t_relay()) {
>>>
>>> sl_reply_error();
>>>
>>> };
>>>
>>> }
>>>
>>> #
>>>
>>> # Forcing media relay if necessary
>>>
>>> #
>>>
>>> route[1] {
>>>
>>> #if (uri=~"[@:](192\.168\.|10\.|172\.16)" && !search("^Route:")){
>>>
>>> # sl_send_reply("479", "We don't forward to private IP addresses");
>>>
>>> # break;
>>>
>>> #};
>>>
>>> #if (isflagset(6)) {
>>>
>>> force_rtp_proxy(); # I force everything through the proxy
>>>
>>> t_on_reply("1");
>>>
>>> append_hf("P-Behind-NAT: Yes\r\n");
>>>
>>> #};
>>>
>>> if (!t_relay()) {
>>>
>>> sl_reply_error();
>>>
>>> break;
>>>
>>> };
>>>
>>> }
>>>
>>> onreply_route[1] {
>>>
>>> if (status =~ "(183)|2[0-9][0-9]") {
>>>
>>> fix_nated_contact();
>>>
>>> force_rtp_proxy();
>>>
>>> };
>>>
>>> }
>>>
>>>  
>>>
>>>  
>>>     
>>>
>>> ------------------------------------------------------------------------ 
>>>
>>>
>>> _______________________________________________
>>> Serusers mailing list
>>> serusers at lists.iptel.org
>>> http://lists.iptel.org/mailman/listinfo/serusers
>>>  
>>>
>>
>> _______________________________________________
>> Serusers mailing list
>> serusers at lists.iptel.org
>> http://lists.iptel.org/mailman/listinfo/serusers
>>
>>
>
>




More information about the sr-users mailing list