[Serusers] RTP proxy between two subnetworks with private @s

Klaus Darilion klaus.mailinglists at pernau.at
Wed Oct 19 23:27:27 CEST 2005 

Usually rtpproxy listens on one interface using two ports per call (one 
for each call leg).

In bridging mode, it uses 2 interfaces and one port on each interface 
(per call).

regards
klaus

Joao Pereira wrote:
> Then, do you mean that bridging is different than proxying?
> I thought that RTPproxy purpose was to force RTP to pass through SER.
> Joao
> 
> Klaus Darilion wrote:
> 
>> AFAIK you have to use the bridging mode (I never used it myself)
>> http://lists.iptel.org/pipermail/serusers/2004-March/006514.html
>>
>> regards
>> klaus
>>
>> Joao Pereira wrote:
>>
>>> Hello, did you made it to put the clients of networks A and B to call 
>>> each other?
>>> I  want to do the same, and tried a lot of SER/RTPproxy 
>>> configurations, including the one in:
>>> /ser-0.9.0/modules/nathelper/examples/alg.cfg
>>> and also tried to run rtpproxy with the "-l 10.0.0.135/193.136.2.2" 
>>> option.
>>> But I just was able to ring the phones (wen calling between 
>>> networks), but the RTP doesnt pass...
>>> If you found the solution, please tell me.
>>> Thanks
>>> Joao Pereia
>>> www.fccn.pt
>>>
>>>
>>> Jose Soler wrote:
>>>
>>>> Hi,
>>>>  
>>>> I am trying to figure out how to solve the follwoing problem.
>>>> I have two subnetworks, A and B, with different private ip adressing 
>>>> schemes (IP at A <mailto:IP at A>) and (IP at B <mailto:IP at B>).
>>>>  
>>>> SER is installed in a computer with network interfaces towards both 
>>>> subnetworks.
>>>> SER's SIP signalling proxying operation works properly within the 
>>>> subnetworks and when trying to set up a communication between users 
>>>> in A and B. But in that last case, obviously there is no media at 
>>>> all circulating among the subnetworks.
>>>>  
>>>> Portaone's RTP proxy has been installed and configured in the 
>>>> computer with interfaces towards both subnetworks where SER is 
>>>> installed.  I am trying to configure SER so that, based on the 
>>>> nathelper module, when communication between both subnetworks 
>>>> occurs, the RTP proxy is involved and the communication (also media 
>>>> and not only signalling) is possible. BUT I am making something 
>>>> wrong, becouse it does not work ...
>>>>  
>>>> Can anyone give me  a hand /hint?
>>>> Thanks a lot in advance / in any case.  My SER config file is the 
>>>> following:
>>>>  
>>>>
>>>> #
>>>>
>>>> # ----------- global configuration parameters ------------------------
>>>>
>>>> /* Uncomment these lines to enter debugging mode
>>>>
>>>> debug=7
>>>>
>>>> fork=no
>>>>
>>>> log_stderror=yes
>>>>
>>>> */
>>>>
>>>> check_via=no # (cmd. line: -v)
>>>>
>>>> dns=no # (cmd. line: -r)
>>>>
>>>> rev_dns=no # (cmd. line: -R)
>>>>
>>>> fifo="/tmp/ser_fifo"
>>>>
>>>> fifo_mode=0662
>>>>
>>>> alias=wirelessip.x.x.x
>>>>
>>>> alias=sip..x.x.x
>>>>
>>>> alias=x.x.x
>>>>
>>>> log_stderror=no
>>>>
>>>> debug=3
>>>>
>>>> children=3
>>>>
>>>> mhomed=1
>>>>
>>>> # ------------------ module loading ----------------------------------
>>>>
>>>> # Uncomment this if you want to use SQL database
>>>>
>>>> loadmodule "/lib/ser/modules/mysql.so"
>>>>
>>>> loadmodule "/lib/ser/modules/sl.so"
>>>>
>>>> loadmodule "/lib/ser/modules/tm.so"
>>>>
>>>> loadmodule "/lib/ser/modules/rr.so"
>>>>
>>>> loadmodule "/lib/ser/modules/maxfwd.so"
>>>>
>>>> loadmodule "/lib/ser/modules/usrloc.so"
>>>>
>>>> loadmodule "/lib/ser/modules/textops.so"
>>>>
>>>> loadmodule "/lib/ser/modules/registrar.so"
>>>>
>>>> # Uncomment this if you want digest authentication
>>>>
>>>> # mysql.so must be loaded !
>>>>
>>>> loadmodule "/lib/ser/modules/auth.so"
>>>>
>>>> loadmodule "/lib/ser/modules/auth_db.so"
>>>>
>>>> # For NAT support / media proxying
>>>>
>>>> loadmodule "/lib/ser/modules/nathelper.so"
>>>>
>>>> # ----------------- setting module-specific parameters ---------------
>>>>
>>>> # -- usrloc params --
>>>>
>>>> #modparam("usrloc", "db_mode", 0)
>>>>
>>>> # Uncomment this if you want to use SQL database
>>>>
>>>> # for persistent storage and comment the previous line
>>>>
>>>> modparam("usrloc", "db_mode", 2)
>>>>
>>>> # -- auth params --
>>>>
>>>> # Uncomment if you are using auth module
>>>>
>>>> modparam("auth_db", "calculate_ha1", yes)
>>>>
>>>> # If you set "calculate_ha1" parameter to yes (which true in this 
>>>> config),
>>>>
>>>> # uncomment also the following parameter)
>>>>
>>>> modparam("auth_db", "password_column", "password")
>>>>
>>>> # -- rr params --
>>>>
>>>> # add value to ;lr param to make some broken UAs happy
>>>>
>>>> modparam("rr", "enable_full_lr", 1)
>>>>
>>>> # For NAT
>>>>
>>>> # We will use flag 6 to mark NATed contacts
>>>>
>>>> modparam("registrar", "nat_flag", 6)
>>>>
>>>> # Enable NAT pinging
>>>>
>>>> modparam("nathelper", "natping_interval", 60)
>>>>
>>>> # Ping only contacts that are known to be
>>>>
>>>> # behind NAT
>>>>
>>>> modparam("nathelper", "ping_nated_only", 1)
>>>>
>>>> # ------------------------- request routing logic -------------------
>>>>
>>>> # main routing logic
>>>>
>>>> route{
>>>>
>>>> # initial sanity checks -- messages with
>>>>
>>>> # max_forwards==0, or excessively long requests
>>>>
>>>> if (!mf_process_maxfwd_header("10")) {
>>>>
>>>> sl_send_reply("483","Too Many Hops");
>>>>
>>>> break;
>>>>
>>>> };
>>>>
>>>> if ( msg:len > max_len ) {
>>>>
>>>> sl_send_reply("513", "Message too big");
>>>>
>>>> break;
>>>>
>>>> };
>>>>
>>>> # special handling for NATed clients; first, nat test is
>>>>
>>>> # executed: it looks for via!=received and RFC1918 addresses
>>>>
>>>> # in Contact (may fail if line-folding used); also,
>>>>
>>>> # the received test should, if complete, should check all
>>>>
>>>> # vias for presence of received
>>>>
>>>> if (nat_uac_test("3")) {
>>>>
>>>> # allow RR-ed requests, as these may indicate that
>>>>
>>>> # a NAT-enabled proxy takes care of it; unless it is
>>>>
>>>> # a REGISTER
>>>>
>>>> if (method == "REGISTER" || ! search("^Record-Route:")) {
>>>>
>>>> log("LOG: Someone trying to register from private IP, rewriting\n");
>>>>
>>>> # This will work only for user agents that support symmetric
>>>>
>>>> # communication. We tested quite many of them and majority is
>>>>
>>>> # smart smart enough to be symmetric. In some phones, like
>>>>
>>>> # it takes a configuration option. With Cisco 7960, it is
>>>>
>>>> # called NAT_Enable=Yes, with kphone it is called
>>>>
>>>> # "symmetric media" and "symmetric signaling". (The latter
>>>>
>>>> # not part of public released yet.)
>>>>
>>>> fix_nated_contact(); # Rewrite contact with source IP of signalling
>>>>
>>>> if (method == "INVITE") {
>>>>
>>>> fix_nated_sdp("1"); # Add direction=active to SDP
>>>>
>>>> };
>>>>
>>>> force_rport(); # Add rport parameter to topmost Via
>>>>
>>>> setflag(6); # Mark as NATed
>>>>
>>>> };
>>>>
>>>> };
>>>>
>>>> # we record-route all messages -- to make sure that
>>>>
>>>> # subsequent messages will go through our proxy; that's
>>>>
>>>> # particularly good if upstream and downstream entities
>>>>
>>>> # use different transport protocol
>>>>
>>>> record_route();
>>>>
>>>> # loose-route processing
>>>>
>>>> if (loose_route()) {
>>>>
>>>> t_relay();
>>>>
>>>> break;
>>>>
>>>> };
>>>>
>>>> lookup("aliases");
>>>>
>>>> # if the request is for other domain use UsrLoc
>>>>
>>>> # (in case, it does not work, use the following command
>>>>
>>>> # with proper names and addresses in it)
>>>>
>>>> if (uri==myself) {
>>>>
>>>> if (method=="REGISTER") {
>>>>
>>>> # Uncomment this if you want to use digest authentication
>>>>
>>>> if (!www_authorize("com.dtu.dk", "subscriber")) {
>>>>
>>>> www_challenge("com.dtu.dk", "0");
>>>>
>>>> break;
>>>>
>>>> };
>>>>
>>>> save("location");
>>>>
>>>> break;
>>>>
>>>> };
>>>>
>>>> # native SIP destinations are handled using our USRLOC DB
>>>>
>>>> if (!lookup("location")) {
>>>>
>>>> sl_send_reply("404", "Not Found");
>>>>
>>>> break;
>>>>
>>>> };
>>>>
>>>> };
>>>>
>>>> # forward to current uri now; use stateful forwarding; that
>>>>
>>>> # works reliably even if we forward from TCP to UDP
>>>>
>>>> if (!t_relay()) {
>>>>
>>>> sl_reply_error();
>>>>
>>>> };
>>>>
>>>> }
>>>>
>>>> #
>>>>
>>>> # Forcing media relay if necessary
>>>>
>>>> #
>>>>
>>>> route[1] {
>>>>
>>>> #if (uri=~"[@:](192\.168\.|10\.|172\.16)" && !search("^Route:")){
>>>>
>>>> # sl_send_reply("479", "We don't forward to private IP addresses");
>>>>
>>>> # break;
>>>>
>>>> #};
>>>>
>>>> #if (isflagset(6)) {
>>>>
>>>> force_rtp_proxy(); # I force everything through the proxy
>>>>
>>>> t_on_reply("1");
>>>>
>>>> append_hf("P-Behind-NAT: Yes\r\n");
>>>>
>>>> #};
>>>>
>>>> if (!t_relay()) {
>>>>
>>>> sl_reply_error();
>>>>
>>>> break;
>>>>
>>>> };
>>>>
>>>> }
>>>>
>>>> onreply_route[1] {
>>>>
>>>> if (status =~ "(183)|2[0-9][0-9]") {
>>>>
>>>> fix_nated_contact();
>>>>
>>>> force_rtp_proxy();
>>>>
>>>> };
>>>>
>>>> }
>>>>
>>>>  
>>>>
>>>>  
>>>>    
>>>> ------------------------------------------------------------------------ 
>>>>
>>>>
>>>> _______________________________________________
>>>> Serusers mailing list
>>>> serusers at lists.iptel.org
>>>> http://lists.iptel.org/mailman/listinfo/serusers
>>>>  
>>>>
>>>
>>> _______________________________________________
>>> Serusers mailing list
>>> serusers at lists.iptel.org
>>> http://lists.iptel.org/mailman/listinfo/serusers
>>>
>>>
>>
>>
> 
>

More information about the sr-users mailing list