[Serusers] RTP proxy between two subnetworks with private @s

Thu Oct 20 08:44:32 CEST 2005

Hi Joao,
No I was not able to solve the issue. 

It seems (this is my guess tough) that the Portaone RTP proxy assumes that it has one public IP adress, so the valid configuration to use it is Public Nt-Private Nt. I was not able to make it work in other configurations (neiher I got feedback from Portaone to do so). 

Nevertheless the code is available, so it could be modified...as long as you have the time and will to do so. I did not ;).

Best regards,

josé

-----Original Message-----
From: Joao Pereira [mailto:joao.pereira at fccn.pt] 
Sent: 19. oktober 2005 20:17
To: Jose Soler; serusers at lists.iptel.org
Subject: Re: [Serusers] RTP proxy between two subnetworks with private @s

Hello, did you made it to put the clients of networks A and B to call 
each other?
I  want to do the same, and tried a lot of SER/RTPproxy configurations, 
including the one in: /ser-0.9.0/modules/nathelper/examples/alg.cfg
and also tried to run rtpproxy with the "-l 10.0.0.135/193.136.2.2" option. But I just was able to ring the phones (wen calling between networks), 
but the RTP doesnt pass...
If you found the solution, please tell me.
Thanks
Joao Pereia
www.fccn.pt

Jose Soler wrote:

> Hi,
>  
> I am trying to figure out how to solve the follwoing problem. I have 
> two subnetworks, A and B, with different private ip adressing schemes 
> (IP at A <mailto:IP at A>) and (IP at B <mailto:IP at B>).
>  
> SER is installed in a computer with network interfaces towards both
> subnetworks.
> SER's SIP signalling proxying operation works properly within the 
> subnetworks and when trying to set up a communication between users in 
> A and B. But in that last case, obviously there is no media at all 
> circulating among the subnetworks.
>  
> Portaone's RTP proxy has been installed and configured in the computer
> with interfaces towards both subnetworks where SER is installed. 
>  
> I am trying to configure SER so that, based on the nathelper module,
> when communication between both subnetworks occurs, the RTP proxy is 
> involved and the communication (also media and not only signalling) is 
> possible. BUT I am making something wrong, becouse it does not work ...
>  
> Can anyone give me  a hand /hint?
> Thanks a lot in advance / in any case.
>  
> My SER config file is the following:
>  
>
> #
>
> # ----------- global configuration parameters ------------------------
>
> /* Uncomment these lines to enter debugging mode
>
> debug=7
>
> fork=no
>
> log_stderror=yes
>
> */
>
> check_via=no # (cmd. line: -v)
>
> dns=no # (cmd. line: -r)
>
> rev_dns=no # (cmd. line: -R)
>
> fifo="/tmp/ser_fifo"
>
> fifo_mode=0662
>
> alias=wirelessip.x.x.x
>
> alias=sip..x.x.x
>
> alias=x.x.x
>
> log_stderror=no
>
> debug=3
>
> children=3
>
> mhomed=1
>
> # ------------------ module loading ----------------------------------
>
> # Uncomment this if you want to use SQL database
>
> loadmodule "/lib/ser/modules/mysql.so"
>
> loadmodule "/lib/ser/modules/sl.so"
>
> loadmodule "/lib/ser/modules/tm.so"
>
> loadmodule "/lib/ser/modules/rr.so"
>
> loadmodule "/lib/ser/modules/maxfwd.so"
>
> loadmodule "/lib/ser/modules/usrloc.so"
>
> loadmodule "/lib/ser/modules/textops.so"
>
> loadmodule "/lib/ser/modules/registrar.so"
>
> # Uncomment this if you want digest authentication
>
> # mysql.so must be loaded !
>
> loadmodule "/lib/ser/modules/auth.so"
>
> loadmodule "/lib/ser/modules/auth_db.so"
>
> # For NAT support / media proxying
>
> loadmodule "/lib/ser/modules/nathelper.so"
>
> # ----------------- setting module-specific parameters ---------------
>
> # -- usrloc params --
>
> #modparam("usrloc", "db_mode", 0)
>
> # Uncomment this if you want to use SQL database
>
> # for persistent storage and comment the previous line
>
> modparam("usrloc", "db_mode", 2)
>
> # -- auth params --
>
> # Uncomment if you are using auth module
>
> modparam("auth_db", "calculate_ha1", yes)
>
> # If you set "calculate_ha1" parameter to yes (which true in this
> config),
>
> # uncomment also the following parameter)
>
> modparam("auth_db", "password_column", "password")
>
> # -- rr params --
>
> # add value to ;lr param to make some broken UAs happy
>
> modparam("rr", "enable_full_lr", 1)
>
> # For NAT
>
> # We will use flag 6 to mark NATed contacts
>
> modparam("registrar", "nat_flag", 6)
>
> # Enable NAT pinging
>
> modparam("nathelper", "natping_interval", 60)
>
> # Ping only contacts that are known to be
>
> # behind NAT
>
> modparam("nathelper", "ping_nated_only", 1)
>
> # ------------------------- request routing logic -------------------
>
> # main routing logic
>
> route{
>
> # initial sanity checks -- messages with
>
> # max_forwards==0, or excessively long requests
>
> if (!mf_process_maxfwd_header("10")) {
>
> sl_send_reply("483","Too Many Hops");
>
> break;
>
> };
>
> if ( msg:len > max_len ) {
>
> sl_send_reply("513", "Message too big");
>
> break;
>
> };
>
> # special handling for NATed clients; first, nat test is
>
> # executed: it looks for via!=received and RFC1918 addresses
>
> # in Contact (may fail if line-folding used); also,
>
> # the received test should, if complete, should check all
>
> # vias for presence of received
>
> if (nat_uac_test("3")) {
>
> # allow RR-ed requests, as these may indicate that
>
> # a NAT-enabled proxy takes care of it; unless it is
>
> # a REGISTER
>
> if (method == "REGISTER" || ! search("^Record-Route:")) {
>
> log("LOG: Someone trying to register from private IP, rewriting\n");
>
> # This will work only for user agents that support symmetric
>
> # communication. We tested quite many of them and majority is
>
> # smart smart enough to be symmetric. In some phones, like
>
> # it takes a configuration option. With Cisco 7960, it is
>
> # called NAT_Enable=Yes, with kphone it is called
>
> # "symmetric media" and "symmetric signaling". (The latter
>
> # not part of public released yet.)
>
> fix_nated_contact(); # Rewrite contact with source IP of signalling
>
> if (method == "INVITE") {
>
> fix_nated_sdp("1"); # Add direction=active to SDP
>
> };
>
> force_rport(); # Add rport parameter to topmost Via
>
> setflag(6); # Mark as NATed
>
> };
>
> };
>
> # we record-route all messages -- to make sure that
>
> # subsequent messages will go through our proxy; that's
>
> # particularly good if upstream and downstream entities
>
> # use different transport protocol
>
> record_route();
>
> # loose-route processing
>
> if (loose_route()) {
>
> t_relay();
>
> break;
>
> };
>
> lookup("aliases");
>
> # if the request is for other domain use UsrLoc
>
> # (in case, it does not work, use the following command
>
> # with proper names and addresses in it)
>
> if (uri==myself) {
>
> if (method=="REGISTER") {
>
> # Uncomment this if you want to use digest authentication
>
> if (!www_authorize("com.dtu.dk", "subscriber")) {
>
> www_challenge("com.dtu.dk", "0");
>
> break;
>
> };
>
> save("location");
>
> break;
>
> };
>
> # native SIP destinations are handled using our USRLOC DB
>
> if (!lookup("location")) {
>
> sl_send_reply("404", "Not Found");
>
> break;
>
> };
>
> };
>
> # forward to current uri now; use stateful forwarding; that
>
> # works reliably even if we forward from TCP to UDP
>
> if (!t_relay()) {
>
> sl_reply_error();
>
> };
>
> }
>
> #
>
> # Forcing media relay if necessary
>
> #
>
> route[1] {
>
> #if (uri=~"[@:](192\.168\.|10\.|172\.16)" && !search("^Route:")){
>
> # sl_send_reply("479", "We don't forward to private IP addresses");
>
> # break;
>
> #};
>
> #if (isflagset(6)) {
>
> force_rtp_proxy(); # I force everything through the proxy
>
> t_on_reply("1");
>
> append_hf("P-Behind-NAT: Yes\r\n");
>
> #};
>
> if (!t_relay()) {
>
> sl_reply_error();
>
> break;
>
> };
>
> }
>
> onreply_route[1] {
>
> if (status =~ "(183)|2[0-9][0-9]") {
>
> fix_nated_contact();
>
> force_rtp_proxy();
>
> };
>
> }
>
>  
>
>  
>   
>  
>  
>
>-----------------------------------------------------------------------
>-
>
>_______________________________________________
>Serusers mailing list
>serusers at lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
>  
>