[Users] newbie wants to forward REGISTERs through DMZ to internal SIP server

yusuf yusuf at ecntelecoms.com
Wed Nov 8 11:02:42 CET 2006 

Simon Barber wrote:
> Hi All,
>  
> I have an internal SIP server that handles registrations, and is used 
> for incoming and outgoing phone calls. It does not do any 
> authentication. I'd like to set up SER in my DMZ, and have it:
>  
> 1. authenticate all requests. (this should be easy - I think I can 
> handle it, although I would like to get digest -> RADIUS auth against an 
> Active directory going).
>  
> 2. forward REGISTER requests to the internal SIP server, both for phones 
> on the internal network and for phones on the external network.
>  
> 3. forward INVITE and ACK requests performing the correct handling of 
> NAT, using RTP helper to forward media when needed.
>  
> Right now I'd love to just get the REGISTER requests doing the right 
> thing. Any help, or even better sample config scripts would be much 
> appreciated.
>  
> Simon


Hi,

I am using OpenSER to forward all INVITES (but I think it can be done for REGISTER's) to a group of 
Asterisk servers behind it.
You are supposed to use the dispatcher module in Openser.

in /etc/dispatcher.list

# group  sip addresses of your * units
1 sip:192.168.0.233:5060
1 sip:192.168.0.196:5060

in /etc/openser.cfg

loadmodule "/usr/lib/openser/modules/dispatcher.so"
modparam("dispatcher", "list_file", "/etc/openser/dispatcher.list")
modparam("dispatcher", "force_dst", 1)
modparam("dispatcher", "flags", 1)

route{

if ( method=="INVITE" ) {
                 # dbg("SIP Request: method [$rm] from [$fu] to [$tu]\n");
                  #xlog("L_INFO", "SIP Request: method [$rm] from [$fu] to [$tu]\n");
                  #log("yusufsSER - INVITE: dispatcher\n");
                  ds_select_domain("1","4");
         # you can also add prefixes, if you need to send account codes
         # like:
         # prefix("123456");
#                sl_send_reply("100","Trying");
#                forward(uri:host, uri:port);
                 forward();
         };

}


if you change method=="INVITE" to method=="REGISTER", it might work  :)

-- 
thanks,
yusuf

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the sr-users mailing list