[Users] caller and callee behind diff NAT - ACK of 200OK is not reaching to callee

shankar shankar_bandal at yahoo.com
Mon Apr 16 06:24:47 CEST 2007


Hi ALL,

Currently I am useing ser 0.9.6 version, I am switching to openser but before that I want to find out whether my scenario is valid. If it is valid then how can I solve this problem using openser.

Belo is message sequence for my scenario.

user1                        NAT router 1          SER Proxy          SIP Server               NAT router 2     User2
(192.x.x.3)                (107.x.x.78)           (107.x.x.201)        (107.x.x.150)           (107.x.y.249)    (192.x.x3)
|  REGISTER(user1)   |REGISTER(user1) |REGISTER(user1)|                                |                           |
|------------------->          |--------------->           |-------------->          |                                |                           |
|                               |                            |REGISTER(user2)|                                |                           |
|                               |                            | ------------>           |                                |                            |
|                               |                            |              REGISTER(user2)                   |  REGISTER(user2)|
|                               |                            | <--------------------------------------------------------|<------------------------ |
| INVITE                    |   INVITE               |    INVITE            |         INVITE             |   INVITE              |
|----------------------------->|-------------------------->| ----------------------->|------------------------------>|------------------------->|
|                               |                            |                          |                                |                           |
|  100 trying               |    100 trying          |                          |                                |                           |
|  <-------------------------- |<------------------------- |                          |                                |                           |
|  180 Ringing            |    180 Ringing       | 180 Ringing        |  180 Ringing             |   180 Ringing       |
| <--------------------------- | <-----------------------  |<----------------------  | <---------------------------- | <----------------------  |
|                               |                            |                          |                                |                           |
| 200 OK                   |  200 OK               |  200 OK             |   200 OK                  |     200 OK           |
| <--------------------------- |  <----------------------  | <---------------------- | <---------------------------- | <----------------------  |
|                               |                            |                          |                                |                           |
| ACK                       |     ACK                |   ACK                 |                                |                           |
| ----------------->           | -----------------------> | ---------------------->  |  ??????                    |                           |
Set up:
user 1:
Internal IP: 192.x.x.3
external ip: 107.x.x.78
user 2:
Internal IP: 192.x.x.3
external ip: 107.x.y.249

Nat routers are FC5 linux PCs on which I have enabled SNAT and posrt forwarding.

In above case user2 is not getting ACK. fix_nated_contact() API of SER is modifying contact
header to the destination ip of receiving message. e.g. SER proxy receives REGISTER meassage 
from user 1 from NAT router 1 then it changing contact ip to the dst ip of REGISTER message i.e.
Nated ip of user1. Because of this RFEGISTER and INVITE goes fine.
But in case of 200 OK of INVITE comming from user 2 dst ip is IP of SIP server, so SER adds server ip in the contact header of 200Ok because of this user1 is sending ACK  to SERVER but not to user2.
If I ignore the ACK (just for testing) and start media using RTPPROXY then media packets are
going to SERVER but not to user2 because force_rtp_proxy follows the same principle like
fix_nated_contact().

Please provide me some pointers. I am not able to unserstand how use1 will know that 200OK is came from user 2. In 200OK message there no reference of the nated IP of user2

below is my SER config file.
# $Id: nat-mediaproxy.cfg 51 2006-01-31 13:28:04Z /CN=Paul Hazlett/emailAddress=paul at onsip.org $
debug=6
fork=no
log_stderror=yes
listen=107.108.70.201           # INSERT YOUR IP ADDRESS HERE
port=5060
children=4
dns=no
rev_dns=no
fifo="/tmp/ser_fifo"
fifo_db_url="mysql://ser:heslo@localhost/ser"
#unix_sock="/tmp/ser_sock"
loadmodule "/usr/local/lib/ser/modules/mysql.so"
loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
#loadmodule "/usr/local/lib/ser/modules/auth.so"
#loadmodule "/usr/local/lib/ser/modules/auth_db.so"
loadmodule "/usr/local/lib/ser/modules/uri.so"
loadmodule "/usr/local/lib/ser/modules/uri_db.so"
#loadmodule "/usr/local/lib/ser/modules/domain.so"
#loadmodule "/usr/local/lib/ser/modules/mediaproxy.so"
loadmodule "/usr/local/lib/ser/modules/nathelper.so"
loadmodule "/usr/local/lib/ser/modules/textops.so"
modparam("auth_db|domain|uri_db|usrloc", "db_url", "mysql://ser:heslo@localhost/ser")
#modparam("auth_db", "calculate_ha1", 1)
#modparam("auth_db", "password_column", "password")
modparam("nathelper", "natping_interval", 30)
modparam("nathelper", "ping_nated_only", 1)
modparam("nathelper", "rtpproxy_sock", "unix:/var/run/rtpproxy.sock")
modparam("usrloc", "db_mode", 2)
modparam("registrar", "nat_flag", 6)
modparam("rr", "enable_full_lr", 1)
route {
# -----------------------------------------------------------------
# Sanity Check Section
# -----------------------------------------------------------------
if (!mf_process_maxfwd_header("10")) {
  sl_send_reply("483", "Too Many Hops");
  break;
};
if (msg:len > max_len) {
  sl_send_reply("513", "Message Overflow");
  break;
};
    # !! Nathelper
    # Special handling for NATed clients; first, NAT test is
    # executed: it looks for via!=received and RFC1918 addresses
    # in Contact (may fail if line-folding is used); also,
    # the received test should, if completed, should check all
    # vias for rpesence of received
    if (nat_uac_test("3")) {
        # Allow RR-ed requests, as these may indicate that
        # a NAT-enabled proxy takes care of it; unless it is
        # a REGISTER
        if (method == "REGISTER" || ! search("^Record-Route:")) {
            log("LOG: Someone trying to register from private IP, rewriting\n");
             # This will work only for user agents that support symmetric
             # communication. We tested quite many of them and majority is
             # smart enough to be symmetric. In some phones it takes a configuration
             # option. With Cisco 7960, it is called NAT_Enable=Yes, with kphone it is
             # called "symmetric media" and "symmetric signalling".
             fix_nated_contact(); # Rewrite contact with source IP of signalling
#             if (method == "INVITE") {
#                 fix_nated_sdp("1"); # Add direction=active to SDP
#              };
             force_rport(); # Add rport parameter to topmost Via
             setflag(6);    # Mark as NATed
         };
    };

# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol
if (!method=="REGISTER") record_route(); 
# -----------------------------------------------------------------
# Call Tear Down Section
# -----------------------------------------------------------------
if (method=="BYE" || method=="CANCEL") {
  unforce_rtp_proxy();
};
# -----------------------------------------------------------------
# Loose Route Section
# -----------------------------------------------------------------
if (loose_route()) {
  if ((method=="INVITE" || method=="REFER") && !has_totag()) {
   sl_send_reply("403", "Forbidden");
   break;
  };
  if (method=="INVITE") {
#   if (!proxy_authorize("","subscriber")) {
#    proxy_challenge("","0");
#    break;
#   } else if (!check_from()) {
#    sl_send_reply("403", "Use From=ID");
#    break;
#   };
#   consume_credentials();
   
      if (nat_uac_test("19")) {
          setflag(6);
          force_rport();
          fix_nated_contact();
         };
      force_rtp_proxy("l");
  };
  route(1);
  break;
   };
# -----------------------------------------------------------------
# Call Type Processing Section
# -----------------------------------------------------------------
if (uri!=myself) {
  route(4);
  route(1);
  break;
};
if (method=="ACK") {
  route(1);
  break;
} else if (method=="CANCEL") {
  route(1);
  break;
} else if (method=="INVITE") {
  route(3);
  break;
} else if (method=="REGISTER") {
  route(2);
  break;
};
lookup("aliases");
if (uri!=myself) {
  append_hf("P-hint: outbound alias\r\n"); 
  route(4);
  route(1);
  break;
};
if (!lookup("location")) {
  sl_send_reply("404", "User Not Found");
  break;
};
route(1);
}
route[1] {
# -----------------------------------------------------------------
# Default Message Handler
# -----------------------------------------------------------------
t_on_reply("1");
if (!t_relay()) {
     if (method=="INVITE" && isflagset(6)) {
      unforce_rtp_proxy();
     };
  sl_reply_error();
};
}
route[2] {
# -----------------------------------------------------------------
# REGISTER Message Handler
# ----------------------------------------------------------------
if (!search("^Contact:[ ]*\*") && nat_uac_test("19")) {
     setflag(6);
     fix_nated_register();
     force_rport();
   };
sl_send_reply("100", "Trying");
# if (!www_authorize("","subscriber")) {
#  www_challenge("","0");
#  break;
# };
# if (!check_to()) {
#  sl_send_reply("401", "Unauthorized");
#  break;
# };
# consume_credentials();
if (!save("location")) {
  sl_reply_error();
};
}


      Send a FREE SMS to your friend's mobile from Yahoo! Messenger. Get it now at http://in.messenger.yahoo.com/




More information about the sr-users mailing list