[Serusers] SER for NAT client
satish patel
linuxtrap at yahoo.co.in
Wed Apr 2 12:22:32 CEST 2008
Dear Gonzalo
Thanx to send it me URL . I have SER setup on public IP ( without NAT) and my client or IP phone behind the single NAT router but i want to know how my RTP goes to IP phone to IP phone means both SIP phone behind the same NAT so RTP should be between both SIP device means SER not come in media path .
How to i test it my RTP channel up between both end point not SER intermediater means i want stateless SER model
I am sending my configuration can you explain me is it correct ???
debug=6
fork=yes
log_stderror=yes
listen=xxx.xxx.xxx.xxx # INSERT YOUR IP ADDRESS HERE
port=5060
children=4
dns=no
rev_dns=no
fifo="/tmp/ser_fifo"
fifo_db_url="mysql://ser:heslo@localhost/ser"
loadmodule "/usr/local/lib/ser/modules/mysql.so"
loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
loadmodule "/usr/local/lib/ser/modules/auth.so"
loadmodule "/usr/local/lib/ser/modules/auth_db.so"
loadmodule "/usr/local/lib/ser/modules/uri.so"
loadmodule "/usr/local/lib/ser/modules/uri_db.so"
loadmodule "/usr/local/lib/ser/modules/domain.so"
loadmodule "/usr/local/lib/ser/modules/mediaproxy.so"
loadmodule "/usr/local/lib/ser/modules/nathelper.so"
loadmodule "/usr/local/lib/ser/modules/textops.so"
loadmodule "/usr/local/lib/ser/modules/xlog.so"
modparam("auth_db|domain|uri_db|usrloc", "db_url", "mysql://ser:heslo@localhost/ser")
modparam("auth_db", "calculate_ha1", 1)
modparam("auth_db", "password_column", "password")
modparam("nathelper", "rtpproxy_disable", 1)
modparam("nathelper", "natping_interval", 0)
modparam("mediaproxy","natping_interval", 30)
modparam("mediaproxy","mediaproxy_socket", "/var/run/mediaproxy.sock")
#modparam("mediaproxy","sip_asymmetrics","/usr/local/etc/ser/sip-clients")
#modparam("mediaproxy","rtp_asymmetrics","/usr/local/etc/ser/rtp-clients")
modparam("usrloc", "db_mode", 2)
modparam("domain", "domain_table", "domain")
modparam("domain", "domain_col", "domain")
modparam("usrloc|registrar|auth_db|avpops|group", "use_domain", 1)
modparam("uri_db", "use_domain", 1)
modparam("uri_db", "use_uri_table", 1)
modparam("registrar", "nat_flag", 6)
modparam("rr", "enable_full_lr", 1)
route {
# -----------------------------------------------------------------
# Sanity Check Section
# -----------------------------------------------------------------
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483", "Too Many Hops");
break;
};
if (msg:len > max_len) {
sl_send_reply("513", "Message Overflow");
break;
};
# -----------------------------------------------------------------
# Record Route Section
# -----------------------------------------------------------------
xlog("L_NOTICE","$rm from $si at $Tf\n");
if (method=="INVITE" && client_nat_test("3")) {
# INSERT YOUR IP ADDRESS HERE
record_route_preset("xxx.xxx.xx.xxx:5060;nat=yes");
} else if (method!="REGISTER") {
record_route();
};
# -----------------------------------------------------------------
# Call Tear Down Section
# -----------------------------------------------------------------
if (method=="BYE" || method=="CANCEL") {
end_media_session();
};
# -----------------------------------------------------------------
# Loose Route Section
# -----------------------------------------------------------------
if (loose_route()) {
if ((method=="INVITE" || method=="REFER") && !has_totag()) {
sl_send_reply("403", "Forbidden");
break;
};
if (method=="INVITE") {
if (!proxy_authorize("","subscriber")) {
proxy_challenge("","0");
break;
} else if (!check_from()) {
sl_send_reply("403", "Use From=ID");
break;
};
consume_credentials();
if (client_nat_test("3") || search("^Route:.*;nat=yes")) {
setflag(6);
use_media_proxy();
};
};
route(1);
break;
};
# -----------------------------------------------------------------
# Call Type Processing Section
# -----------------------------------------------------------------
if (uri==myself) {
route(4);
route(1);
break;
};
if (method=="ACK") {
route(1);
break;
} else if (method=="CANCEL") {
route(1);
break;
} else
if (method=="INVITE") {
route(3);
break;
}
else
if (method=="REGISTER") {
route(2);
break;
};
lookup("aliases");
if (uri==myself) {
route(4);
route(1);
break;
};
if (!lookup("location")) {
sl_send_reply("404", "User Not Found");
break;
};
route(1);
}
route[1] {
# -----------------------------------------------------------------
# Default Message Handler
# -----------------------------------------------------------------
t_on_reply("1");
if (!t_relay()) {
if (method=="INVITE" || method=="ACK") {
end_media_session();
};
sl_reply_error();
};
}
# REGISTER Message Handling
# -------------------------
route[2] {
sl_send_reply("100", "Trying");
if (!search("^Contact:[ ] *\*") && client_nat_test("7")) {
setflag(6);
fix_nated_register();
force_rport();
};
if (!www_authorize("","subscriber")) {
www_challenge("","0");
break;
};
if (!check_to()) {
sl_send_reply("401", "Unauthorized");
break;
};
consume_credentials();
if (!save("location")) {
sl_reply_error();
};
}
route[3] {
# -----------------------------------------------------------------
# INVITE Message Handler
# -----------------------------------------------------------------
if (client_nat_test("3")) {
setflag(7);
force_rport();
fix_nated_contact();
};
if (!proxy_authorize("","subscriber")) {
xlog("L_NOTICE","Unable to verify the credentials\n");
proxy_challenge("","0");
break;
} else if (!check_from()) {
sl_send_reply("403", "Use From=ID");
break;
};
consume_credentials();
lookup("aliases");
if (uri==myself) {
route(4);
route(1);
break;
};
if (!lookup("location")) {
sl_send_reply("404", "User Not Found");
break;
};
route(4);
route(1);
}
route[4] {
# -----------------------------------------------------------------
# NAT Traversal Section
# -----------------------------------------------------------------
if (isflagset(6) || isflagset(7)) {
if (!isflagset(8)) {
setflag(8);
use_media_proxy();
};
};
}
onreply_route[1] {
if ((isflagset(6) || isflagset(7)) && (status=~"(180)|(183)|2[0-9][0-9]")) {
if (!search("^Content-Length:[ ]*0")) {
use_media_proxy();
};
};
if (client_nat_test("1")) {
fix_nated_contact();
};
}
"Gonzalo J. Sambucaro" <gonzalo.sambucaro at mslc.com.ar> wrote: http://download.dns-hosting.info/MediaProxy/NATtraversal-BestPractices.pdf
reads can help it to understand.
Regards, Gonzalo.
> Dear all
>
> I have a bit confusen about server and nat its stupid
> question but i want to clear it wil your suggestions..
>
> I am going to impliment SER for my customers with domain base
> authentication.
> Now if my client behind the NAT then how my RTP make connection between
> two IP phone
>
> [SER]
> / \
> / \
> / \
> [A] [B]
>
> In this case RTP between [A] to [B] right
>
> But when both [A] and [B] behind the same NAT router then what about RTP
> what is the path ???
>
> What is the pass of RTP between [A] and [B] in this case
>
> [SER]
> |
> |
> |
> [NAT]
> / \
> / \
> [A] [B]
>
>
>
> $ cat ~/satish/url.txt
>
> http://www.linuxbug.org
> _____________________________________________________________________________________________________
>
>
> ---------------------------------
> Now you can chat without downloading messenger. Click here to know
> how._______________________________________________
> Serusers mailing list
> Serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>
--
Gonzalo J. Sambucaro
Ingeniería de Software
Tel: +54-341-4230504
MSLC
gonzalo.sambucaro at mslc.com.ar
www.mslc.com.ar
Ocampo y Esmeralda - Vivero de Empresas de Base Tecnológica
Ciudad Universitaria Rosario UNR, CCT CONICET
Rosario - Santa Fé - Argentina
_______________________________________________
Serusers mailing list
Serusers at lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
$ cat ~/satish/url.txt
http://www.linuxbug.org
_____________________________________________________________________________________________________
---------------------------------
Now you can chat without downloading messenger. Click here to know how.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20080402/fb4b74e6/attachment.htm>
More information about the sr-users
mailing list