[Serusers] SER for NAT client
Gonzalo J. Sambucaro
gonzalo.sambucaro at mslc.com.ar
Thu Apr 3 16:10:21 CEST 2008
Satish,
the RTP/RTCP ideal traffic is:
SIP PHONE A <--> NAT A <--> SIP PHONE B (public IP)
this flow is obtained using NAT Traversal solutions (for example mediaproxy).
SIP PHONE A <--> NAT A <--> MEDIA PROXY (public IP) <--> SIP PHONE B
(public IP)
without NAT Traversal solutions the traffic is:
SIP PHONE A --> NAT A --> SIP PHONE B (public IP)
SIP PHONE A x------------ SIP PHONE B (public IP)
SIP PHONE B listen to SIP PHONE A but it send RTP/RTCPs to SIP PHONE A
(private IP) and this is the problem, SIP PHONE A does not listen SIP
PHONE B.
I hope that clearly it is explained.
Regards, Gonzalo.
> Dear Gonzalo
>
> Thanx to send it me URL . I have SER setup on public IP (
> without NAT) and my client or IP phone behind the single
> NAT router but i want to know how my RTP goes to IP phone
> to IP phone means both SIP phone behind the same NAT so
> RTP should be between both SIP device means SER not come
> in media path .
>
> How to i test it my RTP channel up between both end point not SER
> intermediater means i want stateless SER model
>
> I am sending my configuration can you explain me is it correct ???
>
> debug=6
> fork=yes
> log_stderror=yes
> listen=xxx.xxx.xxx.xxx # INSERT YOUR IP ADDRESS HERE
> port=5060
> children=4
> dns=no
> rev_dns=no
> fifo="/tmp/ser_fifo"
> fifo_db_url="mysql://ser:heslo@localhost/ser"
> loadmodule "/usr/local/lib/ser/modules/mysql.so"
> loadmodule "/usr/local/lib/ser/modules/sl.so"
> loadmodule "/usr/local/lib/ser/modules/tm.so"
> loadmodule "/usr/local/lib/ser/modules/rr.so"
> loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
> loadmodule "/usr/local/lib/ser/modules/usrloc.so"
> loadmodule "/usr/local/lib/ser/modules/registrar.so"
> loadmodule "/usr/local/lib/ser/modules/auth.so"
> loadmodule "/usr/local/lib/ser/modules/auth_db.so"
> loadmodule "/usr/local/lib/ser/modules/uri.so"
> loadmodule "/usr/local/lib/ser/modules/uri_db.so"
> loadmodule "/usr/local/lib/ser/modules/domain.so"
> loadmodule "/usr/local/lib/ser/modules/mediaproxy.so"
> loadmodule "/usr/local/lib/ser/modules/nathelper.so"
> loadmodule "/usr/local/lib/ser/modules/textops.so"
> loadmodule "/usr/local/lib/ser/modules/xlog.so"
> modparam("auth_db|domain|uri_db|usrloc", "db_url",
> "mysql://ser:heslo@localhost/ser")
> modparam("auth_db", "calculate_ha1", 1)
> modparam("auth_db", "password_column", "password")
> modparam("nathelper", "rtpproxy_disable", 1)
> modparam("nathelper", "natping_interval", 0)
> modparam("mediaproxy","natping_interval", 30)
> modparam("mediaproxy","mediaproxy_socket", "/var/run/mediaproxy.sock")
> #modparam("mediaproxy","sip_asymmetrics","/usr/local/etc/ser/sip-clients")
> #modparam("mediaproxy","rtp_asymmetrics","/usr/local/etc/ser/rtp-clients")
> modparam("usrloc", "db_mode", 2)
> modparam("domain", "domain_table", "domain")
> modparam("domain", "domain_col", "domain")
> modparam("usrloc|registrar|auth_db|avpops|group", "use_domain", 1)
> modparam("uri_db", "use_domain", 1)
> modparam("uri_db", "use_uri_table", 1)
> modparam("registrar", "nat_flag", 6)
> modparam("rr", "enable_full_lr", 1)
> route {
> #
> -----------------------------------------------------------------
> # Sanity Check Section
> #
> -----------------------------------------------------------------
> if (!mf_process_maxfwd_header("10")) {
> sl_send_reply("483", "Too Many Hops");
> break;
> };
> if (msg:len > max_len) {
> sl_send_reply("513", "Message Overflow");
> break;
> };
> #
> -----------------------------------------------------------------
> # Record Route Section
> #
> -----------------------------------------------------------------
> xlog("L_NOTICE","$rm from $si at $Tf\n");
> if (method=="INVITE" && client_nat_test("3")) {
> # INSERT YOUR IP ADDRESS HERE
> record_route_preset("xxx.xxx.xx.xxx:5060;nat=yes");
> } else if (method!="REGISTER") {
> record_route();
> };
> #
> -----------------------------------------------------------------
> # Call Tear Down Section
> #
> -----------------------------------------------------------------
> if (method=="BYE" || method=="CANCEL") {
> end_media_session();
> };
> #
> -----------------------------------------------------------------
> # Loose Route Section
> #
> -----------------------------------------------------------------
> if (loose_route()) {
> if ((method=="INVITE" || method=="REFER") &&
> !has_totag()) {
> sl_send_reply("403", "Forbidden");
> break;
> };
> if (method=="INVITE") {
> if (!proxy_authorize("","subscriber")) {
> proxy_challenge("","0");
> break;
> } else if (!check_from()) {
> sl_send_reply("403", "Use From=ID");
> break;
> };
> consume_credentials();
> if (client_nat_test("3") ||
> search("^Route:.*;nat=yes")) {
> setflag(6);
> use_media_proxy();
> };
> };
> route(1);
> break;
> };
> #
> -----------------------------------------------------------------
> # Call Type Processing Section
> #
> -----------------------------------------------------------------
> if (uri==myself) {
> route(4);
> route(1);
> break;
> };
> if (method=="ACK") {
> route(1);
> break;
> } else if (method=="CANCEL") {
> route(1);
> break;
> } else
> if (method=="INVITE") {
> route(3);
> break;
>
> }
> else
> if (method=="REGISTER") {
> route(2);
> break;
>
> };
> lookup("aliases");
> if (uri==myself) {
> route(4);
> route(1);
> break;
> };
> if (!lookup("location")) {
> sl_send_reply("404", "User Not Found");
> break;
> };
> route(1);
> }
> route[1] {
> #
> -----------------------------------------------------------------
> # Default Message Handler
> #
> -----------------------------------------------------------------
> t_on_reply("1");
> if (!t_relay()) {
> if (method=="INVITE" || method=="ACK") {
> end_media_session();
> };
> sl_reply_error();
> };
> }
> # REGISTER Message Handling
> # -------------------------
> route[2] {
> sl_send_reply("100", "Trying");
> if (!search("^Contact:[ ] *\*") && client_nat_test("7")) {
> setflag(6);
> fix_nated_register();
> force_rport();
> };
> if (!www_authorize("","subscriber")) {
> www_challenge("","0");
> break;
> };
> if (!check_to()) {
> sl_send_reply("401", "Unauthorized");
> break;
> };
> consume_credentials();
> if (!save("location")) {
> sl_reply_error();
> };
> }
> route[3] {
> #
> -----------------------------------------------------------------
> # INVITE Message Handler
> #
> -----------------------------------------------------------------
> if (client_nat_test("3")) {
> setflag(7);
> force_rport();
> fix_nated_contact();
> };
> if (!proxy_authorize("","subscriber")) {
> xlog("L_NOTICE","Unable to verify the credentials\n");
> proxy_challenge("","0");
> break;
> } else if (!check_from()) {
> sl_send_reply("403", "Use From=ID");
> break;
> };
> consume_credentials();
>
> lookup("aliases");
> if (uri==myself) {
> route(4);
> route(1);
> break;
> };
> if (!lookup("location")) {
> sl_send_reply("404", "User Not Found");
> break;
> };
> route(4);
> route(1);
> }
> route[4] {
> #
> -----------------------------------------------------------------
> # NAT Traversal Section
> #
> -----------------------------------------------------------------
> if (isflagset(6) || isflagset(7)) {
> if (!isflagset(8)) {
> setflag(8);
> use_media_proxy();
> };
> };
> }
> onreply_route[1] {
> if ((isflagset(6) || isflagset(7)) &&
> (status=~"(180)|(183)|2[0-9][0-9]")) {
> if (!search("^Content-Length:[ ]*0")) {
> use_media_proxy();
> };
> };
> if (client_nat_test("1")) {
> fix_nated_contact();
> };
> }
>
>
> "Gonzalo J. Sambucaro" <gonzalo.sambucaro at mslc.com.ar> wrote:
> http://download.dns-hosting.info/MediaProxy/NATtraversal-BestPractices.pdf
> reads can help it to understand.
>
> Regards, Gonzalo.
>
>> Dear all
>>
>> I have a bit confusen about server and nat its stupid
>> question but i want to clear it wil your suggestions..
>>
>> I am going to impliment SER for my customers with domain base
>> authentication.
>> Now if my client behind the NAT then how my RTP make connection between
>> two IP phone
>>
>> [SER]
>> / \
>> / \
>> / \
>> [A] [B]
>>
>> In this case RTP between [A] to [B] right
>>
>> But when both [A] and [B] behind the same NAT router then what about
>> RTP
>> what is the path ???
>>
>> What is the pass of RTP between [A] and [B] in this case
>>
>> [SER]
>> |
>> |
>> |
>> [NAT]
>> / \
>> / \
>> [A] [B]
>>
>>
>>
>> $ cat ~/satish/url.txt
>>
>> http://www.linuxbug.org
>> _____________________________________________________________________________________________________
>>
>>
>> ---------------------------------
>> Now you can chat without downloading messenger. Click here to know
>> how._______________________________________________
>> Serusers mailing list
>> Serusers at lists.iptel.org
>> http://lists.iptel.org/mailman/listinfo/serusers
>>
>
>
> --
> Gonzalo J. Sambucaro
> Ingeniería de Software
> Tel: +54-341-4230504
> MSLC
> gonzalo.sambucaro at mslc.com.ar
> www.mslc.com.ar
> Ocampo y Esmeralda - Vivero de Empresas de Base Tecnológica
> Ciudad Universitaria Rosario UNR, CCT CONICET
> Rosario - Santa Fé - Argentina
>
> _______________________________________________
> Serusers mailing list
> Serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>
>
>
> $ cat ~/satish/url.txt
>
> http://www.linuxbug.org
> _____________________________________________________________________________________________________
>
>
> ---------------------------------
> Now you can chat without downloading messenger. Click here to know how.
--
Gonzalo J. Sambucaro
Ingeniería de Software
Tel: +54-341-4230504
MSLC
gonzalo.sambucaro at mslc.com.ar
www.mslc.com.ar
Ocampo y Esmeralda - Vivero de Empresas de Base Tecnológica
Ciudad Universitaria Rosario UNR, CCT CONICET
Rosario - Santa Fé - Argentina
More information about the sr-users
mailing list