[Serusers] reply to port 5060

Bogdan Pintea pintea at iptego.de
Thu Jul 3 21:29:08 CEST 2008 

David,


You might have in your SER cfg the "force_rport()" directive, since, as 
you see, the Via in the reply contains the "rport" param. Once you 
comment that out (or don't run it for this particular client), you 
should get your desired behavior.

Bogdan.

David Lubarski wrote:
> Hi,
>
>
> I have a problem using SER, i have a client behind CheckPoint FW, when 
> the client tries to register, SER receives the SIP REGISTER message and 
> SER reply to the source IP and source PORT, but because the client is 
> behind CheckPoint FW if the source port is not 5060 the FW blocks it, so 
> i need  SER to reply not to the source port of the client but to port 5060.
>
>
> i'll attach ngrep on the SER server:
>
>
>
> client sends REGISTER to the SER server at 192.168.0.161:5060.
>
> U 2008/06/12 21:36:01.654005 10.6.67.10:31472 -> 192.168.0.161:5060
> REGISTER sip:213.8.57.218 SIP/2.0..Via: SIP/2.0/UDP 
> 10.6.67.10:31472;branch=z9hG4bK-d87543-de5ac063e
> 9293020-1--d87543-;rport..Max-Forwards: 70..Contact: 
> <sip:200 at 10.6.67.10:31472;rinstance=82602d40693
> d48a6>;expires=0..To: "test1"<sip:200 at 213.8.57.218>..From: 
> "test1"<sip:200 at 213.8.57.218>;tag=5c6b793
> a..Call-ID: NmI4MTUyMWY5MTEwYTI3ZjY2ZTE2ZTMzNzk5ZGFmZWI...CSeq: 5 
> REGISTER..Allow: INVITE, ACK, CANC
> EL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO..User-Agent: 
> X-Lite release 1011s stamp 41
> 150..Authorization: Digest 
> username="200",realm="localhost",nonce="48516daafb5a3406078621 
> <http://www.snapanumber.com/>9a55fdb4908
> 9064386",uri="sip:213.8.57.218",response="b8501a2d0c096b934320be23363dee32",algorithm=MD5..Content-L 
>
> ength: 0....
> #
>
> SER server response to the source IP and source port
>
> U 2008/06/12 21:36:01.654992 192.168.0.161:5060 -> 10.6.67.10:31472
> SIP/2.0 200 OK..Via: SIP/2.0/UDP 
> 10.6.67.10:31472;branch=z9hG4bK-d87543-de5ac063e9293020-1--d87543-;
> rport=31472..To: 
> "test1"<sip:200 at 213.8.57.218>;tag=40c9dbfbe83fe4e1cec231af33432933.321f..From: 
> "tes
> t1"<sip:200 at 213.8.57.218>;tag=5c6b793a..Call-ID: 
> NmI4MTUyMWY5MTEwYTI3ZjY2ZTE2ZTMzNzk5ZGFmZWI...CSeq:
> 5 REGISTER..Server: OpenSER (1.3.2-notls (i386/linux))..Content-Length: 
> 0....
>
> but i need to response to port 5060 and not the source port , i'm not 
> using rport, i also talk to CheckPoint service and they claim that they 
> are working according RFC 3261, and that my SER server should reply to 
> port 5060
>
> any suggestions?
>
> Thanks In Advance,
>
> David Lubarski,
> _______________________________________________
> Serusers mailing list
> Serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>
>   


-- 
Bogdan Pintea

iptego GmbH  -  VoIP Security
http://www.iptego.com

More information about the sr-users mailing list