[OpenSER-Users] NAT problem in bridging mode

Christian Koch chri.koch.vier at googlemail.com
Fri May 16 10:13:38 CEST 2008


Hi,

I have a problem with openser and rtpproxy. I'm trying to use them as a 
gateway between the public internet and a LAN. Clients in the internet 
may be natted, so I'm using nathelper. Calls are only made from LAN to 
outside or vice versa, but not from LAN to LAN or from outside to 
outside. The following should illustrate my configuation:
         
          -----                 ------------------
UAC1 --- | NAT | ------------- | OpenSER/rtpproxy | ----------------UAC2
          -----                 ------------------                    |
               |              |                    |                  |
       dynamic public IP    2.3.4.5         192.168.103.121     
192.168.103.189
        (e.g. 1.2.3.4)
           
           
UAC1 and UAC2 are both registered at OpenSER. Now I'm making a call from 
UAC1 to UAC2. SIP messages are passed just fine, but the RTP traffic 
from UAC2 to UAC1 is dropped at the NAT. I used tcpdump on the 
OpenSER/rtpproxy machine to figure out what happens to RTP and it shows 
the following (ports and IPs are just examples):


stream1:  1.2.3.4:10000 -> 2.3.4.5:35000  ->RTP is forwarded by 
rtpproxy-> 192.168.103.121:35000 -> 192.168.103.189:11000
stream2:  1.2.3.4:20000 <- 2.3.4.5:35000  <-RTP is forwarded by 
rtpproxy<- 192.168.103.121:35000 <- 192.168.103.189:11000

Port 20000 in stream2 is the RTP-port used internally by UAC1 behind the 
NAT (this port is found in the INVITE from UAC1 to OpenSER). I 
understand, that rtpproxy sends the first packets to port 20000. But, 
after receiving some packets from port 10000, shouldn't it change the 
destination port to 20000 so they can pass the NAT?
rtpproxy is started like this: "./rtpproxy  -l 192.168.103.121/2.3.4.5 -f ".
It produces the following output:

    [root at 192 rtpproxy]# /usr/local/bin/rtpproxy -l 
192.168.103.121/2.3.4.5 -f
    rtpproxy started, pid 22125
    received command "UIE 
9D740CB7-18A4-40B2-A96D-13FC3C5B27D3 at 192.168.103.189 192.168.103.189 
49156 207860870326595;1"
    new session 9D740CB7-18A4-40B2-A96D-13FC3C5B27D3 at 192.168.103.189, 
tag 207860870326595;1 requested, type strong
    new session on a port 35000 created, tag 207860870326595;1
    pre-filling caller's address with 192.168.103.189:49156
    sending reply "35000 2.3.4.5
    "
    received command "L 
9D740CB7-18A4-40B2-A96D-13FC3C5B27D3 at 192.168.103.189 1.2.3.4 49154 
207860870326595;1 5364140283;1"
    lookup on ports 35000/35000, session timer restarted
    pre-filling callee's address with 1.2.3.4:49154
    sending reply "35000 192.168.103.121    


In my openser.cfg I'm not really checking wheter a client is really 
natted, but I think it shouldn't be a problem to assume, that all 
clients are behind a NAT? I attached the openser.cfg to this mail (real 
public IP is changed to 2.3.4.5).
Do you have any ideas how to fix this problem? Any help would be greatly 
appreciated!

Thanks,
Christian
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: openser.cfg
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20080516/6a204d74/attachment.txt>


More information about the sr-users mailing list