[Kamailio-Users] Record Route and proxy behind static NAT

Iñaki Baz Castillo ibc at aliax.net
Thu Oct 23 23:27:27 CEST 2008 

El Jueves, 23 de Octubre de 2008, Zappasodi Daniele escribió:
> Thanks for your reply.
> I'm agree with your observations. I had already tried to solve the
> situations as described in the draft (avoiding spiral) and I have built a
> configuration that seem to work, at least for the basic call, but my
> solution needs to much tricks and I'm not sure that what I have done is
> safe and if it works in more complex call flows. I set the IP address in
> Record Route depending on position public\private of the callee and I
> substitute the IP address in Record Route for each reply, when it needs.
> First of all I suppose to know if the caller and callee is private or
> public (I check if the Request URI domain with RFC 1918) and I don't know
> if this is right. Then there is the problem to write the record route. I
> have moved the record route section in a branch route, because here I know
> the final destination for each branch. Here there is another doubt: I
> rewrote the record_route_preset function in order to remove the limit of
> one record route because in parallel forking I set more than record for
> each transaction, one record route for each branch. What are the
> consequences? I risk "only" to loose a call or to kill the proxy? I would
> prefer to leave the record route section at the beginning, but is it
> possible to substitute the record route after it is added? I remember that
> is possible to change only the original message and that there are some
> limitations on the possibility to change an header added during the message
> processing (I had some segmentation faults when I tryed with a custom
> header). Just now I'm looking on what to do with a relay from the failure
> route to a second destination. Before I proceding on this way I would like
> to know if I'm going on the wrong direction and if someone has found a
> simpler solution with this kind of scenarios.

Honestly, I suggest you to get a proxy with public IP. SIP was not designed to 
work behind NAT.

It's possible to have an UAC behind NAT with some methods (STUN, painful AGL 
SIP routers, comedia mode, proxies that replace "Contact" with received IP to 
get in-dialog messages working...), but having a proxy behind NAT working 
with devices outside is IMHO impossible.

;)


-- 
Iñaki Baz Castillo

More information about the sr-users mailing list