[Kamailio-Users] Asterisk 403 Forbidden error with port translation

Daniel-Constantin Mierla miconda at gmail.com
Thu Jan 21 09:54:23 CET 2010 

Hello,

On 1/21/10 4:18 AM, Vikram Ragukumar wrote:
> Hello,
>
> I have made some progress since my previous post, but not enough :).
>
>  -------------         --------          ---       --------
> |Sip Softphone|-------|Internet|--------|F.W|-----|Asterisk|
>  -------------         --------          ---       --------
>                          IP addresses: a.b.c.d    q.w.e.r
>
> The SIP softphone(x-lite) is configured to register with the asterisk 
> server through port 9090 (Domain q.w.e.r:9090).Firewall(F.W) is setup 
> as the outbound proxy for the softphone(Outbound proxy a.b.c.d:9090). 
> Authentication credentials for the softphone match the user registered 
> in asterisk's sip.conf. F.W runs Kamailio and rtpproxy, with Kamailio 
> listening on port 5060.
>
> The asterisk server is setup to listen on port 5060.
>
> The Firewall(F.W), uses a libnetfilter_queue based program to :
>
> (a) Rewrite the destination port 9090 as 5060, and rewrite all other 
> occurrences of 9090 as 5060 in the SIP message, for packets from the 
> softphone to the asterisk server.
>
> (b) Rewrite the source port 5060 as 9090, and rewrite all other 
> occurrences of 5060 as 9090 in the SIP message, for packets from the 
> asterisk server to the softphone.
>
> The following exchange of SIP messages take place
> -Sip softphone sends a REGISTER message to asterisk
> -Asterisk responds with a 401 UNAUTHORIZED
> -Sip softphone replies with a REGISTER message containing auth. info.
> -Asterisk responds with a 403 FORBIDDEN : BAD AUTHORIZATION
>
> The above setup works when the softphone uses port 5060, so there 
> problem here does not have anything to do with Authorization credentials.
>
> Is it possible i might be modifying parts of the packet that shouldn't 
> be modified or i might not be modifying some relevant parts of the 
> packet ?
You should run asterisk with debug enabled and see the printed messages 
for some hints. Probably people on asterisk ML can help better.

Cheers,
Daniel

-- 
Daniel-Constantin Mierla
* http://www.asipto.com/

More information about the sr-users mailing list