[Kamailio-Users] Asterisk 403 Forbidden error with port translation

Klaus Darilion klaus.mailinglists at pernau.at
Thu Jan 21 10:18:56 CET 2010 

Maybe you have rewritten parts of the message which are used during 
calculation of the digest response, e.g. request URI.

regards
klaus

Vikram Ragukumar schrieb:
> Hello,
> 
> I have made some progress since my previous post, but not enough :).
> 
>  -------------         --------          ---       --------
> |Sip Softphone|-------|Internet|--------|F.W|-----|Asterisk|
>  -------------         --------          ---       --------
>                          IP addresses: a.b.c.d    q.w.e.r
> 
> The SIP softphone(x-lite) is configured to register with the asterisk 
> server through port 9090 (Domain q.w.e.r:9090).Firewall(F.W) is setup as 
> the outbound proxy for the softphone(Outbound proxy a.b.c.d:9090). 
> Authentication credentials for the softphone match the user registered 
> in asterisk's sip.conf. F.W runs Kamailio and rtpproxy, with Kamailio 
> listening on port 5060.
> 
> The asterisk server is setup to listen on port 5060.
> 
> The Firewall(F.W), uses a libnetfilter_queue based program to :
> 
> (a) Rewrite the destination port 9090 as 5060, and rewrite all other 
> occurrences of 9090 as 5060 in the SIP message, for packets from the 
> softphone to the asterisk server.
> 
> (b) Rewrite the source port 5060 as 9090, and rewrite all other 
> occurrences of 5060 as 9090 in the SIP message, for packets from the 
> asterisk server to the softphone.
> 
> The following exchange of SIP messages take place
> -Sip softphone sends a REGISTER message to asterisk
> -Asterisk responds with a 401 UNAUTHORIZED
> -Sip softphone replies with a REGISTER message containing auth. info.
> -Asterisk responds with a 403 FORBIDDEN : BAD AUTHORIZATION
> 
> The above setup works when the softphone uses port 5060, so there 
> problem here does not have anything to do with Authorization credentials.
> 
> Is it possible i might be modifying parts of the packet that shouldn't 
> be modified or i might not be modifying some relevant parts of the packet ?
> 
> Thanks in advance,
> Vikram.
> 
> 
> 
> _______________________________________________
> Kamailio (OpenSER) - Users mailing list
> Users at lists.kamailio.org
> http://lists.kamailio.org/cgi-bin/mailman/listinfo/users
> http://lists.openser-project.org/cgi-bin/mailman/listinfo/users

More information about the Users mailing list