[Kamailio-Users] Asterisk 403 Forbidden error with port translation

Vikram Ragukumar vragukumar at signalogic.com
Thu Jan 21 22:56:19 CET 2010 

Klaus,Daniel.

Thank you for your responses. Seems like i was overwriting fields used 
in computation of the digest response. The call flow works perfectly 
when i disable authentication.
Will make necessary modifications to work with digest authentication.

Once again, thank you for your help.

Regards,
Vikram.


Klaus Darilion wrote:
> Maybe you have rewritten parts of the message which are used during 
> calculation of the digest response, e.g. request URI.
> 
> regards
> klaus
> 
> Vikram Ragukumar schrieb:
>> Hello,
>>
>> I have made some progress since my previous post, but not enough :).
>>
>>  -------------         --------          ---       --------
>> |Sip Softphone|-------|Internet|--------|F.W|-----|Asterisk|
>>  -------------         --------          ---       --------
>>                          IP addresses: a.b.c.d    q.w.e.r
>>
>> The SIP softphone(x-lite) is configured to register with the asterisk 
>> server through port 9090 (Domain q.w.e.r:9090).Firewall(F.W) is setup 
>> as the outbound proxy for the softphone(Outbound proxy a.b.c.d:9090). 
>> Authentication credentials for the softphone match the user registered 
>> in asterisk's sip.conf. F.W runs Kamailio and rtpproxy, with Kamailio 
>> listening on port 5060.
>>
>> The asterisk server is setup to listen on port 5060.
>>
>> The Firewall(F.W), uses a libnetfilter_queue based program to :
>>
>> (a) Rewrite the destination port 9090 as 5060, and rewrite all other 
>> occurrences of 9090 as 5060 in the SIP message, for packets from the 
>> softphone to the asterisk server.
>>
>> (b) Rewrite the source port 5060 as 9090, and rewrite all other 
>> occurrences of 5060 as 9090 in the SIP message, for packets from the 
>> asterisk server to the softphone.
>>
>> The following exchange of SIP messages take place
>> -Sip softphone sends a REGISTER message to asterisk
>> -Asterisk responds with a 401 UNAUTHORIZED
>> -Sip softphone replies with a REGISTER message containing auth. info.
>> -Asterisk responds with a 403 FORBIDDEN : BAD AUTHORIZATION
>>
>> The above setup works when the softphone uses port 5060, so there 
>> problem here does not have anything to do with Authorization credentials.
>>
>> Is it possible i might be modifying parts of the packet that shouldn't 
>> be modified or i might not be modifying some relevant parts of the 
>> packet ?
>>
>> Thanks in advance,
>> Vikram.
>>
>>
>>
>> _______________________________________________
>> Kamailio (OpenSER) - Users mailing list
>> Users at lists.kamailio.org
>> http://lists.kamailio.org/cgi-bin/mailman/listinfo/users
>> http://lists.openser-project.org/cgi-bin/mailman/listinfo/users

More information about the Users mailing list