Is it possible to use ser behind a astaro firewall? Or can Iimplement it
on the firewall?
greetz
Hans Scheffers
JifLin B.V.
Leliestraat 7
7151 GH Eibergen
http://www.jiflin.nl
Hello,
you must have 'expat' library installed ('expat' and 'expat-devel'
packages) -- it is an XML parser very common in unix/linux distributions.
Best regards,
Daniel
On 5/6/2003 2:02 AM, Phil Yuska wrote:
>After watching this a while longer, it looks as though the session drops
>are being caused by transport failures on the jabber server (aim and or
>yahoo). It was pretty stable with out them loaded.
>
>I downloaded and compiled the latest cvs snapshot but the jabber.so
>module won't load, it gets this error:
>
>0(126) ERROR: load_module: could not open module
></usr/local/lib/ser/modules/jabber.so>:
>/usr/local/lib/ser/modules/jabber.so: Undefined symbol
>"XML_GetCurrentByte
>Index"
>
>Phil
>
>
>
>-----Original Message-----
>From: serusers-admin(a)iptel.org [mailto:serusers-admin@lists.iptel.org] On
>Behalf Of Daniel-Constantin MIERLA
>Sent: Saturday, May 03, 2003 3:54 PM
>To: serusers(a)lists.iptel.org
>Subject: Re: [Serusers] jabber module
>
>Hello,
>
>On 5/3/2003 12:47 AM, Phil Yuska wrote:
>
>
>
>>Are the sessions between the jabber.so module and the jabber server
>>persistent?
>>
>>
>>
>not really. There is a parameter (cache_time) to set how long a
>connection to Jabber server is kept alive if there is no traffic through
>it.
>
>
>
>>It seems like the session establishes then drops after each
>>message is delivered to the jabber server resulting in this error being
>>reported back to the client.
>>
>>
>>
>Could you capture the network traffic between ser and jabber server --
>using ngrep or ethereal?
>
>
>
>>ERROR: Connection to Jabber server lost. You have to login to Jabber
>>server again (join the conferences again that you were participating,
>>too)
>>sip_to_jabber_gateway says:
>>INFO: Your are now offline in Jabber network.
>>
>>
>>
>These messages are sent when the connection between jabber gateway and
>jabber server gets down without reason.
>
>
>
>>I'm also seeing these errors, but I'm not sure if they indicate a
>>problem or if it's just house keeping done by ser.
>>
>>1(11705) XJAB:xjab_check_workers: error - worker[0][pid=11717] lost
>>forever
>>1(11705) XJAB:xjab_check_workers: worker[1][pid=11719] has exited -
>>status=0 err=-1 errno=10
>>
>>
>>
>here somehow a jabber worker dies. Please try again and see if you can
>generate a core (use "ulimit -c unlimited"). If you get one make an
>archive with sources, logs, binary files and core file, make them
>available on a ftp/http server or send them to me or to
>serhelp(a)lists.iptel.org. Before doing that, you may also try the latest CVS
>snapshot if you use an old version - it could be an already fixed bug.
>
>
>
>>Finally can the presence module be used with version 0.8.10?
>>
>>
>>
>No, the presence agent is not available in 0.8.10 as well as its
>integration with jabber module. Next release will include both of them.
>
>Best regards,
>Daniel
>
>
>
>>Regards,
>>
>>Phil
>>
>>
>>_______________________________________________
>>Serusers mailing list
>>serusers(a)lists.iptel.org
>>http://lists.iptel.org/mailman/listinfo/serusers
>>
>>
>>
>>
>>
>
>
>_______________________________________________
>Serusers mailing list
>serusers(a)lists.iptel.org
>http://lists.iptel.org/mailman/listinfo/serusers
>
>
>
>
>
>
Hello,
If you are really interested in having SER within a natted network or running on
the firewall/nat itself, may be you could give a try to the fcp module. It
relies on a client side which is added as a module to SER, and a server side,
running on the firewall/nat (with iptables).
The module keeps track of sessions similar to a b2bua. When a new request for a
session comes (INVITE, SUBSCRIBE, MESSAGE, etc.) from an internal client, the
fcp module learns the external IP address and a port on the firewall and makes
several changes to the SIP message. In the current implementation, Contact and
SDP can be changed before sending any request through the firewall/nat. When
responses come back (200 OK with SDP), the firewall ports are open for media to
flow. Ports are closed after expiration of rules or because of CANCEL/BYE are
issued from any of the end points.
This has been tested so far in the following scenario:
SIP UA1 ----- SER+fcp module ------ NAT/FW(fcpd) --------- SER ----------- SIP
UA2
With the current version of fcpd (http://www.iptel.org/fcp/) I have not been
successful in establishing a media connection, but you might be luckier :)
However, the previous version worked for me in several occasions (I could hear
audio to and from SIP UA1/SIP UA2).
If your are interested in giving it a try, let me know and we see how far we
get.
Jaime
"Hans Scheffers" <hans.scheffers(a)xs4all.nl> on 06/05/2003 13:32:16
To: serusers(a)lists.iptel.org
cc: (bcc: Jaime GILL/EN/HTLUK)
Subject: RE: [Serusers] Firewall
NAT, i have one public ip
The problem with iptable/ipchains is the way they filter compared to
Cisco a.s.o.
Hans Scheffers
JifLin B.V.
Leliestraat 7
7151 GH Eibergen
http://www.jiflin.nl
> -----Oorspronkelijk bericht-----
> Van: Jan Janak [mailto:jan@iptel.org]
> Verzonden: dinsdag 6 mei 2003 12:18
> Aan: Hans Scheffers
> CC: serusers(a)lists.iptel.org
> Onderwerp: Re: [Serusers] Firewall
>
>
> BTW, are you behind a NAT or just a firewall ?
>
> Jan.
>
> On 06-05 11:36, Hans Scheffers wrote:
> > But are there developers working on it?
> >
> >
> > Hans Scheffers
> > JifLin B.V.
> > Leliestraat 7
> > 7151 GH Eibergen
> >
> > http://www.jiflin.nl
> >
> >
> > > -----Oorspronkelijk bericht-----
> > > Van: Jan Janak [mailto:jan@iptel.org]
> > > Verzonden: dinsdag 6 mei 2003 11:18
> > > Aan: Juha Heinanen
> > > CC: Hans Scheffers; serusers(a)lists.iptel.org
> > > Onderwerp: Re: [Serusers] Firewall
> > >
> > >
> > > On 06-05 07:54, Juha Heinanen wrote:
> > > > Jan Janak writes:
> > > >
> > > > > > I have an Astaro Linux Firewall. This firewall blocks
> > > everything (what I
> > > > > > want :)), and is based on on iptables.
> > > >
> > > > if it based on iptables, then the right solution is to
> write a sip
> > > > helper application for iptables. everything else is hackery.
> > >
> > > And this is very tricky, that is the reason why there is no such
> > > helper application yet.
> > >
> > > Jan.
> > >
> > >
> >
> > _______________________________________________
> > Serusers mailing list
> > serusers(a)lists.iptel.org
> > http://lists.iptel.org/mailman/listinfo/serusers
>
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
*******************************************************************************
Important.
Confidentiality: This communication is intended for the above-named person and
may be confidential and/or legally privileged. Any opinions expressed in this
communication are not necessarily those of the company. If it has come to you
in error you must take no action based on it, nor must you copy or show it to
anyone; please delete/destroy and inform the sender immediately.
Monitoring/Viruses
Orange may monitor all incoming and outgoing emails in line with current
legislation. Although we have taken steps to ensure that this email and
attachments are free from any virus, we advise that in keeping with good
computing practice the recipient should ensure they are actually virus free.
Orange PCS Limited is a subsidiary of Orange SA and is registered in England No
2178917, with its address at St James Court, Great Park Road, Almondsbury Park,
Bradley Stoke, Bristol BS32 4QJ.
*******************************************************************************
I have problem with forwarding unanswered calls
after fr_inv_timer and fr_timer parameters
I do ( I hope so) everything according with manual but
it doesn't work :(
My configuration file:
# tm -parametry
modparam("tm", "fr_inv_timer", 8)
modparam("tm", "fr_timer", 5)
# ------------------------- request routing logic -------------------
# main routing logic
alias="gda.pl"
alias="sips.gda.pl"
route{
# initial sanity checks -- messages with
# max_forwars==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
break;
};
if (len_gt( max_len )) {
sl_send_reply("513", "Message too big");
break;
};
# Do strict routing if pre-loaded route headers present
rewriteFromRoute();
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
if (uri==myself) {
if (method=="REGISTER") {
# Uncomment this if you want to use digest authentication
if (!www_authorize("gda.pl", "subscriber"))
{
www_challenge("gda.pl", "0");
break;
};
save("location");
log(3,"REGISTER zarejestrowany uzytkownik radan");
sl_send_reply("200", "ok");
break;
};
lookup("aliases");
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
break;
};
};
if (uri=~"^sip:radan@gda\.pl")
{
seturi("sip:unknown@gda.pl"); |------ should be this
addresses exist ??
append_branch("sip:nobody@gda.pl:9"); |------
t_on_negative("1");
t_relay();
};
# forward to current uri now
if (!t_relay()) {
sl_reply_error();
};
}
reply_route[1] {
append_branch("sip:2222@gda.pl"); - on this addres I want to redirect
unanswered call
log(3,"przekierowanie");
}
------------------END OF FILE---------------------
Andrzej Radke
Fellows,
I started using the cvs version of ser instead of 0.8.10. But I'm facing
some doubts on strict routing vs. loose routing.
In 0.8.10 I was using:
addRecordRoute();
rewriteFromRoute();
Now in CVS version, by default strict routing is disabled, right?
So, according to the rr module, I need to use record_route_strict, so I
compiled rr module with it. Now, I'm using
record_route_strict() instead of addRecordRoute() and loose_route()
instead of
rewriteFromRoute();
Is this correct, or am I missing something?
Thanks in advance,
Guilherme.
Folks,
I've just finished merging changes from our development version of
nathelper into the ser's cvs. The following changes were made:
- Don't apply contact address rewriting in SDP body if the original
address is 0.0.0.0, which usially present in re-INVITEs and means
that sender asks to temporarly suspend media session;
- save original address into the oldmediaip option in the SDP body,
which is useful for debugging;
- fix contact URI parsing routine to understand those URIs in the
form sip:<ip>:<port>, which is the case with URIs generated by the
Windows Messenger;
- some style fixes and general diff reduction with our development
version.
All nathelper users are encouraged to test it and report any problems
to me, since it is probably the version that will be delivered with
the next ser release.
Thanks!
-Maxim
Are the sessions between the jabber.so module and the jabber server
persistent? It seems like the session establishes then drops after each
message is delivered to the jabber server resulting in this error being
reported back to the client.
ERROR: Connection to Jabber server lost. You have to login to Jabber
server again (join the conferences again that you were participating,
too)
sip_to_jabber_gateway says:
INFO: Your are now offline in Jabber network.
I'm also seeing these errors, but I'm not sure if they indicate a
problem or if it's just house keeping done by ser.
1(11705) XJAB:xjab_check_workers: error - worker[0][pid=11717] lost
forever
1(11705) XJAB:xjab_check_workers: worker[1][pid=11719] has exited -
status=0 err=-1 errno=10
Finally can the presence module be used with version 0.8.10?
Regards,
Phil
Hi,
We have deployed many Cisco ATAs behind NAT devices. In order to keep the NAT session binding alive, we enabled a feature on the ATAs that basically send a small dummy packet to SER every 90 seconds. Everything works great. The question is, how can I suppress the WARNING/ERRORS that these dummy packets present to the SYSLOG? Is there a simple way to do this in the ser.cfg file?
These are the SYSLOG messages:
May 1 09:20:58 maui /usr/sbin/ser[23389]: WARNING: upstream bug - 0-terminated packet
May 1 09:20:58 maui /usr/sbin/ser[23389]: ERROR: parse_first_line: message too short: 3
May 1 09:20:58 maui /usr/sbin/ser[23389]: ERROR:parse_first_line: bad message
May 1 09:20:58 maui /usr/sbin/ser[23389]: ERROR: parse_msg: message=<>
May 1 09:20:58 maui /usr/sbin/ser[23389]: ERROR: receive_msg: parse_msg failed
Thanks,
Ricardo
We have been deploying ATA 186s using port forwarding.
Am I correct in understanding that you have been deploying with NAT but without the need for port forwarding.
Could you please describe the required settings on the ATA
Thanks, Dinesh
-----Original Message-----
From: "Ricardo Villa"<ricvil(a)epm.net.co>
Sent: 01-May-03 10:35:58 PM
To: "serusers(a)lists.iptel.org"<serusers(a)lists.iptel.org>
Subject: [Serusers] SYSLOG Error Messages
Hi,
We have deployed many Cisco ATAs behind NAT devices. In order to keep the NAT session binding alive, we enabled a feature on the ATAs that basically send a small dummy packet to SER every 90 seconds. Everything works great. The question is, how can I suppress the WARNING/ERRORS that these dummy packets present to the SYSLOG? Is there a simple way to do this in the ser.cfg file?
These are the SYSLOG messages:
May 1 09:20:58 maui /usr/sbin/ser[23389]: WARNING: upstream bug - 0-terminated packet
May 1 09:20:58 maui /usr/sbin/ser[23389]: ERROR: parse_first_line: message too short: 3
May 1 09:20:58 maui /usr/sbin/ser[23389]: ERROR:parse_first_line: bad message
May 1 09:20:58 maui /usr/sbin/ser[23389]: ERROR: parse_msg: message=<>
May 1 09:20:58 maui /usr/sbin/ser[23389]: ERROR: receive_msg: parse_msg failed
Thanks,
Ricardo
