[Serusers] Ser 0.9.0 + Mediaproxy 1.3.1 - Problems with NATed Clients Authentication

Hi everybody, I've configured SER to work with mediaproxy, I also configured mediaproxy.ini. My clients are authenticating normally, but only the clients that has a Public IP (ex. 200.201.145.146), all the cliets that are behind NAT can't REGISTER. What may be wrong ? Do anyone uses SER 0.9.0 with mysql authentication and Mediaproxy that could give me a hand ? My ser.cfg and mediaproxy.ini are as follows ================== ser.cfg ====================== debug=3 fork=yes log_stderror=no listen=192.0.2.13 # put your server IP address here port=5060 children=4 dns=no rev_dns=no fifo="/tmp/ser_fifo" fifo_db_url="mysql://ser:heslo@localhost/ser" loadmodule "/usr/local/lib/ser/modules/mysql.so" loadmodule "/usr/local/lib/ser/modules/sl.so" loadmodule "/usr/local/lib/ser/modules/tm.so" loadmodule "/usr/local/lib/ser/modules/rr.so" loadmodule "/usr/local/lib/ser/modules/maxfwd.so" loadmodule "/usr/local/lib/ser/modules/usrloc.so" loadmodule "/usr/local/lib/ser/modules/registrar.so" loadmodule "/usr/local/lib/ser/modules/auth.so" loadmodule "/usr/local/lib/ser/modules/auth_db.so" loadmodule "/usr/local/lib/ser/modules/uri.so" loadmodule "/usr/local/lib/ser/modules/uri_db.so" loadmodule "/usr/local/lib/ser/modules/domain.so" loadmodule "/usr/local/lib/ser/modules/mediaproxy.so" loadmodule "/usr/local/lib/ser/modules/nathelper.so" loadmodule "/usr/local/lib/ser/modules/textops.so" modparam("auth_db|uri_db|usrloc", "db_url", "mysql://ser:heslo@localhost/ser") modparam("auth_db", "calculate_ha1", 1) modparam("auth_db", "password_column", "password") modparam("nathelper", "rtpproxy_disable", 1) modparam("nathelper", "natping_interval", 0) modparam("mediaproxy","natping_interval", 30) modparam("mediaproxy","mediaproxy_socket", "/var/run/mediaproxy.sock") modparam("mediaproxy","sip_asymmetrics","/usr/local/etc/ser/sip-clients") modparam("mediaproxy","rtp_asymmetrics","/usr/local/etc/ser/rtp-clients") modparam("usrloc", "db_mode", 2) modparam("registrar", "nat_flag", 6) modparam("rr", "enable_full_lr", 1) route { # ----------------------------------------------------------------- # Sanity Check Section # ----------------------------------------------------------------- if (!mf_process_maxfwd_header("10")) { sl_send_reply("483", "Too Many Hops"); break; }; if (msg:len > max_len) { sl_send_reply("513", "Message Overflow"); break; }; # ----------------------------------------------------------------- # Record Route Section # ----------------------------------------------------------------- if (method=="INVITE" && client_nat_test("3")) { # INSERT YOUR IP ADDRESS HERE record_route_preset("192.0.2.13:5060;nat=yes"); } else if (method!="REGISTER") { record_route(); }; # ----------------------------------------------------------------- # Call Tear Down Section # ----------------------------------------------------------------- if (method=="BYE" || method=="CANCEL") { end_media_session(); }; # ----------------------------------------------------------------- # Loose Route Section # ----------------------------------------------------------------- if (loose_route()) { if (has_totag() && (method=="INVITE" || method=="ACK")) { if (client_nat_test("3") || search("^Route:.*;nat=yes")) { setflag(6); use_media_proxy(); }; }; route(1); break; }; # ----------------------------------------------------------------- # Call Type Processing Section # ----------------------------------------------------------------- if (uri!=myself) { route(1); break; }; if (uri==myself) { if (method=="CANCEL") { route(3); break; } else if (method=="INVITE") { route(3); break; } else if (method=="REGISTER") { route(2); break; }; lookup("aliases"); if (uri!=myself) { route(1); break; }; if (!lookup("location")) { sl_send_reply("404", "User Not Found"); break; }; }; route(1); } route[1] { # ----------------------------------------------------------------- # Default Message Handler # ----------------------------------------------------------------- t_on_reply("1"); if (!t_relay()) { if (method=="INVITE" || method=="ACK") { end_media_session(); }; sl_reply_error(); }; } route[2] { # ----------------------------------------------------------------- # REGISTER Message Handler # ---------------------------------------------------------------- sl_send_reply("100", "Trying"); if (!search("^Contact:\ +\*") && client_nat_test("7")) { setflag(6); fix_nated_register(); force_rport(); }; if (!www_authorize("","subscriber")) { www_challenge("","0"); break; }; if (!check_to()) { sl_send_reply("401", "Unauthorized"); break; }; consume_credentials(); if (!save("location")) { sl_reply_error(); }; } route[3] { # ----------------------------------------------------------------- # CANCEL and INVITE Message Handler # ----------------------------------------------------------------- if (client_nat_test("3")) { setflag(7); force_rport(); fix_nated_contact(); }; lookup("aliases"); if (uri!=myself) { route(1); break; }; if (!lookup("location")) { sl_send_reply("404", "User Not Found"); break; }; if (method=="CANCEL") { route(1); break; }; if (!proxy_authorize("","subscriber")) { proxy_challenge("","0"); break; } else if (!check_from()) { sl_send_reply("403", "Use From=ID"); break; }; consume_credentials(); if (isflagset(6) || isflagset(7)) { use_media_proxy(); }; route(1); } onreply_route[1] { if ((isflagset(6) || isflagset(7)) && (status=~"(180)|(183)|2[0-9][0-9]")) { if (!search("^Content-Length:\ +0")) { use_media_proxy(); }; }; if (client_nat_test("1")) { fix_nated_contact(); }; } ================== End of ser.cfg ====================== =================== mediaproxy.ini ====================== ; ; Configuration file for MediaProxy ; [Dispatcher] ; ; Section for configuring the proxy dispatcher ; ; The following options are available here: ; ; start Boolean value that specifies if to start the dispatcher. ; Default value: Yes ; ; socket Path to the UNIX socket where the dispatcher receives ; commands from SER. This should match the value for ; mediaproxy_socket in ser.cfg ; Default value: /var/run/proxydispatcher.sock ; ; group Put the socket in this group and make it group writable. ; Default value: ser ; ; defaultProxy Default mediaproxy to use in case the From/To domains ; involved in the call don't define any. ; Valid values for this are: ; ; - None ; don't use any default proxies. domains without ; mediaproxy SRV records won't work ; - /path/to/unix/socket ; use a single MediaProxy server identified by the given ; UNIX socket path ; - IP_or_hostname[:port] ; use a single MediaProxy server identified by its network ; address. The network address consists of an IP address ; or a hostname and an optional port number separated by ; a double colon. If port is missing 25060 will be assumed. ; Examples: ; 10.0.0.1 (connect to 10.0.0.1 on port 25060) ; 10.0.0.1:90 (connect to 10.0.0.1 on port 90) ; mp1.mydomain.com ; mp1.mydomain.com:7000 ; - domain://domain_name ; Use all MediaProxies defined by domain_name, honoring ; their priority and weight to create a cluster of proxies ; with fallback and load balancing capabilities. ; ; Default value: /var/run/mediaproxy.sock ; start = yes socket = /var/run/proxydispatcher.sock group = ser defaultProxy = /var/run/mediaproxy.sock [MediaProxy] ; ; Section for configuring the MediaProxy server ; ; The following options are available here: ; ; start Boolean value that specifies if to start the RTP proxy server. ; Default value: Yes ; ; socket Path to the UNIX socket where MediaProxy receives ; commands from the dispatcher or SER. ; Default value: /var/run/mediaproxy.sock ; ; group Put the socket in this group and make it group writable. ; Default value: ser ; ; listen Network address where MediaProxy receives commands from ; a remote dispatcher. ; Valid values for this are: ; ; - None ; don't listen for network connections at all ; - address[:port] ; listen on the specified address and port ; address can be an IP a hostname or the keyword Any ; (in which case it will listen on 0.0.0.0). If address is ; a hostname, that should map in DNS to an IP address ; present on the machine through an A record. ; If port is missing assume 25060. ; ; Default value: None ; ; allow List of addresses that are allowed to connect to this ; MediaProxy server and send commands. ; They are specified as a comma separated list of entries, with ; each entry being specified in the CIDR network/mask notation ; (ex. 10.0.0.0/8) ; ; In addition simple IP addresses or hostnames are allowed, in ; which case the mask is considered to be 32. ; ; In addition to network ranges/addresses 2 keywords can be used ; for this option: ; None to specify that none is allowed to connect (not very ; useful but this is the default for security reasons) ; Any to specify that anyone is allowed to connect ; (dangerous!) ; ; Example: allow = 10.0.0.0/24, home-pc.mydomain.com, 1.2.3.4 ; ; Default value: None ; ; proxyIP IP address to use to talk to the phones. If not specified, the ; first found will be used. However first found usually means ; first defined in /etc/hosts which may not be what you want. ; If you find that the address that's automatically selected is ; not the one you want, you can specify the right one using this ; option. The address must be one that's present on one of the ; host's interfaces. ; ; portRange The range of ports to use for proxying the rtp streams. ; This option is specified as minport:maxport with minport and ; maxport being even numbers in the range 1024-65536 ; Default value: 35000:65000 ; ; TOS Unless you know what TOS means, leave this option alone. ; The TOS value can be specified either as a decimal number or ; as a hex number in the 0xnn format. ; Default value: 0xb8 ; ; idleTimeout Expire idle sessions after this much time. ; Default 60 seconds ; ; holdTimeout Expire calls on hold after this much time. ; Default value is 3600 seconds ; ; forceClose Forcibly close a RTP session after this many seconds even if ; it's still active. If forceClose is 0, then a session is never ; closed no matter how long it lasts. ; Default value: 0 ; start = yes socket = /var/run/mediaproxy.sock group = ser listen = 200.142.103.114 allow = any ;proxyIP = 10.0.0.1 portRange = 35000:36000 ;TOS = 0xb8 idleTimeout = 60 holdTimeout = 3600 forceClose = 0 accounting = off [Accounting] user = ser password = heslo host = any database = ser table = ser #[Accounting] #user = dbuser #password = dbpass #host = dbhost #database = radius #table = radacct =================== End of mediaproxy.ini ====================== -- Felipe Martins Mundivox Communications Tecnologia e Projetos fmartins(a)mundivox.com Tel.: +55 +21 +3820 8839 Cel.: +55 +21 +9823 8602 Fax.: +55 +21 +3820 8844 www.mundivox.com