Hello list members,
since a while I'm working with SER and if all IP phones are on the same Network everything works fine. But now I try to get the Following configuration working:
+--------------+ +--------------+ | IP-Tel #96 | | IP-Tel #97 | | 192.168.0.96 | | 192.168.0.97 | +-------#------+ +------#-------+ | | +-----+ +-----+ | | +--#--#--#--#--#--+ | 192.168.0.1 | +-----------------+ | Hardware: | | NAT/Firewall | +-----------------+ | 213.191.x.x | +--------#--------+ | Internet | +--------#--------+ | 212.202.x.x | +-----------------+ | Linux: | | NAT/Firewall | | SER/MediaProxy | +-----------------+ | 192.168.1.1 | +--------#--------+ | +--------#--------+ | Switch | +--#--#--#--#--#--+ | | +-----+ +-----+ | | +-------#------+ +------#-------+ | IP-Tel #16 | | IP-Tel #17 | | 192.168.1.16 | | 192.168.1.17 | +--------------+ +--------------+
I have chosen the SER MediaProxy to solve the NAT problem with this config:
--- snip --- debug=8 fork=yes log_stderror=yes check_via=no dns=no rev_dns=no port=5060 children=4 fifo="/tmp/ser_fifo"
alias="universe"
loadmodule "/lib/ser/modules/mysql.so" loadmodule "/lib/ser/modules/sl.so" loadmodule "/lib/ser/modules/tm.so" loadmodule "/lib/ser/modules/rr.so" loadmodule "/lib/ser/modules/maxfwd.so" loadmodule "/lib/ser/modules/usrloc.so" loadmodule "/lib/ser/modules/domain.so" loadmodule "/lib/ser/modules/uri.so" loadmodule "/lib/ser/modules/registrar.so" loadmodule "/lib/ser/modules/textops.so" loadmodule "/lib/ser/modules/mediaproxy.so" loadmodule "/lib/ser/modules/auth.so" loadmodule "/lib/ser/modules/auth_db.so"
modparam("usrloc", "db_mode", 0) modparam("usrloc", "db_mode", 2) modparam("auth_db", "calculate_ha1", yes) modparam("auth_db", "password_column", "password") modparam("rr", "enable_full_lr", 1) modparam("mediaproxy", "natping_interval", 60) modparam("registrar", "nat_flag", 2)
route {
# initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); break; }; if (msg:len >= max_len ) { sl_send_reply("513", "Message too big"); break; };
if (method=="REGISTER") { if (uri==myself) { # Mark as NAT'ed if (client_nat_test("3")) { setflag(2); force_rport(); fix_contact(); };
if (!www_authorize("universe", "subscriber")) { www_challenge("universe", "0"); break; } else if (!check_to()) { sl_send_reply("403", "Username!=To not allowed"); break; };
if (!save("location")) { sl_reply_error(); }; } else { sl_send_reply("403", "This domain is not served here"); };
break; };
if (method=="INVITE") { if (!(is_from_local() || is_uri_host_local())) { sl_send_reply("403", "Relaying is forbidden"); break; }; t_on_failure("1"); } else if (method == "BYE" || method == "CANCEL") { end_media_session(); };
if (loose_route()) { if (method=="INVITE" || method=="ACK") { use_media_proxy(); }; # end media session for BYE and CANCEL is done above # before entering the loose route. no need to call it here t_relay(); break; };
# Force subsequent messages to pass trough this proxy if (method == "INVITE") { record_route(); };
if (client_nat_test("3") && !search("^Record-Route:")) { # Mark as NAT'ed force_rport(); fix_contact(); };
if (method=="INVITE") { t_on_reply("1"); };
if (is_uri_host_local()) { if (!lookup("location")) { sl_send_reply("404", "User not found"); break; }; };
if (method=="INVITE" || method=="ACK") { use_media_proxy(); };
if (!t_relay()) { if (method=="INVITE" || method=="ACK") { end_media_session(); }; sl_reply_error(); }; }
failure_route[1] { end_media_session(); }
onreply_route[1] { if (status=~"(183)|(2[0-9][0-9])") { if (client_nat_test("1")) { fix_contact(); }; use_media_proxy(); }; } --- snap ---
But if I try to make a call e.g. from #97 to #16 or any other destination, I get this Message on the Phones: "Relaying is forbidden" It's also the same, if I try to call from #17 to #16 or the other Direction.
What is wrong? Is there a big mistake in my config?
Thanks for your support Bastian