17 Oct
2004
17 Oct
'04
1:18 a.m.
Hello list members,
since a while I'm working with SER and if all IP phones are on the same
Network everything works fine. But now I try to get the Following
configuration working:
+--------------+ +--------------+
| IP-Tel #96 | | IP-Tel #97 |
| 192.168.0.96 | | 192.168.0.97 |
+-------#------+ +------#-------+
| |
+-----+ +-----+
| |
+--#--#--#--#--#--+
| 192.168.0.1 |
+-----------------+
| Hardware: |
| NAT/Firewall |
+-----------------+
| 213.191.x.x |
+--------#--------+
|
Internet
|
+--------#--------+
| 212.202.x.x |
+-----------------+
| Linux: |
| NAT/Firewall |
| SER/MediaProxy |
+-----------------+
| 192.168.1.1 |
+--------#--------+
|
+--------#--------+
| Switch |
+--#--#--#--#--#--+
| |
+-----+ +-----+
| |
+-------#------+ +------#-------+
| IP-Tel #16 | | IP-Tel #17 |
| 192.168.1.16 | | 192.168.1.17 |
+--------------+ +--------------+
I have chosen the SER MediaProxy to solve the NAT problem with this config:
--- snip ---
debug=8
fork=yes
log_stderror=yes
check_via=no
dns=no
rev_dns=no
port=5060
children=4
fifo="/tmp/ser_fifo"
alias="universe"
loadmodule "/lib/ser/modules/mysql.so"
loadmodule "/lib/ser/modules/sl.so"
loadmodule "/lib/ser/modules/tm.so"
loadmodule "/lib/ser/modules/rr.so"
loadmodule "/lib/ser/modules/maxfwd.so"
loadmodule "/lib/ser/modules/usrloc.so"
loadmodule "/lib/ser/modules/domain.so"
loadmodule "/lib/ser/modules/uri.so"
loadmodule "/lib/ser/modules/registrar.so"
loadmodule "/lib/ser/modules/textops.so"
loadmodule "/lib/ser/modules/mediaproxy.so"
loadmodule "/lib/ser/modules/auth.so"
loadmodule "/lib/ser/modules/auth_db.so"
modparam("usrloc", "db_mode", 0)
modparam("usrloc", "db_mode", 2)
modparam("auth_db", "calculate_ha1", yes)
modparam("auth_db", "password_column", "password")
modparam("rr", "enable_full_lr", 1)
modparam("mediaproxy", "natping_interval", 60)
modparam("registrar", "nat_flag", 2)
route {
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
break;
};
if (msg:len >= max_len ) {
sl_send_reply("513", "Message too big");
break;
};
if (method=="REGISTER") {
if (uri==myself) {
# Mark as NAT'ed
if (client_nat_test("3")) {
setflag(2);
force_rport();
fix_contact();
};
if (!www_authorize("universe", "subscriber")) {
www_challenge("universe", "0");
break;
} else if (!check_to()) {
sl_send_reply("403", "Username!=To not allowed");
break;
};
if (!save("location")) {
sl_reply_error();
};
} else {
sl_send_reply("403", "This domain is not served here");
};
break;
};
if (method=="INVITE") {
if (!(is_from_local() || is_uri_host_local())) {
sl_send_reply("403", "Relaying is forbidden");
break;
};
t_on_failure("1");
} else if (method == "BYE" || method == "CANCEL") {
end_media_session();
};
if (loose_route()) {
if (method=="INVITE" || method=="ACK") {
use_media_proxy();
};
# end media session for BYE and CANCEL is done above
# before entering the loose route. no need to call it here
t_relay();
break;
};
# Force subsequent messages to pass trough this proxy
if (method == "INVITE") {
record_route();
};
if (client_nat_test("3") && !search("^Record-Route:")) {
# Mark as NAT'ed
force_rport();
fix_contact();
};
if (method=="INVITE") {
t_on_reply("1");
};
if (is_uri_host_local()) {
if (!lookup("location")) {
sl_send_reply("404", "User not found");
break;
};
};
if (method=="INVITE" || method=="ACK") {
use_media_proxy();
};
if (!t_relay()) {
if (method=="INVITE" || method=="ACK") {
end_media_session();
};
sl_reply_error();
};
}
failure_route[1] {
end_media_session();
}
onreply_route[1] {
if (status=~"(183)|(2[0-9][0-9])") {
if (client_nat_test("1")) {
fix_contact();
};
use_media_proxy();
};
}
--- snap ---
But if I try to make a call e.g. from #97 to #16 or any other
destination, I get this Message on the Phones:
"Relaying is forbidden"
It's also the same, if I try to call from #17 to #16 or the other Direction.
What is wrong?
Is there a big mistake in my config?
Thanks for your support
Bastian