AFAIK, two UAs (symm) behind two different port restricted cone NATs can talk to each other without the mediaproxy, try to fix the SDP using fix_nated_sdp("2").
If the NAT is hairpin enabled then UAs behind the same port restricted NAT can talk to each other.
~Vamsi
On 9/25/06, kjcsb kjcsb@orcon.net.nz wrote:
Yes, you are most definitely on to something. NAT-handling is complex
and
it takes some work to fine-tune it the way you want. I few comments:
- Look at nathelper's nat_uac_test. It has more options and better
control, look at option 16, which is very good for detecting symmetric NATs where STUN or an ALG has tried to fix the message
- If you are doing pstn, your gw supporting active media will reduce
your
proxied calls to none
- sipura has many nat-handling options and takes some tweaking to get
them
right for your config
- The behavior of the UAs will differ depending on the type of NAT they
are behind. When behind a symmetric NAT, they should not try to fix the ip:port, but some do. nat_uac_test("16") will in most cases reveal this
Good luck! (and I'm sure others would appreciate a how-to on optimizing NAT at iptel.org http://www.iptel.org/node/add/flexinode-4 If you create one, I'll help out in making it accurate) Also, make sure you have a look at the new NAT-handling document: http://www.iptel.org/ser/howtos/optimizing_the_use_of_rtp_proxy g-)
Many thanks. I've read and reread "Optimizing the use of rtp proxy". I've also done a lot more reading on SDP & RTP which is most relevant to the audio issue. Signalling is not the problem i.e. the messages are passed back and forward through the proxy and I'm happy with that. It's the audio I want to offload.
I think the key unanswered question I have is this: in the (seemingly) most common scenario of two symmetric (signalling and RTP) UAs behind two different (port) restricted cone NATs, can two-way audio be established without the use of a media proxy? I had previously thought that was possible but the latest reading I have done indicates not. Why? Because one side must initiate the audio part of the call and the other side's NAT device will not know where to send that audio on the LAN side of the network. Could someone put me out of my misery and confirm one way or the other?
I had thought another alternative was to map the RTP ports on the NAT device. This would mean forwarding ranges of ports to specific IP addresses (each different port range relating to a specific UA) on the NAT device. Each UA would then be configured to send RTP traffic on the port range relating to its IP address. But if both sides are behind NAT then am I right in thinking that this won't work either because the callees NAT device still doesn't know where to send it?
Regarding me documenting my solution it looks to me like it's already been done in "Optimizing the use of rtp proxy"! I'm currently using media proxy so the main difference would be that the media proxy selection would be based on the domain rather than an avp.e.g. west.domain.com goes to one proxy and east.domain.com goes to another.
Cameron
Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers