Dear Iantcho, A group of SER users are trying to establish a baseline of understanding, as well as create a set of well-proven configuration files with explanation. We do this through a document called SER - Getting Started, which can be found at http://onsip.org/. The document is under development, but we address NAT, both from a conceptual and practical point of view. If people base their configs on those templates, it will be a lot easier to help people, because the starting point (both in knowledge and configuration file structure/content) will be known. g-)
PS! Don't worry about Harry's comment below, I'm not sure if he at all bothered to register to get the Getting Started document. I have also posted responses to his requests for help five times. However, he did not start out with the ONsip.org Getting Started configuration file and insisted on getting help without even trying to copy the recommended configuration for nathelper/rtpproxy into his own.
harry gaillac wrote:
Hello,
I have the same troubles with ser+rtpproxy. I think of you'll waste time because of rtpproxy+ser documention is bad. I looked at www.onsip.org in order to find help about NAT without success but you can waste time to send help to serusers mailing list.
We can read some nat troubles in mailing list every week.
I do hope you'll find help.
Regards Harry
--- Iantcho Vassilev ianchov@gbg.bg a écrit :
Hello, guys!
Here is my situation:
I have 2 ADSL at home:
I have set up a linux(debian) SER +RTPPROXY on of the ADSL and i use the other Adsl for internet here: me ----> 192.168.0.xx(SER with two ethernet int)
192.168.0.x(default gateway)
internet
I`m using Xphone-Lite. I would like to contact another person registered on the outside interface of Ser(i`m registering from the interior). Internet IP <---> outside interface(SER)(lan)<---->me But that`s not working What`s should be the mistake(from sipsak i got: from the internet user: sipsak -s sip:adress_registered_from_lan@myADLShere returns my other ADSL line. and from sipsak -s sip:internet_number_user@myADSLhere i got sip:internet_number_user@HIS_IP_ADDRESS
rttproxy is isntalled(build from cvs this morning)
SER.cfg is
:------------------->>>>>>>>><<<<<<<<<<<--------------------
# ----------- global configuration parameters
debug=3 # debug level (cmd line: -dddddddddd) fork=yes log_stderror=no # (cmd line: -E)
#/* Uncomment these lines to enter debugging mode #debug=7 #Fork=no #log_stderror=yes #*/
check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) port=5060 #Listen=83.228.8.112 children=2 fifo="/tmp/ser_fifo"
# ------------------ module loading
# Uncomment this if you want to use SQL database #loadmodule "/usr/lib/ser/modules/mysql.so" loadmodule "/usr/lib/ser/modules/textops.so" loadmodule "/usr/lib/ser/modules/sl.so" loadmodule "/usr/lib/ser/modules/tm.so" loadmodule "/usr/lib/ser/modules/rr.so" loadmodule "/usr/lib/ser/modules/maxfwd.so" loadmodule "/usr/lib/ser/modules/usrloc.so" loadmodule "/usr/lib/ser/modules/registrar.so" loadmodule "/usr/lib/ser/modules/nathelper.so"
#loadmodule "/usr/lib/ser/modules/domain.so" #loadmodule "/usr/lib/ser/modules/mediaproxy.so" # Uncomment this if you want digest authentication # mysql.so must be loaded ! #loadmodule "/usr/lib/ser/modules/auth.so" #loadmodule "/usr/lib/ser/modules/auth_db.so"
# ----------------- setting module-specific parameters ---------------
# -- usrloc params --
modparam("usrloc", "db_mode", 0) modparam("registrar", "nat_flag", 6) modparam("nathelper", "natping_interval", 60) modparam("nathelper", "ping_nated_only", 1) # Uncomment this if you want to use SQL database # for persistent storage and comment the previous line #modparam("usrloc", "db_mode", 2)
# -- auth params -- # Uncomment if you are using auth module # #modparam("auth_db", "calculate_ha1", yes) # # If you set "calculate_ha1" parameter to yes (which true in this config), # uncomment also the following parameter) # #modparam("auth_db", "password_column", "password")
# -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1)
# ------------------------- request routing logic
# main routing logic route{
# initial sanity checks -- messages with # max_forwards==0, or excessively longrequests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); break; }; if (msg:len >= max_len ) { sl_send_reply("513", "Message too big"); break; };
# !! Nathelper # Special handling for NATed clients; first,NAT test is # executed: it looks for via!=received and RFC1918 addresses # in Contact (may fail if line-folding is used); also, # the received test should, if completed, should check all # vias for rpesence of received if (nat_uac_test("3")) { # Allow RR-ed requests, as these may indicate that # a NAT-enabled proxy takes care of it; unless it is # a REGISTER
if (method == "REGISTER" || !search("^Record-Route:")) { log("LOG: Someone trying to register from private IP, rewriting\n");
# This will work only for useragents that support symmetric # communication. We tested quite many of them and majority is # smart enough to be symmetric. In some phones it takes a configuration # option. With Cisco 7960, it is called NAT_Enable=Yes, with kphone it is # called "symmetric media" and "symmetric signalling".
fix_nated_contact(); # Rewritecontact with source IP of signalling if (method == "INVITE") { fix_nated_sdp("1"); # Add direction=active to SDP }; force_rport(); # Add rport parameter to topmost Via setflag(6); # Mark as NATed }; };
# we record-route all messages -- to makesure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol if (!method=="REGISTER") record_route();
# subsequent messages withing a dialogshould take the # path determined by record-routing if (loose_route()) { # mark routing logic in request append_hf("P-hint: rr-enforced\r\n"); route(1); break; };
if (!uri==myself) { # mark routing logic in request append_hf("P-hint: outbound\r\n"); route(1); break; };=== message truncated ===
Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails ! Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers