15 Sep
2006
15 Sep
'06
2:29 p.m.
Okay... start small. You can work through this.
First things first:
Comment out the proxy_authorize portion of the config. Restart ser, and try the call
again. See if it works.
If it does, uncomment it, but right BEFORE the proxy_authorize, put the check for the
trusted table and then a log message to check the logs...
something like:
if(!allow_trusted())
{
log(1, "ALLOW TRUSTED CHECK FAILED -- HOST NOT IN TRUSTED TABLE");
if(!proxy_authorize... etc, etc)
};
Restart ser, and try the call again. If that message pops up, then there's something
wrong with the trusted host check and you can double check the data you entered into the
database to make sure it's all actually correct.
Your trusted table should look something like:
+----------------+-------+--------------+| src_ip | proto | from_pattern
|+----------------+-------+--------------+| 127.0.0.1 | any | sip:.*$ ||
81.21.38.13 | any | sip:.*$ |+----------------+-------+--------------+
On Fri, 15 Sep 2006 12:36:04 +0300, ravi reddy wrote
this is the ngrep -record when i tried to make a
incoming call from PSTN
U MailScanner warning: numerical links are often malicious: 81.21.38.13:57812 ->
MailScanner warning: numerical links are often malicious: 81.21.33.35:5060
INVITE sip:22030980@81.21.33.35:5060 SIP/2.0.
Via: SIP/2.0/UDP MailScanner warning: numerical links are often malicious:
81.21.38.13:5060.
From: <sip:22498045@81.21.38.13>;tag=78415468-CC3.
To: <sip:22030980@81.21.33.35>.
Date: Fri, 15 Sep 2006 09:15:20 GMT.
Call-ID: 8BB4320C-43D111DB-9F91880F-F0154510(a)81.21.38.13.
Supported: timer,100rel.
Min-SE: 1800.
Cisco-Guid: 3763255713-1164120539-2201223171-3126568985.
User-Agent: Cisco-SIPGateway/IOS-12.x.
Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, COMET, REFER, SUBSCRIBE, NOTIFY, INFO.
CSeq: 101 INVITE.
Max-Forwards: 6.
Remote-Party-ID: <sip:22498045@81.21.38.13>;party=calling;screen=yes;privacy=off.
Timestamp: 1158311720.
Contact: <sip:22498045@81.21.38.13:5060>.
Expires: 180.
Allow-Events: telephone-event.
Content-Type: application/sdp.
Content-Length: 274.
.
v=0.
o=CiscoSystemsSIP-GW-UserAgent 9485 5123 IN IP4 MailScanner warning: numerical links are
often malicious: 81.21.38.13.
s=SIP Call.
c=IN IP4 MailScanner warning: numerical links are often malicious: 81.21.38.13.
t=0 0.
m=audio 17124 RTP/AVP 18 0 8 100.
a=rtpmap:18 G729/8000.
a=fmtp:18 annexb=no.
a=rtpmap:0 PCMU/8000.
a=rtpmap:8 PCMA/8000.
a=rtpmap:100 X-NSE/8000.
a=fmtp:100 192-194.
#
U MailScanner warning: numerical links are often malicious: 81.21.33.35:5060 ->
MailScanner warning: numerical links are often malicious: 81.21.38.13:5060
SIP/2.0 407 Proxy Authentication Required.
Via: SIP/2.0/UDP MailScanner warning: numerical links are often malicious:
81.21.38.13:5060.
From: <sip:22498045@81.21.38.13>;tag=78415468-CC3.
To: <sip:22030980@81.21.33.35>;tag=74961b5b71b6ddce908b9155b956083f.58b5.
Call-ID: 8BB4320C-43D111DB-9F91880F-F0154510(a)81.21.38.13.
CSeq: 101 INVITE.
Proxy-Authenticate: Digest realm="MailScanner warning: numerical links are often
malicious: 81.21.33.35", nonce="450a6fac7fc0d4000fd13a85f7f6c55323ed6a5c".
Content-Length: 0.
Warning: 392 MailScanner warning: numerical links are often malicious: 81.21.33.35:5060
"Noisy feedback tells: pid=24505req_src_ip=MailScanner warning: numerical links are
often malicious: 81.21.38.13
req_src_port=57812in_uri=sip:22030980@81.21.33.35:5060out_uri=sip:22030980@81.21.33.35:5060
via_cnt==1".
.
#
U MailScanner warning: numerical links are often malicious: 81.21.38.13:57812 ->
MailScanner warning: numerical links are often malicious: 81.21.33.35:5060
ACK sip:22030980@81.21.33.35:5060 SIP/2.0.
Via: SIP/2.0/UDP MailScanner warning: numerical links are often malicious:
81.21.38.13:5060.
From: <sip:22498045@81.21.38.13>;tag=78415468-CC3.
To: <sip:22030980@81.21.33.35>;tag=74961b5b71b6ddce908b9155b956083f.58b5.
Date: Fri, 15 Sep 2006 09:15:20 GMT.
Call-ID: 8BB4320C-43D111DB-9F91880F-F0154510(a)81.21.38.13.
Max-Forwards: 6.
Content-Length: 0.
CSeq: 101 ACK.
.
#
U MailScanner warning: numerical links are often malicious: 81.21.38.13:51826 ->
MailScanner warning: numerical links are often malicious: 81.21.33.35:5060
INVITE sip:22030980@81.21.33.35:5060 SIP/2.0.
Via: SIP/2.0/UDP MailScanner warning: numerical links are often malicious:
81.21.38.13:5060.
From: <sip:22498045@81.21.38.13>;tag=78415970-1FEC.
To: <sip:22030980@81.21.33.35>.
Date: Fri, 15 Sep 2006 09:15:22 GMT.
Call-ID: 8C78BCF5-43D111DB-9F95880F-F0154510(a)81.21.38.13.
Supported: timer,100rel.
Min-SE: 1800.
Cisco-Guid: 3776566429-1164120539-2202206211-3126568985.
User-Agent: Cisco-SIPGateway/IOS-12.x.
Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, COMET, REFER, SUBSCRIBE, NOTIFY, INFO.
CSeq: 101 INVITE.
Max-Forwards: 6.
Remote-Party-ID: <sip:22498045@81.21.38.13>;party=calling;screen=yes;privacy=off.
Timestamp: 1158311722.
Contact: <sip:22498045@81.21.38.13:5060>.
Expires: 180.
Allow-Events: telephone-event.
Content-Type: application/sdp.
Content-Length: 274.
.
And these messages are repeating until the requested time out;-)
Whats wrong here :-
Hope this information can help me
Thanks,
Ravi.