15 Sep
2004
15 Sep
'04
9:14 a.m.
Hi all,
I am using the following configuration to test SJPhone through IPTEL proxy
server(publicly
available:195.37.77.99).
HOST1(win2K)---FW1---Internet---FW2---HOST2(winXP)
Host1 and Host2 are hosts with private IPs having SJPhone application. FW1
and FW2 are
firewall/NAT devices with SIP-ALG implementation. This means all the SIP
messages are modified to include the public IPs in them. Also the
via,contact ports are modified. Now both host1 and host2
register with the iptel proxy server. A call is initiated from host1. Host2
sends 200 OK response
to the HOST1. After this the ACK sent by Host1 is sent to port 5060 on
HOst2,instead of the
contact port advertised in 200 OK. This is observed from ethereal captures
on Host2. All these
messages are going through the proxy server(195.37.77.99).
Can someone please tell me why the proxy server is behaving this way, i.e.
sending ACK on 5060
instead of the contact. Is there anything that i am missing here or doing
wrong.
Thanks
Mahesh
15 Sep
15 Sep
9:28 a.m.
New subject: [Serusers] Proxy sending ACK on port 5060 instead of on contact port
Mahesh,
Given that you have ethereal capture, send it in to the list and we can see
what's happening.
Zeus
-----Original Message-----
From: serusers-bounces(a)lists.iptel.org
[mailto:serusers-bounces@lists.iptel.org] On Behalf Of mahesh
Sent: Wednesday, 15 September 2004 5:15 PM
To: serusers(a)lists.iptel.org
Subject: [Serusers] Proxy sending ACK on port 5060 instead of
on contact port
Hi all,
I am using the following configuration to test SJPhone
through IPTEL proxy
server(publicly
available:195.37.77.99).
HOST1(win2K)---FW1---Internet---FW2---HOST2(winXP)
Host1 and Host2 are hosts with private IPs having SJPhone
application. FW1
and FW2 are
firewall/NAT devices with SIP-ALG implementation. This means
all the SIP
messages are modified to include the public IPs in them. Also the
via,contact ports are modified. Now both host1 and host2
register with the iptel proxy server. A call is initiated
from host1. Host2
sends 200 OK response
to the HOST1. After this the ACK sent by Host1 is sent to
port 5060 on
HOst2,instead of the
contact port advertised in 200 OK. This is observed from
ethereal captures
on Host2. All these
messages are going through the proxy server(195.37.77.99).
Can someone please tell me why the proxy server is behaving
this way, i.e.
sending ACK on 5060
instead of the contact. Is there anything that i am missing
here or doing
wrong.
Thanks
Mahesh
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
11:52 a.m.
New subject: [Serusers] Proxy sending ACK on port 5060 instead of on contact port
Hi Zeus,
I am attaching the ethereal captures of both fw1 and fw2(on wan
interfaces). Only relevant packets are shown in the capture to minimize the
file size.
The NAT IP used by fw1 is 202.125.84.164 and the one used by fw2 is
202.125.84.163
regards
Mahesh
Mahesh,
Given that you have ethereal capture, send it in to the list and we can see
what's happening.
Zeus
> -----Original Message-----
> From: serusers-bounces(a)lists.iptel.org
> [mailto:serusers-bounces@lists.iptel.org] On Behalf Of mahesh
> Sent: Wednesday, 15 September 2004 5:15 PM
> To: serusers(a)lists.iptel.org
> Subject: [Serusers] Proxy sending ACK on port 5060 instead of
> on contact port
>
>
> Hi all,
>
> I am using the following configuration to test SJPhone
> through IPTEL proxy
> server(publicly
> available:195.37.77.99).
>
> HOST1(win2K)---FW1---Internet---FW2---HOST2(winXP)
>
> Host1 and Host2 are hosts with private IPs having SJPhone
> application. FW1
> and FW2 are
> firewall/NAT devices with SIP-ALG implementation. This means
> all the SIP
> messages are modified to include the public IPs in them. Also the
> via,contact ports are modified. Now both host1 and host2
> register with the iptel proxy server. A call is initiated
> from host1. Host2
> sends 200 OK response
> to the HOST1. After this the ACK sent by Host1 is sent to
> port 5060 on
> HOst2,instead of the
> contact port advertised in 200 OK. This is observed from
> ethereal captures
> on Host2. All these
> messages are going through the proxy server(195.37.77.99).
>
> Can someone please tell me why the proxy server is behaving
> this way, i.e.
> sending ACK on 5060
> instead of the contact. Is there anything that i am missing
> here or doing
> wrong.
>
> Thanks
> Mahesh
>
> _______________________________________________
> Serusers mailing list
> serusers(a)lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
>
12:44 p.m.
New subject: [Serusers] Proxy sending ACK on port 5060 instead of on contact port
The ACK from Sjphone is broken, it contains sip:202.125.84.163 in the
Request-URI but the Request-URI should be sip:202.125.84.163:1585 (port
is missing) because that's what the UA receives in 200 OK.
Jan.
On 15-09 15:22, mahesh wrote:
Hi Zeus,
I am attaching the ethereal captures of both fw1 and fw2(on wan
interfaces). Only relevant packets are shown in the capture to minimize the
file size.
The NAT IP used by fw1 is 202.125.84.164 and the one used by fw2 is
202.125.84.163
regards
Mahesh
>Mahesh,
>
>Given that you have ethereal capture, send it in to the list and we can see
>what's happening.
>
>Zeus
>
>> -----Original Message-----
>> From: serusers-bounces(a)lists.iptel.org
>> [mailto:serusers-bounces@lists.iptel.org] On Behalf Of mahesh
>> Sent: Wednesday, 15 September 2004 5:15 PM
>> To: serusers(a)lists.iptel.org
>> Subject: [Serusers] Proxy sending ACK on port 5060 instead of
>> on contact port
>>
>>
>> Hi all,
>>
>> I am using the following configuration to test SJPhone
>> through IPTEL proxy
>> server(publicly
>> available:195.37.77.99).
>>
>> HOST1(win2K)---FW1---Internet---FW2---HOST2(winXP)
>>
>> Host1 and Host2 are hosts with private IPs having SJPhone
>> application. FW1
>> and FW2 are
>> firewall/NAT devices with SIP-ALG implementation. This means
>> all the SIP
>> messages are modified to include the public IPs in them. Also the
>> via,contact ports are modified. Now both host1 and host2
>> register with the iptel proxy server. A call is initiated
>> from host1. Host2
>> sends 200 OK response
>> to the HOST1. After this the ACK sent by Host1 is sent to
>> port 5060 on
>> HOst2,instead of the
>> contact port advertised in 200 OK. This is observed from
>> ethereal captures
>> on Host2. All these
>> messages are going through the proxy server(195.37.77.99).
>>
>> Can someone please tell me why the proxy server is behaving
>> this way, i.e.
>> sending ACK on 5060
>> instead of the contact. Is there anything that i am missing
>> here or doing
>> wrong.
>>
>> Thanks
>> Mahesh
>>
>> _______________________________________________
>> Serusers mailing list
>> serusers(a)lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
>>
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
12:46 p.m.
New subject: [Serusers] Proxy sending ACK on port 5060 instead of on contact port
There is the same problem in BYE, even in the BYE sent by the calee.
Jan.
On 15-09 12:44, Jan Janak wrote:
The ACK from Sjphone is broken, it contains
sip:202.125.84.163 in the
Request-URI but the Request-URI should be sip:202.125.84.163:1585 (port
is missing) because that's what the UA receives in 200 OK.
Jan.
On 15-09 15:22, mahesh wrote:
Hi Zeus,
I am attaching the ethereal captures of both fw1 and fw2(on wan
interfaces). Only relevant packets are shown in the capture to minimize the
file size.
The NAT IP used by fw1 is 202.125.84.164 and the one used by fw2 is
202.125.84.163
regards
Mahesh
>Mahesh,
>
>Given that you have ethereal capture, send it in to the list and we can see
>what's happening.
>
>Zeus
>
>> -----Original Message-----
>> From: serusers-bounces(a)lists.iptel.org
>> [mailto:serusers-bounces@lists.iptel.org] On Behalf Of mahesh
>> Sent: Wednesday, 15 September 2004 5:15 PM
>> To: serusers(a)lists.iptel.org
>> Subject: [Serusers] Proxy sending ACK on port 5060 instead of
>> on contact port
>>
>>
>> Hi all,
>>
>> I am using the following configuration to test SJPhone
>> through IPTEL proxy
>> server(publicly
>> available:195.37.77.99).
>>
>> HOST1(win2K)---FW1---Internet---FW2---HOST2(winXP)
>>
>> Host1 and Host2 are hosts with private IPs having SJPhone
>> application. FW1
>> and FW2 are
>> firewall/NAT devices with SIP-ALG implementation. This means
>> all the SIP
>> messages are modified to include the public IPs in them. Also the
>> via,contact ports are modified. Now both host1 and host2
>> register with the iptel proxy server. A call is initiated
>> from host1. Host2
>> sends 200 OK response
>> to the HOST1. After this the ACK sent by Host1 is sent to
>> port 5060 on
>> HOst2,instead of the
>> contact port advertised in 200 OK. This is observed from
>> ethereal captures
>> on Host2. All these
>> messages are going through the proxy server(195.37.77.99).
>>
>> Can someone please tell me why the proxy server is behaving
>> this way, i.e.
>> sending ACK on 5060
>> instead of the contact. Is there anything that i am missing
>> here or doing
>> wrong.
>>
>> Thanks
>> Mahesh
>>
>> _______________________________________________
>> Serusers mailing list
>> serusers(a)lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
>>
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
1:15 p.m.
New subject: [Serusers] Proxy sending ACK on port 5060 instead of on contact port
Jan,
It true that the Request-URI is incorrect. However, I would not jump to
conclusion that it's Sjphone's problem yet unless it's a known problem with
their 1.0 version software. The capture is on the wan side of a ALG device.
From my point of perspective, the ALG does not rewrite
the address and port
correctly. That may be the problem.
Looking at fw2's dump, the 200OK (packet 16), the contact address is
sip:202.125.84.163:1585. A moment later, the same 200OK (packet 17) has
contact address of sip:202.125.84.1585. If both firewalls are the same, I
would say it's logic is wrong and causing Sjphone response with wrong
information. This is why I response in another mail that the contact address
is different on every other packet.
Mahesh,
Could you also send in the ethereal dump inside the ALG as well? That would
help isolate the problem, whether it's with Sjphone or the ALG.
Zeus
-----Original Message-----
From: Jan Janak [mailto:jan@iptel.org]
Sent: Wednesday, 15 September 2004 8:45 PM
To: mahesh
Cc: Zeus Ng; serusers(a)lists.iptel.org
Subject: Re: [Serusers] Proxy sending ACK on port 5060
instead of on contact port
The ACK from Sjphone is broken, it contains
sip:202.125.84.163 in the Request-URI but the Request-URI
should be sip:202.125.84.163:1585 (port is missing) because
that's what the UA receives in 200 OK.
Jan.
On 15-09 15:22, mahesh wrote:
Hi Zeus,
I am attaching the ethereal captures of both fw1 and fw2(on wan
interfaces). Only relevant packets are shown in the capture
to minimize the
file size.
The NAT IP used by fw1 is 202.125.84.164 and the one used by fw2 is
202.125.84.163
regards
Mahesh
>Mahesh,
>
>Given that you have ethereal capture, send it in to the
list and we
>can see what's happening.
>
>Zeus
>
>> -----Original Message-----
>> From: serusers-bounces(a)lists.iptel.org
>> [mailto:serusers-bounces@lists.iptel.org] On Behalf Of mahesh
>> Sent: Wednesday, 15 September 2004 5:15 PM
>> To: serusers(a)lists.iptel.org
>> Subject: [Serusers] Proxy sending ACK on port 5060 instead of on
>> contact port
>>
>>
>> Hi all,
>>
>> I am using the following configuration to test SJPhone through
>> IPTEL proxy server(publicly
>> available:195.37.77.99).
>>
>> HOST1(win2K)---FW1---Internet---FW2---HOST2(winXP)
>>
>> Host1 and Host2 are hosts with private IPs having SJPhone
>> application. FW1 and FW2 are
>> firewall/NAT devices with SIP-ALG implementation. This means
>> all the SIP
>> messages are modified to include the public IPs in them. Also the
>> via,contact ports are modified. Now both host1 and host2
>> register with the iptel proxy server. A call is initiated
>> from host1. Host2
>> sends 200 OK response
>> to the HOST1. After this the ACK sent by Host1 is sent to
>> port 5060 on
>> HOst2,instead of the
>> contact port advertised in 200 OK. This is observed from
>> ethereal captures
>> on Host2. All these
>> messages are going through the proxy server(195.37.77.99).
>>
>> Can someone please tell me why the proxy server is behaving this
>> way, i.e. sending ACK on 5060
>> instead of the contact. Is there anything that i am missing
>> here or doing
>> wrong.
>>
>> Thanks
>> Mahesh
>>
>> _______________________________________________
>> Serusers mailing list
>> serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
>>
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
1:53 p.m.
New subject: [Serusers] Proxy sending ACK on port 5060 instead of on contact port
On 15-09 21:15, Zeus Ng wrote:
Jan,
It true that the Request-URI is incorrect. However, I would not jump to
conclusion that it's Sjphone's problem yet unless it's a known problem with
their 1.0 version software.
The capture is on the wan side of a ALG device.
I did not know that there was an ALG, I wrote Sjphone because I saw
the name in the message.
From my point of perspective, the ALG does not
rewrite the address and port
correctly. That may be the problem. Looking at fw2's dump, the 200OK (packet 16), the
contact address is
sip:202.125.84.163:1585. A moment later, the same 200OK (packet 17) has
contact address of sip:202.125.84.1585. If both firewalls are the same, I
would say it's logic is wrong and causing Sjphone response with wrong
information. This is why I response in another mail that the contact address
is different on every other packet.
Mahesh,
Could you also send in the ethereal dump inside the ALG as well? That would
help isolate the problem, whether it's with Sjphone or the ALG.
Jan.
2:29 p.m.
New subject: [Serusers] Proxy sending ACK on port 5060 instead of on contact port
Zeus,
There is the problem..
As you pointed out zeus, the SJPhone application is sending the correct
format in the request line of ACK, but the ALG is not rewriting the address
and port correctly. It is missing the port part of the request line. Hence
I guess since there is no port in the ACK request line, the proxy is
sending the ACK to the default port 5060.(please correct me if i am wrong
with the guess)
I will correct the ALG to take care of this and let you guys know if this
fixes the problem.
Coming to multiple 200 OK s with different contact ports, Since the ACK
sent by host1 is not passing through fw2, the SJPhone application on host2
is sending 200 OKs repeatedly, which in turn is causing the ALG to send the
200 OK with a different contact port for each of this 200 OK.
I could have sent the ethereal capture inside of the ALG as well, but the
capture is huge and I guess it will not be allowed. Anyways if you guys are
still interested to look at the capture inside of ALG, i will send the
capture with the selective packets.
Once again thanks Zeus and Jan for your comments and quick responses to my
mails.
Regards
Mahesh
Jan,
It true that the Request-URI is incorrect. However, I would not jump to
conclusion that it's Sjphone's problem yet unless it's a known problem with
their 1.0 version software. The capture is on the wan side of a ALG device.
From my point of perspective, the ALG does not
rewrite the address and port
correctly. That may be the problem.
Looking at fw2's dump, the 200OK (packet 16), the contact address is
sip:202.125.84.163:1585. A moment later, the same 200OK (packet 17) has
contact address of sip:202.125.84.1585. If both firewalls are the same, I
would say it's logic is wrong and causing Sjphone response with wrong
information. This is why I response in another mail that the contact address
is different on every other packet.
Mahesh,
Could you also send in the ethereal dump inside the ALG as well? That would
help isolate the problem, whether it's with Sjphone or the ALG.
Zeus
> -----Original Message-----
> From: Jan Janak [mailto:jan@iptel.org]
> Sent: Wednesday, 15 September 2004 8:45 PM
> To: mahesh
> Cc: Zeus Ng; serusers(a)lists.iptel.org
> Subject: Re: [Serusers] Proxy sending ACK on port 5060
> instead of on contact port
>
>
> The ACK from Sjphone is broken, it contains
> sip:202.125.84.163 in the Request-URI but the Request-URI
> should be sip:202.125.84.163:1585 (port is missing) because
> that's what the UA receives in 200 OK.
>
> Jan.
>
> On 15-09 15:22, mahesh wrote:
> >
> > Hi Zeus,
> >
> > I am attaching the ethereal captures of both fw1 and fw2(on wan
> > interfaces). Only relevant packets are shown in the capture
> to minimize the
> > file size.
> > The NAT IP used by fw1 is 202.125.84.164 and the one used by fw2 is
> > 202.125.84.163
> >
> > regards
> > Mahesh
> >
> >
> > >Mahesh,
> > >
> > >Given that you have ethereal capture, send it in to the
> list and we
> > >can see what's happening.
> > >
> > >Zeus
> > >
> > >> -----Original Message-----
> > >> From: serusers-bounces(a)lists.iptel.org
> > >> [mailto:serusers-bounces@lists.iptel.org] On Behalf Of mahesh
> > >> Sent: Wednesday, 15 September 2004 5:15 PM
> > >> To: serusers(a)lists.iptel.org
> > >> Subject: [Serusers] Proxy sending ACK on port 5060 instead of on
> > >> contact port
> > >>
> > >>
> > >> Hi all,
> > >>
> > >> I am using the following configuration to test SJPhone through
> > >> IPTEL proxy server(publicly
> > >> available:195.37.77.99).
> > >>
> > >> HOST1(win2K)---FW1---Internet---FW2---HOST2(winXP)
> > >>
> > >> Host1 and Host2 are hosts with private IPs having SJPhone
> > >> application. FW1 and FW2 are
> > >> firewall/NAT devices with SIP-ALG implementation. This means
> > >> all the SIP
> > >> messages are modified to include the public IPs in them. Also the
> > >> via,contact ports are modified. Now both host1 and host2
> > >> register with the iptel proxy server. A call is initiated
> > >> from host1. Host2
> > >> sends 200 OK response
> > >> to the HOST1. After this the ACK sent by Host1 is sent to
> > >> port 5060 on
> > >> HOst2,instead of the
> > >> contact port advertised in 200 OK. This is observed from
> > >> ethereal captures
> > >> on Host2. All these
> > >> messages are going through the proxy server(195.37.77.99).
> > >>
> > >> Can someone please tell me why the proxy server is behaving this
> > >> way, i.e. sending ACK on 5060
> > >> instead of the contact. Is there anything that i am missing
> > >> here or doing
> > >> wrong.
> > >>
> > >> Thanks
> > >> Mahesh
> > >>
> > >> _______________________________________________
> > >> Serusers mailing list
> > >> serusers(a)lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
> > >>
>
>
>
> > _______________________________________________
> > Serusers mailing list
> > serusers(a)lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
>
3:43 p.m.
New subject: [Serusers] Proxy sending ACK on port 5060 instead of on contact port
Mahesh,
There is the problem..
As you pointed out zeus, the SJPhone application is sending
the correct
format in the request line of ACK, but the ALG is not
rewriting the address
and port correctly. It is missing the port part of the
request line. Hence
A proper ALG should do both.
I guess since there is no port in the ACK request
line, the proxy is
sending the ACK to the default port 5060.(please correct me
if i am wrong
with the guess)
It's the case here.
Coming to multiple 200 OK s with different contact
ports,
Since the ACK
sent by host1 is not passing through fw2, the SJPhone
application on host2
is sending 200 OKs repeatedly, which in turn is causing the
ALG to send the
200 OK with a different contact port for each of this 200 OK.
The ALG has to remember the state and reuse the port for repeated messages.
Without that, it broken.
Regards
Mahesh
Zeus
7381
days inactive
7381
days old
8 comments
4 participants
participants (4)
-
'Jan Janak' -
Jan Janak
-
mahesh -
Zeus Ng