Hello,
The following is my configuration.
UA1 -> NAT1 -> INTERNET -> NAT2 -> asterisk -> NAT2 -> INTERNET -> NAT1/3 -> UA2.
When I run it with the following configuration, the nat_uac_test doesn't detect that I am behind the NAT, could any help ?
# ------------------- global configuration parameters ------------------------
debug=3 # debug level (cmd line: -dddddddddd) fork=yes log_stderror=no # (cmd line: -E)
#debug=7 #fork=no #log_stderror=yes
check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) port=5060 children=4 fifo="/tmp/ser_fifo"
alias=detone alias=detone.ghl.com alias=202.129.171.223 # ------------------- module loading ------------------ loadmodule "/usr/local/lib/ser/modules/sl.so" loadmodule "/usr/local/lib/ser/modules/tm.so" loadmodule "/usr/local/lib/ser/modules/rr.so" loadmodule "/usr/local/lib/ser/modules/maxfwd.so" loadmodule "/usr/local/lib/ser/modules/usrloc.so" loadmodule "/usr/local/lib/ser/modules/registrar.so" loadmodule "/usr/local/lib/ser/modules/exec.so" loadmodule "/usr/local/lib/ser/modules/xlog.so" loadmodule "/usr/local/lib/ser/modules/mysql.so" loadmodule "/usr/local/lib/ser/modules/auth.so" loadmodule "/usr/local/lib/ser/modules/auth_db.so" loadmodule "/usr/local/lib/ser/modules/nathelper.so" loadmodule "/usr/local/lib/ser/modules/textops.so" # ----------------- setting module-specific parameters --------------- modparam("usrloc", "db_mode", 2) modparam("auth_db", "calculate_ha1", yes) modparam("auth_db", "password_column", "password")
modparam("usrloc", "db_mode", 0) modparam("rr", "enable_full_lr", 1)
# ------------------ NAThelper ---------------- modparam("registrar", "nat_flag", 6) modparam("nathelper", "natping_interval", 30) # Ping interval 30 s modparam("nathelper", "ping_nated_only", 1) # Ping only clients behind NAT
# ------------------------- request routing logic ------------------- route{
# initial sanity checks -- messages with # max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); break; }; if ( msg:len > max_len ) { sl_send_reply("513", "Message too big"); break; };
# Special handling for NATed clients; first, NAT test is # executed: it looks for via!=received and RFC1918 addresses # in Contact (may fail if line-folding is used); also, # the received test should, if completed, should check all # vias for rpesence of received xlog("L_NOTICE", "Checking...behind the NAT ?\n"); if (nat_uac_test("1")) { xlog("L_NOTICE", "nat_uac_test=1\n"); } if (nat_uac_test("2")) { xlog("L_NOTICE", "nat_uac_test=2\n"); } if (nat_uac_test("3")) { xlog("L_NOTICE", "nat_uac_test == 3\n"); # Allow RR-ed requests, as these may indicate that # a NAT-enabled proxy takes care of it; unless it is # a REGISTER
if (method == "REGISTER" || ! search("^Record-Route:")) { xlog("L_NOTICE", "Someone trying to register from private IP, rewriting\n");
# This will work only for user agents that support symmetric # communication. We tested quite many of them and majority is # smart enough to be symmetric. In some phones it takes a configuration # option. With Cisco 7960, it is called NAT_Enable=Yes, with kphone it is # called "symmetric media" and "symmetric signalling".
fix_nated_contact(); # Rewrite contact with source IP of signalling if (method == "INVITE") { xlog("L_NOTICE", "invite behind NAT.\n"); fix_nated_sdp("1"); # Add direction=active to SDP }; force_rport(); # Add rport parameter to topmost Via setflag(6); # Mark as NATed }; };
# we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol record_route();
# loose-route processing if (loose_route()) { xlog("L_NOTICE", "loose route.\n"); # append_hf("P-hint: rr-enforced\r\n"); t_relay(); break; };
if (uri=~"^sip:[0-9][0-9][0-9]*@202.129.171.223") { xlog("L_NOTICE", "forward to asterisk.\n"); forward(10.38.38.14, 5070); break; };
# if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it)
xlog("L_NOTICE", "uri==myself?\n"); if (uri==myself){
if (method=="REGISTER") { xlog("L_NOTICE", "register but no NAT.\n"); sl_send_reply("200", "ok"); save("location"); break; };
# native SIP destinations are handled using our USRLOC DB xlog("L_NOTICE", "lookup for USRLOC.\n"); if (!lookup("location")) { sl_send_reply("404", "Not Found"); break; }; };
xlog("L_NOTICE", "checking....INVITE\n"); if (method == "INVITE") { xlog("L_NOTICE", "Invite from not NAT.\n"); record_route(); if (isflagset(4) && isflagset(5)) { xlog("L_NOTICE", "UA behind different NAT devices, forcing rtpproxy\n"); force_rtp_proxy(); t_on_reply("2"); } else { xlog("L_NOTICE", "UAs behind same NAT devicea\n"); t_on_reply("3"); } # for other conditions route here... }
# forward to current uri now; use stateful forwarding; that # works reliably even if we forward from TCP to UDP if (!t_relay()) { sl_reply_error(); };
}
onreply_route[1] { if (status =~ "[12][0-9][0-9]"){ fix_nated_contact(); force_rtp_proxy(); } }
onreply_route[2] { if (status == "200" || status == "183"){ if (isflagset(5)) { fix_nated_contact(); }; force_rtp_proxy(); } }
onreply_route[3] { if (status == "200" || status == "183"){ if (isflagset(5)) { fix_nated_contact(); }; force_rtp_proxy(); } }