Hi all I am trying nathelper with rtpproxy to let client behind nat/firewall can make a call , I have some questions... (1) Client A (kphone 3.14)------------------iptel.org-----------------------------NAT-------------------------Client B (kphone 3.14) 61.217.126.64 195.37.77.101 61.217.xxx.xxx 77.77.77.17 B call A , and the call has setup , also , both A and B send rtp packet to 195.37.77.101 , and receive in the port which describe in SDP but both client can't receive any voice ... maybe it's something wrong in client ... so is anyone have try if this scenario can work ? or iptel.org not support client behind NAT/ firewall ?? (2) before trying (1) , i have build the environment Client A (kphone 3.14)-------------SIP server SER + Rtpproxy ---------------------NAT/Firewall-------------------------Client B (kphone 3.14) private IP public IP public IP private IP whatever A call B , or B call A , the call can setup , but after forwarding by SER the SDP didn't modify correctly , all the same as client send it should modify to Ser server's ip and port , but it seems not... i think maybe is my ser.cfg has some mistake could anyone give some idea where should i add or modify something ? here is my ser.cfg which refered to (http://www.informatik.uni-bremen.de/~prelle/terena/cookbook/main/ch04s07.ht…) regards jimmy ============================================================================================ # # $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $ # # simple quick-start config script # # ----------- global configuration parameters ------------------------ #debug=3 # debug level (cmd line: -dddddddddd) #fork=yes #log_stderror=no # (cmd line: -E) #/* Uncomment these lines to enter debugging mode debug=7 #fork=no log_stderror=yes #*/ check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) #port=5060 #children=4 fifo="/tmp/ser_fifo" # ------------------ module loading ---------------------------------- # Uncomment this if you want to use SQL database #loadmodule "/usr/local/lib/ser/modules/mysql.so" loadmodule "/usr/local/lib/ser/modules/sl.so" loadmodule "/usr/local/lib/ser/modules/tm.so" loadmodule "/usr/local/lib/ser/modules/rr.so" loadmodule "/usr/local/lib/ser/modules/maxfwd.so" loadmodule "/usr/local/lib/ser/modules/usrloc.so" loadmodule "/usr/local/lib/ser/modules/registrar.so" #++++++++++ jimmy added ++++++++++++++++++ loadmodule "/usr/local/lib/ser/modules/textops.so" loadmodule "/usr/local/lib/ser/modules/nathelper.so" #---------------------------------------------------- # Uncomment this if you want digest authentication # mysql.so must be loaded ! #loadmodule "/usr/local/lib/ser/modules/auth.so" #loadmodule "/usr/local/lib/ser/modules/auth_db.so" # ----------------- setting module-specific parameters --------------- #++++++++++ jimmy added ++++++++++++++++++ #we will you flag 6 to mark NATed contacts modparam("registrar","nat_flag",6) #Enable NAT pinging modparam("nathelper","natping_interval",3) #ping only contacts that are known to be behind NAT modparam("nathelper","ping_nated_only",1) #---------------------------------------------------- # -- usrloc params -- modparam("usrloc", "db_mode", 0) # Uncomment this if you want to use SQL database # for persistent storage and comment the previous line #modparam("usrloc", "db_mode", 2) # -- auth params -- # Uncomment if you are using auth module # #modparam("auth_db", "calculate_ha1", yes) # # If you set "calculate_ha1" parameter to yes (which true in this config), # uncomment also the following parameter) # #modparam("auth_db", "password_column", "password") # -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1) # ------------------------- request routing logic ------------------- # main routing logic route{ #++++++++++ jimmy added ++++++++++++++++++ if(nat_uac_test("3")) { if((method == "REGISTER") || !(search("^Record-Route:"))) { log("LOG:Someone trying to register from private IP, rewriting\n"); fix_nated_contact(); if(method == "INVITE") { fix_nated_sdp("3"); }; force_rport(); setflag(6); }; }; #---------------------------------------------------- # initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); break; }; if ( msg:len > max_len ) { sl_send_reply("513", "Message too big"); break; }; # we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol record_route(); # loose-route processing if (loose_route()) { t_relay(); break; }; # if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) if (uri==myself) { if (method=="REGISTER") { # Uncomment this if you want to use digest authentication # if (!www_authorize("iptel.org", "subscriber")) { # www_challenge("iptel.org", "0"); # break; # }; save("location"); break; }; # native SIP destinations are handled using our USRLOC DB if (!lookup("location")) { sl_send_reply("404", "Not Found"); break; }; }; # forward to current uri now; use stateful forwarding; that # works reliably even if we forward from TCP to UDP if (!t_relay()) { sl_reply_error(); }; } #++++++++++ jimmy added +++++++++++++++++++++ route[1] { if(uri=~"[@:](192\.168\.|10\.|172\.16)" && !search("^Route:")) { sl_send_reply("479","we don't forward to private IP address"); break; }; if(isflagset(6)) { force_rtp_proxy(); t_on_reply("1"); append_hf("P-Behind-NAT: Yes\r\n"); } if(!t_relay()) { sl_reply_error(); break; } } onreply_route[1] { if(status =~ "(183)|2[0-9][0-9]") { fix_nated_contact(); force_rtp_proxy(); }; } #---------------------------------------------------- ============================================================================================