Hi Ted,

What you have to do is to added in (uri==myself) section, before lookup(location) the GW diversion. Something like:

if (uri=~"uri_GW_like") { t_relay_to_udp("GW_IP","GW_PORT"); break; }

Best regards, Marian Dumitru

Trung Nguyen wrote:

Hi Serusers, I have been playing around this logic for some time now and it's giving me a bit of headache. Any help will be very appreciated. Here's what I got. I use the default setting for rtpproxy and tested all the nat scenarios from PC-PC work great. Now I want to have the PC to call out to PSTN and only allow registered client to be able to make call to pstn gateway and at the same time to go thru rtpproxy. My gateway ip address is 64.200.219.134 port 5060, it's a cisco as5350. Below is my configuration, where should I put the setting and any hint or example will be very appreciated.

---

# # $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $ # # simple quick-start config script #

# ----------- global configuration parameters

#debug=7 # debug level (cmd line: -dddddddddd) #fork=yes #log_stderror=yes # (cmd line: -E)

/* Uncomment these lines to enter debugging mode debug=7 fork=no log_stderror=yes */ listen=64.200.219.135 listen=127.0.0.1

alias=unlimitedtalk.net alias=64.200.219.135

check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) #port=5060 #children=4 fifo="/tmp/ser_fifo"

# ------------------ module loading

# Uncomment this if you want to use SQL database loadmodule "/usr/local/lib/ser/modules/mysql.so"

loadmodule "/usr/local/lib/ser/modules/sl.so" loadmodule "/usr/local/lib/ser/modules/tm.so" loadmodule "/usr/local/lib/ser/modules/rr.so" loadmodule "/usr/local/lib/ser/modules/maxfwd.so" loadmodule "/usr/local/lib/ser/modules/usrloc.so" loadmodule "/usr/local/lib/ser/modules/registrar.so" loadmodule "/usr/local/lib/ser/modules/nathelper.so" loadmodule "/usr/local/lib/ser/modules/textops.so" loadmodule "/usr/local/lib/ser/modules/acc.so"

# Uncomment this if you want digest authentication # mysql.so must be loaded ! loadmodule "/usr/local/lib/ser/modules/auth.so" loadmodule "/usr/local/lib/ser/modules/auth_db.so"

# ----------------- setting module-specific parameters

# ------------- tm parameters

modparam("tm", "fr_timer", 12) modparam("tm", "fr_inv_timer", 24)

# ------------- rr parameters # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1) # ------------- accounting parameters

modparam("acc", "log_missed_flag", 3) modparam("acc", "log_level", 1) modparam("acc", "log_flag", 1)

# ------------- usrloc parameters

# 2 enables write-back to persistent mysql storage for speed # disable=0, write-through=1 modparam("usrloc", "db_mode", 2)

# minimize write back window - default is 60 seconds modparam("usrloc", "timer_interval", 10)

# database location modparam("usrloc", "db_url", "mysql://ser:heslo@localhost/ser")

# ------------- auth parameters

# database location modparam("auth_db", "db_url", "mysql://ser:heslo@localhost/ser")

# allows clear text passwords in the mysql database modparam("auth_db", "calculate_ha1", yes)

# name of password column in mysql database modparam("auth_db", "password_column", "password")

# !! Nathelper modparam("registrar", "nat_flag", 6) modparam("nathelper", "natping_interval", 30) # Ping interval 30 s modparam("nathelper", "ping_nated_only", 1) # Ping only clients behind NAT

# ----------------- setting module-specific parameters

# ------------------------- request routing logic

# main routing logic

route{

    # initial sanity checks -- messages with
    # max_forwards==0, or excessively long

requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); break; }; if ( msg:len > max_len ) { sl_send_reply("513", "Message too big"); break; };

    # we record-route all messages -- to make sure

that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol record_route(); # loose-route processing if (loose_route()) { t_relay(); break; };

# !! Nathelper # Special handling for NATed clients; first, NAT test is # executed: it looks for via!=received and RFC1918 addresses # in Contact (may fail if line-folding is used); also, # the received test should, if completed, should check all # vias for rpesence of received if (nat_uac_test("3")) { # Allow RR-ed requests, as these may indicate that # a NAT-enabled proxy takes care of it; unless it is # a REGISTER

            if (method == "REGISTER" || !

search("^Record-Route:")) { log("LOG: Someone trying to register from private IP, rewriting\n");

                # This will work only for user

agents that support symmetric # communication. We tested quite many of them and majority is # smart enough to be symmetric. In some phones it takes a configuration # option. With Cisco 7960, it is called NAT_Enable=Yes, with kphone it is # called "symmetric media" and "symmetric signalling".

                fix_nated_contact(); # Rewrite

contact with source IP of signalling if (method == "INVITE") { fix_nated_sdp("1"); # Add direction=active to SDP }; force_rport(); # Add rport parameter to topmost Via setflag(6); # Mark as NATed }; };

    # we record-route all messages -- to make sure

that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol if (!method=="REGISTER") record_route();

    # subsequent messages withing a dialog should

take the # path determined by record-routing if (loose_route()) { # mark routing logic in request append_hf("P-hint: rr-enforced\r\n"); route(1); break; };

    if (!uri==myself) {
            # mark routing logic in request
            append_hf("P-hint: outbound\r\n");
            route(1);
            break;
    };


    # if the request is for other domain use

UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) if (uri==myself) {

            if (method=="REGISTER") {

# Uncomment this if you want to use digest authentication if (!www_authorize("unlimitedtalk.net", "subscriber")) {

www_challenge("unlimitedtalk.net", "0"); break; };

                    save("location");
                    break;
            };

            lookup("aliases");
            if (!uri==myself) {
                    append_hf("P-hint: outbound

alias\r\n"); route(1); break; };

            # native SIP destinations are handled

using our USRLOC DB if (!lookup("location")) { sl_send_reply("404", "Not Found"); break; }; }; append_hf("P-hint: usrloc applied\r\n"); route(1); }

route[1] { # !! Nathelper if (uri=~"[@:](192.168.|10.|172.(1[6-9]|2[0-9]|3[0-1]).)" && !search("^Route:")){ sl_send_reply("479", "We don't forward to private IP addresses"); break; };

    # if client or server know to be behind a NAT,

enable relay if (isflagset(6)) { force_rtp_proxy(); };

    # NAT processing of replies; apply to all

transactions (for example, # re-INVITEs from public to private UA are hard to identify as # NATed at the moment of request processing); look at replies t_on_reply("1");

    # send it out now; use stateful forwarding as

it works reliably # even for UDP2TCP if (!t_relay()) { sl_reply_error(); }; }

# !! Nathelper onreply_route[1] { # NATed transaction ? if (isflagset(6) && status =~ "(183)|2[0-9][0-9]") { fix_nated_contact(); force_rtp_proxy(); # otherwise, is it a transaction behind a NAT and we did not # know at time of request processing ? (RFC1918 contacts) } else if (nat_uac_test("1")) { fix_nated_contact(); }; }

---

Thanks in advance, Ted

_______________________________ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com

---

Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers