hi all-
i have the following setup:
1. ser running on 5060 2. nathelper/rtp 3. mysql database w/digest authentication
now, i have a client on a private network (NAT) behind a firewall. port 5060 tcp is on the firewall is open as well as 35000 to 37000 UDP (rtpproxy is set to run between these ports). when i plug the client into a regular, non-firewalled home router, it registers properly (register->401->register again->OK) when i put the same client behind the firewall, it 401's twice.
i am 100% sure the password is correct.
is there something else that needs to be open? I dont really understand the authentication mechanism - does the password come via a different port or something like that?
Does the 2nd register message send by the client contain Authorization or Proxy-Authorization header fields? It may happen that the client does not receive the first 401 sent by the server because the firewall blocks it and then the second REGISTER message will be a retransmission of the first one and the server will send the same reply, that means 401.
Jan.
Yair Hakak wrote:
hi all-
i have the following setup:
- ser running on 5060
- nathelper/rtp
- mysql database w/digest authentication
now, i have a client on a private network (NAT) behind a firewall. port 5060 tcp is on the firewall is open as well as 35000 to 37000 UDP (rtpproxy is set to run between these ports). when i plug the client into a regular, non-firewalled home router, it registers properly (register->401->register again->OK) when i put the same client behind the firewall, it 401's twice.
i am 100% sure the password is correct.
is there something else that needs to be open? I dont really understand the authentication mechanism - does the password come via a different port or something like that?
Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
second register has a WWW-authenticate: Digest, a realm which matches that in ser.cfg, and a nonce.
that, and the fact that the registers come in pairs makes me believe the client is recieving the first register.
thanks for the help so far- yair
On 11/21/06, Jan Janak jan@iptel.org wrote:
Does the 2nd register message send by the client contain Authorization or Proxy-Authorization header fields? It may happen that the client does not receive the first 401 sent by the server because the firewall blocks it and then the second REGISTER message will be a retransmission of the first one and the server will send the same reply, that means 401.
Jan.
Yair Hakak wrote:
hi all-
i have the following setup:
- ser running on 5060
- nathelper/rtp
- mysql database w/digest authentication
now, i have a client on a private network (NAT) behind a firewall. port 5060 tcp is on the firewall is open as well as 35000 to 37000 UDP (rtpproxy
is
set to run between these ports). when i plug the client into a regular, non-firewalled home router, it registers properly (register->401->register again->OK) when i put the same client behind the firewall, it 401's twice.
i am 100% sure the password is correct.
is there something else that needs to be open? I dont really understand
the
authentication mechanism - does the password come via a different port
or
something like that?
Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-
Jan Janak -
Yair Hakak