Hi, I am making some progress. I still can not call "internal" sip-sip numbers, but now, instead of insisting on forwarding to the gateway, SER 404's. Debug says that the called party is not in usrloc, although I can see the entry in the location table in the db. I have attached my ser.cfg, output from debug, and ngrep in the hope that someone can show me the error of my ways. -------------ser.cfg------------------------------------------ # # $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $ # # simple quick-start config script # # ----------- global configuration parameters ------------------------ debug=4 # debug level (cmd line: -dddddddddd) fork=yes log_stderror=no # (cmd line: -E) /* Uncomment these lines to enter debugging mode #debug=7 #fork=no #log_stderror=yes */ check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=yes # (cmd. line: -R) #port=5060 children=4 fifo="/tmp/ser_fifo" # ------------------ module loading ---------------------------------- loadmodule "/usr/lib/ser/modules/mysql.so" loadmodule "/usr/lib/ser/modules/sl.so" loadmodule "/usr/lib/ser/modules/tm.so" loadmodule "/usr//lib/ser/modules/rr.so" loadmodule "/usr/lib/ser/modules/maxfwd.so" loadmodule "/usr/lib/ser/modules/usrloc.so" loadmodule "/usr/lib/ser/modules/registrar.so" loadmodule "/usr/lib/ser/modules/domain.so" loadmodule "/usr/lib/ser/modules/auth.so" loadmodule "/usr/lib/ser/modules/auth_db.so" loadmodule "/usr/lib/ser/modules/acc.so" loadmodule "/usr/lib/ser/modules/exec.so" loadmodule "/usr/lib/ser/modules/group.so" #loadmodule "/usr/lib/ser/modules/msilo.so" #loadmodule "/usr/lib/ser/modules/print.so" #loadmodule "/usr/lib/ser/modules/textops.so" #loadmodule "/usr/lib/ser/modules/jabber.so" loadmodule "/usr/lib/ser/modules/uri.so" #loadmodule "/usr/lib/ser/modules/vm.so" # ----------------- setting module-specific parameters --------------- # -- usrloc params -- #modparam("usrloc", "db_mode", 0) # Uncomment this if you want to use SQL database # for persistent storage and comment the previous line modparam("usrloc", "db_mode", 2) # -- auth params -- # Uncomment if you are using auth module # #modparam("usrloc", "db_url", "sql://ser:<password>@localhost/ser") modparam("usrloc", "db_url", "sql://ser:heslo@wlgcd1:3306/ser") modparam("auth_db", "db_url", "sql://ser:heslo@wlgcd1:3306/ser") modparam("group", "db_url", "sql://ser:heslo@wlgcd1:3306/ser") modparam("uri", "db_url", "sql://ser:heslo@wlgcd1:3306/ser") modparam("domain", "db_url", "sql://ser:heslo@wlgcd1:3306/ser") modparam("auth_db", "calculate_ha1", yes) # # If you set "calculate_ha1" parameter to yes (which true in this config), # uncomment also the following parameter) # modparam("auth_db", "password_column", "password") # -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1) # -- acc params -- modparam("acc", "log_level", 1) # that is the flag for which we will account -- don't forget to # set the same one :-) modparam("acc", "log_flag", 2 ) # ------------------------- Domains Covered ------------------------ alias="fx.net.nz" alias="vixen" alias="vixen.fx.net.nz" alias="202.53.189.50" alias="special.fx.net.nz" alias="wlgvx1.fx.net.nz" #alias="202.53.189.23" #alias="202.49.159.10" # ------------------------- request routing logic ------------------- # main routing logic route{ /* ********* ROUTINE CHECKS ********************************** */ # filter too old messages if (!mf_process_maxfwd_header("10")) { log("LOG: Too many hops\n"); sl_send_reply("483","Too Many Hops"); break; }; if (msg:len > max_len) { sl_send_reply("513", "Wow -- Message too large"); break; }; /* ********* RR ********************************** */ /* grant Route routing if route headers present */ if (loose_route()) { t_relay(); break; }; setflag(2); /* record-route INVITEs -- all subsequent requests must visit us */ if (method=="INVITE") { record_route(); }; lookup("aliases"); if (uri==myself) { if (method=="REGISTER") { # digest authentication log(1,"request for registration"); if (!www_authorize("vixen.fx.net.nz", "subscriber")) { www_challenge("vixen.fx.net.nz", "0"); break; }; # setflag(3); save("location"); break; }; } # now check if it really is a PSTN destination which should be handled # by our gateway; if not, and the request is an invitation, drop it -- # we cannot terminate it in PSTN; relay non-INVITE requests -- it may # be for example BYEs sent by gateway to call originator if (!uri=~"sip:\+?[0-9]+@.*") {if (method=="INVITE") { sl_send_reply("403", "Call cannot be served here"); } else { forward(uri:host, uri:port); }; break; }; # account completed transactions via syslog setflag(1); # free call destinations ... no authentication needed if ( is_user_in("Request-URI", "local") /* free destinations */ | uri=~"sip:[8][0-9][0-9][0-9]@.*" /* local PBX */ | uri=~"sip:98[0-9][0-9][0-9][0-9]") { log("free call"); } else if (src_ip==202.7.4.40) { # our gateway doesn't support digest authentication; # verify that a request is coming from it by source # address log("gateway-originated request"); } else { # in all other cases, we need to check the request against # access control lists; first of all, verify request # originator's identity if (!proxy_authorize( "vixen.fx.net.nz" /* realm */, "subscriber" /* table name */)) { proxy_challenge( "vixen.fx.net.nz" /* realm */, "0" /* no qop */ ); break; }; # authorize only for INVITEs -- RR/Contact may result in weird # things showing up in d-uri that would break our logic; our # major concern is INVITE which causes PSTN costs if (method=="INVITE") { # does the authenticated user have a permission for local # calls (destinations beginning with a single zero)? # (i.e., is he in the "local" group?) if (uri=~"sip:0[1-9][0-9]+@.*") { if (!is_user_in("credentials", "local")) { sl_send_reply("403", "No permission for local calls"); break; }; # the same for long-distance (destinations begin with two zeros") } else if (uri=~"sip:00[1-9][0-9]+@.*") { if (!is_user_in("credentials", "ld")) { sl_send_reply("403", " no permission for LD "); break; }; # the same for international calls (three zeros) } else if (uri=~"sip:000[1-9][0-9]+@.*") { if (!is_user_in("credentials", "int")) { sl_send_reply("403", "International permissions needed"); break; }; # everything else (e.g., interplanetary calls) is denied } else { sl_send_reply("403", "Forbidden"); break; }; }; # INVITE to authorized PSTN }; # if you have passed through all the checks, let your call go to the next stage! # native SIP destinations are handled using our USRLOC DB if(!lookup("aliases")){ log(1,"Couldn't find any matching alias"); sl_send_reply("404", "User does not exist"); break; }; if(!lookup("location")) { log(1,"unable to locate user"); # attempt handoff to PSTN. log( "Forwarding to PSTN\n" ); rewritehost( "202.7.4.40" ); forward( "202.7.4.40", 5060 ); ----------end ser.cfg---------------------------------------- -------------------debug------------------------------------- Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: SIP Request: Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: method: <INVITE> Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: uri: <sip:8923@202.53.189.50;user=phone> Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: version: <SIP/2.0> Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: parse_headers: flags=1 Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: end of header reached, state=5 Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: parse_headers: Via found, flags=1 Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: parse_headers: this is the first via Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: After parse_msg... Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: preparing to run routing scripts... Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: DEBUG : is_maxfwd_present: searching for max_forwards header Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: parse_headers: flags=128 Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: end of header reached, state=9 Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: DEBUG: get_hdr_field: <To> [37]; uri=[sip:8923@202.53.189.50;user=phone] Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: DEBUG: to body [<sip:8923@202.53.189.50;user=phone>^M ] Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: get_hdr_field: cseq <CSeq>: <1> <INVITE> Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: DEBUG: get_hdr_body : content_length=250 Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: found end of header Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: DEBUG: is_maxfwd_present: max_forwards header not found! Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: parse_headers: flags=256 Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: find_first_route(): No Route headers found Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: loose_route(): There is no Route HF Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: DEBUG: add_param: tag=4082266747 Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: end of header reached, state=29 Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: lookup(): '8923' Not found in usrloc Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: check_self - checking if host==us: 13==9 && [202.53.189.50] == [127.0.0.1] Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: check_self - checking if port 5060 matches port 5060 Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: check_self - checking if host==us: 13==13 && [202.53.189.50] == [202.53.189.50] Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: check_self - checking if port 5060 matches port 5060 Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: query="select grp from grp where username='8923' AND grp='local'" Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: is_user_in(): User is in group 'local' Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: free call Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: lookup(): '8923' Not found in usrloc Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: Couldn't find any matching alias Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: parse_headers: flags=-1 Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: check_via_address(202.53.189.24, 202.53.189.24, 2) Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: DEBUG:destroy_avp_list: destroing list (nil) Sep 16 11:14:16 vixen /usr/sbin/ser[4228]: receive_msg: cleaning up Sep 16 11:14:16 vixen /usr/sbin/ser[4230]: SIP Request: Sep 16 11:14:16 vixen /usr/sbin/ser[4230]: method: <ACK> Sep 16 11:14:16 vixen /usr/sbin/ser[4230]: uri: <sip:8923@202.53.189.50;user=phone> Sep 16 11:14:16 vixen /usr/sbin/ser[4230]: version: <SIP/2.0> Sep 16 11:14:16 vixen /usr/sbin/ser[4230]: parse_headers: flags=1 Sep 16 11:14:16 vixen /usr/sbin/ser[4230]: end of header reached, state=5 Sep 16 11:14:16 vixen /usr/sbin/ser[4230]: parse_headers: Via found, flags=1 Sep 16 11:14:16 vixen /usr/sbin/ser[4230]: parse_headers: this is the first via Sep 16 11:14:16 vixen /usr/sbin/ser[4230]: After parse_msg... Sep 16 11:14:16 vixen /usr/sbin/ser[4230]: preparing to run routing scripts... Sep 16 11:14:16 vixen /usr/sbin/ser[4230]: parse_headers: flags=4 Sep 16 11:14:16 vixen /usr/sbin/ser[4230]: DEBUG: add_param: tag=b27e1a1d33761e85846fc98f5f3a7e58.bfe0 Sep 16 11:14:16 vixen /usr/sbin/ser[4230]: end of header reached, state=29 Sep 16 11:14:16 vixen /usr/sbin/ser[4230]: DEBUG: get_hdr_field: <To> [79]; uri=[sip:8923@202.53.189.50;user=phone] Sep 16 11:14:16 vixen /usr/sbin/ser[4230]: DEBUG: to body [<sip:8923@202.53.189.50;user=phone>] Sep 16 11:14:16 vixen /usr/sbin/ser[4230]: DEBUG: sl_filter_ACK : local ACK found -> dropping it! Sep 16 11:14:16 vixen /usr/sbin/ser[4230]: DEBUG:destroy_avp_list: destroing list (nil) Sep 16 11:14:16 vixen /usr/sbin/ser[4230]: receive_msg: cleaning up ------------------------end debug--------------------------------- -------------------------ngrep port 5060-------------------------- # U 202.53.189.24:5060 -> 202.53.189.50:5060 INVITE sip:8923@202.53.189.50;user=phone SIP/2.0..Via: SIP/2.0/UDP 202.53.189.24:5060..From: <sip:4748880@202.53.189.50;user=phone>;t ag=3978441923..To: <sip:8923@202.53.189.50;user=phone>..Call-ID: 2139243568@202.53.189.24..CSeq: 1 INVITE..Contact: <sip:4748880@202 .53.189.24:5060;user=phone;transport=udp>..User-Agent: Cisco ATA v2.15 ata18x (020927a)..Expires: 300..Content-Length: 252..Content-T ype: application/sdp....v=0..o=4748880 12924 12924 IN IP4 202.53.189.24..s=ATA186 Call..c=IN IP4 202.53.189.24..t=0 0..m=audio 16384 R TP/AVP 0 4 8 101..a=rtpmap:0 PCMU/8000/1..a=rtpmap:4 G723/8000/1..a=rtpmap:8 PCMA/8000/1..a=rtpmap:101 telephone-event/8000..a=fmtp:10 1 0-15.. # U 202.53.189.50:5060 -> 202.53.189.24:5060 SIP/2.0 404 User does not exist..Via: SIP/2.0/UDP 202.53.189.24:5060..From: <sip:4748880@202.53.189.50;user=phone>;tag=3978441923..To : <sip:8923@202.53.189.50;user=phone>;tag=b27e1a1d33761e85846fc98f5f3a7e58.bfe0..Call-ID: 2139243568@202.53.189.24..CSeq: 1 INVITE..S erver: Sip EXpress router (0.8.14 (i386/linux))..Content-Length: 0..Warning: 392 202.53.189.50:5060 "Noisy feedback tells: pid=4231 r eq_src_ip=202.53.189.24 req_src_port=5060 in_uri=sip:8923@202.53.189.50;user=phone out_uri=sip:8923@202.53.189.50;user=phone via_cnt== 1".... # U 202.53.189.24:5060 -> 202.53.189.50:5060 ACK sip:8923@202.53.189.50;user=phone SIP/2.0..Via: SIP/2.0/UDP 202.53.189.24:5060..From: <sip:4748880@202.53.189.50;user=phone>;tag= 3978441923..To: <sip:8923@202.53.189.50;user=phone>;tag=b27e1a1d33761e85846fc98f5f3a7e58.bfe0..Call-ID: 2139243568@202.53.189.24..CSe q: 1 ACK..User-Agent: Cisco ATA v2.15 ata18x (020927a)..Content-Length: 0.... exit --------------------end----------------------------------------- --