I have ser sitting on my iptables nat box and my asterisk box on the lan
. Ser does forwarding so that any requests (register,invite,ack,...) to
the nat box at 5060 r sent to my asterisk box on the lan .I can register
from outside
to my asterisk box but there is only one way audio , reason being that
when the asterisk box sends a sip packet whith session description the sdp
part of the sip packet is not natted .I have tried the following :
if(src_ip==10.0.0.0/255.0.0.0){
force_rtp_proxy();
encode_contact("enc_prefix","wanip");
sdp_mangle_ip("10.0.0.0/255.0.0.0","wanip");
};
and it does not work because my ethernet dump shows that the contact in
sdp is
not mangled.
Have a check through: http://www.voip-info.org/wiki-NAT+and+VOIP http://www.voip-info.org/wiki-Asterisk+SIP+NAT+solutions Regards Rob On 03/09/06, Siqhamo Sifo <siqhamo@newlunar.co.za> wrote:> > I have ser sitting on my iptables nat box and my asterisk box on the lan > . Ser does forwarding so that any requests (register,invite,ack,...) to > the nat box at 5060 r sent to my asterisk box on the lan .I can register > from outside > to my asterisk box but there is only one way audio , reason being that > when the asterisk box sends a sip packet whith session description the sdp > part of the sip packet is not natted .I have tried the following : > > if(src_ip==10.0.0.0/255.0.0.0){ > force_rtp_proxy(); > encode_contact("enc_prefix","wanip"); > sdp_mangle_ip("10.0.0.0/255.0.0.0","wanip"); > }; > > > and it does not work because my ethernet dump shows that the contact in > sdp is > not mangled. > > _______________________________________________ > --Bandwidth and Colocation provided by Easynews.com -- > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >-------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20060903/c52e6180/attachment.htm
have a look at the nathelper examples in SER distribution. This is from
an rather old installation of mine.
--
# !! Nathelper
# Special handling for NATed clients; first, NAT test is
# executed: it looks for via!=received and RFC1918 addresses
# in Contact (may fail if line-folding is used); also,
# the received test should, if completed, should check all
# vias for rpesence of received
if (nat_uac_test("3")) {
# Allow RR-ed requests, as these may indicate that
# a NAT-enabled proxy takes care of it; unless it is
# a REGISTER
if (method == "REGISTER" || !
search("^Record-Route:")) {
xlog("L_ERR", "LOG: Someone trying to
register from private
IP, rewriting\n");
# This will work only for user agents that support
symmetric
# communication. We tested quite many of them and majority
i
s
# smart enough to be symmetric. In some phones it takes a
co
nfiguration
# option. With Cisco 7960, it is called NAT_Enable=Yes,
with
kphone it is
# called "symmetric media" and "symmetric
signalling".
fix_nated_contact(); # Rewrite contact with source IP of
sig
nalling
if (method == "INVITE") {
fix_nated_sdp("1"); # Add direction=active to
SDP
};
force_rport(); # Add rport parameter to topmost Via
setflag(6); # Mark as NATed
};
};
..
# if client or server know to be behind a NAT, enable relay
if (isflagset(6)) {
force_rtp_proxy();
};
--