Example config for NATed UACs, RTPproxy, and NATed OpenSIPS (version 1.6.4)

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Example config for NATed UACs, RTPproxy, and NATed OpenSIPS (version 1.6.4)

Damon Miller
All,


I've seen many requests for an example working config that shows a working RTPproxy configuration with NATed clients, but I haven't seen many responses.  I recently spent an absurd amount of time getting a working configuration in place so I thought I would post it here in case it's helpful to anyone.

Three quick points:

1.  I have only tested this with clients behind a NAT firewall, i.e. I haven't tested with clients that have a public IP.


2.  My OpenSIPS server is behind a NAT firewall itself.  To deal with this, I added the two "advertised" options, as follows:

advertised_address="xx.xx.xx.xx"
alias="xx.xx.xx.xx:5060


(Replace the "xx.xx.xx.xx" with the NAT firewall's public IP.)

I also had to use a modified version of RTPproxy that presents the firewall's public IP even though it binds to a private IP.  Here's a post which summarizes that version of RTPproxy:

http://opensips-open-sip-server.1449251.n2.nabble.com/Rtpproxy-behind-the-NAT-td5008041.html


I run RTPproxy like this:

rtpproxy -A xx.xx.xx.xx -l 192.168.20.154 -s udp:127.0.0.1:12221 -m 25000 -M 65000 -F -d DBUG:LOCAL1


3.  I had to "tell" OpenSIPS that my firewall's public IP was one of its local domains.  I'm using MySQL as you'll see in the config file so all I had to do was insert a value into the 'domain' table.  That was pretty obvious, i.e.:

mysql> insert into domain (domain) values ("xx.xx.xx.xx");

(Replace 'xx.xx.xx.xx' with your public IP.)



Here's my 'opensips.cfg' file:

--

# ----------- global configuration parameters ------------------------
debug=3
fork=yes
log_facility=LOG_LOCAL0
log_stderror=no
children=4
port=5060
dns=no
rev_dns=no

advertised_address="xx.xx.xx.xx"
alias="xx.xx.xx.xx:5060"

# ------------------ module loading ----------------------------------
mpath="/usr/local/lib64/opensips/modules/"
loadmodule "db_mysql.so"
loadmodule "signaling.so"
loadmodule "sl.so"
loadmodule "tm.so"
loadmodule "rr.so"
loadmodule "maxfwd.so"
loadmodule "usrloc.so"
loadmodule "registrar.so"
loadmodule "textops.so"
loadmodule "mi_fifo.so"
loadmodule "uri.so"
loadmodule "nathelper.so"
loadmodule "domain.so"

# ----------------- setting module-specific parameters ---------------
modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo")
modparam("usrloc", "db_url", "mysql://opensipsrw:opensipsrw@localhost/opensips")
modparam("usrloc", "db_mode", 2)
modparam("rr", "enable_full_lr", 1)
modparam("nathelper", "rtpproxy_sock", "udp:127.0.0.1:12221")
modparam("nathelper", "nortpproxy_str", "")
modparam("domain", "db_url", "mysql://opensipsrw:opensipsrw@localhost/opensips")

################## NAT ######################
modparam("usrloc", "nat_bflag", 6)
modparam("nathelper", "ping_nated_only", 1)
modparam("nathelper", "sipping_bflag", 8)
modparam("nathelper", "received_avp", "$avp(i:801)")
################## NAT ######################


# main routing logic
route {

    # initial sanity checks
    if (!mf_process_maxfwd_header("10")) {
        sl_send_reply("483","Too Many Hops");
        exit;
    };

    if (msg:len >=  2048 ) {
        sl_send_reply("513", "Message too big");
        exit;
    };


    ################## NAT ######################
    if (nat_uac_test("3")) {

        if (is_method("REGISTER") && !is_present_hf("Record-Route")) {

            # Rewrite contact with source IP of signalling
            fix_nated_contact();

            force_rport();
            setbflag(6); # Mark as NATed

            # if you want SIP NAT pinging
            setbflag(8);
        };
    };
    ################## NAT ######################

    if (!method=="REGISTER")
        record_route();

    # subsequent messages withing a dialog should take the
    # path determined by record-routing
    if (loose_route()) {
        # mark routing logic in request
        append_hf("P-hint: rr-enforced\r\n");
        route(1);
    };

    if (!uri==myself) {
        # mark routing logic in request
        append_hf("P-hint: outbound\r\n");
        route(1);
    };

    if (uri==myself) {
        if (method=="REGISTER") {
            save("location");
            exit;
        };
    }

    if (is_method("BYE"))
        unforce_rtp_proxy();
 
    if (!lookup("location","m")) {
        switch ($retcode) {
            case -1:
            case -3:
                t_newtran();
                t_on_failure("1");
                t_reply("404", "Not Found");
                exit;
            case -2:
                sl_send_reply("405", "Method Not Allowed");
                exit;
        }
    };

    route(1);
}



route[1] {

    ################## NAT ######################
    if (uri=~"[@:](192\.168\.10\.172\.(1[6-9]2[0-9]3[0-1])\.)" && !search("^Route:")) {
        sl_send_reply("479", "We don't forward to private IP addresses");
        exit;
    };

    # if client or server know to be behind a NAT, enable relay
    if (isbflagset(6)) {
        if (has_body("application/sdp")) {
            rtpproxy_offer("o");
        };
    };

    t_on_reply("1");
    ################## NAT ######################


    # send it out now; use stateful forwarding as it works
    # reliably even for UDP2TCP
    if (!t_relay()) {
        sl_reply_error();
    };

    exit;
}



onreply_route[1] {

    ################## NAT ######################
    if (isbflagset(6) && status =~ "(183)|2[0-9][0-9]") {
        fix_nated_contact();
        if (has_body("application/sdp")) {
            rtpproxy_answer("o");
        };

        # Is this a transaction behind a NAT and we did not
        # know at time of request processing?
    } else if (nat_uac_test("1")) {
        fix_nated_contact();
    };
    ################## NAT ######################

}

failure_route[1] {
    unforce_rtp_proxy();
}

--


I hope this saves someone some time.



Damon


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Example config for NATed UACs, RTPproxy, and NATed OpenSIPS (version 1.6.4)

Bogdan-Andrei Iancu
Hi Damon,

Well, the answer is simple - download the opensips virtual machine
(http://www.voice-system.ro/shortcuts::opensips_livedvd)  were you have
a ready to run opensips platform with NAT traversal support - you can
see in the script form the VM how the NAT traversal is done (for
signalling and media).

If you have questions on that, please come back here.

Regards,
Bogdan

Damon Miller wrote:

> All,
>
>
> I've seen many requests for an example working config that shows a working RTPproxy configuration with NATed clients, but I haven't seen many responses.  I recently spent an absurd amount of time getting a working configuration in place so I thought I would post it here in case it's helpful to anyone.
>
> Three quick points:
>
> 1.  I have only tested this with clients behind a NAT firewall, i.e. I haven't tested with clients that have a public IP.
>
>
> 2.  My OpenSIPS server is behind a NAT firewall itself.  To deal with this, I added the two "advertised" options, as follows:
>
> advertised_address="xx.xx.xx.xx"
> alias="xx.xx.xx.xx:5060
>
>
> (Replace the "xx.xx.xx.xx" with the NAT firewall's public IP.)
>
> I also had to use a modified version of RTPproxy that presents the firewall's public IP even though it binds to a private IP.  Here's a post which summarizes that version of RTPproxy:
>
> http://opensips-open-sip-server.1449251.n2.nabble.com/Rtpproxy-behind-the-NAT-td5008041.html
>
>
> I run RTPproxy like this:
>
> rtpproxy -A xx.xx.xx.xx -l 192.168.20.154 -s udp:127.0.0.1:12221 -m 25000 -M 65000 -F -d DBUG:LOCAL1
>
>
> 3.  I had to "tell" OpenSIPS that my firewall's public IP was one of its local domains.  I'm using MySQL as you'll see in the config file so all I had to do was insert a value into the 'domain' table.  That was pretty obvious, i.e.:
>
> mysql> insert into domain (domain) values ("xx.xx.xx.xx");
>
> (Replace 'xx.xx.xx.xx' with your public IP.)
>
>
>
> Here's my 'opensips.cfg' file:
>
> --
>
> # ----------- global configuration parameters ------------------------
> debug=3
> fork=yes
> log_facility=LOG_LOCAL0
> log_stderror=no
> children=4
> port=5060
> dns=no
> rev_dns=no
>
> advertised_address="xx.xx.xx.xx"
> alias="xx.xx.xx.xx:5060"
>
> # ------------------ module loading ----------------------------------
> mpath="/usr/local/lib64/opensips/modules/"
> loadmodule "db_mysql.so"
> loadmodule "signaling.so"
> loadmodule "sl.so"
> loadmodule "tm.so"
> loadmodule "rr.so"
> loadmodule "maxfwd.so"
> loadmodule "usrloc.so"
> loadmodule "registrar.so"
> loadmodule "textops.so"
> loadmodule "mi_fifo.so"
> loadmodule "uri.so"
> loadmodule "nathelper.so"
> loadmodule "domain.so"
>
> # ----------------- setting module-specific parameters ---------------
> modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo")
> modparam("usrloc", "db_url", "mysql://opensipsrw:opensipsrw@localhost/opensips")
> modparam("usrloc", "db_mode", 2)
> modparam("rr", "enable_full_lr", 1)
> modparam("nathelper", "rtpproxy_sock", "udp:127.0.0.1:12221")
> modparam("nathelper", "nortpproxy_str", "")
> modparam("domain", "db_url", "mysql://opensipsrw:opensipsrw@localhost/opensips")
>
> ################## NAT ######################
> modparam("usrloc", "nat_bflag", 6)
> modparam("nathelper", "ping_nated_only", 1)
> modparam("nathelper", "sipping_bflag", 8)
> modparam("nathelper", "received_avp", "$avp(i:801)")
> ################## NAT ######################
>
>
> # main routing logic
> route {
>
>     # initial sanity checks
>     if (!mf_process_maxfwd_header("10")) {
>         sl_send_reply("483","Too Many Hops");
>         exit;
>     };
>
>     if (msg:len >=  2048 ) {
>         sl_send_reply("513", "Message too big");
>         exit;
>     };
>
>
>     ################## NAT ######################
>     if (nat_uac_test("3")) {
>
>         if (is_method("REGISTER") && !is_present_hf("Record-Route")) {
>
>             # Rewrite contact with source IP of signalling
>             fix_nated_contact();
>
>             force_rport();
>             setbflag(6); # Mark as NATed
>
>             # if you want SIP NAT pinging
>             setbflag(8);
>         };
>     };
>     ################## NAT ######################
>
>     if (!method=="REGISTER")
>         record_route();
>
>     # subsequent messages withing a dialog should take the
>     # path determined by record-routing
>     if (loose_route()) {
>         # mark routing logic in request
>         append_hf("P-hint: rr-enforced\r\n");
>         route(1);
>     };
>
>     if (!uri==myself) {
>         # mark routing logic in request
>         append_hf("P-hint: outbound\r\n");
>         route(1);
>     };
>
>     if (uri==myself) {
>         if (method=="REGISTER") {
>             save("location");
>             exit;
>         };
>     }
>
>     if (is_method("BYE"))
>         unforce_rtp_proxy();
>  
>     if (!lookup("location","m")) {
>         switch ($retcode) {
>             case -1:
>             case -3:
>                 t_newtran();
>                 t_on_failure("1");
>                 t_reply("404", "Not Found");
>                 exit;
>             case -2:
>                 sl_send_reply("405", "Method Not Allowed");
>                 exit;
>         }
>     };
>
>     route(1);
> }
>
>
>
> route[1] {
>
>     ################## NAT ######################
>     if (uri=~"[@:](192\.168\.10\.172\.(1[6-9]2[0-9]3[0-1])\.)" && !search("^Route:")) {
>         sl_send_reply("479", "We don't forward to private IP addresses");
>         exit;
>     };
>
>     # if client or server know to be behind a NAT, enable relay
>     if (isbflagset(6)) {
>         if (has_body("application/sdp")) {
>             rtpproxy_offer("o");
>         };
>     };
>
>     t_on_reply("1");
>     ################## NAT ######################
>
>
>     # send it out now; use stateful forwarding as it works
>     # reliably even for UDP2TCP
>     if (!t_relay()) {
>         sl_reply_error();
>     };
>
>     exit;
> }
>
>
>
> onreply_route[1] {
>
>     ################## NAT ######################
>     if (isbflagset(6) && status =~ "(183)|2[0-9][0-9]") {
>         fix_nated_contact();
>         if (has_body("application/sdp")) {
>             rtpproxy_answer("o");
>         };
>
>         # Is this a transaction behind a NAT and we did not
>         # know at time of request processing?
>     } else if (nat_uac_test("1")) {
>         fix_nated_contact();
>     };
>     ################## NAT ######################
>
> }
>
> failure_route[1] {
>     unforce_rtp_proxy();
> }
>
> --
>
>
> I hope this saves someone some time.
>
>
>
> Damon
>
>
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>  


--
Bogdan-Andrei Iancu
OpenSIPS Event - expo, conf, social, bootcamp
2 - 4 February 2011, ITExpo, Miami,  USA
www.voice-system.ro


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Example config for NATed UACs, RTPproxy, and NATed OpenSIPS (version 1.6.4)

James Lamanna
Bogdan,
Wow, I didn't know about the live DVD.
Any chance someone could create this as an OpenVZ container in
addition to VMWare?

-- James

On Mon, Jan 10, 2011 at 2:25 AM, Bogdan-Andrei Iancu
<[hidden email]> wrote:

> Hi Damon,
>
> Well, the answer is simple - download the opensips virtual machine
> (http://www.voice-system.ro/shortcuts::opensips_livedvd)  were you have a
> ready to run opensips platform with NAT traversal support - you can see in
> the script form the VM how the NAT traversal is done (for signalling and
> media).
>
> If you have questions on that, please come back here.
>
> Regards,
> Bogdan
>
> Damon Miller wrote:
>>
>> All,
>>
>>
>> I've seen many requests for an example working config that shows a working
>> RTPproxy configuration with NATed clients, but I haven't seen many
>> responses.  I recently spent an absurd amount of time getting a working
>> configuration in place so I thought I would post it here in case it's
>> helpful to anyone.
>>
>> Three quick points:
>>
>> 1.  I have only tested this with clients behind a NAT firewall, i.e. I
>> haven't tested with clients that have a public IP.
>>
>>
>> 2.  My OpenSIPS server is behind a NAT firewall itself.  To deal with
>> this, I added the two "advertised" options, as follows:
>>
>> advertised_address="xx.xx.xx.xx"
>> alias="xx.xx.xx.xx:5060
>>
>>
>> (Replace the "xx.xx.xx.xx" with the NAT firewall's public IP.)
>>
>> I also had to use a modified version of RTPproxy that presents the
>> firewall's public IP even though it binds to a private IP.  Here's a post
>> which summarizes that version of RTPproxy:
>>
>>
>> http://opensips-open-sip-server.1449251.n2.nabble.com/Rtpproxy-behind-the-NAT-td5008041.html
>>
>>
>> I run RTPproxy like this:
>>
>> rtpproxy -A xx.xx.xx.xx -l 192.168.20.154 -s udp:127.0.0.1:12221 -m 25000
>> -M 65000 -F -d DBUG:LOCAL1
>>
>>
>> 3.  I had to "tell" OpenSIPS that my firewall's public IP was one of its
>> local domains.  I'm using MySQL as you'll see in the config file so all I
>> had to do was insert a value into the 'domain' table.  That was pretty
>> obvious, i.e.:
>>
>> mysql> insert into domain (domain) values ("xx.xx.xx.xx");
>>
>> (Replace 'xx.xx.xx.xx' with your public IP.)
>>
>>
>>
>> Here's my 'opensips.cfg' file:
>>
>> --
>>
>> # ----------- global configuration parameters ------------------------
>> debug=3
>> fork=yes
>> log_facility=LOG_LOCAL0
>> log_stderror=no
>> children=4
>> port=5060
>> dns=no
>> rev_dns=no
>>
>> advertised_address="xx.xx.xx.xx"
>> alias="xx.xx.xx.xx:5060"
>>
>> # ------------------ module loading ----------------------------------
>> mpath="/usr/local/lib64/opensips/modules/"
>> loadmodule "db_mysql.so"
>> loadmodule "signaling.so"
>> loadmodule "sl.so"
>> loadmodule "tm.so"
>> loadmodule "rr.so"
>> loadmodule "maxfwd.so"
>> loadmodule "usrloc.so"
>> loadmodule "registrar.so"
>> loadmodule "textops.so"
>> loadmodule "mi_fifo.so"
>> loadmodule "uri.so"
>> loadmodule "nathelper.so"
>> loadmodule "domain.so"
>>
>> # ----------------- setting module-specific parameters ---------------
>> modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo")
>> modparam("usrloc", "db_url",
>> "mysql://opensipsrw:opensipsrw@localhost/opensips")
>> modparam("usrloc", "db_mode", 2)
>> modparam("rr", "enable_full_lr", 1)
>> modparam("nathelper", "rtpproxy_sock", "udp:127.0.0.1:12221")
>> modparam("nathelper", "nortpproxy_str", "")
>> modparam("domain", "db_url",
>> "mysql://opensipsrw:opensipsrw@localhost/opensips")
>>
>> ################## NAT ######################
>> modparam("usrloc", "nat_bflag", 6)
>> modparam("nathelper", "ping_nated_only", 1)
>> modparam("nathelper", "sipping_bflag", 8)
>> modparam("nathelper", "received_avp", "$avp(i:801)")
>> ################## NAT ######################
>>
>>
>> # main routing logic
>> route {
>>
>>    # initial sanity checks
>>    if (!mf_process_maxfwd_header("10")) {
>>        sl_send_reply("483","Too Many Hops");
>>        exit;
>>    };
>>
>>    if (msg:len >=  2048 ) {
>>        sl_send_reply("513", "Message too big");
>>        exit;
>>    };
>>
>>
>>    ################## NAT ######################
>>    if (nat_uac_test("3")) {
>>
>>        if (is_method("REGISTER") && !is_present_hf("Record-Route")) {
>>
>>            # Rewrite contact with source IP of signalling
>>            fix_nated_contact();
>>
>>            force_rport();
>>            setbflag(6); # Mark as NATed
>>
>>            # if you want SIP NAT pinging
>>            setbflag(8);
>>        };
>>    };
>>    ################## NAT ######################
>>
>>    if (!method=="REGISTER")
>>        record_route();
>>
>>    # subsequent messages withing a dialog should take the
>>    # path determined by record-routing
>>    if (loose_route()) {
>>        # mark routing logic in request
>>        append_hf("P-hint: rr-enforced\r\n");
>>        route(1);
>>    };
>>
>>    if (!uri==myself) {
>>        # mark routing logic in request
>>        append_hf("P-hint: outbound\r\n");
>>        route(1);
>>    };
>>
>>    if (uri==myself) {
>>        if (method=="REGISTER") {
>>            save("location");
>>            exit;
>>        };
>>    }
>>
>>    if (is_method("BYE"))
>>        unforce_rtp_proxy();
>>      if (!lookup("location","m")) {
>>        switch ($retcode) {
>>            case -1:
>>            case -3:
>>                t_newtran();
>>                t_on_failure("1");
>>                t_reply("404", "Not Found");
>>                exit;
>>            case -2:
>>                sl_send_reply("405", "Method Not Allowed");
>>                exit;
>>        }
>>    };
>>
>>    route(1);
>> }
>>
>>
>>
>> route[1] {
>>
>>    ################## NAT ######################
>>    if (uri=~"[@:](192\.168\.10\.172\.(1[6-9]2[0-9]3[0-1])\.)" &&
>> !search("^Route:")) {
>>        sl_send_reply("479", "We don't forward to private IP addresses");
>>        exit;
>>    };
>>
>>    # if client or server know to be behind a NAT, enable relay
>>    if (isbflagset(6)) {
>>        if (has_body("application/sdp")) {
>>            rtpproxy_offer("o");
>>        };
>>    };
>>
>>    t_on_reply("1");
>>    ################## NAT ######################
>>
>>
>>    # send it out now; use stateful forwarding as it works
>>    # reliably even for UDP2TCP
>>    if (!t_relay()) {
>>        sl_reply_error();
>>    };
>>
>>    exit;
>> }
>>
>>
>>
>> onreply_route[1] {
>>
>>    ################## NAT ######################
>>    if (isbflagset(6) && status =~ "(183)|2[0-9][0-9]") {
>>        fix_nated_contact();
>>        if (has_body("application/sdp")) {
>>            rtpproxy_answer("o");
>>        };
>>
>>        # Is this a transaction behind a NAT and we did not
>>        # know at time of request processing?
>>    } else if (nat_uac_test("1")) {
>>        fix_nated_contact();
>>    };
>>    ################## NAT ######################
>>
>> }
>>
>> failure_route[1] {
>>    unforce_rtp_proxy();
>> }
>>
>> --
>>
>>
>> I hope this saves someone some time.
>>
>>
>>
>> Damon
>>
>>
>> _______________________________________________
>> Users mailing list
>> [hidden email]
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>
>
> --
> Bogdan-Andrei Iancu
> OpenSIPS Event - expo, conf, social, bootcamp
> 2 - 4 February 2011, ITExpo, Miami,  USA
> www.voice-system.ro
>
>
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Example config for NATed UACs, RTPproxy, and NATed OpenSIPS (version 1.6.4)

Bogdan-Andrei Iancu
James, never user openVZ so far..there are a log of VM technologies out
there :)....For the moment we release the opensips live distro on VMware
as that;s the main what we used...not sure what are the other main VM
tech used by other people...

Regards,
Bogdan

James Lamanna wrote:

> Bogdan,
> Wow, I didn't know about the live DVD.
> Any chance someone could create this as an OpenVZ container in
> addition to VMWare?
>
> -- James
>
> On Mon, Jan 10, 2011 at 2:25 AM, Bogdan-Andrei Iancu
> <[hidden email]> wrote:
>  
>> Hi Damon,
>>
>> Well, the answer is simple - download the opensips virtual machine
>> (http://www.voice-system.ro/shortcuts::opensips_livedvd)  were you have a
>> ready to run opensips platform with NAT traversal support - you can see in
>> the script form the VM how the NAT traversal is done (for signalling and
>> media).
>>
>> If you have questions on that, please come back here.
>>
>> Regards,
>> Bogdan
>>
>> Damon Miller wrote:
>>    
>>> All,
>>>
>>>
>>> I've seen many requests for an example working config that shows a working
>>> RTPproxy configuration with NATed clients, but I haven't seen many
>>> responses.  I recently spent an absurd amount of time getting a working
>>> configuration in place so I thought I would post it here in case it's
>>> helpful to anyone.
>>>
>>> Three quick points:
>>>
>>> 1.  I have only tested this with clients behind a NAT firewall, i.e. I
>>> haven't tested with clients that have a public IP.
>>>
>>>
>>> 2.  My OpenSIPS server is behind a NAT firewall itself.  To deal with
>>> this, I added the two "advertised" options, as follows:
>>>
>>> advertised_address="xx.xx.xx.xx"
>>> alias="xx.xx.xx.xx:5060
>>>
>>>
>>> (Replace the "xx.xx.xx.xx" with the NAT firewall's public IP.)
>>>
>>> I also had to use a modified version of RTPproxy that presents the
>>> firewall's public IP even though it binds to a private IP.  Here's a post
>>> which summarizes that version of RTPproxy:
>>>
>>>
>>> http://opensips-open-sip-server.1449251.n2.nabble.com/Rtpproxy-behind-the-NAT-td5008041.html
>>>
>>>
>>> I run RTPproxy like this:
>>>
>>> rtpproxy -A xx.xx.xx.xx -l 192.168.20.154 -s udp:127.0.0.1:12221 -m 25000
>>> -M 65000 -F -d DBUG:LOCAL1
>>>
>>>
>>> 3.  I had to "tell" OpenSIPS that my firewall's public IP was one of its
>>> local domains.  I'm using MySQL as you'll see in the config file so all I
>>> had to do was insert a value into the 'domain' table.  That was pretty
>>> obvious, i.e.:
>>>
>>> mysql> insert into domain (domain) values ("xx.xx.xx.xx");
>>>
>>> (Replace 'xx.xx.xx.xx' with your public IP.)
>>>
>>>
>>>
>>> Here's my 'opensips.cfg' file:
>>>
>>> --
>>>
>>> # ----------- global configuration parameters ------------------------
>>> debug=3
>>> fork=yes
>>> log_facility=LOG_LOCAL0
>>> log_stderror=no
>>> children=4
>>> port=5060
>>> dns=no
>>> rev_dns=no
>>>
>>> advertised_address="xx.xx.xx.xx"
>>> alias="xx.xx.xx.xx:5060"
>>>
>>> # ------------------ module loading ----------------------------------
>>> mpath="/usr/local/lib64/opensips/modules/"
>>> loadmodule "db_mysql.so"
>>> loadmodule "signaling.so"
>>> loadmodule "sl.so"
>>> loadmodule "tm.so"
>>> loadmodule "rr.so"
>>> loadmodule "maxfwd.so"
>>> loadmodule "usrloc.so"
>>> loadmodule "registrar.so"
>>> loadmodule "textops.so"
>>> loadmodule "mi_fifo.so"
>>> loadmodule "uri.so"
>>> loadmodule "nathelper.so"
>>> loadmodule "domain.so"
>>>
>>> # ----------------- setting module-specific parameters ---------------
>>> modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo")
>>> modparam("usrloc", "db_url",
>>> "mysql://opensipsrw:opensipsrw@localhost/opensips")
>>> modparam("usrloc", "db_mode", 2)
>>> modparam("rr", "enable_full_lr", 1)
>>> modparam("nathelper", "rtpproxy_sock", "udp:127.0.0.1:12221")
>>> modparam("nathelper", "nortpproxy_str", "")
>>> modparam("domain", "db_url",
>>> "mysql://opensipsrw:opensipsrw@localhost/opensips")
>>>
>>> ################## NAT ######################
>>> modparam("usrloc", "nat_bflag", 6)
>>> modparam("nathelper", "ping_nated_only", 1)
>>> modparam("nathelper", "sipping_bflag", 8)
>>> modparam("nathelper", "received_avp", "$avp(i:801)")
>>> ################## NAT ######################
>>>
>>>
>>> # main routing logic
>>> route {
>>>
>>>    # initial sanity checks
>>>    if (!mf_process_maxfwd_header("10")) {
>>>        sl_send_reply("483","Too Many Hops");
>>>        exit;
>>>    };
>>>
>>>    if (msg:len >=  2048 ) {
>>>        sl_send_reply("513", "Message too big");
>>>        exit;
>>>    };
>>>
>>>
>>>    ################## NAT ######################
>>>    if (nat_uac_test("3")) {
>>>
>>>        if (is_method("REGISTER") && !is_present_hf("Record-Route")) {
>>>
>>>            # Rewrite contact with source IP of signalling
>>>            fix_nated_contact();
>>>
>>>            force_rport();
>>>            setbflag(6); # Mark as NATed
>>>
>>>            # if you want SIP NAT pinging
>>>            setbflag(8);
>>>        };
>>>    };
>>>    ################## NAT ######################
>>>
>>>    if (!method=="REGISTER")
>>>        record_route();
>>>
>>>    # subsequent messages withing a dialog should take the
>>>    # path determined by record-routing
>>>    if (loose_route()) {
>>>        # mark routing logic in request
>>>        append_hf("P-hint: rr-enforced\r\n");
>>>        route(1);
>>>    };
>>>
>>>    if (!uri==myself) {
>>>        # mark routing logic in request
>>>        append_hf("P-hint: outbound\r\n");
>>>        route(1);
>>>    };
>>>
>>>    if (uri==myself) {
>>>        if (method=="REGISTER") {
>>>            save("location");
>>>            exit;
>>>        };
>>>    }
>>>
>>>    if (is_method("BYE"))
>>>        unforce_rtp_proxy();
>>>      if (!lookup("location","m")) {
>>>        switch ($retcode) {
>>>            case -1:
>>>            case -3:
>>>                t_newtran();
>>>                t_on_failure("1");
>>>                t_reply("404", "Not Found");
>>>                exit;
>>>            case -2:
>>>                sl_send_reply("405", "Method Not Allowed");
>>>                exit;
>>>        }
>>>    };
>>>
>>>    route(1);
>>> }
>>>
>>>
>>>
>>> route[1] {
>>>
>>>    ################## NAT ######################
>>>    if (uri=~"[@:](192\.168\.10\.172\.(1[6-9]2[0-9]3[0-1])\.)" &&
>>> !search("^Route:")) {
>>>        sl_send_reply("479", "We don't forward to private IP addresses");
>>>        exit;
>>>    };
>>>
>>>    # if client or server know to be behind a NAT, enable relay
>>>    if (isbflagset(6)) {
>>>        if (has_body("application/sdp")) {
>>>            rtpproxy_offer("o");
>>>        };
>>>    };
>>>
>>>    t_on_reply("1");
>>>    ################## NAT ######################
>>>
>>>
>>>    # send it out now; use stateful forwarding as it works
>>>    # reliably even for UDP2TCP
>>>    if (!t_relay()) {
>>>        sl_reply_error();
>>>    };
>>>
>>>    exit;
>>> }
>>>
>>>
>>>
>>> onreply_route[1] {
>>>
>>>    ################## NAT ######################
>>>    if (isbflagset(6) && status =~ "(183)|2[0-9][0-9]") {
>>>        fix_nated_contact();
>>>        if (has_body("application/sdp")) {
>>>            rtpproxy_answer("o");
>>>        };
>>>
>>>        # Is this a transaction behind a NAT and we did not
>>>        # know at time of request processing?
>>>    } else if (nat_uac_test("1")) {
>>>        fix_nated_contact();
>>>    };
>>>    ################## NAT ######################
>>>
>>> }
>>>
>>> failure_route[1] {
>>>    unforce_rtp_proxy();
>>> }
>>>
>>> --
>>>
>>>
>>> I hope this saves someone some time.
>>>
>>>
>>>
>>> Damon
>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> [hidden email]
>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>
>>>
>>>      
>> --
>> Bogdan-Andrei Iancu
>> OpenSIPS Event - expo, conf, social, bootcamp
>> 2 - 4 February 2011, ITExpo, Miami,  USA
>> www.voice-system.ro
>>
>>
>> _______________________________________________
>> Users mailing list
>> [hidden email]
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>    
>
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>  


--
Bogdan-Andrei Iancu
OpenSIPS Event - expo, conf, social, bootcamp
2 - 4 February 2011, ITExpo, Miami,  USA
www.voice-system.ro


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users