Hello, I've got some questions about running PartySIP 2.2.3 behind a
NAT. I'm sure this brings nothing but joy.
My situation is that I've got a real SIP address available for me
to use (which is hooked into a real phone line). Let's call it
[EMAIL PROTECTED] I'd like to be able to use that address, but my
home network lives behind a NAT. Let's say I'm on a 192.168.0.0/24
network internally, with my linux-based (iptables) firewall/router
at 192.168.0.1 (A), a fileserver-type linux box at 192.168.0.2 (B), and
a desktop at 192.168.0.3 (C).
Here's how I was under the impression I could make this work:
* Box A would run the uPNP.sh script to listen for incoming connections
to keep track of the proper iptables states
* Box B would run PartySIP and listen for connections inside the
NAT, talking to uPNP.sh on Box A to poke holes in the firewall as-
needed.
* On Box C, I'd set up (for instance) kphone, with my *real* SIP address
([EMAIL PROTECTED]) and 192.168.0.2 as the SIP Proxy address.
Box C appears to be talking to Box B without problems, because when
I try and make a call, I can watch INVITE packets go out through the
firewall from box B (heading towards w.x.y.z). The problem is that
the INVITE packets always advertise an IP of 192.168.0.2, so I never
get anything back from the real SIP server. (presumably it's either
trying to contact an IP in the private net, or hopefully just discarding
the packets entirely.) Also, PartySIP never actually contacts the
firewall to alter the firewall states (I've spent a lot of time in
tcpdump / ethereal watching this stuff; there's not even an aborted
SYN/ACK or anything). I *do* have port 5060 (UDP and TCP, though it
seems that I only need UDP) forwarded through to Box B.
On the outgoing INVITE packets that I've captured, the "Message Header"
section seems to be mostly correct. Here's what that looks like:
> INVITE sip:[EMAIL PROTECTED] SIP/2.0
> Via: SIP/2.0/UDP (externalIP):5060;branch=foobarbaz
> Via: SIP/2.0/UDP 192.168.0.3;branch=foobarbaz
> From: "CJ Kucera" <sip:[EMAIL PROTECTED]>;tag=foobar
> To: <sip:[EMAIL PROTECTED]>
> Call-ID: [EMAIL PROTECTED]
> CSeq: 3751 INVITE
> Contact: "CJ Kucera" <sip:[EMAIL PROTECTED];transport=udp>
> Subject: sip:[EMAIL PROTECTED]
> User-agent: kphone/4.1.0
> Content-Type: application/sdp
> Content-Length: 181
In the Message Body section of the packet is where the internal NATted
IPs are most prevalent. In the Owner/Creator section, ethereal tells
me that the "Owner Address" is 192.168.0.3, and 192.168.0.3 is also in
the Connection Information section, under Connection Address.
I think most of the problem is that I'm probably just not configuring
PartySIP properly. I've been digging around the source a bit and
searching around the web, but haven't had much luck finding anything.
Here's things I've tried in various combinations, if anyone would let
me know which ones merit some further twiddling, or some guidance in
general, that'd be great.
* I've tried dynamic_ip in both 'on' and 'off'
* I've tried setting serverip to both the private NATted address, and
the external IP of the firewall
* For servername I've tried both the internal hostname and the external
DNS name which resolves to the firewall's external IP.
* Is remote_natip used only for the "static" NAT config, and not when
the various dynamic NAT options are present? I've tried leaving
this blank, and setting it to the external IP.
* I've tried masquerade_sdp both 'on' and 'off'
* I've kept iptables_dynamic_natrule 'on' for the whole time, with
_server and _port set to Box A's address.
* I've had the external IP set in if_extip (and a 255.255.255.255 for
if_extmask), and I've had the if_lanip and if_lanmask set to my
internal network, too.
* I've toyed around with various settings in the various plugins
(ls_localdb, etc), but without much real idea what I should be
changing. After digging around in the source a bit I saw that
the "static" plugin may be something that'd help, so I added this:
<static>
mode statefull
record-route on
forward 192.168.0.3 w.x.y.z
reject * 403
</static>
... that didn't seem to actually do anything though.
I do get the following message on startup:
> DEBUG: [get_output_if] setsockopt(SOL_SOCKET, SO_BROADCAST: Bad file
> descriptor
> Default Gateway Interface detection failed. Please define "serverip" in the
> config file
Digging around the source (and after strace'ing the executable), it looks
like that's just failing out on ipv6 (which I don't have enabled), and the
ipv4 socket work is happening properly, so I'm not worried about that.
I've been running partysip with "-d 6" but I don't actually get any output
other than the initial info liness ("Server:" "Debug level:" etc), nor do
I get any output in the logfile that I specify with -l.
So, if anyone has any ideas, or knows that what I'm trying to do is
actually impossible or something, that'd be great.
Thanks!
-CJ
--
WOW: Kakistocracy | "Happiness isn't good enough for me! I
[EMAIL PROTECTED] | demand euphoria!"
apocalyptech.com/music/ | - Calvin
_______________________________________________
Partysip-dev mailing list
Partysip-dev@nongnu.org
http://lists.nongnu.org/mailman/listinfo/partysip-dev
