[ previous ] [ next ] [ threads ]
 To :  =?ISO-8859-15?Q?Etoile_Di=E8se?= <support@e...>
 From :  Diana Cionoiu <diana-liste@v...>
 Subject :  Re: [yate] NAT support for SIP RTP
 Date :  Sat, 19 Aug 2006 12:12:43 +0300
Hello Etoile,

That's the entire point with Yate NAT traversal.
Bassically Yate sends an INVITE to the client on the hole already made 
by the client for the SIP protocol (that's the easy part). In that 
INVITE it writes the local address + port (local from the server). And 
than it waits for the first packet which comes into that port and it 
will recognize that as the expected RTP ( from the right client). That 
works because the time frame is quite small usually - so is not really a 
security issue. So yes, the client must send the first RTP packet 
because otherwise the NAT will not be open.

Diana Cionoiu

Etoile Dièse wrote:

>ok, sorry. I did not understand the question yesterday.
>My client should send on a regular basis RTP packets on the port it plans to 
>use for the next call, isn't it ? I dont think my phone do that. Are there 
>any client out there able to do that ? Or would a spoofing of this from 
>another computer on the LAN work ?
>
>Le Vendredi 18 Août 2006 19:49, Diana Cionoiu a écrit :
>  
>
>>Hello Etoile,
>>
>>Does your client open up the hole or not?
>>
>>Diana Cionoiu
>>
>>Etoile Dièse wrote:
>>    
>>
>>>Hello,
>>>
>>>You gave recently an URL : http://freshmeat.net/articles/view/2079/ that
>>>explains how Yate can contact SIP phones inside a NATed network.
>>>I use a Linux+iptables router. It does symetric NATing so the port given
>>>in SDP header is the same as the port really opened on the public
>>>interface of the router :
>>>
>>>LAN 7080 <------> router 7080 <------> Yate
>>>
>>>So no problem in this case. I forced the router to be non symetric by
>>>forcing a translation of all UDP port between 10000 and 20000 :
>>>
>>>LAN 7080 <------> router 10001 <-------> Yate
>>>
>>>But it does not work as you describe in the article. In fact, Yate seems
>>>to trust the port given in the SDP header instead of the origin port it
>>>detects :
>>>
>>>LAN 7080 <------> router 10001 --------> Yate
>>>                                         7080 <-------
>>>
>>>and all the RTP packets from Yate to this external 7080 port which is
>>>closed are dropped by the firewall. This behavior is not what you
>>>describe in the article, why does it happen ?
>>>Is there any configuration parameter I missed ?
>>>
>>>Regards,
>>>      
>>>
>
>  
>