[ previous ] [ next ] [ threads ]
 To :  yate@v...
 From :  Etoile =?iso-8859-15?q?Di=E8se?= <support@e...>
 Subject :  Re: [yate] NAT support for SIP RTP
 Date :  Sat, 19 Aug 2006 11:18:05 +0200
Hello,

How do I force the client to do that ?

Le Samedi 19 Août 2006 11:12, Diana Cionoiu a écrit :
> Hello Etoile,
>
> That's the entire point with Yate NAT traversal.
> Bassically Yate sends an INVITE to the client on the hole already made
> by the client for the SIP protocol (that's the easy part). In that
> INVITE it writes the local address + port (local from the server). And
> than it waits for the first packet which comes into that port and it
> will recognize that as the expected RTP ( from the right client). That
> works because the time frame is quite small usually - so is not really a
> security issue. So yes, the client must send the first RTP packet
> because otherwise the NAT will not be open.
>
> Diana Cionoiu
>
> Etoile Dièse wrote:
> >ok, sorry. I did not understand the question yesterday.
> >My client should send on a regular basis RTP packets on the port it plans
> > to use for the next call, isn't it ? I dont think my phone do that. Are
> > there any client out there able to do that ? Or would a spoofing of this
> > from another computer on the LAN work ?
> >
> >Le Vendredi 18 Août 2006 19:49, Diana Cionoiu a écrit :
> >>Hello Etoile,
> >>
> >>Does your client open up the hole or not?
> >>
> >>Diana Cionoiu
> >>
> >>Etoile Dièse wrote:
> >>>Hello,
> >>>
> >>>You gave recently an URL : http://freshmeat.net/articles/view/2079/ that
> >>>explains how Yate can contact SIP phones inside a NATed network.
> >>>I use a Linux+iptables router. It does symetric NATing so the port given
> >>>in SDP header is the same as the port really opened on the public
> >>>interface of the router :
> >>>
> >>>LAN 7080 <------> router 7080 <------> Yate
> >>>
> >>>So no problem in this case. I forced the router to be non symetric by
> >>>forcing a translation of all UDP port between 10000 and 20000 :
> >>>
> >>>LAN 7080 <------> router 10001 <-------> Yate
> >>>
> >>>But it does not work as you describe in the article. In fact, Yate seems
> >>>to trust the port given in the SDP header instead of the origin port it
> >>>detects :
> >>>
> >>>LAN 7080 <------> router 10001 --------> Yate
> >>>                                         7080 <-------
> >>>
> >>>and all the RTP packets from Yate to this external 7080 port which is
> >>>closed are dropped by the firewall. This behavior is not what you
> >>>describe in the article, why does it happen ?
> >>>Is there any configuration parameter I missed ?
> >>>
> >>>Regards,

-- 
Support Etoile Dièse