[ previous ] [ next ] [ threads ]
 To :  =?ISO-8859-15?Q?Etoile_Di=E8se?= <support@e...>,Yate@v...
 From :  Diana Cionoiu <diana-liste@v...>
 Subject :  Re: [yate] NAT support for SIP RTP
 Date :  Sat, 19 Aug 2006 12:28:13 +0300
Hello Etoile,

You don't, when the client gets the OK method it should start send the 
RTP stream.

Diana

Etoile Dièse wrote:

>Hello,
>
>How do I force the client to do that ?
>
>Le Samedi 19 Août 2006 11:12, Diana Cionoiu a écrit :
>  
>
>>Hello Etoile,
>>
>>That's the entire point with Yate NAT traversal.
>>Bassically Yate sends an INVITE to the client on the hole already made
>>by the client for the SIP protocol (that's the easy part). In that
>>INVITE it writes the local address + port (local from the server). And
>>than it waits for the first packet which comes into that port and it
>>will recognize that as the expected RTP ( from the right client). That
>>works because the time frame is quite small usually - so is not really a
>>security issue. So yes, the client must send the first RTP packet
>>because otherwise the NAT will not be open.
>>
>>Diana Cionoiu
>>
>>Etoile Dièse wrote:
>>    
>>
>>>ok, sorry. I did not understand the question yesterday.
>>>My client should send on a regular basis RTP packets on the port it plans
>>>to use for the next call, isn't it ? I dont think my phone do that. Are
>>>there any client out there able to do that ? Or would a spoofing of this
>>>from another computer on the LAN work ?
>>>
>>>Le Vendredi 18 Août 2006 19:49, Diana Cionoiu a écrit :
>>>      
>>>
>>>>Hello Etoile,
>>>>
>>>>Does your client open up the hole or not?
>>>>
>>>>Diana Cionoiu
>>>>
>>>>Etoile Dièse wrote:
>>>>        
>>>>
>>>>>Hello,
>>>>>
>>>>>You gave recently an URL : http://freshmeat.net/articles/view/2079/ that
>>>>>explains how Yate can contact SIP phones inside a NATed network.
>>>>>I use a Linux+iptables router. It does symetric NATing so the port given
>>>>>in SDP header is the same as the port really opened on the public
>>>>>interface of the router :
>>>>>
>>>>>LAN 7080 <------> router 7080 <------> Yate
>>>>>
>>>>>So no problem in this case. I forced the router to be non symetric by
>>>>>forcing a translation of all UDP port between 10000 and 20000 :
>>>>>
>>>>>LAN 7080 <------> router 10001 <-------> Yate
>>>>>
>>>>>But it does not work as you describe in the article. In fact, Yate seems
>>>>>to trust the port given in the SDP header instead of the origin port it
>>>>>detects :
>>>>>
>>>>>LAN 7080 <------> router 10001 --------> Yate
>>>>>                                        7080 <-------
>>>>>
>>>>>and all the RTP packets from Yate to this external 7080 port which is
>>>>>closed are dropped by the firewall. This behavior is not what you
>>>>>describe in the article, why does it happen ?
>>>>>Is there any configuration parameter I missed ?
>>>>>
>>>>>Regards,
>>>>>          
>>>>>
>
>  
>