[ previous ] [ next ] [ threads ]
 To :  yate@v...
 From :  Jeremy Malcolm <Jeremy@M...>
 Subject : 
 Date :  Sun, 28 Dec 2014 22:33:48 -0800
Hi yate experts,

I had yate on a public IP, and I have just moved it to a private IP behind NAT.  I have enabled the nat and ignorevia settings in ysipchan.conf.  I have inserted the appropriate iptables rules on the hosting machine (which includes some anti-spam measures), notably forwarding certain SIP packets as well as RTP connections on ports 10000-10100 to my yate server (at the IP 192.168.42.10). [0]

Back in yate I have set “minport” and “maxport” in yrtpchan.conf to the same values for RTP (10000-10100).  I seem to be able to establish calls, but when I pick up there is no audio.  In my logfile I get "YRTPWrapper 'yrtp/1991634715' bind failed in range 10000-10100”.  There is nothing else using those ports, according to netstat -l.  Does this indicate something wrong?

Any suggestions?

[0] iptables rules:

iptables -I INPUT -p udp -m udp --dport 5060 -m string --string "User-Agent: VaxSIPUserAgent" --algo bm --to 65535 -j DROP
iptables -I INPUT -p udp -m udp --dport 5060 -m string --string "User-Agent: friendly-scanner" --algo bm --to 65535 -j REJECT --reject-with icmp-port-unreachable
iptables -I INPUT -p udp -m udp --dport 5060 -m string --string "REGISTER sip:" --algo bm -m recent --set --name VOIP --rsource
iptables -I INPUT -p udp -m udp --dport 5060 -m string --string "REGISTER sip:" --algo bm -m recent --update --seconds 60 --hitcount 12 --rttl --name VOIP --rsource -j DROP
iptables -I INPUT -p udp -m udp --dport 5060 -m string --string "INVITE sip:" --algo bm -m recent --set --name VOIPINV --rsource
iptables -I INPUT -p udp -m udp --dport 5060 -m string --string "INVITE sip:" --algo bm -m recent --update --seconds 60 --hitcount 12 --rttl --name VOIPINV --rsource -j DROP
iptables -A PREROUTING -t nat -p udp -m hashlimit --hashlimit 6/sec --hashlimit-mode srcip,dstport --hashlimit-name tunnel_limit -m udp --dport 5060 -j DNAT --to-destination 192.168.42.10
iptables -A FORWARD -p tcp -d 192.168.42.10 --dport 5060 -j ACCEPT
iptables -I INPUT -p udp -m udp --dport 5060 -j DROP
iptables -t nat -A PREROUTING -p udp -m udp --dport 10000:10100 -j DNAT --to-destination 192.168.42.10
iptables -A FORWARD -p udp -d 192.168.42.10 --dport 10000:10100 -j ACCEPT

[1] Here is the SIP conversation that is logged just before the call drops (calling party is outside the LAN, called party is inside):

INVITE sip:dominica@m... SIP/2.0
From:sip:jeremy@m...;tag=b088e2ef
To:sip:dominica@m...
Call-ID:45902c3a687807a154a0e6d310fed
CSeq:30973 INVITE
Via:SIP/2.0/UDP 21.153.3.29;branch=z9hG4bKQn8UChGf
Accept:application/sdp, multipart/mixed, application/dtmf, application/dtmf-relay
Allow:INVITE,INFO,BYE,CANCEL,OPTIONS,REFER,UPDATE,PRACK
Supported:timer,100rel,replaces
Contact:
Max-Forwards:70
User-Agent:Whistle/iOS/1.49 (VailSIP 20131127)
Content-Length:411
Content-Type:application/sdp
X-Vail-Load:1/2;id=187

v=0
o=- 1419830995 0 IN IP4 21.153.3.29
s=-
c=IN IP4 21.153.3.29
t=0 0
m=audio 57842 RTP/AVP 125 126 127 0 8 101
a=rtpmap:125 CELT/32000
a=fmtp:125 frame-size=640;bitrate=64
a=ptime:20
a=maxptime:20
a=rtpmap:126 speex/32000
a=ptime:20
a=maxptime:20
a=rtpmap:127 speex/16000
a=ptime:20
a=maxptime:20
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
------
 'udp:0.0.0.0:5060' received 963 bytes SIP message from 172.56.39.246:54692 [0x924e0f8]
------
INVITE sip:dominica@m... SIP/2.0
From:sip:jeremy@m...;tag=b088e2ef
To:sip:dominica@m...
Call-ID:45902c3a687807a154a0e6d310fed
CSeq:30973 INVITE
Via:SIP/2.0/UDP 21.153.3.29;branch=z9hG4bKQn8UChGf
Accept:application/sdp, multipart/mixed, application/dtmf, application/dtmf-relay
Allow:INVITE,INFO,BYE,CANCEL,OPTIONS,REFER,UPDATE,PRACK
Supported:timer,100rel,replaces
Contact:
Max-Forwards:70
User-Agent:Whistle/iOS/1.49 (VailSIP 20131127)
Content-Length:411
Content-Type:application/sdp

v=0
o=- 1419830995 0 IN IP4 21.153.3.29
s=-
c=IN IP4 21.153.3.29
t=0 0
m=audio 57842 RTP/AVP 125 126 127 0 8 101
a=rtpmap:125 CELT/32000
a=fmtp:125 frame-size=640;bitrate=64
a=ptime:20
a=maxptime:20
a=rtpmap:126 speex/32000
a=ptime:20
a=maxptime:20
a=rtpmap:127 speex/16000
a=ptime:20
a=maxptime:20
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
------
 'udp:0.0.0.0:5060' sending code 100 0xf6109018 to 172.56.39.246:54692 [0x924e0f8]
------
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 21.153.3.29;branch=z9hG4bKQn8UChGf;received=172.56.39.246
From: sip:jeremy@m...;tag=b088e2ef
To: sip:dominica@m...
Call-ID: 45902c3a687807a154a0e6d310fed
CSeq: 30973 INVITE
Server: YATE/4.1.0
Content-Length: 0

------
 Could not classify call from 'jeremy', wasted 9 usec
 Got message 'call.route' for untracked id 'sip/11'
 Routing call to 'dominica' in context 'default' via '-' in 593 usec
 Call rejected error='noauth' reason='(null)' [0xf61097d0]
 'udp:0.0.0.0:5060' sending code 401 0x9314b00 to 172.56.39.246:54692 [0x924e0f8]

-- 
Jeremy Malcolm PhD LLB (Hons) B Com
Internet lawyer, ICT policy advocate, geek
echo "9EEAi^^;6C6]>J^=^>6"|tr '\!-~' 'P-~\!-O'|wget -q -i - -O -




Hi yate experts,

I had yate on a public IP, and I have just moved it to a private IP behind NAT.  I have enabled the nat and ignorevia settings in ysipchan.conf.  I have inserted the appropriate iptables rules on the hosting machine (which includes some anti-spam measures), notably forwarding certain SIP packets as well as RTP connections on ports 10000-10100 to my yate server (at the IP 192.168.42.10). [0]

Back in yate I have set “minport” and “maxport” in yrtpchan.conf to the same values for RTP (10000-10100).  I seem to be able to establish calls, but when I pick up there is no audio.  In my logfile I get "YRTPWrapper 'yrtp/1991634715' bind failed in range 10000-10100”.  There is nothing else using those ports, according to netstat -l.  Does this indicate something wrong?

Any suggestions?

[0] iptables rules:

iptables -I INPUT -p udp -m udp --dport 5060 -m string --string "User-Agent: VaxSIPUserAgent" --algo bm --to 65535 -j DROP
iptables -I INPUT -p udp -m udp --dport 5060 -m string --string "User-Agent: friendly-scanner" --algo bm --to 65535 -j REJECT --reject-with icmp-port-unreachable
iptables -I INPUT -p udp -m udp --dport 5060 -m string --string "REGISTER sip:" --algo bm -m recent --set --name VOIP --rsource
iptables -I INPUT -p udp -m udp --dport 5060 -m string --string "REGISTER sip:" --algo bm -m recent --update --seconds 60 --hitcount 12 --rttl --name VOIP --rsource -j DROP
iptables -I INPUT -p udp -m udp --dport 5060 -m string --string "INVITE sip:" --algo bm -m recent --set --name VOIPINV --rsource
iptables -I INPUT -p udp -m udp --dport 5060 -m string --string "INVITE sip:" --algo bm -m recent --update --seconds 60 --hitcount 12 --rttl --name VOIPINV --rsource -j DROP
iptables -A PREROUTING -t nat -p udp -m hashlimit --hashlimit 6/sec --hashlimit-mode srcip,dstport --hashlimit-name tunnel_limit -m udp --dport 5060 -j DNAT --to-destination 192.168.42.10
iptables -A FORWARD -p tcp -d 192.168.42.10 --dport 5060 -j ACCEPT
iptables -I INPUT -p udp -m udp --dport 5060 -j DROP
iptables -t nat -A PREROUTING -p udp -m udp --dport 10000:10100 -j DNAT --to-destination 192.168.42.10
iptables -A FORWARD -p udp -d 192.168.42.10 --dport 10000:10100 -j ACCEPT

[1] Here is the SIP conversation that is logged just before the call drops (calling party is outside the LAN, called party is inside):

INVITE sip:dominica@m... SIP/2.0
From:sip:jeremy@malcolm.id.au;tag=b088e2ef
To:sip:dominica@malcolm.id.au
Call-ID:45902c3a687807a154a0e6d310fed
CSeq:30973 INVITE
Via:SIP/2.0/UDP 21.153.3.29;branch=z9hG4bKQn8UChGf
Accept:application/sdp, multipart/mixed, application/dtmf, application/dtmf-relay
Allow:INVITE,INFO,BYE,CANCEL,OPTIONS,REFER,UPDATE,PRACK
Supported:timer,100rel,replaces
Contact:<sip:jeremy@2...>
Max-Forwards:70
User-Agent:Whistle/iOS/1.49 (VailSIP 20131127)
Content-Length:411
Content-Type:application/sdp
X-Vail-Load:1/2;id=187

v=0
o=- 1419830995 0 IN IP4 21.153.3.29
s=-
c=IN IP4 21.153.3.29
t=0 0
m=audio 57842 RTP/AVP 125 126 127 0 8 101
a=rtpmap:125 CELT/32000
a=fmtp:125 frame-size=640;bitrate=64
a=ptime:20
a=maxptime:20
a=rtpmap:126 speex/32000
a=ptime:20
a=maxptime:20
a=rtpmap:127 speex/16000
a=ptime:20
a=maxptime:20
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
------
<sip:INFO> 'udp:0.0.0.0:5060' received 963 bytes SIP message from 172.56.39.246:54692 [0x924e0f8]
------
INVITE sip:dominica@m... SIP/2.0
From:sip:jeremy@malcolm.id.au;tag=b088e2ef
To:sip:dominica@malcolm.id.au
Call-ID:45902c3a687807a154a0e6d310fed
CSeq:30973 INVITE
Via:SIP/2.0/UDP 21.153.3.29;branch=z9hG4bKQn8UChGf
Accept:application/sdp, multipart/mixed, application/dtmf, application/dtmf-relay
Allow:INVITE,INFO,BYE,CANCEL,OPTIONS,REFER,UPDATE,PRACK
Supported:timer,100rel,replaces
Contact:<sip:jeremy@2...>
Max-Forwards:70
User-Agent:Whistle/iOS/1.49 (VailSIP 20131127)
Content-Length:411
Content-Type:application/sdp

v=0
o=- 1419830995 0 IN IP4 21.153.3.29
s=-
c=IN IP4 21.153.3.29
t=0 0
m=audio 57842 RTP/AVP 125 126 127 0 8 101
a=rtpmap:125 CELT/32000
a=fmtp:125 frame-size=640;bitrate=64
a=ptime:20
a=maxptime:20
a=rtpmap:126 speex/32000
a=ptime:20
a=maxptime:20
a=rtpmap:127 speex/16000
a=ptime:20
a=maxptime:20
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
------
<sip:INFO> 'udp:0.0.0.0:5060' sending code 100 0xf6109018 to 172.56.39.246:54692 [0x924e0f8]
------
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 21.153.3.29;branch=z9hG4bKQn8UChGf;received=172.56.39.246
Call-ID: 45902c3a687807a154a0e6d310fed
CSeq: 30973 INVITE
Server: YATE/4.1.0
Content-Length: 0

------
<INFO> Could not classify call from 'jeremy', wasted 9 usec
<cdrbuild:INFO> Got message 'call.route' for untracked id 'sip/11'
<INFO> Routing call to 'dominica' in context 'default' via '-' in 593 usec
<sip/11:MILD> Call rejected error='noauth' reason='(null)' [0xf61097d0]
<sip:INFO> 'udp:0.0.0.0:5060' sending code 401 0x9314b00 to 172.56.39.246:54692 [0x924e0f8]

-- 
Jeremy Malcolm PhD LLB (Hons) B Com
Internet lawyer, ICT policy advocate, geek
echo "9EEAi^^;6C6]>J^=^>6"|tr '\!-~' 'P-~\!-O'|wget -q -i - -O -