[asterisk-users] Asterisk 403 Forbidden message with port translation
Vikram Ragukumar
vragukumar at signalogic.com
Wed Jan 20 21:17:28 CST 2010
Hello,
------------- -------- --- --------
|Sip Softphone|-------|Internet|--------|F.W|-----|Asterisk|
------------- -------- --- --------
IP addresses: a.b.c.d q.w.e.r
The SIP softphone(x-lite) is configured to register with the asterisk
server through port 9090 (Domain q.w.e.r:9090).Firewall(F.W) is setup as
the outbound proxy for the softphone(Outbound proxy a.b.c.d:9090).
Authentication credentials for the softphone match the user registered
in asterisk's sip.conf. F.W runs Kamailio and rtpproxy, with Kamailio
listening on port 5060.
The asterisk server is setup to listen on port 5060.
The Firewall(F.W), uses a libnetfilter_queue based program to :
(a) Rewrite the destination port 9090 as 5060, and rewrite all other
occurrences of 9090 as 5060 in the SIP message, for packets from the
softphone to the asterisk server.
(b) Rewrite the source port 5060 as 9090, and rewrite all other
occurrences of 5060 as 9090 in the SIP message, for packets from the
asterisk server to the softphone.
The following exchange of SIP messages take place
-Sip softphone sends a REGISTER message to asterisk
-Asterisk responds with a 401 UNAUTHORIZED
-Sip softphone replies with a REGISTER message containing auth. info.
-Asterisk responds with a 403 FORBIDDEN : BAD AUTHORIZATION
The above setup works when the softphone uses port 5060, so there
problem here does not have anything to do with Authorization credentials.
Is it possible i might be modifying parts of the packet that shouldn't
be modified or i might not be modifying some relevant parts of the packet ?
Thanks in advance,
Vikram.
More information about the asterisk-users
mailing list