[OpenSIPS-Users] MediaProxy and redirected traffic question

Stylianos Papanastasiou stylianos at gmail.com
Tue Apr 12 15:11:12 CEST 2011


Hi Saúl,

and thanks for taking the time to reply - I have since made some
progress into understanding the terminal behaviour with respect to
what I am trying to achieve but have not got to a solution to my
problem of having permanently redirected traffic.

Here is what happened in my scenario:

After inserting the iptables rule above all packets coming from
terminal 10.0.0.2 were redirected to my machine on port 40000. so
assume that communications between media proxy and the terminal are as
so:

terminal                media proxy          iptables redirection
10.0.0.2:9078 ---->   10.0.0.1:50002 ----> 10.0.0.1:40000

Now, as I intercept all traffic from 10.0.0.3 (that is the other
terminal), I add some effect and repackage it with gstreamer, and sent
it to 10.0.0.2
Since the port 50002 is bound in media proxy, however, I send traffic
from a different local port, say 30006. So we have

terminal                 media proxy
10.0.0.2:9078 <---- 10.0.0.1:30006

My terminal clients are linphone clients and they send video traffic
back to the new port (not 50002 anymore but 30006 instead) - so we
have:

terminal
10.0.0.2:9078------> 10.0.0.1:30006

I cannot understand, hard though I might try, why the rule
iptables -t nat -A PREROUTING -i eth0  -p udp -s 10.0.0.2 --sport 9078
-j REDIRECT --to-port 40000
does not keep working in that case and does not keep redirecting
traffic to port 40000. I see traffic on port 30006 instead (and I can,
of course, decode and manipulate it).

If anyone has an idea why that happens please consider dropping a hint.

Another way to solve my problems would be to alter mediaproxy to place
conntrack rules that forward traffic to a local port instead of what
is on the other side in the session description. Again if someone
could point to the right place in the source code, I would be very
grateful.

Having said that, even having received this much help went beyond my
expectations.

Thanks again,
Stylianos


On 12 April 2011 09:21, Saúl Ibarra Corretgé <saul at ag-projects.com> wrote:
> Hi,
>
> On 5/4/11 9:54 PM, Stylianos Papanastasiou wrote:
>>
>> Hi everyone,
>>
>> I am running opensips with mediaproxy and so the media traffic from my
>> two SIP terminals runs through an intermediate machine. Now, I want to
>> do some media traffic manipulation so I redirect the incoming traffic to
>> some port on the intermediate machine using iptables. Assuming my
>> terminals are 10.0.0.2 and 10.0.0.3 and the media-proxy is 10.0.0.1 -
>> and the video traffic comes from port 9078 from both terminals I give:
>>
>> iptables -t nat -A PREROUTING -i eth0  -p udp -s 10.0.0.2 --sport 9078
>> -j REDIRECT --to-port 40000
>> iptables -t nat -A PREROUTING -i eth0  -p udp -s 10.0.0.3 --sport 9078
>> -j REDIRECT --to-port 40001
>>
>
> MediaProxy does insert contrack rules to direct the traffic, as you know,
> and the fact that you are altering the routing with iptables may have
> serious implications on what happens from that point on. MediaProxy told the
> kernel to redirect packets coming from 10.0.0.2 and port X to 10.0.0.3 port
> Y, but you introduced another routing rule I don't expect packets to 'fork'.
>
>
> --
> Saúl Ibarra Corretgé
> AG Projects
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>



More information about the Users mailing list