<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix"><tt>Hello,<br>
<br>
The best options for you is to use dialog module with topology
hiding. This can be easily combined with any of the media relays
(rtpproxy or mediaproxy) for hiding the media path.<br>
<br>
Regards,<br>
</tt>
<pre class="moz-signature" cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a class="moz-txt-link-freetext" href="http://www.opensips-solutions.com">http://www.opensips-solutions.com</a></pre>
On 28.02.2014 10:14, Антон Лытаев wrote:<br>
</div>
<blockquote
cite="mid:CABzAFAE1EfYuhru4yZAjRArCSp6YK4yuPuA=PpnQ2AfBG46P_g@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>Hi. Please help.<br>
<span id="result_box" class="" lang="en"><span class="">We
have:</span></span><br>
<span id="result_box" class="" lang="en"><span class="">One
MGW: Cisco AS5350<br>
</span></span></div>
<span id="result_box" class="" lang="en"><span class="">UserID=</span></span><span
id="result_box" class="" lang="en"><span class="">telephone
number and </span></span><span id="result_box" class=""
lang="en"><span class="">registration on OpenSips </span></span><span
id="result_box" class="" lang="en"><span class="">through
MySQL<br>
</span></span><span id="result_box" class="" lang="en"><span
class="">Call to</span> <span class="">PSTN</span> <span
class="">pass through</span> <span class="">MGW</span> <span
class="">with prefix</span> <span class="">9999:</span></span><br>
<span id="result_box" class="" lang="en"><span class=""><br>
Now, such a scheme works:<br>
<br>
(UAC )---->sip----->Opensips
1.7--->SIP--->MGW Cisco<br>
85.85.85.95 85.85.85.85
85.85.85.11<br>
RTP----------------------------------------------------------->MGW
Cisco-------->PSTN<br>
<br>
</span></span><span id="result_box" class="" lang="en"><span
class="">Here is an example</span> <span class="">CFG-</span><span
class="">file that</span> <span class="">works now</span><span
class="">:</span> <br class="">
<span class="">The message</span> <span class="">"</span><span
class="">183</span><span class="">"</span> <span class="">prefix
and</span> <span class="">visible</span> <span class="">IP</span>
<span class="">gateway.</span> <span class="">And that could</span>
<span class="">be a threat</span> <span class="">of fraud</span><span
class="">.</span> <br class="">
<span class="">Here:</span> <span class="">if you use the</span>
<span class="">function</span> <span class="">topology_hiding
();</span> <span class="">it</span> <span class="">does
not happen</span> <span class="">a fair exchange</span><span
class="">:</span> <br class="">
<span class=""></span></span><span id="result_box" class=""
lang="en"><span class="">"BYE"</span> <span class="">comes</span>
<span class="">to the message</span> <span class="">"404</span><span
class="">", "Not here"</span> <span class="">rather than "</span><span
class="">200</span> <span class="">OK"</span> <br class="">
<span class="">I use</span> <span class="">client_nat_test</span>
<span class="">to</span> <span class="">cut off</span> <span
class="">all requests for</span> <span class="">registration</span>
<span class="">are NAT</span><span class=""></span></span><span
id="result_box" class="" lang="en"><span class=""><span
id="result_box" class="" lang="en"><span class="">, but</span>
<span class="">it does not work</span></span>!<br>
<br>
</span></span>port=5060<br>
listen=udp:<a moz-do-not-send="true"
href="http://85.85.85.85:5060">85.85.85.85:5060</a>
#Opensips-server<br>
route{<br>
if (has_totag()) {<br>
if (loose_route()) {<br>
if (is_method("BYE")) {<br>
setflag(1);<br>
setflag(3);}<br>
else if (is_method("INVITE")) {<br>
#topology_hiding();<br>
record_route(); }<br>
route(1);}<br>
else {<br>
if ( is_method("ACK") ) {<br>
if ( t_check_trans() ) {<br>
t_relay();<br>
exit;}<br>
else {<br>
exit;<br>
}}<br>
sl_send_reply("404","Not here");<br>
}<br>
exit;<br>
}<br>
<br>
#initial requests<br>
if (is_method("CANCEL")){<br>
if (t_check_trans())<br>
t_relay();<br>
exit;}<br>
<br>
t_check_trans();<br>
<br>
# authenticate if from local subscriber (uncomment to enable
auth)<br>
# authenticate all initial non-REGISTER request that pretend to
be<br>
# generated by local subscriber (domain from FROM URI is local)<br>
<br>
if (!(method=="REGISTER") && from_uri==myself) #/*no
multidomain version*/<br>
{if (!proxy_authorize("", "subscriber")) <br>
{proxy_challenge("", "0");<br>
exit;}<br>
if (!db_check_from()) <br>
{sl_send_reply("403","Forbidden auth ID");<br>
exit;}<br>
consume_credentials();<br>
}<br>
<br>
# preloaded route checking<br>
if (loose_route()) <br>
{xlog("L_ERR","Attempt to route with preloaded Route's
[$fu/$tu/$ru/$ci]");<br>
if (!is_method("ACK")) sl_send_reply("403","Preload Route
denied");<br>
exit;<br>
}<br>
<br>
# record routing<br>
if (!is_method("REGISTER|MESSAGE")) record_route();<br>
<br>
# account only INVITEs if (is_method("INVITE"))<br>
{<br>
# if (!src_ip=="85.85.85.11") #CISCO MGW IP<br>
#{<br>
# topology_hiding();<br>
# }<br>
setflag(1); # do accounting<br>
}<br>
<br>
if (!uri==myself) ## replace with following line if
multi-domain support is used<br>
{<br>
route(1);}<br>
<br>
# requests for my domain<br>
if (is_method("PUBLISH")){<br>
sl_send_reply("503", "Service Unavailable");<br>
exit;}<br>
<br>
if (is_method("REGISTER")){<br>
# if(client_nat_test("3"))<br>
# {<br>
# sl_send_reply("403", "Not working NAT");<br>
# exit;<br>
# }<br>
<br>
# authenticate the REGISTER requests (uncomment to enable auth)<br>
if (!www_authorize("", "subscriber")) {<br>
www_challenge("", "0");<br>
exit;}<br>
if (!db_check_to()) {<br>
sl_send_reply("403","Forbidden auth ID");<br>
exit;}<br>
if (!save("location"))<br>
sl_reply_error();<br>
exit;<br>
}<br>
<br>
if ($rU==NULL) {<br>
# request with no Username in RURI<br>
sl_send_reply("484","Address Incomplete");<br>
exit;<br>
}<br>
<br>
# do lookup with method filtering<br>
if ((src_ip=="85.85.85.11") && (!lookup("location")))<br>
{<br>
switch ($retcode) {<br>
case -1:<br>
case -3:<br>
t_newtran();<br>
t_reply("404", "Not Found");<br>
exit;<br>
case -2:<br>
sl_send_reply("405", "Method Not Allowed");<br>
exit;<br>
}}<br>
<br>
# when routing via usrloc, log the missed calls also<br>
setflag(2);<br>
<br>
if (src_ip=="85.85.85.11") {<br>
route(1);}<br>
route(3);<br>
}<br>
<br>
route[1] {<br>
# for INVITEs enable some additional helper routes<br>
if (is_method("INVITE")) {<br>
t_on_branch("2");<br>
t_on_reply("2");<br>
t_on_failure("1");}<br>
if (!t_relay()) {<br>
sl_reply_error();};<br>
exit;}<br>
####################################################<br>
route[3] {<br>
prefix("9999");<br>
rewritehostport("<a moz-do-not-send="true"
href="http://85.85.85.11:5060">85.85.85.11:5060</a>");<br>
if (!t_relay()) {<br>
sl_reply_error();<br>
};exit;<br>
}<br>
####################################################<br>
branch_route[2] { xlog("new branch at $ru\n");}<br>
onreply_route[2] { xlog("incoming reply\n"); }<br>
<br>
failure_route[1] {<br>
if (t_was_cancelled()) {exit;}}<br>
<br>
<br>
It's not safe, it's necessary to build a new wiring diagram:<br>
(UAC
)--->sip,RTP---->(Opensips--->rtp,SIP------>)----->MGW
Cisco--->PSTN<br>
85.85.85.95 (85.85.85.85 192.168.0.2)
192.168.0.3<br>
<br>
questions:<br>
1. to hide the network topology from the users (can be used
dialog module, function: topology_hiding?)<br>
2. hide RTP traffic to MGW for Opensips-server (can be used
MediaProxy or rtpproxy)?<br>
3. <span id="result_box" class="" lang="en"><span class="">Cut
off</span> <span class="">all</span> <span class="">who</span>
<span class="">are NAT!!!</span></span><br>
Please, give examples opensips.cfg-file ?<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a>
<a class="moz-txt-link-freetext" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
</blockquote>
<br>
</body>
</html>