I would like to ask if someone has really managed to reproduce symmetric nat behaviour using linux's iptables. I only managed to reproduce Full Cone (a little bit hardcoded), Restricted Cone(also a little bit hardcoded) and Port Restricted Cone. If someone would like to exchange ideas about linux iptables, I am interested and I can tell how I managed to create such NATs. Cheers Pedro Gon?alves Benny Prijono wrote: > Thanks. > > Based on the mapped address from test 1 and test 1B: > Test 1: 88.88.88.88:35077 <http://88.88.88.88:35077> > Test 1B: 88.88.88.88:1024 <http://88.88.88.88:1024> > > So that's symmetric. And the result is the same with Vovida client > result (Independent Mapping). The Jstun result (Port restricted Cone) > then becomes questionable. > > On a side note, the behavior of your NAT is also questionable (is it > still Linux masquerade?) as it doesn't seem to do symmetric mapping > for SIP traffic. This kinds of affirm our suspicion that Linux NAT > (this indeed you're using Linux NAT) has some kind of SIP ALG inside. > > Cheers > Benny > > On Tue, Aug 5, 2008 at 1:51 PM, Philippe HENSEL > <philippe.hensel at uha.fr <mailto:philippe.hensel at uha.fr>> wrote: > > Hi Benny, > > Here is the log output you ask for : > 14:30:41.814 sip_endpoint.c Module "mod-pjsua-log" registered > 14:30:41.817 sip_endpoint.c Module "mod-tsx-layer" registered > 14:30:41.819 sip_endpoint.c Module "mod-stateful-util" registered > 14:30:41.822 sip_endpoint.c Module "mod-ua" registered > 14:30:41.826 sip_endpoint.c Module "mod-100rel" registered > 14:30:41.829 sip_endpoint.c Module "mod-pjsua" registered > 14:30:41.831 sip_endpoint.c Module "mod-invite" registered > 14:30:41.834 pjsua_core.c STUN server 88.88.88.89 > <http://88.88.88.89> resolved, address > is 88.88.88.89:3478 <http://88.88.88.89:3478> > 14:30:41.872 pasound.c PortAudio sound library initialized, > status=0 > 14:30:41.875 pasound.c PortAudio host api count=1 > 14:30:41.878 pasound.c Sound device count=1 > 14:30:41.882 pjlib select() I/O Queue created (0x8197f0c) > 14:30:41.893 conference.c Creating conference bridge with 254 > ports > 14:30:41.908 conference.c Sound device successfully created > for port > 0 > 14:30:41.908 natck0x81a5598 Local address is 192.168.1.11:35077 > <http://192.168.1.11:35077> > 14:30:41.908 natck0x81a5598 Server set to 88.88.88.89:3478 > <http://88.88.88.89:3478> > 14:30:41.909 natck0x81a5598 Performing Test I: Binding request to > 88.88.88.89:3478 <http://88.88.88.89:3478> > 14:30:41.909 natck0x81a5598 TX 28 bytes STUN message to > 88.88.88.89:3478 <http://88.88.88.89:3478>: > --- begin STUN message --- > STUN Binding request > Hdr: length=8, magic=5cf1b955, tsx_id=40817fde3f10876600000000 > Attributes: > CHANGE-REQUEST: length=4, value=0 (0x0) > --- end of STUN message --- > > 14:30:41.909 stuntsx0x81a74 STUN client transaction created > 14:30:41.909 stuntsx0x81a74 STUN sending message (transmit count=1) > 14:30:41.909 sip_endpoint.c Module "mod-evsub" registered > 14:30:41.912 sip_endpoint.c Module "mod-presence" registered > 14:30:41.915 evsub.c Event pkg "presence" registered by > mod-presence > 14:30:41.915 sip_endpoint.c Module "mod-refer" registered > 14:30:41.919 evsub.c Event pkg "refer" registered by > mod-refer > 14:30:41.919 sip_endpoint.c Module "mod-pjsua-pres" registered > 14:30:41.922 sip_endpoint.c Module "mod-pjsua-im" registered > 14:30:41.925 sip_endpoint.c Module "mod-pjsua-options" registered > 14:30:41.928 pjsua_core.c 1 SIP worker threads created > 14:30:41.933 pjsua_core.c pjsua version 0.9.0-trunk for > i686-pc-linux-gnu initialized > 14:30:41.959 natck0x81a5598 Performing Test II: Binding request with > change address and port request to 88.88.88.89:3478 > <http://88.88.88.89:3478> > 14:30:41.959 natck0x81a5598 TX 28 bytes STUN message to > 88.88.88.89:3478 <http://88.88.88.89:3478>: > --- begin STUN message --- > STUN Binding request > Hdr: length=8, magic=2a6a1291, tsx_id=52ec3a051063cf7900000001 > Attributes: > CHANGE-REQUEST: length=4, value=6 (0x6) > --- end of STUN message --- > > 14:30:41.959 stuntsx0x81aa6 STUN client transaction created > 14:30:41.959 stuntsx0x81aa6 STUN sending message (transmit count=1) > 14:30:42.011 stuntsx0x81a74 STUN sending message (transmit count=2) > 14:30:42.012 natck0x81a5598 Performing Test III: Binding request > with > change port request to 88.88.88.89:3478 <http://88.88.88.89:3478> > 14:30:42.012 natck0x81a5598 TX 28 bytes STUN message to > 88.88.88.89:3478 <http://88.88.88.89:3478>: > --- begin STUN message --- > STUN Binding request > Hdr: length=8, magic=363c0643, tsx_id=487c69170417ce1700000002 > Attributes: > CHANGE-REQUEST: length=4, value=2 (0x2) > --- end of STUN message --- > > 14:30:42.012 stuntsx0x81aae STUN client transaction created > 14:30:42.012 stuntsx0x81aae STUN sending message (transmit count=1) > 14:30:42.014 stun.c Warning: unknown attr type 8020 in > attr 3. > Attribute was ignored. > 14:30:42.014 stun.c Warning: unknown attr type 8022 in > attr 4. > Attribute was ignored. > 14:30:42.052 stun.c Warning: unknown attr type 8020 in > attr 3. > Attribute was ignored. > 14:30:42.052 stun.c Warning: unknown attr type 8022 in > attr 4. > Attribute was ignored. > 14:30:42.052 pjsua_core.c SIP UDP socket reachable at > 88.88.88.88:5060 <http://88.88.88.88:5060> > 14:30:42.055 udp0x81a9b90 SIP UDP transport started, published > address is 88.88.88.88:5060 <http://88.88.88.88:5060> > 14:30:42.060 stuntsx0x81aa6 STUN sending message (transmit count=2) > 14:30:42.061 pjsua_acc.c Account <sip:88.88.88.88:5060 > <http://88.88.88.88:5060>> added with > id 0 > 14:30:42.115 stuntsx0x81aae STUN sending message (transmit count=2) > 14:30:42.130 stun_msg.c Unrecognized attribute type 0x8020 > 14:30:42.145 natck0x81a5598 RX 88 bytes STUN message from > 88.88.88.89:3478 <http://88.88.88.89:3478>: > --- begin STUN message --- > STUN Binding success response > Hdr: length=68, magic=5cf1b955, tsx_id=40817fde3f10876600000000 > Attributes: > MAPPED-ADDRESS: length=8, IPv4 addr=88.88.88.88:35077 > <http://88.88.88.88:35077> > SOURCE-ADDRESS: length=8, IPv4 addr=88.88.88.89:3478 > <http://88.88.88.89:3478> > CHANGED-ADDRESS: length=8, IPv4 addr=88.88.88.90:3479 > <http://88.88.88.90:3479> > ???: length=8 > SERVER: length=16, value="Vovida.org 0.96" > --- end of STUN message --- > > 14:30:42.145 natck0x81a5598 Completed Test I: Binding request, > status=0 > 14:30:42.263 stuntsx0x81aa6 STUN sending message (transmit count=3) > 14:30:42.315 stuntsx0x81aae STUN sending message (transmit count=3) > 14:30:42.663 stuntsx0x81aa6 STUN sending message (transmit count=4) > 14:30:42.715 stuntsx0x81aae STUN sending message (transmit count=4) > 14:30:43.463 stuntsx0x81aa6 STUN sending message (transmit count=5) > 14:30:43.515 stuntsx0x81aae STUN sending message (transmit count=5) > 14:30:44.147 stuntsx0x81a74 STUN client transaction destroyed > 14:30:45.063 stuntsx0x81aa6 STUN sending message (transmit count=6) > 14:30:45.115 stuntsx0x81aae STUN sending message (transmit count=6) > 14:30:48.263 stuntsx0x81aa6 STUN sending message (transmit count=7) > 14:30:48.315 stuntsx0x81aae STUN sending message (transmit count=7) > 14:30:49.863 stuntsx0x81aa6 STUN timeout waiting for response > 14:30:49.866 natck0x81a5598 Completed Test II: Binding request with > change address and port request, status=370004 > 14:30:49.866 natck0x81a5598 Performing Test IB: Binding request to > alternate address to 88.88.88.90:3479 <http://88.88.88.90:3479> > 14:30:49.866 natck0x81a5598 TX 28 bytes STUN message to > 88.88.88.90:3479 <http://88.88.88.90:3479>: > --- begin STUN message --- > STUN Binding request > Hdr: length=8, magic=0f5b01e4, tsx_id=12f8d0ad7302e24700000003 > Attributes: > CHANGE-REQUEST: length=4, value=0 (0x0) > --- end of STUN message --- > > 14:30:49.866 stuntsx0x81a74 STUN client transaction created > 14:30:49.866 stuntsx0x81a74 STUN sending message (transmit count=1) > 14:30:49.919 stuntsx0x81aae STUN timeout waiting for response > 14:30:49.922 natck0x81a5598 Completed Test III: Binding request with > change port request, status=370004 > 14:30:49.967 stuntsx0x81a74 STUN sending message (transmit count=2) > 14:30:49.985 stun_msg.c Unrecognized attribute type 0x8020 > 14:30:49.985 natck0x81a5598 RX 88 bytes STUN message from > 88.88.88.90:3479 <http://88.88.88.90:3479>: > --- begin STUN message --- > STUN Binding success response > Hdr: length=68, magic=0f5b01e4, tsx_id=12f8d0ad7302e24700000003 > Attributes: > MAPPED-ADDRESS: length=8, IPv4 addr=88.88.88.88:1024 > <http://88.88.88.88:1024> > SOURCE-ADDRESS: length=8, IPv4 addr=88.88.88.90:3479 > <http://88.88.88.90:3479> > CHANGED-ADDRESS: length=8, IPv4 addr=88.88.88.89:3478 > <http://88.88.88.89:3478> > ???: length=8 > SERVER: length=16, value="Vovida.org 0.96" > --- end of STUN message --- > > 14:30:49.985 natck0x81a5598 Completed Test IB: Binding request to > alternate address, status=0 > 14:30:49.985 pjsua_app.c NAT detected as Symmetric > 14:30:49.988 stuntsx0x81a74 STUN client transaction destroyed > 14:30:49.988 stuntsx0x81aae STUN client transaction destroyed > 14:30:49.988 stuntsx0x81aa6 STUN client transaction destroyed > 14:31:02.063 tcplis:5060 SIP TCP listener ready for incoming > connections at 192.168.1.11:5060 <http://192.168.1.11:5060> > 14:31:02.068 pjsua_acc.c Account > <sip:192.168.1.11:5060;transport=TCP> added with id 1 > 14:31:02.158 stun.c Warning: unknown attr type 8020 in > attr 3. > Attribute was ignored. > 14:31:02.158 stun.c Warning: unknown attr type 8022 in > attr 4. > Attribute was ignored. > 14:31:02.158 stun.c Warning: unknown attr type 8020 in > attr 3. > Attribute was ignored. > 14:31:02.158 stun.c Warning: unknown attr type 8022 in > attr 4. > Attribute was ignored. > 14:31:02.158 stun.c Warning: unknown attr type 8020 in > attr 3. > Attribute was ignored. > 14:31:02.158 stun.c Warning: unknown attr type 8022 in > attr 4. > Attribute was ignored. > 14:31:02.198 stun.c Warning: unknown attr type 8020 in > attr 3. > Attribute was ignored. > 14:31:02.198 stun.c Warning: unknown attr type 8022 in > attr 4. > Attribute was ignored. > 14:31:02.199 pjsua_media.c RTP socket reachable at > 88.88.88.88:4000 <http://88.88.88.88:4000> > 14:31:02.202 pjsua_media.c RTCP socket reachable at > 88.88.88.88:4001 <http://88.88.88.88:4001> > 14:31:14.891 pasound.c PortAudio sound library shutting down.. > 14:31:14.894 pjsua_core.c Shutting down... > 14:31:15.903 pjsua_core.c Destroying... > 14:31:15.905 sip_endpoint.c Destroying endpoing instance.. > 14:31:15.905 sip_transactio Stopping transaction layer module > 14:31:15.908 sip_endpoint.c Module "mod-pjsua-options" unregistered > 14:31:15.916 sip_endpoint.c Module "mod-pjsua-im" unregistered > 14:31:15.919 sip_endpoint.c Module "mod-pjsua-pres" unregistered > 14:31:15.922 sip_endpoint.c Module "mod-pjsua" unregistered > 14:31:15.925 sip_endpoint.c Module "mod-stateful-util" unregistered > 14:31:15.928 sip_endpoint.c Module "mod-refer" unregistered > 14:31:15.930 sip_endpoint.c Module "mod-presence" unregistered > 14:31:15.933 sip_endpoint.c Module "mod-evsub" unregistered > 14:31:15.936 sip_endpoint.c Module "mod-invite" unregistered > 14:31:15.939 sip_endpoint.c Module "mod-100rel" unregistered > 14:31:15.943 sip_endpoint.c Module "mod-ua" unregistered > 14:31:15.947 sip_transactio Transaction layer module destroyed > 14:31:15.950 sip_endpoint.c Module "mod-tsx-layer" unregistered > 14:31:15.955 sip_endpoint.c Module "mod-msg-print" unregistered > 14:31:15.958 sip_endpoint.c Module "mod-pjsua-log" unregistered > 14:31:15.961 sip_transport. Destroying transport manager > 14:31:15.963 tcplis:5060 SIP TCP listener destroyed > 14:31:15.966 sip_endpoint.c Endpoint 0x818902c destroyed > 14:31:15.969 pjsua_core.c PJSUA destroyed... > > > > > ###### Vovida STUN client output : ###### > > STUN client version 0.96 > Opened port 29964 with fd 3 > Opened port 29965 with fd 4 > Encoding stun message: > Encoding ChangeRequest: 0 > > About to send msg of len 28 to 88.88.88.89:3478 > <http://88.88.88.89:3478> > Encoding stun message: > Encoding ChangeRequest: 4 > > About to send msg of len 28 to 88.88.88.89:3478 > <http://88.88.88.89:3478> > Encoding stun message: > Encoding ChangeRequest: 2 > > About to send msg of len 28 to 88.88.88.89:3478 > <http://88.88.88.89:3478> > Received stun message: 88 bytes > MappedAddress = 88.88.88.88:29964 <http://88.88.88.88:29964> > SourceAddress = 88.88.88.89:3478 <http://88.88.88.89:3478> > ChangedAddress = 88.88.88.90:3479 <http://88.88.88.90:3479> > XorMappedAddress = 88.88.88.88:29964 <http://88.88.88.88:29964> > ServerName = Vovida.org 0.96 > Received message of type 257 id=1 > Encoding stun message: > Encoding ChangeRequest: 0 > > About to send msg of len 28 to 88.88.88.90:3478 > <http://88.88.88.90:3478> > Encoding stun message: > Encoding ChangeRequest: 4 > > About to send msg of len 28 to 88.88.88.89:3478 > <http://88.88.88.89:3478> > Encoding stun message: > Encoding ChangeRequest: 2 > > About to send msg of len 28 to 88.88.88.89:3478 > <http://88.88.88.89:3478> > Encoding stun message: > Encoding ChangeRequest: 0 > > About to send msg of len 28 to 88.88.88.88:29964 > <http://88.88.88.88:29964> > Received stun message: 88 bytes > MappedAddress = 88.88.88.88:29964 <http://88.88.88.88:29964> > SourceAddress = 88.88.88.90:3479 <http://88.88.88.90:3479> > ChangedAddress = 88.88.88.89:3478 <http://88.88.88.89:3478> > XorMappedAddress = 88.88.88.88:29964 <http://88.88.88.88:29964> > ServerName = Vovida.org 0.96 > Received message of type 257 id=10 > Encoding stun message: > Encoding ChangeRequest: 4 > > About to send msg of len 28 to 88.88.88.89:3478 > <http://88.88.88.89:3478> > Encoding stun message: > Encoding ChangeRequest: 2 > > About to send msg of len 28 to 88.88.88.89:3478 > <http://88.88.88.89:3478> > Encoding stun message: > Encoding ChangeRequest: 0 > > About to send msg of len 28 to 88.88.88.88:29964 > <http://88.88.88.88:29964> > Encoding stun message: > Encoding ChangeRequest: 4 > > About to send msg of len 28 to 88.88.88.89:3478 > <http://88.88.88.89:3478> > Encoding stun message: > Encoding ChangeRequest: 2 > > About to send msg of len 28 to 88.88.88.89:3478 > <http://88.88.88.89:3478> > Encoding stun message: > Encoding ChangeRequest: 0 > > About to send msg of len 28 to 88.88.88.88:29964 > <http://88.88.88.88:29964> > Encoding stun message: > Encoding ChangeRequest: 4 > > About to send msg of len 28 to 88.88.88.89:3478 > <http://88.88.88.89:3478> > Encoding stun message: > Encoding ChangeRequest: 2 > > About to send msg of len 28 to 88.88.88.89:3478 > <http://88.88.88.89:3478> > Encoding stun message: > Encoding ChangeRequest: 0 > > About to send msg of len 28 to 88.88.88.88:29964 > <http://88.88.88.88:29964> > Encoding stun message: > Encoding ChangeRequest: 4 > > About to send msg of len 28 to 88.88.88.89:3478 > <http://88.88.88.89:3478> > Encoding stun message: > Encoding ChangeRequest: 2 > > About to send msg of len 28 to 88.88.88.89:3478 > <http://88.88.88.89:3478> > Encoding stun message: > Encoding ChangeRequest: 0 > > About to send msg of len 28 to 88.88.88.88:29964 > <http://88.88.88.88:29964> > Encoding stun message: > Encoding ChangeRequest: 4 > > About to send msg of len 28 to 88.88.88.89:3478 > <http://88.88.88.89:3478> > Encoding stun message: > Encoding ChangeRequest: 2 > > About to send msg of len 28 to 88.88.88.89:3478 > <http://88.88.88.89:3478> > Encoding stun message: > Encoding ChangeRequest: 0 > > About to send msg of len 28 to 88.88.88.88:29964 > <http://88.88.88.88:29964> > Encoding stun message: > Encoding ChangeRequest: 4 > > About to send msg of len 28 to 88.88.88.89:3478 > <http://88.88.88.89:3478> > Encoding stun message: > Encoding ChangeRequest: 2 > > About to send msg of len 28 to 88.88.88.89:3478 > <http://88.88.88.89:3478> > Encoding stun message: > Encoding ChangeRequest: 0 > > About to send msg of len 28 to 88.88.88.88:29964 > <http://88.88.88.88:29964> > test I = 1 > test II = 0 > test III = 0 > test I(2) = 1 > is nat = 1 > mapped IP same = 1 > hairpin = 0 > preserver port = 1 > Primary: Indepndent Mapping, Port Dependent Filter, preserves > ports, no > hairpin > Return value is 0x000017 > > ###### JStun Client Output (more human readable ;-) ) ###### > > Network interface: eth0 > Local IP address: 192.168.1.11 <http://192.168.1.11> > Result: Port restricted Cone NAT handles connections. > Public IP address: 88.88.88.88 <http://88.88.88.88> > > > Hope this helps ? > > > > ------------------------------------------------------------------------ > > _______________________________________________ > Visit our blog: http://blog.pjsip.org > > pjsip mailing list > pjsip at lists.pjsip.org > http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org >
