siproxd_guide.sgml

Siproxd is a proxy/masquerading daemon for the SIP protocol. It handles registrations of SIP client

      <?dbhtml filename="siproxd_guide_c6s2.html">
      <title>GS BT-100 behind NAT Router running Siproxd</title>
      <para>Scenario:</para>
<screen>
private IP address range             :          Internet
10.0.0.x                             :          (public IP address range)
                                     :
                                     :         foo.bar.org
+-------------+               +--------------+
!             !.10         .1 ! masquerading ! publicIP
! SIP UA      !---------------! Firewall     !------------>>  
! BT-100      !               ! siproxd      !
+-------------+               +--------------+
                          eth0       :        ppp0
</screen>
      <para>Siproxd is running on the same host as the masquerading
        firewall. The SIP phone is a Grandstream BudgeTone-100.
        In this example the external SIP registrar used is
        <ulink url='http://www.sipphone.com/'>sipphone.com</ulink>.</para>
      <para>siproxd.conf:</para>
<screen>
if_inbound  = eth0
if_outbound = ppp0
hosts_allow_reg = 10.0.0.0/24
sip_listen_port = 5060
daemonize = 1
silence_log = 1
log_calls = 1
user = siproxd
registration_file = /var/lib/siproxd_registrations
pid_file = /var/run/siproxd/siproxd.pid
rtp_proxy_enable = 1
rtp_port_low  = 7070
rtp_port_high = 7089
rtp_timeout = 300
default_expires = 600
debug_level = 0
debug_port = 0
</screen>
      <para>Firewall configuration (iptables):</para>
<screen>
# allow incoming SIP and RTP traffic
iptables -A INPUT -m udp -p udp -i ppp0 --dport 5060      -j ACCEPT
iptables -A INPUT -m udp -p udp -i ppp0 --dport 7070:7089 -j ACCEPT
</screen>
      <para>Phone configuration (only the relevant items are listed):</para>
<screen>
IP Address:             10.0.0.10
Subnet Mask:            255.255.255.0
Default Router: 10.0.0.1
DNS Server 1:           &lt;DNS Server of your Internet provider>
SIP Server:             proxy01.sipphone.com
Outbound Proxy: 10.0.0.1
SIP User ID:            1747669xxxx
Authenticate ID:        1747660xxxx
Authenticate Passwd:    *********
Name:                   Your Name Here
Use DNS SRV:            no
User ID is phone #:     no
Sip Registration:       yes
Unregister on reboot:no
Register expiration:    60
Early Dial:             no
local SIP port: 5060
local RTP port: 5004
Use random port:        yes
NAT traversal:  no
Use NAT IP:             &lt;empty>
Subscribe for MWI:      No
Send DTMF:              via RTP (RFC2833)
</screen>
    </sect1>

    <!-- Chapter 6.3: GS BT-100 with Siproxd running "in front of" a NAT router -->
    <sect1 label="6.3">
      <?dbhtml filename="siproxd_guide_c6s3.html">
      <title>GS BT-100 with Siproxd running "in front of" a NAT router</title>
      <para>Scenario:</para>
<screen>
private IP address range             :          Internet
10.0.0.x                             :          (public IP address range)
                                     :
                                     :         foo.bar.org
+-------------+               +--------------+
!             !.10         .1 ! masquerading ! publicIP
! SIP UA      !---------------! NAT router   !------------>>  
! BT-100      !      !        !              !
+-------------+      !        +--------------+
                     !    eth0       :        ppp0
                     !               :       
                     !               :       
                eth0 !.2                     
              +-------------+                
              !   siproxd   !                
              !             !                
              +-------------+                
</screen>
      <para>Siproxd is running on 10.0.0.2. The masquerading NAT
        router (e.g. a ADSL NAT router that cannot run any user
        applications).</para>
      <para>siproxd.conf:</para>
<screen>
if_inbound  = eth0
if_outbound = eth0
host_outbound = foo.bar.org
hosts_allow_reg = 10.0.0.0/24
sip_listen_port = 5060
daemonize = 1
silence_log = 1
log_calls = 1
user = siproxd
registration_file = /var/lib/siproxd_registrations
pid_file = /var/run/siproxd/siproxd.pid
rtp_proxy_enable = 1
rtp_port_low  = 7070
rtp_port_high = 7089
rtp_timeout = 300
default_expires = 600
debug_level = 0
debug_port = 0
</screen>
      <para>NAT router configuration:</para>
<screen>
forward all incoming traffic on 5060/udp to 10.0.0.2
forward all incoming traffic from 7070/udp - 7089/udp to 10.0.0.2
</screen>
      <para>Phone configuration:</para>
<screen>
IP Address:             10.0.0.10
Subnet Mask:            255.255.255.0
Default Router: 10.0.0.1
DNS Server 1:           &lt;DNS Server of your Internet provider>
SIP Server:             proxy01.sipphone.com
Outbound Proxy: 10.0.0.2
SIP User ID:            1747669xxxx
Authenticate ID:        1747660xxxx
Authenticate Passwd:    *********
Name:                   Your Name Here
Use DNS SRV:            no
User ID is phone #:     no
Sip Registration:       yes
Unregister on reboot:no
Register expiration:    60
Early Dial:             no
local SIP port: 5060
local RTP port: 5004
Use random port:        yes
NAT traversal:  no
Use NAT IP:             &lt;empty>
Subscribe for MWI:      No
Send DTMF:              via RTP (RFC2833)
</screen>
    </sect1>


    <!-- Chapter 6.4: Transparent SIP Proxy -->
    <sect1 label="6.4">
      <?dbhtml filename="siproxd_guide_c6s4.html">
      <title>Transparent SIP Proxy</title>
      <para>Scenario:</para>
<screen>
private IP address range             :          Internet
10.0.0.x                             :          (public IP address range)
                                     :
                                     :         foo.bar.org
+-------------+               +--------------+
!             !.10         .1 ! masquerading ! publicIP
! SIP UA      !---------------! Firewall     !------------>>  
!             !               ! siproxd      !
+-------------+               +--------------+
                          eth0       :        ppp0
</screen>
      <para>You may have a SIP UA (Phone) that does not allow the
        specification of an outbound proxy. If siproxd is running
        on the masquerading router, the following configuration will
        do so called transparent proxying. The firewall will redirect
        outgoing SIP messages to siproxd, however the local Client
        is not aware of it.</para>
      <para>siproxd.conf:</para>
<screen>
if_inbound  = eth0
if_outbound = ppp0
hosts_allow_reg = 10.0.0.0/24
sip_listen_port = 5060
daemonize = 1
silence_log = 1
log_calls = 1
user = siproxd
registration_file = /var/lib/siproxd_registrations
pid_file = /var/run/siproxd/siproxd.pid
rtp_proxy_enable = 1
rtp_port_low  = 7010
rtp_port_high = 7019
rtp_timeout = 300
default_expires = 600
debug_level = 0
debug_port = 0
</screen>
      <para>Firewall configuration (iptables):</para>
<screen>
# redirect outgoing SIP traffic to siproxd (myself)
iptables -t nat -A PREROUTING -m udp -p udp -i eth0 \
                              --destination-port 5060     -j REDIRECT
# allow incoming SIP and RTP traffic
iptables -A INPUT -m udp -p udp -i ppp0 --dport 5060      -j ACCEPT
iptables -A INPUT -m udp -p udp -i ppp0 --dport 7070:7089 -j ACCEPT
</screen>
    </sect1>

    <!-- Chapter 6.5: Masquerading an Asterisk box -->
    <sect1 label="6.5">
      <?dbhtml filename="siproxd_guide_c6s5.html">
      <title>Masquerading an Asterisk box</title>
      <para>Scenario:</para>
<screen>
private IP address range             :          Internet
10.0.0.x                             :          (public IP address range)
                                     :
                                     :         foo.bar.org
+-------------+               +--------------+
!             !.10         .1 ! masquerading ! publicIP
! Asterisk    !---------------! Firewall     !------------>>  
!             !  SIP trunk    ! siproxd      !
+-------------+               +--------------+
  ! ! ! ! !               eth0       :        ppp0
..!.!.!.!.!.....
 extensions
 (local SIP clients)
</screen>
      <para>Siproxd can also be used to masquerade an Asterisk server.
        The Asterisk server will register itself as a SIP UA (Client)
        to an external SIP registrar. In this example this would be
        again sipphone.com. As Asterisk does not allow to specify an
        SIP outbound proxy we use the same setup for transparent proxying.
        The context values of the asterisk configuration probably must
        be adapted to fit your needs.</para>
      <para>siproxd.conf:</para>
<screen>
if_inbound  = eth0
if_outbound = ppp0
hosts_allow_reg = 10.0.0.0/24
sip_listen_port = 5060
daemonize = 1
silence_log = 1
log_calls = 1
user = siproxd
registration_file = /var/lib/siproxd_registrations
pid_file = /var/run/siproxd/siproxd.pid
rtp_proxy_enable = 1
rtp_port_low  = 7070
rtp_port_high = 7089
rtp_timeout = 300
default_expires = 600
debug_level = 0
debug_port = 0
</screen>
      <para>Firewall configuration (iptables):</para>
<screen>
# redirect outgoing SIP traffic to siproxd (myself)
iptables -t nat -A PREROUTING -m udp -p udp -i eth0 \
                     --source 10.0.0.11 --destination-port 5060 -j REDIRECT
# allow incoming SIP and RTP traffic
iptables -A INPUT -m udp -p udp -i ppp0 --dport 5060      -j ACCEPT
iptables -A INPUT -m udp -p udp -i ppp0 --dport 7070:7080 -j ACCEPT
</screen>
      <para>Asterisk configuration (SIP related part):</para>
<screen>
sip.conf:

[general]
port = 5060           ; Port to bind to (SIP is 5060)
bindaddr = 0.0.0.0    ; Address to bind to (all addresses on machine)
context = from-sip-external ; Send unknown SIP callers to this context
callerid = Unknown
defaultexpirey = 900

; codecs
disallow=all
allow=gsm       ; 13 Kbps
allow=ulaw      ; 64 Kbps
allow=alaw      ; 64 Kbps

; SIP Trunk to sipphone.com
; the SIP number is taken randomly for this example
register=17476691234:&lt;password>@proxy01.sipphone.com

[17476691234]
type=user
nat=never
context=from-pstn
canreinvite=no

[sipphone1]
username=17476691234
type=peer
qualify=2000
host=proxy01.sipphone.com
fromuser=17476691234
fromdomain=proxy01.sipphone.com
context=from-pstn
canreinvite=no
secret=&lt;password>

; local SIP extensions
[200]
username=200
type=friend
secret=XXXXXX
qualify=500
port=5060
pickupgroup=
nat=never
mailbox=
host=dynamic
dtmfmode=rfc2833
disallow=
context=from-internal
canreinvite=no
callgroup=
callerid="Extension 200" <200>
allow=all
</screen>
    </sect1>
  </chapter>
</book>