[OpenSER-Users] call failed 403 forbiden
Bogdan-Andrei Iancu
bogdan at voice-system.ro
Mon May 26 10:37:41 CEST 2008
Hi,
The 403 is sent by your script - you just need to debug your script (use
xlog() to print messages) and to see how the request is processed
through your script.
Regards,
Bogdan
luzango mfupe wrote:
> Hi mates,
> I still need your pointers regarding my problem in this post, today i
> have attached the routes suspected to be involved in this saga. From
> my config file plz see below.
>
> #
> -----------------------------------------------------------------
> # Unauthorized relay
> #
> -----------------------------------------------------------------
>
> if (!is_uri_host_local()) {
> if (is_from_local()) { # We prevent
> unauthorised relays "clever guys we got u"
> append_hf("P-hint: outbound\r\n");
>
> route(10);
> # need to be authenticated
> } else {
> sl_send_reply("403", "Forbidden");
> };
> return;
> };
>
> route[10] {
> #-------------------------------------------------------------
> # Default Message Handler with Proxy Authentication
> #
> -----------------------------------------------------------------
>
> if(method=="ACK") { #these you never proxy authenticate
> route(1);
> return;
> };
> if(method=="BYE" || method=="CANCEL") { #these you never
> proxy authenticate
> route(1);
> return;
> };
>
> xlog("L_INFO", "Proxy auth $fd $dP destination:$du $dd $ds");#
>
> if (!route(7)) { #verify the user
> return(0);
> };
> if (!is_user_in("From", "noauth")) { #no authentication required
> if (!proxy_authorize("","subscriber")) {
> proxy_challenge("","0");
> return;
> } else if (!check_from()) {
> sl_send_reply("403", "Use From=ID");
> return;
> };
> # consume_credentials();
>
> };
>
> # if (is_user_in("Credentials", "local")) { # Uncomment to
> use the group options
> route(1);
> # }else{
> # sl_send_reply("403", "Busted!!!, you are not allowed
> this route");
> # };
>
> return;
> }
>
> With Best Regards,
> LU.
>
>
>
> Message: 3
> Date: Tue, 20 May 2008 17:38:50 +0200
> From: "luzango mfupe" <luzango.mfupe at gmail.com
> <mailto:luzango.mfupe at gmail.com>>
> Subject: [OpenSER-Users] Call failed 403 Forbiden
> To: users at lists.openser.org <mailto:users at lists.openser.org>
> Message-ID:
> <9cdd611a0805200838oc11cfedg9762b7451bf543c4 at mail.gmail.com
> <mailto:9cdd611a0805200838oc11cfedg9762b7451bf543c4 at mail.gmail.com>>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi mates,
> Everytime i do try to make my 2 xlite clients talk (which i
> correctly added
> them into the database), i encountered with the same problm,
> Openser perfoms
> authentication and return call failed 403 forbiden signal.
>
> My setup comprise of the first box with openser 1.3 and mediaproxy the
> second box with Mysql and two Xlite clients in two other boxes all
> are in an
> internal network, as far as am concerned my NetAdmin have already
> opened
> ports 5060 and 3306 for me. I need your right direction on this probm.
> below is my ngrep snapshot
>
> mzee:/# ngrep -d eth1 -W byline port 5060
> interface: eth1 (168.172.200.0/255.255.255.0
> <http://168.172.200.0/255.255.255.0>)
> filter: (ip or ip6) and ( port 5060 )
> #
> U 168.172.200.70:1824 <http://168.172.200.70:1824> ->
> 168.172.200.87:5060 <http://168.172.200.87:5060>
> INVITE sip:musketeerm at 168.172.200.87
> <mailto:sip%3Amusketeerm at 168.172.200.87>
> <sip%3Amusketeerm at 168.172.200.87
> <mailto:sip%253Amusketeerm at 168.172.200.87>>SIP/2.0.
> Via: SIP/2.0/UDP 168.172.200.70:1824 <http://168.172.200.70:1824>
> ;branch=z9hG4bK-d87543-ef08fb62b30f1a54-1--d87543-.
> Max-Forwards: 70.
> Contact: <sip:dreamteam at 168.172.200.70:1824
> <http://sip:dreamteam@168.172.200.70:1824>>.
> To: "musk"<sip:musketeerm at 168.172.200.87
> <mailto:sip%3Amusketeerm at 168.172.200.87>
> <sip%3Amusketeerm at 168.172.200.87
> <mailto:sip%253Amusketeerm at 168.172.200.87>>>.
> From: "dream"<sip:dreamteam at 168.172.200.87
> <mailto:sip%3Adreamteam at 168.172.200.87>
> <sip%3Adreamteam at 168.172.200.87
> <mailto:sip%253Adreamteam at 168.172.200.87>>
> >;tag=af4bd714.
> Call-ID: OTAyNWJhOTdiZjBlNmUwNDYyZWI0YzdkM2JhZTUxMTU..
> CSeq: 1 INVITE.
> Session-Expires: 95.
> Min-SE: 90.
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE,
> SUBSCRIBE,
> INFO.
> Content-Type: application/sdp.
> Supported: timer.
> User-Agent: X-Lite release 1011s stamp 41150.
> Content-Length: 426.
> .
> v=0.
> o=- 9 2 IN IP4 168.172.200.70 <http://168.172.200.70>.
> s=CounterPath X-Lite 3.0.
> c=IN IP4 168.172.200.70 <http://168.172.200.70>.
> t=0 0.
> m=audio 52166 RTP/AVP 107 119 100 106 0 105 98 8 101.
> a=alt:1 1 : uZB2dYm+ NKBRK8Ep 168.172.200.70
> <http://168.172.200.70> 52166.
> a=fmtp:101 0-15.
> a=rtpmap:107 BV32/16000.
> a=rtpmap:119 BV32-FEC/16000.
> a=rtpmap:100 SPEEX/16000.
> a=rtpmap:106 SPEEX-FEC/16000.
> a=rtpmap:105 SPEEX-FEC/8000.
> a=rtpmap:98 iLBC/8000.
> a=rtpmap:101 telephone-event/8000.
> a=sendrecv.
> #
> U 168.172.200.87:5060 <http://168.172.200.87:5060> ->
> 168.172.200.70:1824 <http://168.172.200.70:1824>
> SIP/2.0 403 Forbidden.
> Via: SIP/2.0/UDP 168.172.200.70:1824 <http://168.172.200.70:1824>
> ;branch=z9hG4bK-d87543-ef08fb62b30f1a54-1--d87543-.
> To: "musk"<sip:musketeerm at 168.172.200.87
> <mailto:sip%3Amusketeerm at 168.172.200.87>
> <sip%3Amusketeerm at 168.172.200.87
> <mailto:sip%253Amusketeerm at 168.172.200.87>>
> >;tag=9a17bd4180f96d7136f8b30b25c6947e.d7e9.
> From: "dream"<sip:dreamteam at 168.172.200.87
> <mailto:sip%3Adreamteam at 168.172.200.87>
> <sip%3Adreamteam at 168.172.200.87
> <mailto:sip%253Adreamteam at 168.172.200.87>>
> >;tag=af4bd714.
> Call-ID: OTAyNWJhOTdiZjBlNmUwNDYyZWI0YzdkM2JhZTUxMTU..
> CSeq: 1 INVITE.
> Server: OpenSER (1.3.0-notls (i386/linux)).
> Content-Length: 0.
> .
> #
> U 168.172.200.70:1824 <http://168.172.200.70:1824> ->
> 168.172.200.87:5060 <http://168.172.200.87:5060>
> ACK sip:musketeerm at 168.172.200.87
> <mailto:sip%3Amusketeerm at 168.172.200.87>
> <sip%3Amusketeerm at 168.172.200.87
> <mailto:sip%253Amusketeerm at 168.172.200.87>> SIP/2.0.
> Via: SIP/2.0/UDP 168.172.200.70:1824 <http://168.172.200.70:1824>
> ;branch=z9hG4bK-d87543-ef08fb62b30f1a54-1--d87543-.
> To: "musk"<sip:musketeerm at 168.172.200.87
> <mailto:sip%3Amusketeerm at 168.172.200.87>
> <sip%3Amusketeerm at 168.172.200.87
> <mailto:sip%253Amusketeerm at 168.172.200.87>>
> >;tag=9a17bd4180f96d7136f8b30b25c6947e.d7e9.
> From: "dream"<sip:dreamteam at 168.172.200.87
> <mailto:sip%3Adreamteam at 168.172.200.87>
> <sip%3Adreamteam at 168.172.200.87
> <mailto:sip%253Adreamteam at 168.172.200.87>>
> >;tag=af4bd714.
> Call-ID: OTAyNWJhOTdiZjBlNmUwNDYyZWI0YzdkM2JhZTUxMTU..
> CSeq: 1 ACK.
> Content-Length: 0.
>
> WBR,
> LU.
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Users mailing list
> Users at lists.openser.org
> http://lists.openser.org/cgi-bin/mailman/listinfo/users
>
More information about the Users
mailing list