[OpenSIPS-Users] MediaProxy and redirected traffic question

Saúl Ibarra Corretgé saul at ag-projects.com
Tue Apr 12 20:55:35 CEST 2011 

Hi,

On 12/4/11 3:11 PM, Stylianos Papanastasiou wrote:
> Hi Saúl,
>
> and thanks for taking the time to reply - I have since made some
> progress into understanding the terminal behaviour with respect to
> what I am trying to achieve but have not got to a solution to my
> problem of having permanently redirected traffic.
>
> Here is what happened in my scenario:
>
> After inserting the iptables rule above all packets coming from
> terminal 10.0.0.2 were redirected to my machine on port 40000. so
> assume that communications between media proxy and the terminal are as
> so:
>
> terminal                media proxy          iptables redirection
> 10.0.0.2:9078 ---->    10.0.0.1:50002 ---->  10.0.0.1:40000
>
> Now, as I intercept all traffic from 10.0.0.3 (that is the other
> terminal), I add some effect and repackage it with gstreamer, and sent
> it to 10.0.0.2
> Since the port 50002 is bound in media proxy, however, I send traffic
> from a different local port, say 30006. So we have
>
> terminal                 media proxy
> 10.0.0.2:9078<---- 10.0.0.1:30006
>
> My terminal clients are linphone clients and they send video traffic
> back to the new port (not 50002 anymore but 30006 instead) - so we
> have:
>
> terminal
> 10.0.0.2:9078------>  10.0.0.1:30006
>

At this point, the client switched the port because it is receiving 
traffic from another place, right? Because no re-INVITE happened, 
MediaProxy is not aware of this.

> I cannot understand, hard though I might try, why the rule
> iptables -t nat -A PREROUTING -i eth0  -p udp -s 10.0.0.2 --sport 9078
> -j REDIRECT --to-port 40000
> does not keep working in that case and does not keep redirecting
> traffic to port 40000. I see traffic on port 30006 instead (and I can,
> of course, decode and manipulate it).
>
> If anyone has an idea why that happens please consider dropping a hint.
>
> Another way to solve my problems would be to alter mediaproxy to place
> conntrack rules that forward traffic to a local port instead of what
> is on the other side in the session description. Again if someone
> could point to the right place in the source code, I would be very
> grateful.
>

I think this should be the way to go in your very specific situation. 
Mangling iptables rules will definitely affect how MediaProxy works or 
actually does not work.

I guess you'll want to hack MediaProxy to create conntrack rules 
differently. Have a look at the check_create_conntrack function on 
mediaproxy/mediacontrol.py file, conntrack rules are created there as 
soon as 1 RTP packet is received from both sides.


Regards,

-- 
Saúl Ibarra Corretgé
AG Projects

More information about the Users mailing list