0

I have an application written in Python 3 which communicates with an external SIP proxy server through its public IP. Basically the application I wrote sends out a SIP invite to the SIP proxy through an UDP socket. Unfortunately when I run my application no data is being sent past the firewall. Firewall is configured allow all inbound and outbound connections. I am very sure the Python application works correctly because when script is made to communicate with a SIP proxy running locally, everything works as expected. Only when the script has to go through the firewall strange things happen. I used a tool called SIPp to simulate my script's functionality (send out SIP invite) and for my surprise the invite sent through the said tool successfully reaches the external SIP proxy. I did a packet capture comparison between the packets generated by my script and the SIPp tool, every header and field values are exact same. So I am starting to believe that FW does not allow the packets sent through my script because of a different encoding. I tried searching the encoding used by the tool but was not able to find it from the documentation. I am currently using 'utf-8' as my encoding in my script. What could be the reason for this bizarre behaviour? Is deductions about firewall issues due to different encoding correct? Please advise.

Update: I localised the problem. The issue is when I sent data to port 5060. When I send data to any other port, SIP proxy can get it. I checked my PC, no other application is using port 5060. The SIPp tool used port 5060 as well.

I am 100% convinced its the sip-alg thing which blocks my script's packets. I am not sure how SIP ALG can detect my script's packets and block them. Is it because of a specific encoding?

Vino
  • 101
  • 1
  • 3
  • If you did a packet capture and found packets leaving your host then it means the firewall did not block them. If you see the reply it is maybe blocked later on by the firewall. But f you do not see the reply then it means the problem is further down the network or on the received end, and not on your end. – Patrick Mevzek Jan 24 '18 at 04:52
  • I did't leave the host. Firewall is some strange reason blocking on port 5060. On any other port I can get past the firewall. Also SIPP can send through 5060. – Vino Jan 24 '18 at 05:22
  • Not clear sorry. If you see the packet going out in a trace, then the firewall does not block it. If you do not see it, if you remove (temporarily) the firewall, you should see it going out. If you are in neither of these 2 cases then your problem is elsewhere. – Patrick Mevzek Jan 24 '18 at 05:30
  • Hey Patrick sorry for being not clear. The problem is when i am using port 5060 with my script, nothing comes out of the firewall. With every other port, I can see traffic go out of the firewall for my script. The biggest confusion is that for Sipp tool, there is traffic going out of firewall even for port 5060. Could Python maybe a reason? – Vino Jan 24 '18 at 05:42
  • Have you checked with whomever manages the firewall to see what protocols are allowed in and out through port 5060? And a packet trace would help get you details on where the communications break down. Another idea, have you checked the permissions on your script? Perhaps something in the server is blocking you due to lack of access. – Dina Kaiser Jan 24 '18 at 11:12
  • Okay the reason is I think is because our firewall has this feature called SIP ALG. It is blocking my packets to 5060. I have no idea why. We cannot turn this feature off because it might compromise security. I am researching on how to bypass this feature. Any idea? – Vino Jan 25 '18 at 00:24
  • Thiis may help: https://www.voip-info.org/wiki/view/Routers+SIP+ALG or https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-sip-alg.html for more detailed explanations. – Patrick Mevzek Feb 04 '18 at 17:59

0 Answers0