[Freeswitch-dev] Call to registered phone behind NAT

Oleg Khovayko khovayko at gmail.com
Sun May 23 16:07:16 PDT 2010 

Michael Jerris wrote:
> It's not ignoring the fs_path, it doesn't have one.  Check your nat 
> related settings in your sip profile, specifically your ext-sip-ip, 
> nat-acl and localnet-acl settings.  You would see the fspath in the 
> contact and nat in the status if this was set correctly.
Everything exactly as same as in default configuration, everywhere is 
auto-nat:

[root at olegh /usr/local/freeswitch/conf/sip_profiles]# grep ext-sip-ip 
internal.xml
<param name="ext-sip-ip" value="auto-nat"/>

[root at olegh /usr/local/freeswitch/conf/sip_profiles]# grep t-acl 
internal.xml
<param name="apply-nat-acl" value="nat.auto"/>

and you see, no localnet-acl settings in there.

////////////////////////////////////////////////////////////////////////////////


There is output of "sofia status profile internal", external 
Ext-RTP-IP/Ext-SIP-IP both correct:

Name                    internal
Domain Name             N/A
Auto-NAT                true
DBName                  sofia_reg_internal
Pres Hosts
Dialplan                XML
Context                 public
Challenge Realm         auto_from
RTP-IP                  192.168.1.5
Ext-RTP-IP              173.73.120.93
SIP-IP                  192.168.1.5
Ext-SIP-IP              173.73.120.93
URL                     sip:mod_sofia at 192.168.1.5:5060
BIND-URL                sip:mod_sofia at 192.168.1.5:5060
HOLD-MUSIC              local_stream://moh
OUTBOUND-PROXY          N/A
CODECS IN               G7221 at 32000h,G7221 at 16000h,G722,PCMU,PCMA,GSM
CODECS OUT              G7221 at 32000h,G7221 at 16000h,G722,PCMU,PCMA,GSM
TEL-EVENT               101
DTMF-MODE               rfc2833
CNG                     13
SESSION-TO              0
MAX-DIALOG              0
NOMEDIA                 false
LATE-NEG                false
PROXY-MEDIA             false
AGGRESSIVENAT           false
STUN-ENABLED            true
STUN-AUTO-DISABLE       false
CALLS-IN                168
FAILED-CALLS-IN         32
CALLS-OUT               98
FAILED-CALLS-OUT        59


/////////////////////////////////////////////////

freeswitch at internal> sofia status

                  internal       profile             
sip:mod_sofia at 192.168.1.5:5060      RUNNING (0)
               192.168.1.5         
alias                                   internal      ALIASED


Really, with debug print, I see debug messages for Originarot's phone 
during call:

2010-05-23 18:55:57.399958 [DEBUG] sofia.c:5847 IP 192.168.1.130 
Rejected by acl "domains". Falling back to Digest auth.
2010-05-23 18:55:57.501841 [DEBUG] sofia.c:5847 IP 192.168.1.130 
Rejected by acl "domains". Falling back to Digest auth.

But, it works OK no LAN, despite these messages.


And, you right, after upgrade FS to 1.0.6, all fs_path-es gone.
How to restore it?


Thanks,

Oleg




>
> Mike
>
> On May 23, 2010, at 1:01 PM, Oleg Khovayko wrote:
>
>> Brian West wrote:
>>>
>>>
>>> I really find that one hard to believe.
>>>
>> Hard to believe, but this is true:
>>
>>
>> I have made PURE experiment.
>> My friend has registered SIP-phone behind NAT in Ukraine.
>> His registration:
>>
>> Call-ID: 4a978b30 at 192.168.10.103
>> User: 1012 at 192.168.1.5
>> Contact:        "user" <sip:1012 at 192.168.1.136:1024>
>> Agent:          AcctonVoIP/2.5
>> Status:         Registered(UDP)(unknown) EXP(2010-05-23 14:27:20)
>> Host:           olegh.ath.cx
>> IP:             91.207.244.1
>> Port:           1024
>> Auth-User:      1012
>> Auth-Realm:     olegh.ath.cx
>> MWI-Account: 1012 at 192.168.1.5
>>
>>
>> I tried call 1001 -> 1012, fs_cli prints:
>>
>>
>> 2010-05-23 12:37:01.593320 [NOTICE] switch_channel.c:669 New Channel 
>> sofia/internal/sip:1012 at 192.168.1.136:1024 
>> [2b79d969-8966-df11-ac63-005004c3cb7e]
>>
>> I sniffed network traffic, FS tries connect to his LAN address from 
>> "Contact", not his real address:
>>
>> olegh# tcpdump host'(192.168.1.136 or 91.207.244.1)'
>> tcpdump: verbose output suppressed, use -v or -vv for full protocol 
>> decode
>> listening on xl0, link-type EN10MB (Ethernet), capture size 96 bytes
>> 12:40:55.044208 arp who-has 192.168.1.136 tell deskpro.khovayko.com 
>> <http://deskpro.khovayko.com>
>> 12:40:55.544711 arp who-has 192.168.1.136 tell deskpro.khovayko.com 
>> <http://deskpro.khovayko.com>
>> 12:40:56.545145 arp who-has 192.168.1.136 tell deskpro.khovayko.com 
>> <http://deskpro.khovayko.com>
>> 12:40:58.546827 arp who-has 192.168.1.136 tell deskpro.khovayko.com 
>> <http://deskpro.khovayko.com>
>>
>>
>>> sofia profile xxx siptrace on
>>>
>>> I will be you its NOT ignoring the fs_path you just can't see the 
>>> packet leaving and since its TCP the far side nat I suspect has 
>>> closed the nat translation thus you'll need to register more often 
>>> or enable keep alives on the device.
>>>
>>> /b
>>>
>>
>> I tried to do this -- results as same as with tcpdump.
>> My local phone has number 1001, IP=192.168.1.130, try to call 1012 
>> (behind NAT, see registration above):
>>
>
>
> _______________________________________________
> FreeSWITCH-dev mailing list
> FreeSWITCH-dev at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-dev
> http://www.freeswitch.org
>    

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-dev/attachments/20100523/95a4cfdd/attachment.html

More information about the FreeSWITCH-dev mailing list