[Freeswitch-users] Wrong IP on ACK?
David Aldworth
daldworth at teliax.com
Mon Nov 10 15:30:47 PST 2008
Anthony. Did you want to log in and check it out?
I can send you the files if you think it's something else.
David
On Nov 6, 2008, at 12:38 PM, Anthony Minessale wrote:
> This is svn trunk? There is no reason this should not work. it
> happens all the time where this setting breaks it for people going
> the other way when they don't want it to happen.
>
> If you can't get it working we can probably configure it for you.
>
>
>
> On Thu, Nov 6, 2008 at 11:55 AM, David Aldworth
> <daldworth at teliax.com> wrote:
> No love. They set extern ip so the IP comes through correctly, but
> the acl did not seem to have any affect. We are still sending to the
> wrong port. Sip trace, acl.conf.xml and sip profile are below:
>
> U 2008/11/06 10:46:01.924795 70.88.65.1:50085 -> 70.42.223.23:5060
> SIP/2.0 100 Trying.
> Via: SIP/2.0/UDP
> 70.42.223.23
> ;branch=z9hG4bKU7360cS96r7Sg;received=70.42.223.23;rport=5060.
> From: "TELIAX FAX" <sip:303825XXXX at 70.42.223.23>;tag=armgX7QeNQ94N.
> To: <sip:317376XXXX at 70.88.65.1:50085>.
> Call-ID: 9e67419c-26cd-122c-0b81-e9d53e66cb70.
> CSeq: 106878444 INVITE.
> User-Agent: Asterisk PBX.
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY.
> Contact: <sip:317376XXXX at 70.88.65.1>.
> Content-Length: 0.
> .
>
> U 2008/11/06 10:46:01.931791 70.88.65.1:50085 -> 70.42.223.23:5060
> SIP/2.0 180 Ringing.
> Via: SIP/2.0/UDP
> 70.42.223.23
> ;branch=z9hG4bKU7360cS96r7Sg;received=70.42.223.23;rport=5060.
> From: "TELIAX FAX" <sip:303825XXXX at 70.42.223.23>;tag=armgX7QeNQ94N.
> To: <sip:317376XXXX at 70.88.65.1:50085>;tag=as78a21a0c.
> Call-ID: 9e67419c-26cd-122c-0b81-e9d53e66cb70.
> CSeq: 106878444 INVITE.
> User-Agent: Asterisk PBX.
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY.
> Contact: <sip:317376XXXX at 70.88.65.1>.
> Content-Length: 0.
> .
>
> U 2008/11/06 10:46:01.932294 70.88.65.1:50085 -> 70.42.223.23:5060
> SIP/2.0 200 OK.
> Via: SIP/2.0/UDP
> 70.42.223.23
> ;branch=z9hG4bKU7360cS96r7Sg;received=70.42.223.23;rport=5060.
> From: "TELIAX FAX" <sip:303825XXXX at 70.42.223.23>;tag=armgX7QeNQ94N.
> To: <sip:317376XXXX at 70.88.65.1:50085>;tag=as78a21a0c.
> Call-ID: 9e67419c-26cd-122c-0b81-e9d53e66cb70.
> CSeq: 106878444 INVITE.
> User-Agent: Asterisk PBX.
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY.
> Contact: <sip:317376XXXX at 70.88.65.1>.
> Content-Type: application/sdp.
> Content-Length: 257.
> .
> v=0.
> o=root 2901 2901 IN IP4 70.88.65.1.
> s=session.
> c=IN IP4 70.88.65.1.
> t=0 0.
> m=audio 19378 RTP/AVP 0 8 3 101.
> a=rtpmap:0 PCMU/8000.
> a=rtpmap:8 PCMA/8000.
> a=rtpmap:3 GSM/8000.
> a=rtpmap:101 telephone-event/8000.
> a=fmtp:101 0-16.
> a=silenceSupp:off - - - -.
>
> U 2008/11/06 10:46:01.932694 70.42.223.23:5060 -> 70.88.65.1:5060
> ACK sip:317376XXXX at 70.88.65.1 SIP/2.0.
> Via: SIP/2.0/UDP 70.42.223.23;rport;branch=z9hG4bKvgXZ279c41Xcc.
> Max-Forwards: 70.
> From: "TELIAX FAX" <sip:303825XXXX at 70.42.223.23>;tag=armgX7QeNQ94N.
> To: <sip:317376XXXX at 70.88.65.1:50085>;tag=as78a21a0c.
> Call-ID: 9e67419c-26cd-122c-0b81-e9d53e66cb70.
> CSeq: 106878444 ACK.
> Contact: <sip:mod_sofia at 70.42.223.23:5060>.
> Content-Length: 0.
>
>
> Here is the acl:
>
> <configuration name="acl.conf" description="Network Lists">
> <network-lists>
> <list name="dl-candidates" default="allow">
> <node type="deny" cidr="10.0.0.0/8"/>
> <node type="deny" cidr="172.16.0.0/12"/>
> <node type="deny" cidr="192.168.0.0/16"/>
> </list>
> <list name="rfc1918" default="deny">
> <node type="allow" cidr="10.0.0.0/8"/>
> <node type="allow" cidr="172.16.0.0/12"/>
> <node type="allow" cidr="192.168.0.0/16"/>
> </list>
> <list name="lan" default="allow">
> <node type="deny" cidr="192.168.42.0/24"/>
> <node type="allow" cidr="192.168.42.42/32"/>
> </list>
> <list name="strict" default="deny">
> <node type="allow" cidr="208.102.123.124/32"/>
> </list>
> <list name="domains" default="deny">
> <node type="allow" domain="$${domain}"/>
> </list>
> <list name="nat" default="allow">
> <node type="allow" cidr="0.0.0.0/0"/>
> </list>
> </network-lists>
> </configuration>
>
>
> And here is the sip profile:
>
> <profile name="external">
>
> <gateways>
> <X-PRE-PROCESS cmd="include" data="external/*.xml"/>
> </gateways>
>
> <domains>
> <domain name="$${domain}" parse="true"/>
> </domains>
>
> <settings>
> <param name="debug" value="0"/>
> <param name="sip-trace" value="no"/>
> <param name="rfc2833-pt" value="101"/>
> <param name="sip-port" value="5060"/>
> <param name="dialplan" value="XML"/>
> <param name="context" value="public"/>
> <param name="dtmf-duration" value="100"/>
> <param name="codec-prefs" value="$${outbound_codec_prefs}"/>
> <param name="hold-music" value="$${hold_music}"/>
> <param name="use-rtp-timer" value="true"/>
> <param name="rtp-timer-name" value="soft"/>
> <param name="multiple-registrations" value="true"/>
> <param name="manage-presence" value="true"/>
> <param name="aggressive-nat-detection" value="true"/>
> <param name="NDLB-force-rport" value="true"/>
> <param name="inbound-codec-negotiation" value="generous"/>
> <param name="nonce-ttl" value="60"/>
> <param name="auth-calls" value="true"/>
> <param name="rtp-timeout-sec" value="1800"/>
> <param name="rtp-ip" value="$${local_ip_v4}"/>
> <param name="sip-ip" value="$${local_ip_v4}"/>
> <param name="ext-rtp-ip" value="$${external_rtp_ip}"/>
> <param name="ext-sip-ip" value="$${external_sip_ip}"/>
> <param name="rtp-timeout-sec" value="300"/>
> <param name="rtp-hold-timeout-sec" value="1800"/>
> <param name="apply-nat-acl" value="nat"/>
> </settings>
> </profile>
>
>
>
>
>
>
> On Nov 6, 2008, at 8:37 AM, Anthony Minessale wrote:
>
>> doh,
>> I keep doing that sorry.
>>
>> apply-nat-acl not apply_nat_acl
>>
>>
>>
>> On Thu, Nov 6, 2008 at 8:22 AM, David Aldworth
>> <daldworth at teliax.com> wrote:
>> Yes. Below are settings that have been persistent through recent
>> testing. Is there anything else we can try or should we open a jira?
>>
>> <settings>
>> <param name="debug" value="0"/>
>> <param name="sip-trace" value="no"/>
>> <param name="rfc2833-pt" value="101"/>
>> <param name="sip-port" value="5060"/>
>> <param name="dialplan" value="XML"/>
>> <param name="context" value="public"/>
>> <param name="dtmf-duration" value="100"/>
>> <param name="codec-prefs" value="$${outbound_codec_prefs}"/>
>> <param name="hold-music" value="$${hold_music}"/>
>> <param name="use-rtp-timer" value="true"/>
>> <param name="rtp-timer-name" value="soft"/>
>> <param name="multiple-registrations" value="true"/>
>> <param name="manage-presence" value="true"/>
>> <param name="aggressive-nat-detection" value="true"/>
>> <param name="NDLB-force-rport" value="true"/>
>> <param name="inbound-codec-negotiation" value="generous"/>
>> <param name="nonce-ttl" value="60"/>
>> <param name="auth-calls" value="true"/>
>> <param name="rtp-timeout-sec" value="1800"/>
>> <param name="rtp-ip" value="$${local_ip_v4}"/>
>> <param name="sip-ip" value="$${local_ip_v4}"/>
>> <param name="ext-rtp-ip" value="$${external_rtp_ip}"/>
>> <param name="ext-sip-ip" value="$${external_sip_ip}"/>
>> <param name="rtp-timeout-sec" value="300"/>
>> <param name="rtp-hold-timeout-sec" value="1800"/>
>> <param name="apply_nat_acl" value="nat"/>
>> </settings>
>>
>> On Nov 6, 2008, at 7:01 AM, Anthony Minessale wrote:
>>
>>> did you remember to add
>>> <param name="apply_nat_acl" value="nat"/>
>>> to the profile in question and restart?
>>>
>>> On Wed, Nov 5, 2008 at 10:39 PM, David Aldworth <daldworth at teliax.com
>>> > wrote:
>>> Brian, we updated the acl to:
>>>
>>> <list name="nat" default="allow">
>>> <node type="allow" cidr="0.0.0.0/0"/>
>>> </list>
>>>
>>> And the ACK is still going to the wrong (right but wrong) ip/port.
>>>
>>> Is there any way to get that ACK to go to the ip/port of the UDP
>>> header?
>>>
>>> David
>>>
>>> On Nov 5, 2008, at 4:21 PM, Brian West wrote:
>>>
>>> > 0.0.0.0/0 should match all IP space.
>>> >
>>> > /b
>>> >
>>> > On Nov 5, 2008, at 5:16 PM, David Aldworth wrote:
>>> >
>>> >> Anthony, In hopes of matching all IP's we added a very simple:
>>> >>
>>> >> <list name="nat" default="allow">
>>> >> </list>
>>> >>
>>> >> To the acl.conf.xml and we added:
>>> >>
>>> >> <param name="apply_nat_acl" value="nat"/>
>>> >>
>>> >> To the sip profile. Unfortunately there was no affect. What
>>> would be
>>> >> the correct acl to match all IP's?
>>> >>
>>> >> David
>>> >
>>> >
>>> > _______________________________________________
>>> > Freeswitch-users mailing list
>>> > Freeswitch-users at lists.freeswitch.org
>>> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> > http://www.freeswitch.org
>>>
>>>
>>> _______________________________________________
>>> Freeswitch-users mailing list
>>> Freeswitch-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>>
>>>
>>> --
>>> Anthony Minessale II
>>>
>>> FreeSWITCH http://www.freeswitch.org/
>>> ClueCon http://www.cluecon.com/
>>>
>>> AIM: anthm
>>> MSN:anthony_minessale at hotmail.com
>>> GTALK/JABBER/PAYPAL:anthony.minessale at gmail.com
>>> IRC: irc.freenode.net #freeswitch
>>>
>>> FreeSWITCH Developer Conference
>>> sip:888 at conference.freeswitch.org
>>> iax:guest at conference.freeswitch.org/888
>>> googletalk:conf+888 at conference.freeswitch.org
>>> pstn:213-799-1400
>>> _______________________________________________
>>> Freeswitch-users mailing list
>>> Freeswitch-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>
>>
>> _______________________________________________
>> Freeswitch-users mailing list
>> Freeswitch-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
>>
>>
>> --
>> Anthony Minessale II
>>
>> FreeSWITCH http://www.freeswitch.org/
>> ClueCon http://www.cluecon.com/
>>
>> AIM: anthm
>> MSN:anthony_minessale at hotmail.com
>> GTALK/JABBER/PAYPAL:anthony.minessale at gmail.com
>> IRC: irc.freenode.net #freeswitch
>>
>> FreeSWITCH Developer Conference
>> sip:888 at conference.freeswitch.org
>> iax:guest at conference.freeswitch.org/888
>> googletalk:conf+888 at conference.freeswitch.org
>> pstn:213-799-1400
>> _______________________________________________
>> Freeswitch-users mailing list
>> Freeswitch-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>
>
> _______________________________________________
> Freeswitch-users mailing list
> Freeswitch-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
>
>
> --
> Anthony Minessale II
>
> FreeSWITCH http://www.freeswitch.org/
> ClueCon http://www.cluecon.com/
>
> AIM: anthm
> MSN:anthony_minessale at hotmail.com
> GTALK/JABBER/PAYPAL:anthony.minessale at gmail.com
> IRC: irc.freenode.net #freeswitch
>
> FreeSWITCH Developer Conference
> sip:888 at conference.freeswitch.org
> iax:guest at conference.freeswitch.org/888
> googletalk:conf+888 at conference.freeswitch.org
> pstn:213-799-1400
> _______________________________________________
> Freeswitch-users mailing list
> Freeswitch-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20081110/84661c71/attachment-0002.html
More information about the FreeSWITCH-users
mailing list