[Freeswitch-users] nate-mode -nonat apply-nat-acl documentation

Karl Schmidt karl at xtronics.com
Tue Aug 20 23:54:35 MSD 2013 

OK -nonat turns off NAT detection, but I don't know if this applies to external SIP clients behind 
NAT?

===============================================================================================
There are clearly 2 separate cases where NAT detection may be needed and some way to enable each one 
independent of the other.
===============================================================================================

The following explores my confusion:

apply-nat-acl

If value is rfc1918 enable 'nat-mode' if IP matches - OK but what exactly is nat-mode?

And what is value="nat.auto" ?  How does it relate to auto-nat?

Does any of this do anything if I'm running with -nonat ?

Is running with -nonat the opposite of nat-mode?

nat-mode could mean several things and I can't find it defined anywhere.

There is also -nonatmap which allows NAT detection but avoids UPnP/NAT-PMP


In my situation, I have FS situated behind a firewall and have the proper ports DNATed.  I'm running 
with -nonat and this works, and should not create any problems.  BUT there could be situations where 
I am out of town and need to connect to the server from behind some NAT that I have no control over. 
Thus there are two separate situations that might want NAT detection - FS behind NAT and a SIP 
client behind NAT.

ext-rtp-ip, ext-sip-ip, rtp-ip, and sip-ip  Should tell FS what it needs to know about the server 
end - but I'm not finding clarity on what a sane setup would be for the possibility of an external 
SIP client behind NAT.

,.,.

I think the best way to document this is to come up with a few scenarios and show a sane set up for 
each one.  We can assume in all cases that phones on both sides of NAT need to register and if the 
server is on the LAN side of a NAT there could be need for a double transit of NAT.

1 - FS server on a LAN with ports DNATed by firewall - static IP - Phones on LAN and phones 
registering from Internet

2 - FS on public IP  by phones on the other side of a NAT firewall need to register as well as 
phones on bare internet

3 - FS server on LAN with firewall on dynamic IP

4 -


Just so we are on the same page:
DNAT (Destination network address translation) DNAT is a technique for transparently changing the 
destination IP address of an en route packet and performing the inverse function for any replies. 
This use of DNAT is also called port forwarding.

I'm trying to document this for myself and finding it similar to walking in a swamp each step is 
getting me bogged down.



--------------------------------------------------------------------------------
Karl Schmidt                                  EMail Karl at xtronics.com
Transtronics, Inc.                              WEB http://secure.transtronics.com
3209 West 9th Street                             Ph (785) 841-3089
Lawrence, KS 66049                              FAX (785) 841-0434

Inflation is taxation without legislation.
Milton Friedman
--------------------------------------------------------------------------------

Join us at ClueCon 2013 Aug 6-8, 2013
More information about the FreeSWITCH-users mailing list