[Freeswitch-users] NAT settings

Michael Collins msc at freeswitch.org
Mon Feb 18 21:44:27 MSK 2013


NDLB-force-rport is explicitly for Polycom phones where the FreeSWITCH
server is on a public IP address and the phone is behind NAT. (i.e. your
scenario.) Polycoms have a known bug/limitation in that they don't support
rport. (Polycom refuses to acknowledge this as an issue and has been
ignoring please from the public for nearly 10 years. I doubt it will ever
change.)

You can set that value to "true" and it will force rport for every phone
that attempts to register. Alternatively you can set it to "safe" and it
will only force the rport for known broken phones (read: Polycoms) and it
won't mess with other phones.

So yes, in FreeSWITCH the NAT "just works" - the issue is that the devices
FreeSWITCH needs to talk to do not "just work" and in fact there are many
cases where those phones "just suck" at NAT. All these knobs and switches
inside FreeSWITCH are meant to help these clueless devices "not get left
behind."

-MC

On Sun, Feb 17, 2013 at 6:52 AM, Cal Leeming [Simplicity Media Ltd] <
cal.leeming at simplicitymedialtd.co.uk> wrote:

> Although I can't answer your question from direct know, here are some
> relevant links;
>
> NDLB-force-rport (taken from
> http://wiki.freeswitch.org/wiki/Sofia_Configuration_Files#NDLB-force-rport)
> This will force FreeSWITCH to send SIP responses to the network port from
> which they were received. Use at your own risk! For more information see
> NAT Traversal.
> <param name="NDLB-force-rport" value="true|safe"/>
> safe = param that does force-rport behavior only on endpoints we know are
> safe to do so on. This is a dirty hack to try to work with certain
> endpoints behind sonicwall which does not use the same port when it does
> nat, when the devices do not support rport, while not breaking devices that
> acutally use different ports that force-rport will break
>
> Also found these;
>
> http://freeswitch-users.2379917.n2.nabble.com/NDLB-force-rport-safe-td5911932.html
>
> http://lists.freeswitch.org/pipermail/freeswitch-users/2011-November/077600.html
>
> http://lists.freeswitch.org/pipermail/freeswitch-users/2012-July/085658.html
>
> The last update on this was Brian West was (
> http://lists.freeswitch.org/pipermail/freeswitch-users/2008-September/034336.html)
>
> Try adding this param to your sofia profile.  It will break cisco
> phones or any other phone that follows the sip spec.  This explicitly
> breaks RFC to accommodate broken phones.
> <param name="NDLB-force-rport" value="true"/> in your sofia profile.
>
> This information is somewhat out of date and there were some changes to
> the way NAT works since then, so I'm not 100% sure.
>
> If anyone else can chime in to confirm (possibly even Brian West himself)
> that'd be good.
>
> Hope this helps
>
> Cal
>
> On Sat, Feb 16, 2013 at 6:48 PM, George Cooper <geocooper at gmail.com>wrote:
>
>> Hi,
>>
>> I just started trying to work with freeswitch using the FS 1.06 book(
>> although I am running FS ver 1.2.6+git.) , FS cookbook,, and wiki.
>>
>> I  and have a question regarding NAT traversal.
>>
>> I have been stuck trying to get phones to register and be able to call
>> each other using ext 1000 to 1002 for example. I couldn't get the phones to
>> register until I read an archive regarding polycom NAT issues.
>>
>> The freeswitch server I'm connecting to is hosted on a remote  public IP.
>>  I'm using a polycom 335, grandstream xpx 2020, and an x-lite client on a
>> Local 192 network.
>>
>> The below settings seem to have fixed my registration issue.
>>
>> Is there a reason that I would NOT set the parameter settings in
>> sip_profiles/internal.xml to true:
>>
>> <!-- use at your own risk or if you know what this does.-->
>>     <param name="NDLB-force-rport" value="true"/>
>>
>>
>>
>> and to add the variable "sip-force-contact"  for each user in
>> directory/default/1000.xml - 1019.xml ?
>>
>> <include>
>>   <user id="1000">
>>     <params>
>>       <param name="password" value="$${default_password}"/>
>>       <param name="vm-password" value="1000"/>
>>     </params>
>>     <variables>
>>       <variable name="sip-force-contact"
>> value="NDLB-connectile-dysfunction"/>
>>       <variable name="toll_allow" value="domestic,international,local"/>
>>       <variable name="accountcode" value="1000"/>
>>       <variable name="user_context" value="default"/>
>>       <variable name="effective_caller_id_name" value="Extension 1000"/>
>>       <variable name="effective_caller_id_number" value="1000"/>
>>       <variable name="outbound_caller_id_name"
>> value="$${outbound_caller_name}"/>
>>       <variable name="outbound_caller_id_number"
>> value="$${outbound_caller_id}"/>
>>       <variable name="callgroup" value="techsupport"/>
>>     </variables>
>>   </user>
>> </include>
>>
>> Sorry if this has been gone over, but I'm not sure if there is something
>> I'm missing because the wiki ( http://wiki.freeswitch.org/wiki/NAT ) says
>> "NAT just works" and the internal.xml file says "<!-- use at your own risk
>> or if you know what this does.-->"...
>>
>> Thanks for any clarity you can provide,
>>
>> Geo
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> 
>> 
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>


-- 
Michael S Collins
Twitter: @mercutioviz
http://www.FreeSWITCH.org
http://www.ClueCon.com
http://www.OSTAG.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20130218/8c98aff9/attachment-0001.html 


Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list