[Freeswitch-users] NAT problem: Use local IPv4 for specific LAN IP address range

Ben ben122uk at gmail.com
Fri Jun 28 18:16:40 MSD 2013


Hi All,

 

Just to let you know (if anyone else has similar issues), I ended up created
a virtual IP interface on the server, and created a new "LAN" profile that
listened on this address.  This allowed me to use the same port number.  I
then set a policy on the LAN profile to use the internal IP addresses for
SIP/RTP.

 

When a handset enters the internal LAN, I set up the firewall to re-write
the DNS reply to the handset so that it uses the internal IP and not the
public IP for the domain name it requests (can also be done with an internal
DNS server).  This was re-written to the virtual IP, which registers the
handset to the LAN profile.  This meant that the handset used internal IP
addresses for SIP and RTP, instead of trying to hairpin the traffic out and
then in on the public IP of the firewall.

 

Cheers.

 

From: Ben [mailto:ben122uk at gmail.com] 
Sent: 11 June 2013 10:57
To: 'FreeSWITCH-users at lists.freeswitch.org'
Subject: RE: [Freeswitch-users] NAT problem: Use local IPv4 for specific LAN
IP address range

 

Steve,

 

Sorry for the late reply (4 months!!!), the immediate need for a fix went
away, until now.

 

The problem with setting up an additional profile would be that the end user
would have to change port numbers when moving from the internal network to
an external network.  Unfortunately the end user does not have access to
these sorts of settings with the app we're using, and more importantly, I
need this to be seamless between networks.

 

Does anyone else have any ideas?  I'm starting to think this problem is
unsolvable with the current functionality.  Implementing an equivalent of
the Asterisk "nat.conf" with a "localnet=" line, which will force the
Freeswitch local IPv4 address as the SDP for any requests originating from
one of these "localnets" would hopefully resolve the issue.

 

Ben

 

 

From: freeswitch-users-bounces at lists.freeswitch.org
[mailto:freeswitch-users-bounces at lists.freeswitch.org] On Behalf Of Steven
Ayre
Sent: 07 February 2013 13:07
To: FreeSWITCH Users Help
Subject: Re: [Freeswitch-users] Use local IPv4 for specific LAN IP address
range

 

One simple option would be to have a 2nd profile listening on another port
(eg 5080) that does not use ext-*-ip and connect to that internally.

 

-Steve

 

 

 

On 7 February 2013 11:44, Ben <ben122uk at gmail.com> wrote:

Greetings all,

 

A question on NATing in Freeswitch - I have my internal SIP profile to use a
static public IP for the ext-sip-ip and ext-rtp-ip.  The Freeswitch server
is on a local LAN IP, for example 192.168.0.10.  External SIP clients can
access the server via the external IP, as there's a static NAT on the router
to map the public IP to the private IP.

 

I have another SIP client on a different LAN, but behind the same firewall,
for example, 10.0.0.10.  This client is allowed to talk to the server on its
private ip of 192.168.0.10, by allowing inter-vlan traffic to pass through.
My challenge is, how do I get Freeswitch to recognise this internal SIP
client as being allowed to use the internal IP for SIP/RTP communications,
and therefore present the client with internal addresses in the SIP header
for SIP/RTP?  Due to statically setting ext-sip-ip and ext-rtp-ip,
Freeswitch tells the client to go via the public IP.  The firewall has a
policy to not accept traffic to the public IP if sourced from an internal
device.

 

I have explored the NATing options in Freeswitch, but can't find anything
that fits my scenario.  It seems to be more towards how to enable NAT in
certain situations, not disable it.  I have also looked at re-writing the
SDP, but this re-writes the incoming SDP from the clients.  My intention was
to re-write the outgoing SDP from the Freeswitch to include the internal IP
address as the RTP connect in address.

 

I don't have much Asterisk experience, but I seem to remember a nat.conf
file where you could specify subnets that were treated differently.  These
could be classed as internal subnets, and would be given the private IP in
the SDP from asterisk, everything got the public IP.

 

I'm also aware that I could create another SIP profile easily with different
NATing/IP options, but I want to find out if there's anything I can do with
the above first.

 

Many thanks for the help!


_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org
http://www.freeswitchsolutions.com




Official FreeSWITCH Sites
http://www.freeswitch.org
http://wiki.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20130628/c6df381f/attachment.html 


Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list