[Freeswitch-users] Gateway configuration with specified profile
Francis
sms at icefire.qza.net.au
Tue Jan 21 21:13:24 MSK 2014
One possibility is to duplicate your public sip profile and modify it to
use nat.auto and tell it to listen on the internal interface on a
different port. If you register to these gateways, they will be aware of
the port, otherwise you'll need to manually configure them. It should
also be possible to modify your existing profile to listen on both, and
trigger nat based on origin using acl. Depending on your security needs,
you could also add your gateways to the existing internal profile.
I had to do something similar for a gateway that would trigger nat
behaviour even though it was in the local lan. I found that all three
ways worked with some tweaking. It mostly boils down to preference and
security as to which is best.
Francis
On 22/01/2014 2:11 AM, Dmitriy Shumaev wrote:
>
> Hi, everybody.
>
> FreeSWITCH Version 1.2.6+git~20130104T154559Z~a4247651ca (git a424765
> 2013-01-04 15:45:59Z).
>
> I have 2 interfaces in FreeSWITCH server:
> -eth0 with public IP, where all gateways are located.
> -eth1 with private IP, where all VoIP equipment (FXS, FXO GWs) are placed.
>
> The source [http://wiki.freeswitch.org/wiki/Clarification:gateways]
> tells about 3 different ways of configuring gateway.
> I use the 3rd one: freeswitch\conf\directory\default\<Gateway_name>.xml.
> For examle look at the attachment.
> I use it as all things corresponding with a gateway are at the same place:
> - ACL (<user id="ThruToInfoIndust_192.168.15.60" cidr="192.168.15.60/32">)
> - gateway (<param name="..." value="..."/>)
> - user variables
> (
> <variable name="toll_allow" value="domestic,local"/>
> <variable name="IsFromInfoIndust" value="true" direction="inbound"/>
> )
> P.S. This variant required only in
> <param name="apply-inbound-acl" value="domains-<profile>:public"/>
> in all profiles, where
> <list name="domains-<profile>" default="deny">
> <node type="allow" domain="$${domain}"/>
> </list>
> P.P.S. Variable "IsFromInfoIndust" used as because of
> "apply-inbound-acl""domains-<profile>:PUBLIC"
> . Where is a transfer to default context in case of this variable in
> public context.
>
>
> But now several gateways are moved inside private network (with the
> help of VPN).
> So I need to configure these gateways to corespond with internal
> profile (now all packets to these gateways, for example, OPTIONS, go
> thru internal interface but with external IP as source IP).
> How can I do it for best?
>
>
> With best regards,
> Shumaev Dmitriy KBR Ltd.
>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
>
>
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20140122/c15ce7a0/attachment-0001.html
Join us at ClueCon 2013 Aug 6-8, 2013
More information about the FreeSWITCH-users
mailing list