[Freeswitch-users] MultiNAT

Kurtis Heimerl kheimerl at cs.berkeley.edu
Wed Jul 23 23:40:19 MSD 2014


Hrm, this is more complicated to explain than I anticipated.

Basically, this is the fault of VPNs. We have one machine in our data
center that is running a VPN connecting (X.Y.*.*) to carrier 1. That box is
one-to-one NATing all communciations to our (FS) VoIP server on the local
subnet (192,168.*.*). So that's NAT 1.

The second NAT is for the actual public access from our VoIP box. This has
a public IP outside the firewall (A.B.*.*) and NATs again to the VoIP
server on the local subnet (192.168.*.*)

So, this one machine (192.168.*.*) is actually behind two separate NATs at
the moment. It has some rules in the IP tables to route X.Y traffic to the
VPN box, and otherwise route to the broader internet. The existing way to
deal with a NAT in FS is the ext-rtp/sip-ip field in the profile, but that
no longer works when we have to dynamically set these fields depending on
which NAT they are going through.

Does that make sense? Even if not, here's the problem: I want to set
ext-rtp/sip-ip dynamically in the dialplan. Is that possible?


On Wed, Jul 23, 2014 at 5:40 AM, Brian West <brian at freeswitch.org> wrote:

> I'm guessing both networks are behind the same nat and routed? Or is it
> two different nat'ed networks behind the same public IP?  If its just two
> standard networks thats fully routed and no nat between the 192.x and the
> 10.x space then just set your local-network-acl to rfc1918.auto.
>
>
> On Wed, Jul 23, 2014 at 12:52 AM, Kurtis Heimerl <kheimerl at cs.berkeley.edu
> > wrote:
>
>> Comments in line:
>>
>>
>> On Tue, Jul 22, 2014 at 9:22 PM, Pasha <pasha at prosperity4ever.com> wrote:
>>
>>>  The problem with that though (if I understand your scenario correctly)
>>> is that even if there was a way to set external IP in freeswitch in the
>>> dial plan you say that you only have 1 external IP to deal with anyway, so
>>> what would you set your second IP to for routing to work properly?
>>>
>>> There's only one actual IP on the box, but it's behind *two* different
>> NATs. Setting the ext-rtp/sip-ip to the appropriate NAT IP works for both
>> connections, but I need to make that dynamic.
>>
>>
>>> In my mind what might work for you is if you create an alias to your
>>> single network controller with the second IP that you need, then if you
>>> have access to the firewall perform NAT so that if connection comes in from
>>> external IP of vendor #1 on 5060 you forward that to 5060 on internal IP 1
>>> of your fresswitch box. If call comes in on external IP of vendor #2 on
>>> 5060 you forward to port 5060 of your internal IP #2 (alias on freeswitch
>>> box)... that's for incoming...
>>>
>>>
>> I'm not sure I understand this. Does a FS alias allow me to have multiple
>> IPs on the same box somehow?
>>
>>
>>>  I apologize if I didn't fully understand your scenario. I'm not even
>>> sure why you're having a conflict in this case because your providers are
>>> different, the only time you have an issue with single external IP is if
>>> you're trying to setup a second trunk to the same provider (most of them
>>> won't allow more than on trunk on a single IP).
>>>
>>>
>> It's a relatively simple, but apparently uncommon, case, I agree. My
>> issue sounds very similar to having multiple trunks to the same provider in
>> a way, but I have different external IPs for RTP and such instead.
>>
>>
>>> Paul
>>>
>>>
>>> On 14-07-22 05:28 PM, Kurtis Heimerl wrote:
>>>
>>> I can't do that unfortunately. Our providers are hitting the generic SIP
>>> Port: 5060 so that's not available. Our system behind the two NATs has only
>>> one network interface, and as such only one available public IP. So we
>>> can't just set up a new profile. I can probably hack around this in another
>>> way (port forwarding through one of the NATs to allow a second profile on
>>> the same IP) but that's pretty ugly and unsustainable going forward. I'd
>>> much prefer to simply set the expected external IP in the outbound dialplan
>>> for each provider.
>>>
>>>
>>> On Tue, Jul 22, 2014 at 5:07 PM, Russell Treleaven <
>>> rtreleaven at bunnykick.ca> wrote:
>>>
>>>> Either give them separate ip addresses or separate ports.
>>>>
>>>>
>>>> Sent from my BlackBerry® PlayBook™
>>>> www.blackberry.com
>>>>
>>>> ------------------------------
>>>>  *From:* "Kurtis Heimerl" <kheimerl at cs.berkeley.edu>
>>>> *To:* "FreeSWITCH Users Help" <freeswitch-users at lists.freeswitch.org>
>>>>  *Sent:* 22 July, 2014 8:04 PM
>>>> *Subject:* Re: [Freeswitch-users] MultiNAT
>>>>
>>>> They all have to sit on the same internal IP and Port, so I don't think
>>>> I can.
>>>>
>>>>
>>>> On Tue, Jul 22, 2014 at 4:57 PM, Russell Treleaven <
>>>> rtreleaven at bunnykick.ca> wrote:
>>>>
>>>>> Hi Kurtis,
>>>>>
>>>>>  Why not make a separate profile for each provider?
>>>>>
>>>>> Sent from my BlackBerry® PlayBook™
>>>>> www.blackberry.com
>>>>>
>>>>> ------------------------------
>>>>> *From:* "Kurtis Heimerl" <kheimerl at cs.berkeley.edu>
>>>>> *To:* "FreeSWITCH Users Help" <freeswitch-users at lists.freeswitch.org>
>>>>> *Sent:* 22 July, 2014 7:14 PM
>>>>> *Subject:* [Freeswitch-users] MultiNAT
>>>>>
>>>>> Hey Users,
>>>>>
>>>>>  I have an interesting NAT setup. I'm running FS on the inside of our
>>>>> network as a router/proxy between some SIP phones and DID providers.
>>>>> However, each DID provider is behind a *different* NAT (a property of our
>>>>> VPN setups for them).
>>>>>
>>>>>  For instance: DID1 is at IP 192.168.1.1 and DID2 is at 10.0.0.1.
>>>>>
>>>>>  I have calls working for each of them when I set the following in my
>>>>> external profile:
>>>>>
>>>>>  <param name="ext-rtp-ip" value="10.0.0.2"/>
>>>>> <param name="ext-sip-ip" value="10.0.0.2"/>
>>>>>
>>>>>  However, I need to dynamically route between *both* of them. I need
>>>>> a mechanism for setting ext-rtp-ip and ext-sip-ip in the dialplan itself!
>>>>>
>>>>>  Is there a set way to do this?
>>>>>
>>>>>  Thanks!
>>>>>
>>>>>
>>>>> _________________________________________________________________________
>>>>> Professional FreeSWITCH Consulting Services:
>>>>> consulting at freeswitch.org
>>>>> http://www.freeswitchsolutions.com
>>>>>
>>>>> 
>>>>> 
>>>>>
>>>>> Official FreeSWITCH Sites
>>>>> http://www.freeswitch.org
>>>>> http://wiki.freeswitch.org
>>>>> http://www.cluecon.com
>>>>>
>>>>> FreeSWITCH-users mailing list
>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>> UNSUBSCRIBE:
>>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>> http://www.freeswitch.org
>>>>>
>>>>>
>>>>
>>>>
>>>> _________________________________________________________________________
>>>> Professional FreeSWITCH Consulting Services:
>>>> consulting at freeswitch.org
>>>> http://www.freeswitchsolutions.com
>>>>
>>>> 
>>>> 
>>>>
>>>> Official FreeSWITCH Sites
>>>> http://www.freeswitch.org
>>>> http://wiki.freeswitch.org
>>>> http://www.cluecon.com
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:
>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>> http://www.freeswitch.org
>>>>
>>>>
>>>
>>>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:consulting at freeswitch.orghttp://www.freeswitchsolutions.com
>>>
>>> FreeSWITCH-powered IP PBX: The CudaTel Communication Server
>>>
>>> Official FreeSWITCH Siteshttp://www.freeswitch.orghttp://wiki.freeswitch.orghttp://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing listFreeSWITCH-users at lists.freeswitch.orghttp://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-usershttp://www.freeswitch.org
>>>
>>>
>>>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> 
>>> 
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://wiki.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> 
>> 
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
>
>
> --
>
> *Brian West*
> brian at freeswitch.org
>
>
> *Twitter: @FreeSWITCH , @briankwest*
> http://www.freeswitchbook.com
> http://www.freeswitchcookbook.com
>
> *T:*+19184209001 | *F:*+19184209002 | *M:*+1918424WEST (9378)
> *iNUM:*+883 5100 1420 9001 | *ISN:*410*543 | *Skype:*briankwest
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20140723/4ccea2eb/attachment-0001.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list