[Freeswitch-users] MultiNAT
Brian West
brian at freeswitch.org
Thu Jul 24 03:29:30 MSD 2014
This scenario is going to be a hard one to solve due to that... let me
think about it.
On Wed, Jul 23, 2014 at 2:40 PM, Kurtis Heimerl <kheimerl at cs.berkeley.edu>
wrote:
> Hrm, this is more complicated to explain than I anticipated.
>
> Basically, this is the fault of VPNs. We have one machine in our data
> center that is running a VPN connecting (X.Y.*.*) to carrier 1. That box is
> one-to-one NATing all communciations to our (FS) VoIP server on the local
> subnet (192,168.*.*). So that's NAT 1.
>
> The second NAT is for the actual public access from our VoIP box. This has
> a public IP outside the firewall (A.B.*.*) and NATs again to the VoIP
> server on the local subnet (192.168.*.*)
>
> So, this one machine (192.168.*.*) is actually behind two separate NATs at
> the moment. It has some rules in the IP tables to route X.Y traffic to the
> VPN box, and otherwise route to the broader internet. The existing way to
> deal with a NAT in FS is the ext-rtp/sip-ip field in the profile, but that
> no longer works when we have to dynamically set these fields depending on
> which NAT they are going through.
>
> Does that make sense? Even if not, here's the problem: I want to set
> ext-rtp/sip-ip dynamically in the dialplan. Is that possible?
>
>
> On Wed, Jul 23, 2014 at 5:40 AM, Brian West <brian at freeswitch.org> wrote:
>
>> I'm guessing both networks are behind the same nat and routed? Or is it
>> two different nat'ed networks behind the same public IP? If its just two
>> standard networks thats fully routed and no nat between the 192.x and the
>> 10.x space then just set your local-network-acl to rfc1918.auto.
>>
>>
>> On Wed, Jul 23, 2014 at 12:52 AM, Kurtis Heimerl <
>> kheimerl at cs.berkeley.edu> wrote:
>>
>>> Comments in line:
>>>
>>>
>>> On Tue, Jul 22, 2014 at 9:22 PM, Pasha <pasha at prosperity4ever.com>
>>> wrote:
>>>
>>>> The problem with that though (if I understand your scenario correctly)
>>>> is that even if there was a way to set external IP in freeswitch in the
>>>> dial plan you say that you only have 1 external IP to deal with anyway, so
>>>> what would you set your second IP to for routing to work properly?
>>>>
>>>> There's only one actual IP on the box, but it's behind *two* different
>>> NATs. Setting the ext-rtp/sip-ip to the appropriate NAT IP works for both
>>> connections, but I need to make that dynamic.
>>>
>>>
>>>> In my mind what might work for you is if you create an alias to your
>>>> single network controller with the second IP that you need, then if you
>>>> have access to the firewall perform NAT so that if connection comes in from
>>>> external IP of vendor #1 on 5060 you forward that to 5060 on internal IP 1
>>>> of your fresswitch box. If call comes in on external IP of vendor #2 on
>>>> 5060 you forward to port 5060 of your internal IP #2 (alias on freeswitch
>>>> box)... that's for incoming...
>>>>
>>>>
>>> I'm not sure I understand this. Does a FS alias allow me to have
>>> multiple IPs on the same box somehow?
>>>
>>>
>>>> I apologize if I didn't fully understand your scenario. I'm not even
>>>> sure why you're having a conflict in this case because your providers are
>>>> different, the only time you have an issue with single external IP is if
>>>> you're trying to setup a second trunk to the same provider (most of them
>>>> won't allow more than on trunk on a single IP).
>>>>
>>>>
>>> It's a relatively simple, but apparently uncommon, case, I agree. My
>>> issue sounds very similar to having multiple trunks to the same provider in
>>> a way, but I have different external IPs for RTP and such instead.
>>>
>>>
>>>> Paul
>>>>
>>>>
>>>> On 14-07-22 05:28 PM, Kurtis Heimerl wrote:
>>>>
>>>> I can't do that unfortunately. Our providers are hitting the generic
>>>> SIP Port: 5060 so that's not available. Our system behind the two NATs has
>>>> only one network interface, and as such only one available public IP. So we
>>>> can't just set up a new profile. I can probably hack around this in another
>>>> way (port forwarding through one of the NATs to allow a second profile on
>>>> the same IP) but that's pretty ugly and unsustainable going forward. I'd
>>>> much prefer to simply set the expected external IP in the outbound dialplan
>>>> for each provider.
>>>>
>>>>
>>>> On Tue, Jul 22, 2014 at 5:07 PM, Russell Treleaven <
>>>> rtreleaven at bunnykick.ca> wrote:
>>>>
>>>>> Either give them separate ip addresses or separate ports.
>>>>>
>>>>>
>>>>> Sent from my BlackBerry® PlayBook™
>>>>> www.blackberry.com
>>>>>
>>>>> ------------------------------
>>>>> *From:* "Kurtis Heimerl" <kheimerl at cs.berkeley.edu>
>>>>> *To:* "FreeSWITCH Users Help" <freeswitch-users at lists.freeswitch.org>
>>>>> *Sent:* 22 July, 2014 8:04 PM
>>>>> *Subject:* Re: [Freeswitch-users] MultiNAT
>>>>>
>>>>> They all have to sit on the same internal IP and Port, so I don't
>>>>> think I can.
>>>>>
>>>>>
>>>>> On Tue, Jul 22, 2014 at 4:57 PM, Russell Treleaven <
>>>>> rtreleaven at bunnykick.ca> wrote:
>>>>>
>>>>>> Hi Kurtis,
>>>>>>
>>>>>> Why not make a separate profile for each provider?
>>>>>>
>>>>>> Sent from my BlackBerry® PlayBook™
>>>>>> www.blackberry.com
>>>>>>
>>>>>> ------------------------------
>>>>>> *From:* "Kurtis Heimerl" <kheimerl at cs.berkeley.edu>
>>>>>> *To:* "FreeSWITCH Users Help" <freeswitch-users at lists.freeswitch.org>
>>>>>> *Sent:* 22 July, 2014 7:14 PM
>>>>>> *Subject:* [Freeswitch-users] MultiNAT
>>>>>>
>>>>>> Hey Users,
>>>>>>
>>>>>> I have an interesting NAT setup. I'm running FS on the inside of
>>>>>> our network as a router/proxy between some SIP phones and DID providers.
>>>>>> However, each DID provider is behind a *different* NAT (a property of our
>>>>>> VPN setups for them).
>>>>>>
>>>>>> For instance: DID1 is at IP 192.168.1.1 and DID2 is at 10.0.0.1.
>>>>>>
>>>>>> I have calls working for each of them when I set the following in
>>>>>> my external profile:
>>>>>>
>>>>>> <param name="ext-rtp-ip" value="10.0.0.2"/>
>>>>>> <param name="ext-sip-ip" value="10.0.0.2"/>
>>>>>>
>>>>>> However, I need to dynamically route between *both* of them. I need
>>>>>> a mechanism for setting ext-rtp-ip and ext-sip-ip in the dialplan itself!
>>>>>>
>>>>>> Is there a set way to do this?
>>>>>>
>>>>>> Thanks!
>>>>>>
>>>>>>
>>>>>> _________________________________________________________________________
>>>>>> Professional FreeSWITCH Consulting Services:
>>>>>> consulting at freeswitch.org
>>>>>> http://www.freeswitchsolutions.com
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Official FreeSWITCH Sites
>>>>>> http://www.freeswitch.org
>>>>>> http://wiki.freeswitch.org
>>>>>> http://www.cluecon.com
>>>>>>
>>>>>> FreeSWITCH-users mailing list
>>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>>> UNSUBSCRIBE:
>>>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>>> http://www.freeswitch.org
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> _________________________________________________________________________
>>>>> Professional FreeSWITCH Consulting Services:
>>>>> consulting at freeswitch.org
>>>>> http://www.freeswitchsolutions.com
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Official FreeSWITCH Sites
>>>>> http://www.freeswitch.org
>>>>> http://wiki.freeswitch.org
>>>>> http://www.cluecon.com
>>>>>
>>>>> FreeSWITCH-users mailing list
>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>> UNSUBSCRIBE:
>>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>> http://www.freeswitch.org
>>>>>
>>>>>
>>>>
>>>>
>>>> _________________________________________________________________________
>>>> Professional FreeSWITCH Consulting Services:consulting at freeswitch.orghttp://www.freeswitchsolutions.com
>>>>
>>>> FreeSWITCH-powered IP PBX: The CudaTel Communication Server
>>>>
>>>> Official FreeSWITCH Siteshttp://www.freeswitch.orghttp://wiki.freeswitch.orghttp://www.cluecon.com
>>>>
>>>> FreeSWITCH-users mailing listFreeSWITCH-users at lists.freeswitch.orghttp://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-usershttp://www.freeswitch.org
>>>>
>>>>
>>>>
>>>>
>>>> _________________________________________________________________________
>>>> Professional FreeSWITCH Consulting Services:
>>>> consulting at freeswitch.org
>>>> http://www.freeswitchsolutions.com
>>>>
>>>>
>>>>
>>>>
>>>> Official FreeSWITCH Sites
>>>> http://www.freeswitch.org
>>>> http://wiki.freeswitch.org
>>>> http://www.cluecon.com
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:
>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>> http://www.freeswitch.org
>>>>
>>>>
>>>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>>
>>>
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://wiki.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>>
>>
>>
>> --
>>
>> *Brian West*
>> brian at freeswitch.org
>>
>>
>> *Twitter: @FreeSWITCH , @briankwest*
>> http://www.freeswitchbook.com
>> http://www.freeswitchcookbook.com
>>
>> *T:*+19184209001 | *F:*+19184209002 | *M:*+1918424WEST (9378)
>> *iNUM:*+883 5100 1420 9001 | *ISN:*410*543 | *Skype:*briankwest
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>>
>>
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
>
>
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
--
*Brian West*
brian at freeswitch.org
*Twitter: @FreeSWITCH , @briankwest*
http://www.freeswitchbook.com
http://www.freeswitchcookbook.com
*T:*+19184209001 | *F:*+19184209002 | *M:*+1918424WEST (9378)
*iNUM:*+883 5100 1420 9001 | *ISN:*410*543 | *Skype:*briankwest
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20140723/f179ee60/attachment-0001.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list