[Freeswitch-users] docker / NAT troubles..

Michael Jerris mike at jerris.com
Wed Apr 6 21:39:03 MSD 2016 

The default acl's treat all rfc1918 addresses as internal.  you'll need to make one that treats your external addresses as external even tho they are rfc1918.  Why are you natting from one private address to another?  Its a very strange implementation


> On Apr 6, 2016, at 1:31 PM, Oz Mortimer <omortimer at gmail.com> wrote:
> 
> Hi,
> Thanks for the reply - I wish I understood it - but I don’t ;)
> Yes, the natting is between one rfc1918 address space to another.
> 
> Based on your reply I tried
> 
> 	<param name="apply-nat-acl" value="damnnat”/>
> 
> where acl.conf.xml has
> 
>  <list name="damnnat" default="allow">
>       <node type="allow" cidr="192.168.1.0/24"/>
>       <node type="allow" cidr="172.17.0.0/24"/>
>     </list>
> 
> To no avail!. can you give me a pointer to what I need to change and where?
> 
> Thanks
> Oz.
> 
>> On 6 Apr 2016, at 17:58, Michael Jerris <mike at jerris.com <mailto:mike at jerris.com>> wrote:
>> 
>> you are natting from one rfc1918 address space to another?  If so, all the default nat acl's will be wrong, and you will have to make your own acl's that match your network environment.
>> 
>>> On Apr 6, 2016, at 12:48 PM, Oz Mortimer <omortimer at gmail.com <mailto:omortimer at gmail.com>> wrote:
>>> 
>>> HI,
>>> 
>>> I’m trying to get FS running in Docker, which largely was pain free (i know, i know, VMs, etc), but I can’t get my head around what is going on with RTP. Ive set ext-rtp-ip and it seems to be taking affect:
>>> 
>>> freeswitch at 7ad22635059e> sofia status profile internal
>>> =================================================================================================
>>> Name             	internal
>>> Domain Name      	N/A
>>> Auto-NAT         	false
>>> DBName           	sofia_reg_internal
>>> Pres Hosts       	172.17.0.5,172.17.0.5
>>> Dialplan         	XML
>>> Context          	trusted
>>> Challenge Realm  	auto_from
>>> RTP-IP           	172.17.0.5
>>> Ext-RTP-IP       	192.168.1.168
>>> SIP-IP           	172.17.0.5
>>> Ext-SIP-IP       	192.168.1.168
>>> URL              	sip:mod_sofia at 192.168.1.168:5060 <sip:mod_sofia at 192.168.1.168:5060>
>>> BIND-URL         	sip:mod_sofia at 192.168.1.168:5060;maddr= <sip:mod_sofia at 192.168.1.168:5060;maddr=>172.17.0.5;transport=udp,tcp
>>> HOLD-MUSIC       	local_stream://moh
>>> OUTBOUND-PROXY   	N/A
>>> CODECS IN        	G729,PCMU,PCMA
>>> CODECS OUT       	G729,PCMU,PCMA
>>> TEL-EVENT        	101
>>> DTMF-MODE        	none
>>> CNG              	13
>>> SESSION-TO       	0
>>> MAX-DIALOG       	0
>>> NOMEDIA          	false
>>> LATE-NEG         	true
>>> PROXY-MEDIA      	false
>>> ZRTP-PASSTHRU    	true
>>> AGGRESSIVENAT    	false
>>> CALLS-IN         	2
>>> FAILED-CALLS-IN  	2
>>> CALLS-OUT        	0
>>> FAILED-CALLS-OUT 	0
>>> REGISTRATIONS    	0
>>> 
>>> 
>>> 
>>> but when a call is placed i seems to be incorrect in the SDP
>>> 
>>> 2016-04-06 16:29:49.011107 [DEBUG] mod_sofia.c:2353 Ring SDP:
>>> v=0
>>> o=FreeSWITCH 1459942605 1459942606 IN IP4 172.17.0.5
>>> s=FreeSWITCH
>>> c=IN IP4 172.17.0.5
>>> t=0 0
>>> m=audio 17584 RTP/AVP 8 101
>>> a=rtpmap:8 PCMA/8000
>>> a=rtpmap:101 telephone-event/8000
>>> a=fmtp:101 0-16
>>> a=ptime:20
>>> a=sendrecv
>>> 
>>> Shouldn’t the SDP reflect the Ext-RTP-IP ?
>>> 
>>> Im sure i’ve missed some sort of config setting or have gone snow blind!.
>>> fs version is FreeSWITCH (Version 1.6.7 -14-d38d065 64bit)
>>> 
>>> Any ideas will be greatly received.
>>> Thanks
>>> Oz.
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services: 
>>> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
>>> http://www.freeswitchsolutions.com <http://www.freeswitchsolutions.com/>
>>> 
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://confluence.freeswitch.org
>>> http://www.cluecon.com
>>> 
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>> 
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services: 
>> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
>> http://www.freeswitchsolutions.com
>> 
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>> 
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
> 
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services: 
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
> 
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
> 
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20160406/969d0b64/attachment-0001.html

Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list