[Freeswitch-users] docker / NAT troubles..
Oz Mortimer
omortimer at gmail.com
Wed Apr 6 22:13:58 MSD 2016
The clients are on the 192. Network.
The network internal to freeswitch is 17.
Docker assigns the 17. Ips to the container (which fs is running on).
The signalling is fine, but the sdp needs to show the 192.168.1.168 address as its currently showing the internal network (even though ext-rtp-Ip is set and confirmed).
192.168.1.168 is a bridged network interface.
192.168.1.something -> 192.168.1.168 (docker vm)->172.17.0.5(docker container)
The docker container has the rtp ports "exposed" (in the same way as it does for the signalling port).
I actually didn't like docker when I first looked at it, but it actually quite nice for development (bar this issue)
Thanks
Oz
> On 6 Apr 2016, at 19:00, Michael Jerris <mike at jerris.com> wrote:
>
> And your clients are attaching from what network? Also if your description is correct, then you have internal and external addresses backwards. Does it actually nat those addresses or is it routed?
>
>
>> On Apr 6, 2016, at 1:49 PM, Oz Mortimer <omortimer at gmail.com> wrote:
>>
>> I know! I've never come across it! It's what I seem to have to do when using a docker container - unless someone knows different?
>> Docker uses a vm, which is on the network 192.168.. But the container has an IP of 172.17..
>> I'm no docker expert and in an ideal world the container should have a 192.168.. Address, but I can't find a way to make that happen.
>> Maybe I'm asking in the wrong mailing list - could be a question for docker. Either way, I'd like to figure out what I'm doing wrong!
>> Nb. This is no way going to be a production setup - it's a development setup.
>>
>> I "think" I understand what I need to do..
>> Thanks
>> Oz
>>> On 6 Apr 2016, at 18:39, Michael Jerris <mike at jerris.com> wrote:
>>>
>>> The default acl's treat all rfc1918 addresses as internal. you'll need to make one that treats your external addresses as external even tho they are rfc1918. Why are you natting from one private address to another? Its a very strange implementation
>>>
>>>
>>>> On Apr 6, 2016, at 1:31 PM, Oz Mortimer <omortimer at gmail.com> wrote:
>>>>
>>>> Hi,
>>>> Thanks for the reply - I wish I understood it - but I don’t ;)
>>>> Yes, the natting is between one rfc1918 address space to another.
>>>>
>>>> Based on your reply I tried
>>>>
>>>> <param name="apply-nat-acl" value="damnnat”/>
>>>>
>>>> where acl.conf.xml has
>>>>
>>>> <list name="damnnat" default="allow">
>>>> <node type="allow" cidr="192.168.1.0/24"/>
>>>> <node type="allow" cidr="172.17.0.0/24"/>
>>>> </list>
>>>>
>>>> To no avail!. can you give me a pointer to what I need to change and where?
>>>>
>>>> Thanks
>>>> Oz.
>>>>
>>>>> On 6 Apr 2016, at 17:58, Michael Jerris <mike at jerris.com> wrote:
>>>>>
>>>>> you are natting from one rfc1918 address space to another? If so, all the default nat acl's will be wrong, and you will have to make your own acl's that match your network environment.
>>>>>
>>>>>> On Apr 6, 2016, at 12:48 PM, Oz Mortimer <omortimer at gmail.com> wrote:
>>>>>>
>>>>>> HI,
>>>>>>
>>>>>> I’m trying to get FS running in Docker, which largely was pain free (i know, i know, VMs, etc), but I can’t get my head around what is going on with RTP. Ive set ext-rtp-ip and it seems to be taking affect:
>>>>>>
>>>>>> freeswitch at 7ad22635059e> sofia status profile internal
>>>>>> =================================================================================================
>>>>>> Name internal
>>>>>> Domain Name N/A
>>>>>> Auto-NAT false
>>>>>> DBName sofia_reg_internal
>>>>>> Pres Hosts 172.17.0.5,172.17.0.5
>>>>>> Dialplan XML
>>>>>> Context trusted
>>>>>> Challenge Realm auto_from
>>>>>> RTP-IP 172.17.0.5
>>>>>> Ext-RTP-IP 192.168.1.168
>>>>>> SIP-IP 172.17.0.5
>>>>>> Ext-SIP-IP 192.168.1.168
>>>>>> URL sip:mod_sofia at 192.168.1.168:5060
>>>>>> BIND-URL sip:mod_sofia at 192.168.1.168:5060;maddr=172.17.0.5;transport=udp,tcp
>>>>>> HOLD-MUSIC local_stream://moh
>>>>>> OUTBOUND-PROXY N/A
>>>>>> CODECS IN G729,PCMU,PCMA
>>>>>> CODECS OUT G729,PCMU,PCMA
>>>>>> TEL-EVENT 101
>>>>>> DTMF-MODE none
>>>>>> CNG 13
>>>>>> SESSION-TO 0
>>>>>> MAX-DIALOG 0
>>>>>> NOMEDIA false
>>>>>> LATE-NEG true
>>>>>> PROXY-MEDIA false
>>>>>> ZRTP-PASSTHRU true
>>>>>> AGGRESSIVENAT false
>>>>>> CALLS-IN 2
>>>>>> FAILED-CALLS-IN 2
>>>>>> CALLS-OUT 0
>>>>>> FAILED-CALLS-OUT 0
>>>>>> REGISTRATIONS 0
>>>>>>
>>>>>>
>>>>>>
>>>>>> but when a call is placed i seems to be incorrect in the SDP
>>>>>>
>>>>>> 2016-04-06 16:29:49.011107 [DEBUG] mod_sofia.c:2353 Ring SDP:
>>>>>> v=0
>>>>>> o=FreeSWITCH 1459942605 1459942606 IN IP4 172.17.0.5
>>>>>> s=FreeSWITCH
>>>>>> c=IN IP4 172.17.0.5
>>>>>> t=0 0
>>>>>> m=audio 17584 RTP/AVP 8 101
>>>>>> a=rtpmap:8 PCMA/8000
>>>>>> a=rtpmap:101 telephone-event/8000
>>>>>> a=fmtp:101 0-16
>>>>>> a=ptime:20
>>>>>> a=sendrecv
>>>>>>
>>>>>> Shouldn’t the SDP reflect the Ext-RTP-IP ?
>>>>>>
>>>>>> Im sure i’ve missed some sort of config setting or have gone snow blind!.
>>>>>> fs version is FreeSWITCH (Version 1.6.7 -14-d38d065 64bit)
>>>>>>
>>>>>> Any ideas will be greatly received.
>>>>>> Thanks
>>>>>> Oz.
>>>>>> _________________________________________________________________________
>>>>>> Professional FreeSWITCH Consulting Services:
>>>>>> consulting at freeswitch.org
>>>>>> http://www.freeswitchsolutions.com
>>>>>>
>>>>>> Official FreeSWITCH Sites
>>>>>> http://www.freeswitch.org
>>>>>> http://confluence.freeswitch.org
>>>>>> http://www.cluecon.com
>>>>>>
>>>>>> FreeSWITCH-users mailing list
>>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>>> http://www.freeswitch.org
>>>>>
>>>>> _________________________________________________________________________
>>>>> Professional FreeSWITCH Consulting Services:
>>>>> consulting at freeswitch.org
>>>>> http://www.freeswitchsolutions.com
>>>>>
>>>>> Official FreeSWITCH Sites
>>>>> http://www.freeswitch.org
>>>>> http://confluence.freeswitch.org
>>>>> http://www.cluecon.com
>>>>>
>>>>> FreeSWITCH-users mailing list
>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>> http://www.freeswitch.org
>>>>
>>>> _________________________________________________________________________
>>>> Professional FreeSWITCH Consulting Services:
>>>> consulting at freeswitch.org
>>>> http://www.freeswitchsolutions.com
>>>>
>>>> Official FreeSWITCH Sites
>>>> http://www.freeswitch.org
>>>> http://confluence.freeswitch.org
>>>> http://www.cluecon.com
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>> http://www.freeswitch.org
>>>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://confluence.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20160406/fe28dde6/attachment-0001.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list