[Freeswitch-users] docker / NAT troubles..
Oz Mortimer
omortimer at gmail.com
Wed Apr 6 22:29:14 MSD 2016
Gocha! And absolutely not (though I might be tempted to try it for the sake of external demos ;))
Thanks again
Oz
> On 6 Apr 2016, at 19:22, Nathan Neulinger <nneul at mst.edu> wrote:
>
> As long as you don't have yet another layer of external access required - the original suggestion I think is probably
> right - you need to make a new set of ACLs for the freeswitch nat acl that do not include the 192.x.x.x network. Then
> that net will be interpreted as external.
>
> -- Nathan
>
>> On 04/06/2016 01:13 PM, Oz Mortimer wrote:
>> The clients are on the 192. Network.
>> The network internal to freeswitch is 17.
>> Docker assigns the 17. Ips to the container (which fs is running on).
>>
>> The signalling is fine, but the sdp needs to show the 192.168.1.168 address as its currently showing the internal
>> network (even though ext-rtp-Ip is set and confirmed).
>>
>> 192.168.1.168 is a bridged network interface.
>>
>> 192.168.1.something -> 192.168.1.168 (docker vm)->172.17.0.5(docker container)
>>
>> The docker container has the rtp ports "exposed" (in the same way as it does for the signalling port).
>>
>> I actually didn't like docker when I first looked at it, but it actually quite nice for development (bar this issue)
>> Thanks
>> Oz
>>
>>> On 6 Apr 2016, at 19:00, Michael Jerris <mike at jerris.com <mailto:mike at jerris.com>> wrote:
>>>
>>> And your clients are attaching from what network? Also if your description is correct, then you have internal and
>>> external addresses backwards. Does it actually nat those addresses or is it routed?
>>>
>>>
>>>> On Apr 6, 2016, at 1:49 PM, Oz Mortimer <omortimer at gmail.com <mailto:omortimer at gmail.com>> wrote:
>>>>
>>>> I know! I've never come across it! It's what I seem to have to do when using a docker container - unless someone
>>>> knows different?
>>>> Docker uses a vm, which is on the network 192.168.. But the container has an IP of 172.17..
>>>> I'm no docker expert and in an ideal world the container should have a 192.168.. Address, but I can't find a way to
>>>> make that happen.
>>>> Maybe I'm asking in the wrong mailing list - could be a question for docker. Either way, I'd like to figure out what
>>>> I'm doing wrong!
>>>> Nb. This is no way going to be a production setup - it's a development setup.
>>>>
>>>> I "think" I understand what I need to do..
>>>> Thanks
>>>> Oz
>>>>> On 6 Apr 2016, at 18:39, Michael Jerris <mike at jerris.com <mailto:mike at jerris.com>> wrote:
>>>>>
>>>>> The default acl's treat all rfc1918 addresses as internal. you'll need to make one that treats your external
>>>>> addresses as external even tho they are rfc1918. Why are you natting from one private address to another? Its a
>>>>> very strange implementation
>>>>>
>>>>>
>>>>>> On Apr 6, 2016, at 1:31 PM, Oz Mortimer <omortimer at gmail.com <mailto:omortimer at gmail.com>> wrote:
>>>>>>
>>>>>> Hi,
>>>>>> Thanks for the reply - I wish I understood it - but I don’t ;)
>>>>>> Yes, the natting is between one rfc1918 address space to another.
>>>>>>
>>>>>> Based on your reply I tried
>>>>>>
>>>>>> <param name="apply-nat-acl" value="damnnat”/>
>>>>>>
>>>>>> where acl.conf.xml has
>>>>>>
>>>>>> <list name="damnnat" default="allow">
>>>>>> <node type="allow" cidr="192.168.1.0/24"/>
>>>>>> <node type="allow" cidr="172.17.0.0/24"/>
>>>>>> </list>
>>>>>>
>>>>>> To no avail!. can you give me a pointer to what I need to change and where?
>>>>>>
>>>>>> Thanks
>>>>>> Oz.
>>>>>>
>>>>>>> On 6 Apr 2016, at 17:58, Michael Jerris <mike at jerris.com <mailto:mike at jerris.com>> wrote:
>>>>>>>
>>>>>>> you are natting from one rfc1918 address space to another? If so, all the default nat acl's will be wrong, and
>>>>>>> you will have to make your own acl's that match your network environment.
>>>>>>>
>>>>>>>> On Apr 6, 2016, at 12:48 PM, Oz Mortimer <omortimer at gmail.com <mailto:omortimer at gmail.com>> wrote:
>>>>>>>>
>>>>>>>> HI,
>>>>>>>>
>>>>>>>> I’m trying to get FS running in Docker, which largely was pain free (i know, i know, VMs, etc), but I can’t get
>>>>>>>> my head around what is going on with RTP. Ive set ext-rtp-ip and it seems to be taking affect:
>>>>>>>>
>>>>>>>> freeswitch at 7ad22635059e> sofia status profile internal
>>>>>>>> =================================================================================================
>>>>>>>> Name internal
>>>>>>>> Domain Name N/A
>>>>>>>> Auto-NAT false
>>>>>>>> DBName sofia_reg_internal
>>>>>>>> Pres Hosts 172.17.0.5,172.17.0.5
>>>>>>>> Dialplan XML
>>>>>>>> Context trusted
>>>>>>>> Challenge Realm auto_from
>>>>>>>> RTP-IP 172.17.0.5
>>>>>>>> Ext-RTP-IP 192.168.1.168
>>>>>>>> SIP-IP 172.17.0.5
>>>>>>>> Ext-SIP-IP 192.168.1.168
>>>>>>>> URL sip:mod_sofia at 192.168.1.168:5060
>>>>>>>> BIND-URL sip:mod_sofia at 192.168.1.168:5060;maddr=172.17.0.5;transport=udp,tcp
>>>>>>>> HOLD-MUSIC local_stream://moh
>>>>>>>> OUTBOUND-PROXY N/A
>>>>>>>> CODECS IN G729,PCMU,PCMA
>>>>>>>> CODECS OUT G729,PCMU,PCMA
>>>>>>>> TEL-EVENT 101
>>>>>>>> DTMF-MODE none
>>>>>>>> CNG 13
>>>>>>>> SESSION-TO 0
>>>>>>>> MAX-DIALOG 0
>>>>>>>> NOMEDIA false
>>>>>>>> LATE-NEG true
>>>>>>>> PROXY-MEDIA false
>>>>>>>> ZRTP-PASSTHRU true
>>>>>>>> AGGRESSIVENAT false
>>>>>>>> CALLS-IN 2
>>>>>>>> FAILED-CALLS-IN 2
>>>>>>>> CALLS-OUT 0
>>>>>>>> FAILED-CALLS-OUT 0
>>>>>>>> REGISTRATIONS 0
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> but when a call is placed i seems to be incorrect in the SDP
>>>>>>>>
>>>>>>>> 2016-04-06 16:29:49.011107 [DEBUG] mod_sofia.c:2353 Ring SDP:
>>>>>>>> v=0
>>>>>>>> o=FreeSWITCH 1459942605 1459942606 IN IP4 172.17.0.5
>>>>>>>> s=FreeSWITCH
>>>>>>>> c=IN IP4 172.17.0.5
>>>>>>>> t=0 0
>>>>>>>> m=audio 17584 RTP/AVP 8 101
>>>>>>>> a=rtpmap:8 PCMA/8000
>>>>>>>> a=rtpmap:101 telephone-event/8000
>>>>>>>> a=fmtp:101 0-16
>>>>>>>> a=ptime:20
>>>>>>>> a=sendrecv
>>>>>>>>
>>>>>>>> Shouldn’t the SDP reflect the Ext-RTP-IP ?
>>>>>>>>
>>>>>>>> Im sure i’ve missed some sort of config setting or have gone snow blind!.
>>>>>>>> fs version is FreeSWITCH (Version 1.6.7 -14-d38d065 64bit)
>>>>>>>>
>>>>>>>> Any ideas will be greatly received.
>>>>>>>> Thanks
>>>>>>>> Oz.
>>>>>>>> _________________________________________________________________________
>>>>>>>> Professional FreeSWITCH Consulting Services:
>>>>>>>> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
>>>>>>>> http://www.freeswitchsolutions.com <http://www.freeswitchsolutions.com/>
>>>>>>>>
>>>>>>>> Official FreeSWITCH Sites
>>>>>>>> http://www.freeswitch.org <http://www.freeswitch.org/>
>>>>>>>> http://confluence.freeswitch.org <http://confluence.freeswitch.org/>
>>>>>>>> http://www.cluecon.com <http://www.cluecon.com/>
>>>>>>>>
>>>>>>>> FreeSWITCH-users mailing list
>>>>>>>> FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
>>>>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>>>>> <http://lists.freeswitch.org/mailman/options/freeswitch-users>
>>>>>>>> http://www.freeswitch.org <http://www.freeswitch.org/>
>>>>>>>
>>>>>>> _________________________________________________________________________
>>>>>>> Professional FreeSWITCH Consulting Services:
>>>>>>> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
>>>>>>> http://www.freeswitchsolutions.com <http://www.freeswitchsolutions.com/>
>>>>>>>
>>>>>>> Official FreeSWITCH Sites
>>>>>>> http://www.freeswitch.org <http://www.freeswitch.org/>
>>>>>>> http://confluence.freeswitch.org <http://confluence.freeswitch.org/>
>>>>>>> http://www.cluecon.com <http://www.cluecon.com/>
>>>>>>>
>>>>>>> FreeSWITCH-users mailing list
>>>>>>> FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
>>>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>>>> <http://lists.freeswitch.org/mailman/options/freeswitch-users>
>>>>>>> http://www.freeswitch.org <http://www.freeswitch.org/>
>>>>>>
>>>>>> _________________________________________________________________________
>>>>>> Professional FreeSWITCH Consulting Services:
>>>>>> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
>>>>>> http://www.freeswitchsolutions.com <http://www.freeswitchsolutions.com/>
>>>>>>
>>>>>> Official FreeSWITCH Sites
>>>>>> http://www.freeswitch.org <http://www.freeswitch.org/>
>>>>>> http://confluence.freeswitch.org <http://confluence.freeswitch.org/>
>>>>>> http://www.cluecon.com <http://www.cluecon.com/>
>>>>>>
>>>>>> FreeSWITCH-users mailing list
>>>>>> FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
>>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>>> <http://lists.freeswitch.org/mailman/options/freeswitch-users>
>>>>>> http://www.freeswitch.org <http://www.freeswitch.org/>
>>>>>
>>>>> _________________________________________________________________________
>>>>> Professional FreeSWITCH Consulting Services:
>>>>> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
>>>>> http://www.freeswitchsolutions.com <http://www.freeswitchsolutions.com/>
>>>>>
>>>>> Official FreeSWITCH Sites
>>>>> http://www.freeswitch.org <http://www.freeswitch.org/>
>>>>> http://confluence.freeswitch.org <http://confluence.freeswitch.org/>
>>>>> http://www.cluecon.com <http://www.cluecon.com/>
>>>>>
>>>>> FreeSWITCH-users mailing list
>>>>> FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>> <http://lists.freeswitch.org/mailman/options/freeswitch-users>
>>>>> http://www.freeswitch.org <http://www.freeswitch.org/>
>>>> _________________________________________________________________________
>>>> Professional FreeSWITCH Consulting Services:
>>>> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
>>>> http://www.freeswitchsolutions.com
>>>>
>>>> Official FreeSWITCH Sites
>>>> http://www.freeswitch.org
>>>> http://confluence.freeswitch.org
>>>> http://www.cluecon.com
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>> <http://lists.freeswitch.org/mailman/options/freeswitch-users>
>>>> http://www.freeswitch.org
>>>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
>>> http://www.freeswitchsolutions.com
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://confluence.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> <http://lists.freeswitch.org/mailman/options/freeswitch-users>
>>> http://www.freeswitch.org
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>
> --
> ------------------------------------------------------------
> Nathan Neulinger nneul at mst.edu
> Missouri S&T Information Technology (573) 612-1412
> System Administrator - Architect
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list