[Freeswitch-users] Multi-homed box - strange NAT question

Jim Miller jmiller at wndswp.net
Tue Feb 2 16:49:43 UTC 2021 

I was getting ready to implement this but I'm questioning something.  

The PBX itself is not behind a NAT.  Why would I set the ext-sip-ip and
ext-rtp-ip to use autonat? 

Presently thety are set to the below where private_rtp_ip is the RFC
address space IP of the internal interface of the PBX.

<param name="ext-rtp-ip" value="$${private_rtp_ip}"/>
<param name="ext-sip-ip" value="$${private_rtp_ip}"/>

Also, in the profile I have <param name="local-network-acl"
value="localnet.auto"/> already.

thoughts?

On 1/29/21 2:07 PM, Brian West wrote:
> see local-network-acl and make sure to set the ext-rtp-ip and
> ext-sip-ip to the prefix of autonat:x.x.x.x
>
> On Fri, Jan 29, 2021 at 1:06 PM Jim Miller <jmiller at wndswp.net
> <mailto:jmiller at wndswp.net>> wrote:
>
>     Let me try this.
>
>     I have a public network interface connected to the external
>     profile with ip 1.1.1.1/24 <http://1.1.1.1/24>  (e.g. of course) 
>     I have a private subnet attached to the internal profile on
>     192.168.0.2/24 <http://192.168.0.2/24>.   I've got polycoms
>     registering to 192.168.0.2 using TLS that show up as 192.168.0.1
>     given they are NAT'd behind this firewall.  It seems that if the
>     devices try to register to .2 via an ip on the same subnet that
>     NAT detection is not happy.  When the clients come from something
>     totally different it works.  Any way to force this to work?
>
>     Jim
>
>     On 1/28/21 5:36 PM, Brian West wrote:
>>     Without a full understanding of your network topology it's
>>     difficult to say.
>>
>>
>>     On Thu, Jan 28, 2021 at 3:53 PM Jim Miller <jmiller at wndswp.net
>>     <mailto:jmiller at wndswp.net>> wrote:
>>
>>         Brian
>>
>>         Not sure I 100% follow.  The clients are on the same /24 as
>>         the "internal" profile interface is on.  The only thing is
>>         they are behind a NAT. 
>>
>>         What led me to this was I had a previous configuration
>>         whereby the internal and external profiles were on the same
>>         interface IP. When the clients connected to the internal
>>         profile via an totally different public IP, but also behind a
>>         NAT it worked (registrations showed fs_nat and a fs_path
>>         properly).  However, for this configuration when I put the
>>         clients on a NAT that was on the same subnet as the internal
>>         and external shared IP it wouldn't work.  I thought maybe
>>         this was an issue with the profiles sharing the same IP. 
>>         Thus I split it to the configuration I documented below.  It
>>         makes me think that the NAT issue is related to the fact that
>>         the profile IP is on the same subnet as the NAT.  
>>
>>         Jim
>>
>>         On 1/28/21 10:51 AM, Brian West wrote:
>>>         You will require one profile per nat interface, you can't
>>>         cross profiles between transit providers without it.
>>>
>>>         /b
>>>
>>>
>>>         On Thu, Jan 28, 2021 at 7:25 AM Jim Miller
>>>         <jmiller at wndswp.net <mailto:jmiller at wndswp.net>> wrote:
>>>
>>>             Hi Folks
>>>
>>>             I'm running FreeSWITCH Version 1.10.3-release~64bit
>>>             (-release 64bit) on
>>>             a FreeBSD 12.1 box.
>>>
>>>             The issue I'm having is related to NAT, I'm sure no one
>>>             has ever seen a
>>>             post on this topic....
>>>
>>>             My configuration is a box that is multi homed with an
>>>             Internet facing
>>>             interface and a private IP LAN interface.  The clients
>>>             (Polycoms) are on
>>>             the private LAN interface but behind a NAT (pfsense) on
>>>             this subnet.  If
>>>             I have the clients route directly to the FS box's
>>>             private LAN without
>>>             NAT I can make this work but as soon as I NAT them
>>>             (which I need to for
>>>             other reasons) I don't see the registrations show up
>>>             with fs_path or the
>>>             other variables like I might expect.
>>>
>>>             I've fiddled with the apply-nat-acl variable to no avail. 
>>>
>>>             Thoughts?
>>>
>>>             Thanks
>>>
>>>             Jim
>>>
>>>
>>>             _________________________________________________________________________
>>>
>>>             The FreeSWITCH project is sponsored by SignalWire
>>>             https://signalwire.com
>>>             Enhance your FreeSWITCH install with disruptive priced
>>>             SMS and PSTN services.
>>>             Build your next product on our scalable cloud platform.
>>>
>>>             Join our online community to chat in real time
>>>             https://signalwire.community
>>>
>>>             Professional FreeSWITCH Services
>>>             sales at freeswitch.com <mailto:sales at freeswitch.com>
>>>             https://freeswitch.com
>>>
>>>             Official FreeSWITCH Sites
>>>             https://freeswitch.com/oss
>>>             https://freeswitch.org/confluence
>>>             https://cluecon.com
>>>
>>>             FreeSWITCH-users mailing list
>>>             FreeSWITCH-users at lists.freeswitch.org
>>>             <mailto:FreeSWITCH-users at lists.freeswitch.org>
>>>             http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>             UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>             https://freeswitch.com
>>>
>>>
>>>
>>>         -- 
>>>
>>>         Brian West | Co-founder and Developer
>>>
>>>         Need Commercial support? email sales at freeswitch.com
>>>         <mailto:sales at freeswitch.com>
>>>
>>>         FreeSWITCH Solutions | 17345 Civic Drive #2531 Brookfield,
>>>         WI 53045
>>>         <https://maps.google.com/?q=17345+Civic+Drive+%232531+Brookfield,+WI+53045&entry=gmail&source=g>
>>>
>>>         Email: brian at freeswitch.com <mailto:brian at freeswitch.com>
>>>
>>>         Mobile: 918-424-9378
>>>
>>>         Website: https://www.FreeSWITCH.com
>>>         <https://www.freeswitch.com/>
>>>
>>>         https://www.facebook.com/signalwireinc?src=email
>>>         <https://www.facebook.com/freeswitch>
>>>         https://twitter.com/freeswitch <https://twitter.com/freeswitch>
>>>
>>
>>
>>     -- 
>>
>>     Brian West | Co-founder and Developer
>>
>>     Need Commercial support? email sales at freeswitch.com
>>     <mailto:sales at freeswitch.com>
>>
>>     FreeSWITCH Solutions | 17345 Civic Drive #2531 Brookfield, WI
>>     53045
>>     <https://maps.google.com/?q=17345+Civic+Drive+%232531+Brookfield,+WI+53045&entry=gmail&source=g>
>>
>>     Email: brian at freeswitch.com <mailto:brian at freeswitch.com>
>>
>>     Mobile: 918-424-9378
>>
>>     Website: https://www.FreeSWITCH.com <https://www.freeswitch.com/>
>>
>>     https://www.facebook.com/signalwireinc?src=email
>>     <https://www.facebook.com/freeswitch>
>>     https://twitter.com/freeswitch <https://twitter.com/freeswitch>
>>
>
>
> -- 
>
> Brian West | Co-founder and Developer
>
> Need Commercial support? email sales at freeswitch.com
> <mailto:sales at freeswitch.com>
>
> FreeSWITCH Solutions | 17345 Civic Drive #2531 Brookfield, WI 53045
> <https://maps.google.com/?q=17345+Civic+Drive+%232531+Brookfield,+WI+53045&entry=gmail&source=g>
>
> Email: brian at freeswitch.com <mailto:brian at freeswitch.com>
>
> Mobile: 918-424-9378
>
> Website: https://www.FreeSWITCH.com <https://www.freeswitch.com/>
>
> https://www.facebook.com/signalwireinc?src=email
> <https://www.facebook.com/freeswitch> https://twitter.com/freeswitch
> <https://twitter.com/freeswitch>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20210202/e530532c/attachment-0001.html>

More information about the FreeSWITCH-users mailing list