[Freeswitch-users] New system: sofia is on wrong IP address

Steven Schoch schoch+freeswitch.org at xwin32.com
Tue Feb 23 22:37:04 UTC 2021 

Thanks, John!

The system does not have a "public" interface. I assume it gets the 67.*
address from auto-nat. Its 2 IP addresses are 10.0.0.167 (DHCP)
(local_ip_v4), and 192.168.3.2 (phone_ip_v4). I disabled the "internal"
profile and the internal-ipv6 profile to avoid confusion. Now "ss -n -a
sport = 5060" shows this:

Netid         State          Recv-Q          Send-Q                   Local
Address:Port                   Peer Address:Port

udp           UNCONN         0               0
192.168.3.2:5060                        0.0.0.0:*

tcp           LISTEN         0               64
192.168.3.2:5060                        0.0.0.0:*

...which means it's listening on the "phone" network, as it should be.
However "sofia status" still gives me this:

                     Name   Type                                       Data
State

=================================================================================================

            external-ipv6 profile   sip:mod_sofia@
[2601:647:4802:9220:c816:30ae:6a9a:d191]:5080 RUNNING (0)

                 external profile
sip:mod_sofia at 67.164.101.201:5080 RUNNING
(0)

      external::flowroute gateway
sip:6509889800 at us-west-or.sip-flowroute.com NOREG

                    phone profile
sip:mod_sofia at 10.0.0.167:5060 RUNNING
(0)

=================================================================================================

3 profiles 0 aliases

The IP address after "sip:mod_sofia@" is my home LAN. Why isn't it the IP
of the "phone" network?

-- 
Steve


On Tue, Feb 23, 2021 at 1:36 PM Bote Man <botelist at gmail.com> wrote:

> HO BOY. By “pbx system” may we assume that you mean the linux box running
> FreeSWITCH?
>
>
>
> 1) First and foremost, it appears that you (inadvertently?) have
> FreeSWITCH listening on a public interface since sofia status shows both an
> ipv4 and an ipv6 address. I strongly suggest you eliminate that before
> attackers attack from those interfaces. Since the FS “Vanilla”
> configuration files are intended to get you up and running as quickly as
> possible, they anticipate the most common scenario which is an internal SIP
> profile to service your phones (named default) and an external SIP profile
> (named external) that you may or may not need to listen on a different
> ip:port pair.
>
>
>
> I usually rename those files from external.xml to external.hold so they
> remain as references, but won’t be picked up by FS when it starts since
> they no longer have the .xml suffix.
>
>
>
> 2) Those two gateway definitions are picked up by an include statement at
> the top of one of the SIP profiles. I’ve never questioned how or why, but
> my gateway is included in my internal profile and it works just fine. This
> is why I say that you might not even need that external profile at all, but
> you’ll need to investigate that further.
>
>
>
> 3) The SIP profiles as well as all the other XML definitions depend on the
> “name=” tag at the top, so the filename is irrelevant to FS. The Vanilla
> configs name the internal profile “default” inside and from your sofia
> status table it appears that you’ve copied that and named it “phone” so now
> you have 3 SIP profiles listening, with the internal profile listening on
> your public IP address.
>
>
>
> 4) The NAT stuff can be tricky, but you probably want to look into that,
> as well. Here’s a starting point:
>
> https://freeswitch.org/confluence/display/FREESWITCH/NAT+Traversal
>
>
>
> I’m not sure I’ve gotten everything right in here, but my advice is to
> trim it down to keep it simple and then build it back to more complexity as
> you master each part.
>
>
>
> Hope this helps.
>
>
>
>
>
> ---
>
> John Boteler
>
> BnC Group U.S.A.
>
>
>
>
>
>
>
> *From:* FreeSWITCH-users <freeswitch-users-bounces at lists.freeswitch.org> *On
> Behalf Of *Steven Schoch
> *Sent:* Tuesday, 23 February, 2021 16:01
> *To:* freeswitch-users <FreeSWITCH-users at lists.freeswitch.org>
> *Subject:* [Freeswitch-users] New system: sofia is on wrong IP address
>
>
>
> The last time I played with FreeSWITCH was 10 years ago, and now I'm
> helping a local nonprofit retire their obsolete analog phone system.
>
>
>
> I have a pbx system with 2 network cards: One dedicated to the phones,
> plugs into a PoE switch. On that network, the pbx has a DHCP server for the
> phones, as well as an FTP server for the Polycom SoundPoint IP 320 phones.
> The IP address on that network is 192.168.3.2.
>
>
>
> Since I'm setting up the system here at home, the other network card is on
> my Xfinity LAN, with an IP address of 10.0.0.167 (via DHCP from the Comcast
> modem).
>
>
>
> I understand the "domain" should be fairly fixed, so I set that to my
> "phone" network:
>
>
>
>   <X-PRE-PROCESS cmd="set" data="phone_ip_v4=192.168.3.2"/>
>
>   <X-PRE-PROCESS cmd="set" data="domain=$${phone_ip_v4}"/>
>
>   <X-PRE-PROCESS cmd="set" data="domain_name=eastwest"/>
>
>
>
> I defined an sofia profile named "phone" with these lines:
>
>
>
>     <param name="rtp-ip" value="$${phone_ip_v4}"/>
>
>     <param name="sip-ip" value="$${phone_ip_v4}"/>
>
>
>
> I also used the default "internal" profile, in case an SIP device is
> hooked up to the main LAN, but that's not important.
>
> However, a "sofia status" shows this:
>
>                      Name                 Type
>               Data                State
>
>
> =================================================================================================
>
>             external-ipv6        profile
> sip:mod_sofia@[2601:647:4802:9220:c816:30ae:6a9a:d191]:5080        RUNNING
> (0)
>
>               192.168.3.2           alias
>       internal             ALIASED
>
>                  external              profile
> sip:mod_sofia at 67.164.101.201:5080            RUNNING (0)
>
>         external::sip2sip      gateway
> sip:eastwest at sip2sip.info          REGED
>
>       external::flowroute   gateway
> sip:6509889800 at us-west-or.sip-flowroute.com             NOREG
>
>                     phone               profile
> sip:mod_sofia at 10.0.0.167:5060  RUNNING (0)
>
>             internal-ipv6         profile
> sip:mod_sofia@[2601:647:4802:9220:c816:30ae:6a9a:d191]:5060        RUNNING
> (0)
>
>                  internal              profile
> sip:mod_sofia at 67.164.101.201:5060            RUNNING (0)
>
>
> =================================================================================================
>
> 5 profiles 1 alias
>
>
>
> Why does the "phone" profile have "sip:mod_sofia at 10.0.0.167:5060".
> Shouldn't that have the 192.168.3.2 address? And why isn't my phone
> registering?
>
>
>
> --
>
> Steve
> _________________________________________________________________________
>
> The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
> Enhance your FreeSWITCH install with disruptive priced SMS and PSTN
> services.
> Build your next product on our scalable cloud platform.
>
> Join our online community to chat in real time
> https://signalwire.community
>
> Professional FreeSWITCH Services
> sales at freeswitch.com
> https://freeswitch.com
>
> Official FreeSWITCH Sites
> https://freeswitch.com/oss
> https://freeswitch.org/confluence
> https://cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> https://freeswitch.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20210223/e5231f80/attachment-0001.html>

More information about the FreeSWITCH-users mailing list