[Freeswitch-users] Multi-homed box - strange NAT question
Brian West
brian at freeswitch.com
Fri Jan 29 19:07:29 UTC 2021
see local-network-acl and make sure to set the ext-rtp-ip and ext-sip-ip to
the prefix of autonat:x.x.x.x
On Fri, Jan 29, 2021 at 1:06 PM Jim Miller <jmiller at wndswp.net> wrote:
> Let me try this.
>
> I have a public network interface connected to the external profile with
> ip 1.1.1.1/24 (e.g. of course) I have a private subnet attached to the
> internal profile on 192.168.0.2/24. I've got polycoms registering to
> 192.168.0.2 using TLS that show up as 192.168.0.1 given they are NAT'd
> behind this firewall. It seems that if the devices try to register to .2
> via an ip on the same subnet that NAT detection is not happy. When the
> clients come from something totally different it works. Any way to force
> this to work?
>
> Jim
> On 1/28/21 5:36 PM, Brian West wrote:
>
> Without a full understanding of your network topology it's difficult to
> say.
>
>
> On Thu, Jan 28, 2021 at 3:53 PM Jim Miller <jmiller at wndswp.net> wrote:
>
>> Brian
>>
>> Not sure I 100% follow. The clients are on the same /24 as the
>> "internal" profile interface is on. The only thing is they are behind a
>> NAT.
>>
>> What led me to this was I had a previous configuration whereby the
>> internal and external profiles were on the same interface IP. When the
>> clients connected to the internal profile via an totally different public
>> IP, but also behind a NAT it worked (registrations showed fs_nat and a
>> fs_path properly). However, for this configuration when I put the clients
>> on a NAT that was on the same subnet as the internal and external shared IP
>> it wouldn't work. I thought maybe this was an issue with the profiles
>> sharing the same IP. Thus I split it to the configuration I documented
>> below. It makes me think that the NAT issue is related to the fact that
>> the profile IP is on the same subnet as the NAT.
>>
>> Jim
>> On 1/28/21 10:51 AM, Brian West wrote:
>>
>> You will require one profile per nat interface, you can't cross profiles
>> between transit providers without it.
>>
>> /b
>>
>>
>> On Thu, Jan 28, 2021 at 7:25 AM Jim Miller <jmiller at wndswp.net> wrote:
>>
>>> Hi Folks
>>>
>>> I'm running FreeSWITCH Version 1.10.3-release~64bit (-release 64bit) on
>>> a FreeBSD 12.1 box.
>>>
>>> The issue I'm having is related to NAT, I'm sure no one has ever seen a
>>> post on this topic....
>>>
>>> My configuration is a box that is multi homed with an Internet facing
>>> interface and a private IP LAN interface. The clients (Polycoms) are on
>>> the private LAN interface but behind a NAT (pfsense) on this subnet. If
>>> I have the clients route directly to the FS box's private LAN without
>>> NAT I can make this work but as soon as I NAT them (which I need to for
>>> other reasons) I don't see the registrations show up with fs_path or the
>>> other variables like I might expect.
>>>
>>> I've fiddled with the apply-nat-acl variable to no avail.
>>>
>>> Thoughts?
>>>
>>> Thanks
>>>
>>> Jim
>>>
>>>
>>> _________________________________________________________________________
>>>
>>> The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
>>> Enhance your FreeSWITCH install with disruptive priced SMS and PSTN
>>> services.
>>> Build your next product on our scalable cloud platform.
>>>
>>> Join our online community to chat in real time
>>> https://signalwire.community
>>>
>>> Professional FreeSWITCH Services
>>> sales at freeswitch.com
>>> https://freeswitch.com
>>>
>>> Official FreeSWITCH Sites
>>> https://freeswitch.com/oss
>>> https://freeswitch.org/confluence
>>> https://cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> https://freeswitch.com
>>
>>
>>
>> --
>>
>> Brian West | Co-founder and Developer
>>
>> Need Commercial support? email sales at freeswitch.com
>>
>> FreeSWITCH Solutions | 17345 Civic Drive #2531 Brookfield, WI 53045
>> <https://maps.google.com/?q=17345+Civic+Drive+%232531+Brookfield,+WI+53045&entry=gmail&source=g>
>>
>> Email: brian at freeswitch.com
>>
>> Mobile: 918-424-9378
>>
>> Website: https://www.FreeSWITCH.com <https://www.freeswitch.com/>
>>
>> [image: https://www.facebook.com/signalwireinc?src=email]
>> <https://www.facebook.com/freeswitch> [image:
>> https://twitter.com/freeswitch] <https://twitter.com/freeswitch>
>>
>>
>
> --
>
> Brian West | Co-founder and Developer
>
> Need Commercial support? email sales at freeswitch.com
>
> FreeSWITCH Solutions | 17345 Civic Drive #2531 Brookfield, WI 53045
> <https://maps.google.com/?q=17345+Civic+Drive+%232531+Brookfield,+WI+53045&entry=gmail&source=g>
>
> Email: brian at freeswitch.com
>
> Mobile: 918-424-9378
>
> Website: https://www.FreeSWITCH.com <https://www.freeswitch.com/>
>
> [image: https://www.facebook.com/signalwireinc?src=email]
> <https://www.facebook.com/freeswitch> [image:
> https://twitter.com/freeswitch] <https://twitter.com/freeswitch>
>
>
--
Brian West | Co-founder and Developer
Need Commercial support? email sales at freeswitch.com
FreeSWITCH Solutions | 17345 Civic Drive #2531 Brookfield, WI 53045
<https://maps.google.com/?q=17345+Civic+Drive+%232531+Brookfield,+WI+53045&entry=gmail&source=g>
Email: brian at freeswitch.com
Mobile: 918-424-9378
Website: https://www.FreeSWITCH.com <https://www.freeswitch.com/>
[image: https://www.facebook.com/signalwireinc?src=email]
<https://www.facebook.com/freeswitch> [image:
https://twitter.com/freeswitch] <https://twitter.com/freeswitch>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20210129/4caec805/attachment-0001.html>
More information about the FreeSWITCH-users
mailing list