<div dir="ltr">Hrm, this is more complicated to explain than I anticipated. <div><br></div><div style>Basically, this is the fault of VPNs. We have one machine in our data center that is running a VPN connecting (X.Y.*.*) to carrier 1. That box is one-to-one NATing all communciations to our (FS) VoIP server on the local subnet (192,168.*.*). So that's NAT 1.</div>
<div style><br></div><div style>The second NAT is for the actual public access from our VoIP box. This has a public IP outside the firewall (A.B.*.*) and NATs again to the VoIP server on the local subnet (192.168.*.*)</div>
<div style><br></div><div style>So, this one machine (192.168.*.*) is actually behind two separate NATs at the moment. It has some rules in the IP tables to route X.Y traffic to the VPN box, and otherwise route to the broader internet. The existing way to deal with a NAT in FS is the ext-rtp/sip-ip field in the profile, but that no longer works when we have to dynamically set these fields depending on which NAT they are going through. </div>
<div style><br></div><div style>Does that make sense? Even if not, here's the problem: I want to set ext-rtp/sip-ip dynamically in the dialplan. Is that possible?</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">
On Wed, Jul 23, 2014 at 5:40 AM, Brian West <span dir="ltr"><<a href="mailto:brian@freeswitch.org" target="_blank">brian@freeswitch.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">I'm guessing both networks are behind the same nat and routed? Or is it two different nat'ed networks behind the same public IP? If its just two standard networks thats fully routed and no nat between the 192.x and the 10.x space then just set your local-network-acl to rfc1918.auto.</div>
<div class="gmail_extra"><div><div class="h5"><br><br><div class="gmail_quote">On Wed, Jul 23, 2014 at 12:52 AM, Kurtis Heimerl <span dir="ltr"><<a href="mailto:kheimerl@cs.berkeley.edu" target="_blank">kheimerl@cs.berkeley.edu</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Comments in line:<div class="gmail_extra"><br><br><div class="gmail_quote"><div>On Tue, Jul 22, 2014 at 9:22 PM, Pasha <span dir="ltr"><<a href="mailto:pasha@prosperity4ever.com" target="_blank">pasha@prosperity4ever.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
The problem with that though (if I understand your scenario
correctly) is that even if there was a way to set external IP in
freeswitch in the dial plan you say that you only have 1 external IP
to deal with anyway, so what would you set your second IP to for
routing to work properly?<br>
<br></div></blockquote></div><div>There's only one actual IP on the box, but it's behind *two* different NATs. Setting the ext-rtp/sip-ip to the appropriate NAT IP works for both connections, but I need to make that dynamic. </div>
<div>
<div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div text="#000000" bgcolor="#FFFFFF">
In my mind what might work for you is if you create an alias to your
single network controller with the second IP that you need, then if
you have access to the firewall perform NAT so that if connection
comes in from external IP of vendor #1 on 5060 you forward that to
5060 on internal IP 1 of your fresswitch box. If call comes in on
external IP of vendor #2 on 5060 you forward to port 5060 of your
internal IP #2 (alias on freeswitch box)... that's for incoming... <br>
<br></div></blockquote><div><br></div></div><div>I'm not sure I understand this. Does a FS alias allow me to have multiple IPs on the same box somehow?</div><div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
I apologize if I didn't fully understand your scenario. I'm not even
sure why you're having a conflict in this case because your
providers are different, the only time you have an issue with single
external IP is if you're trying to setup a second trunk to the same
provider (most of them won't allow more than on trunk on a single
IP).<br>
<br></div></blockquote><div><br></div></div><div>It's a relatively simple, but apparently uncommon, case, I agree. My issue sounds very similar to having multiple trunks to the same provider in a way, but I have different external IPs for RTP and such instead. </div>
<div><div>
<div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div text="#000000" bgcolor="#FFFFFF">
Paul<div><div><br>
<br>
<div>On 14-07-22 05:28 PM, Kurtis Heimerl
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">I can't do that unfortunately. Our providers are
hitting the generic SIP Port: 5060 so that's not available. Our
system behind the two NATs has only one network interface, and
as such only one available public IP. So we can't just set up a
new profile. I can probably hack around this in another way
(port forwarding through one of the NATs to allow a second
profile on the same IP) but that's pretty ugly and unsustainable
going forward. I'd much prefer to simply set the expected
external IP in the outbound dialplan for each provider. </div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Tue, Jul 22, 2014 at 5:07 PM,
Russell Treleaven <span dir="ltr"><<a href="mailto:rtreleaven@bunnykick.ca" target="_blank">rtreleaven@bunnykick.ca</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>Either give them separate ip addresses or separate
ports.
<div>
<div><br>
<br>
<div>Sent from my BlackBerry® PlayBook™<br>
<a href="http://www.blackberry.com" target="_blank">www.blackberry.com</a></div>
<br>
<hr></div>
<div>
<div><strong>From:</strong> "Kurtis Heimerl"
<<a href="mailto:kheimerl@cs.berkeley.edu" target="_blank">kheimerl@cs.berkeley.edu</a>><br>
<strong>To:</strong> "FreeSWITCH Users Help" <<a href="mailto:freeswitch-users@lists.freeswitch.org" target="_blank">freeswitch-users@lists.freeswitch.org</a>><br>
</div>
<strong>Sent:</strong> 22 July, 2014 8:04 PM<br>
<strong>Subject:</strong> Re: [Freeswitch-users]
MultiNAT<br>
</div>
<div>
<div><br>
<div dir="ltr">They all have to sit on the same
internal IP and Port, so I don't think I can. </div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Tue, Jul 22, 2014 at
4:57 PM, Russell Treleaven <span dir="ltr"><<a href="mailto:rtreleaven@bunnykick.ca" target="_blank">rtreleaven@bunnykick.ca</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>Hi Kurtis,
<div><br>
</div>
<div>Why not make a separate profile for
each provider?<br>
<br>
<div>Sent from my BlackBerry® PlayBook™<br>
<a href="http://www.blackberry.com" target="_blank">www.blackberry.com</a></div>
<br>
<hr>
<div><strong>From:</strong> "Kurtis
Heimerl" <<a href="mailto:kheimerl@cs.berkeley.edu" target="_blank">kheimerl@cs.berkeley.edu</a>><br>
<strong>To:</strong> "FreeSWITCH Users
Help" <<a href="mailto:freeswitch-users@lists.freeswitch.org" target="_blank">freeswitch-users@lists.freeswitch.org</a>><br>
<strong>Sent:</strong> 22 July, 2014
7:14 PM<br>
<strong>Subject:</strong>
[Freeswitch-users] MultiNAT<br>
</div>
<div>
<div><br>
<div dir="ltr">Hey Users,
<div><br>
</div>
<div>I have an interesting NAT
setup. I'm running FS on the
inside of our network as a
router/proxy between some SIP
phones and DID providers. However,
each DID provider is behind a
*different* NAT (a property of our
VPN setups for them). </div>
<div><br>
</div>
<div>For instance: DID1 is at IP
192.168.1.1 and DID2 is at
10.0.0.1. </div>
<div><br>
</div>
<div>I have calls working for each
of them when I set the following
in my external profile:</div>
<div><br>
</div>
<div>
<div><param name="ext-rtp-ip"
value="10.0.0.2"/></div>
<div><param name="ext-sip-ip"
value="10.0.0.2"/></div>
</div>
<div><br>
</div>
<div>However, I need to dynamically
route between *both* of them. I
need a mechanism for setting
ext-rtp-ip and ext-sip-ip in the
dialplan itself! </div>
<div><br>
</div>
<div>Is there a set way to do this? </div>
<div><br>
</div>
<div>Thanks!</div>
</div>
</div>
</div>
</div>
</div>
<br>
_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel
Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</div>
</div>
<br>
_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a>
Official FreeSWITCH Sites
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a>
FreeSWITCH-users mailing list
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a>
</pre>
</blockquote>
<br>
</div></div></div>
<br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div></div></div><br></div></div>
<br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div></div></div>-- <br><div dir="ltr">
<p><font face="courier new, monospace"><b><i><font size="4">Brian West</font></i></b><br><span style="font-size:x-small"><a href="mailto:brian@freeswitch.org" target="_blank">brian@freeswitch.org</a></span></font></p>
<p><font size="1" face="courier new, monospace"><img src="http://bkw.org/whmcslogo.png"><br></font></p><p><font face="courier new, monospace"><b><i>Twitter: @FreeSWITCH , @briankwest</i></b><br><a href="http://www.freeswitchbook.com" target="_blank">http://www.freeswitchbook.com</a><br>
<a href="http://www.freeswitchcookbook.com" target="_blank">http://www.freeswitchcookbook.com</a></font></p>
<p><font face="courier new, monospace"><b>T:</b><a href="tel:%2B19184209001" value="+19184209001" target="_blank">+19184209001</a> | <b>F:</b><a href="tel:%2B19184209002" value="+19184209002" target="_blank">+19184209002</a> | <b>M:</b>+1918424WEST (9378)<br>
<b>iNUM:</b><a href="tel:%2B883%205100%201420%209001" value="+883510014209001" target="_blank">+883 5100 1420 9001</a> | <b>ISN:</b>410*543 | <b>Skype:</b>briankwest</font></p></div>
</div>
<br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div><br></div>