[Freeswitch-users] Wrong IP on ACK?

David Aldworth daldworth at teliax.com
Mon Nov 10 15:30:47 PST 2008


Anthony. Did you want to log in and check it out?

I can send you the files if you think it's something else.

David

On Nov 6, 2008, at 12:38 PM, Anthony Minessale wrote:

> This is svn trunk?  There is no reason this should not work.  it  
> happens all the time where this setting breaks it for people going  
> the other way when they don't want it to happen.
>
> If you can't get it working we can probably configure it for you.
>
>
>
> On Thu, Nov 6, 2008 at 11:55 AM, David Aldworth  
> <daldworth at teliax.com> wrote:
> No love. They set extern ip so the IP comes through correctly, but  
> the acl did not seem to have any affect. We are still sending to the  
> wrong port. Sip trace, acl.conf.xml and sip profile are below:
>
> U 2008/11/06 10:46:01.924795 70.88.65.1:50085 -> 70.42.223.23:5060
> SIP/2.0 100 Trying.
> Via: SIP/2.0/UDP  
> 70.42.223.23 
> ;branch=z9hG4bKU7360cS96r7Sg;received=70.42.223.23;rport=5060.
> From: "TELIAX FAX" <sip:303825XXXX at 70.42.223.23>;tag=armgX7QeNQ94N.
> To: <sip:317376XXXX at 70.88.65.1:50085>.
> Call-ID: 9e67419c-26cd-122c-0b81-e9d53e66cb70.
> CSeq: 106878444 INVITE.
> User-Agent: Asterisk PBX.
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY.
> Contact: <sip:317376XXXX at 70.88.65.1>.
> Content-Length: 0.
> .
>
> U 2008/11/06 10:46:01.931791 70.88.65.1:50085 -> 70.42.223.23:5060
> SIP/2.0 180 Ringing.
> Via: SIP/2.0/UDP  
> 70.42.223.23 
> ;branch=z9hG4bKU7360cS96r7Sg;received=70.42.223.23;rport=5060.
> From: "TELIAX FAX" <sip:303825XXXX at 70.42.223.23>;tag=armgX7QeNQ94N.
> To: <sip:317376XXXX at 70.88.65.1:50085>;tag=as78a21a0c.
> Call-ID: 9e67419c-26cd-122c-0b81-e9d53e66cb70.
> CSeq: 106878444 INVITE.
> User-Agent: Asterisk PBX.
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY.
> Contact: <sip:317376XXXX at 70.88.65.1>.
> Content-Length: 0.
> .
>
> U 2008/11/06 10:46:01.932294 70.88.65.1:50085 -> 70.42.223.23:5060
> SIP/2.0 200 OK.
> Via: SIP/2.0/UDP  
> 70.42.223.23 
> ;branch=z9hG4bKU7360cS96r7Sg;received=70.42.223.23;rport=5060.
> From: "TELIAX FAX" <sip:303825XXXX at 70.42.223.23>;tag=armgX7QeNQ94N.
> To: <sip:317376XXXX at 70.88.65.1:50085>;tag=as78a21a0c.
> Call-ID: 9e67419c-26cd-122c-0b81-e9d53e66cb70.
> CSeq: 106878444 INVITE.
> User-Agent: Asterisk PBX.
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY.
> Contact: <sip:317376XXXX at 70.88.65.1>.
> Content-Type: application/sdp.
> Content-Length: 257.
> .
> v=0.
> o=root 2901 2901 IN IP4 70.88.65.1.
> s=session.
> c=IN IP4 70.88.65.1.
> t=0 0.
> m=audio 19378 RTP/AVP 0 8 3 101.
> a=rtpmap:0 PCMU/8000.
> a=rtpmap:8 PCMA/8000.
> a=rtpmap:3 GSM/8000.
> a=rtpmap:101 telephone-event/8000.
> a=fmtp:101 0-16.
> a=silenceSupp:off - - - -.
>
> U 2008/11/06 10:46:01.932694 70.42.223.23:5060 -> 70.88.65.1:5060
> ACK sip:317376XXXX at 70.88.65.1 SIP/2.0.
> Via: SIP/2.0/UDP 70.42.223.23;rport;branch=z9hG4bKvgXZ279c41Xcc.
> Max-Forwards: 70.
> From: "TELIAX FAX" <sip:303825XXXX at 70.42.223.23>;tag=armgX7QeNQ94N.
> To: <sip:317376XXXX at 70.88.65.1:50085>;tag=as78a21a0c.
> Call-ID: 9e67419c-26cd-122c-0b81-e9d53e66cb70.
> CSeq: 106878444 ACK.
> Contact: <sip:mod_sofia at 70.42.223.23:5060>.
> Content-Length: 0.
>
>
> Here is the acl:
>
> <configuration name="acl.conf" description="Network Lists">
>   <network-lists>
>     <list name="dl-candidates" default="allow">
>       <node type="deny" cidr="10.0.0.0/8"/>
>       <node type="deny" cidr="172.16.0.0/12"/>
>       <node type="deny" cidr="192.168.0.0/16"/>
>     </list>
>     <list name="rfc1918" default="deny">
>       <node type="allow" cidr="10.0.0.0/8"/>
>       <node type="allow" cidr="172.16.0.0/12"/>
>       <node type="allow" cidr="192.168.0.0/16"/>
>     </list>
>     <list name="lan" default="allow">
>       <node type="deny" cidr="192.168.42.0/24"/>
>       <node type="allow" cidr="192.168.42.42/32"/>
>     </list>
>     <list name="strict" default="deny">
>       <node type="allow" cidr="208.102.123.124/32"/>
>     </list>
>     <list name="domains" default="deny">
>       <node type="allow" domain="$${domain}"/>
>     </list>
>     <list name="nat" default="allow">
>       <node type="allow" cidr="0.0.0.0/0"/>
>     </list>
>   </network-lists>
> </configuration>
>
>
> And here is the sip profile:
>
> <profile name="external">
>
>   <gateways>
>     <X-PRE-PROCESS cmd="include" data="external/*.xml"/>
>   </gateways>
>
>   <domains>
>     <domain name="$${domain}" parse="true"/>
>   </domains>
>
>   <settings>
>     <param name="debug" value="0"/>
>     <param name="sip-trace" value="no"/>
>     <param name="rfc2833-pt" value="101"/>
>     <param name="sip-port" value="5060"/>
>     <param name="dialplan" value="XML"/>
>     <param name="context" value="public"/>
>     <param name="dtmf-duration" value="100"/>
>     <param name="codec-prefs" value="$${outbound_codec_prefs}"/>
>     <param name="hold-music" value="$${hold_music}"/>
>     <param name="use-rtp-timer" value="true"/>
>     <param name="rtp-timer-name" value="soft"/>
>     <param name="multiple-registrations" value="true"/>
>     <param name="manage-presence" value="true"/>
>     <param name="aggressive-nat-detection" value="true"/>
>     <param name="NDLB-force-rport" value="true"/>
>     <param name="inbound-codec-negotiation" value="generous"/>
>     <param name="nonce-ttl" value="60"/>
>     <param name="auth-calls" value="true"/>
>     <param name="rtp-timeout-sec" value="1800"/>
>     <param name="rtp-ip" value="$${local_ip_v4}"/>
>     <param name="sip-ip" value="$${local_ip_v4}"/>
>     <param name="ext-rtp-ip" value="$${external_rtp_ip}"/>
>     <param name="ext-sip-ip" value="$${external_sip_ip}"/>
>     <param name="rtp-timeout-sec" value="300"/>
>     <param name="rtp-hold-timeout-sec" value="1800"/>
>     <param name="apply-nat-acl" value="nat"/>
>   </settings>
> </profile>
>
>
>
>
>
>
> On Nov 6, 2008, at 8:37 AM, Anthony Minessale wrote:
>
>> doh,
>> I keep doing that sorry.
>>
>> apply-nat-acl not apply_nat_acl
>>
>>
>>
>> On Thu, Nov 6, 2008 at 8:22 AM, David Aldworth  
>> <daldworth at teliax.com> wrote:
>> Yes. Below are settings that have been persistent through recent  
>> testing. Is there anything else we can try or should we open a jira?
>>
>>   <settings>
>>     <param name="debug" value="0"/>
>>     <param name="sip-trace" value="no"/>
>>     <param name="rfc2833-pt" value="101"/>
>>     <param name="sip-port" value="5060"/>
>>     <param name="dialplan" value="XML"/>
>>     <param name="context" value="public"/>
>>     <param name="dtmf-duration" value="100"/>
>>     <param name="codec-prefs" value="$${outbound_codec_prefs}"/>
>>     <param name="hold-music" value="$${hold_music}"/>
>>     <param name="use-rtp-timer" value="true"/>
>>     <param name="rtp-timer-name" value="soft"/>
>>     <param name="multiple-registrations" value="true"/>
>>     <param name="manage-presence" value="true"/>
>>     <param name="aggressive-nat-detection" value="true"/>
>>     <param name="NDLB-force-rport" value="true"/>
>>     <param name="inbound-codec-negotiation" value="generous"/>
>>     <param name="nonce-ttl" value="60"/>
>>     <param name="auth-calls" value="true"/>
>>     <param name="rtp-timeout-sec" value="1800"/>
>>     <param name="rtp-ip" value="$${local_ip_v4}"/>
>>     <param name="sip-ip" value="$${local_ip_v4}"/>
>>     <param name="ext-rtp-ip" value="$${external_rtp_ip}"/>
>>     <param name="ext-sip-ip" value="$${external_sip_ip}"/>
>>     <param name="rtp-timeout-sec" value="300"/>
>>     <param name="rtp-hold-timeout-sec" value="1800"/>
>>     <param name="apply_nat_acl" value="nat"/>
>>   </settings>
>>
>> On Nov 6, 2008, at 7:01 AM, Anthony Minessale wrote:
>>
>>> did you remember to add
>>> <param name="apply_nat_acl" value="nat"/>
>>> to the profile in question and restart?
>>>
>>> On Wed, Nov 5, 2008 at 10:39 PM, David Aldworth <daldworth at teliax.com 
>>> > wrote:
>>> Brian, we updated the acl to:
>>>
>>>     <list name="nat" default="allow">
>>>       <node type="allow" cidr="0.0.0.0/0"/>
>>>     </list>
>>>
>>> And the ACK is still going to the wrong (right but wrong) ip/port.
>>>
>>> Is there any way to get that ACK to go to the ip/port of the UDP  
>>> header?
>>>
>>> David
>>>
>>> On Nov 5, 2008, at 4:21 PM, Brian West wrote:
>>>
>>> > 0.0.0.0/0 should match all IP space.
>>> >
>>> > /b
>>> >
>>> > On Nov 5, 2008, at 5:16 PM, David Aldworth wrote:
>>> >
>>> >> Anthony, In hopes of matching all IP's we added a very simple:
>>> >>
>>> >>    <list name="nat" default="allow">
>>> >>    </list>
>>> >>
>>> >> To the acl.conf.xml and we added:
>>> >>
>>> >>    <param name="apply_nat_acl" value="nat"/>
>>> >>
>>> >> To the sip profile. Unfortunately there was no affect. What  
>>> would be
>>> >> the correct acl to match all IP's?
>>> >>
>>> >> David
>>> >
>>> >
>>> > _______________________________________________
>>> > Freeswitch-users mailing list
>>> > Freeswitch-users at lists.freeswitch.org
>>> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> > http://www.freeswitch.org
>>>
>>>
>>> _______________________________________________
>>> Freeswitch-users mailing list
>>> Freeswitch-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>>
>>>
>>> -- 
>>> Anthony Minessale II
>>>
>>> FreeSWITCH http://www.freeswitch.org/
>>> ClueCon http://www.cluecon.com/
>>>
>>> AIM: anthm
>>> MSN:anthony_minessale at hotmail.com
>>> GTALK/JABBER/PAYPAL:anthony.minessale at gmail.com
>>> IRC: irc.freenode.net #freeswitch
>>>
>>> FreeSWITCH Developer Conference
>>> sip:888 at conference.freeswitch.org
>>> iax:guest at conference.freeswitch.org/888
>>> googletalk:conf+888 at conference.freeswitch.org
>>> pstn:213-799-1400
>>> _______________________________________________
>>> Freeswitch-users mailing list
>>> Freeswitch-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>
>>
>> _______________________________________________
>> Freeswitch-users mailing list
>> Freeswitch-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
>>
>>
>> -- 
>> Anthony Minessale II
>>
>> FreeSWITCH http://www.freeswitch.org/
>> ClueCon http://www.cluecon.com/
>>
>> AIM: anthm
>> MSN:anthony_minessale at hotmail.com
>> GTALK/JABBER/PAYPAL:anthony.minessale at gmail.com
>> IRC: irc.freenode.net #freeswitch
>>
>> FreeSWITCH Developer Conference
>> sip:888 at conference.freeswitch.org
>> iax:guest at conference.freeswitch.org/888
>> googletalk:conf+888 at conference.freeswitch.org
>> pstn:213-799-1400
>> _______________________________________________
>> Freeswitch-users mailing list
>> Freeswitch-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>
>
> _______________________________________________
> Freeswitch-users mailing list
> Freeswitch-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
>
>
> -- 
> Anthony Minessale II
>
> FreeSWITCH http://www.freeswitch.org/
> ClueCon http://www.cluecon.com/
>
> AIM: anthm
> MSN:anthony_minessale at hotmail.com
> GTALK/JABBER/PAYPAL:anthony.minessale at gmail.com
> IRC: irc.freenode.net #freeswitch
>
> FreeSWITCH Developer Conference
> sip:888 at conference.freeswitch.org
> iax:guest at conference.freeswitch.org/888
> googletalk:conf+888 at conference.freeswitch.org
> pstn:213-799-1400
> _______________________________________________
> Freeswitch-users mailing list
> Freeswitch-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20081110/84661c71/attachment-0002.html 


More information about the FreeSWITCH-users mailing list