[Freeswitch-users] Wrong IP on ACK?

David Aldworth daldworth at teliax.com
Wed Nov 19 06:41:52 PST 2008


I'm in there.

bigdc1

On Nov 19, 2008, at 7:12 AM, Anthony Minessale wrote:

> brian is out of town today
> can you ping me on irc and send me to login credential and i can try  
> to have a look.
>
> again, you understand that we are not doing anything wrong here and  
> what I am trying to do is a hack for your sake right?
>
>
> On Wed, Nov 19, 2008 at 8:05 AM, David Aldworth  
> <daldworth at teliax.com> wrote:
> We're still having a problem with this. As you can see from the  
> below the ACK goes to the port in the Contact field of the 200 OK  
> instead of that of the UDP header, which is where their router is  
> expecting to get the call from.
>
> Help!
>
> David
>
> On Nov 6, 2008, at 10:55 AM, David Aldworth wrote:
>
>> No love. They set extern ip so the IP comes through correctly, but  
>> the acl did not seem to have any affect. We are still sending to  
>> the wrong port. Sip trace, acl.conf.xml and sip profile are below:
>>
>> U 2008/11/06 10:46:01.924795 70.88.65.1:50085 -> 70.42.223.23:5060
>> SIP/2.0 100 Trying.
>> Via: SIP/2.0/UDP  
>> 70.42.223.23 
>> ;branch=z9hG4bKU7360cS96r7Sg;received=70.42.223.23;rport=5060.
>> From: "TELIAX FAX" <sip:303825XXXX at 70.42.223.23>;tag=armgX7QeNQ94N.
>> To: <sip:317376XXXX at 70.88.65.1:50085>.
>> Call-ID: 9e67419c-26cd-122c-0b81-e9d53e66cb70.
>> CSeq: 106878444 INVITE.
>> User-Agent: Asterisk PBX.
>> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY.
>> Contact: <sip:317376XXXX at 70.88.65.1>.
>> Content-Length: 0.
>> .
>>
>> U 2008/11/06 10:46:01.931791 70.88.65.1:50085 -> 70.42.223.23:5060
>> SIP/2.0 180 Ringing.
>> Via: SIP/2.0/UDP  
>> 70.42.223.23 
>> ;branch=z9hG4bKU7360cS96r7Sg;received=70.42.223.23;rport=5060.
>> From: "TELIAX FAX" <sip:303825XXXX at 70.42.223.23>;tag=armgX7QeNQ94N.
>> To: <sip:317376XXXX at 70.88.65.1:50085>;tag=as78a21a0c.
>> Call-ID: 9e67419c-26cd-122c-0b81-e9d53e66cb70.
>> CSeq: 106878444 INVITE.
>> User-Agent: Asterisk PBX.
>> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY.
>> Contact: <sip:317376XXXX at 70.88.65.1>.
>> Content-Length: 0.
>> .
>>
>> U 2008/11/06 10:46:01.932294 70.88.65.1:50085 -> 70.42.223.23:5060
>> SIP/2.0 200 OK.
>> Via: SIP/2.0/UDP  
>> 70.42.223.23 
>> ;branch=z9hG4bKU7360cS96r7Sg;received=70.42.223.23;rport=5060.
>> From: "TELIAX FAX" <sip:303825XXXX at 70.42.223.23>;tag=armgX7QeNQ94N.
>> To: <sip:317376XXXX at 70.88.65.1:50085>;tag=as78a21a0c.
>> Call-ID: 9e67419c-26cd-122c-0b81-e9d53e66cb70.
>> CSeq: 106878444 INVITE.
>> User-Agent: Asterisk PBX.
>> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY.
>> Contact: <sip:317376XXXX at 70.88.65.1>.
>> Content-Type: application/sdp.
>> Content-Length: 257.
>> .
>> v=0.
>> o=root 2901 2901 IN IP4 70.88.65.1.
>> s=session.
>> c=IN IP4 70.88.65.1.
>> t=0 0.
>> m=audio 19378 RTP/AVP 0 8 3 101.
>> a=rtpmap:0 PCMU/8000.
>> a=rtpmap:8 PCMA/8000.
>> a=rtpmap:3 GSM/8000.
>> a=rtpmap:101 telephone-event/8000.
>> a=fmtp:101 0-16.
>> a=silenceSupp:off - - - -.
>>
>> U 2008/11/06 10:46:01.932694 70.42.223.23:5060 -> 70.88.65.1:5060
>> ACK sip:317376XXXX at 70.88.65.1 SIP/2.0.
>> Via: SIP/2.0/UDP 70.42.223.23;rport;branch=z9hG4bKvgXZ279c41Xcc.
>> Max-Forwards: 70.
>> From: "TELIAX FAX" <sip:303825XXXX at 70.42.223.23>;tag=armgX7QeNQ94N.
>> To: <sip:317376XXXX at 70.88.65.1:50085>;tag=as78a21a0c.
>> Call-ID: 9e67419c-26cd-122c-0b81-e9d53e66cb70.
>> CSeq: 106878444 ACK.
>> Contact: <sip:mod_sofia at 70.42.223.23:5060>.
>> Content-Length: 0.
>>
>>
>> Here is the acl:
>>
>> <configuration name="acl.conf" description="Network Lists">
>>   <network-lists>
>>     <list name="dl-candidates" default="allow">
>>       <node type="deny" cidr="10.0.0.0/8"/>
>>       <node type="deny" cidr="172.16.0.0/12"/>
>>       <node type="deny" cidr="192.168.0.0/16"/>
>>     </list>
>>     <list name="rfc1918" default="deny">
>>       <node type="allow" cidr="10.0.0.0/8"/>
>>       <node type="allow" cidr="172.16.0.0/12"/>
>>       <node type="allow" cidr="192.168.0.0/16"/>
>>     </list>
>>     <list name="lan" default="allow">
>>       <node type="deny" cidr="192.168.42.0/24"/>
>>       <node type="allow" cidr="192.168.42.42/32"/>
>>     </list>
>>     <list name="strict" default="deny">
>>       <node type="allow" cidr="208.102.123.124/32"/>
>>     </list>
>>     <list name="domains" default="deny">
>>       <node type="allow" domain="$${domain}"/>
>>     </list>
>>     <list name="nat" default="allow">
>>       <node type="allow" cidr="0.0.0.0/0"/>
>>     </list>
>>   </network-lists>
>> </configuration>
>>
>>
>> And here is the sip profile:
>>
>> <profile name="external">
>>
>>   <gateways>
>>     <X-PRE-PROCESS cmd="include" data="external/*.xml"/>
>>   </gateways>
>>
>>   <domains>
>>     <domain name="$${domain}" parse="true"/>
>>   </domains>
>>
>>   <settings>
>>     <param name="debug" value="0"/>
>>     <param name="sip-trace" value="no"/>
>>     <param name="rfc2833-pt" value="101"/>
>>     <param name="sip-port" value="5060"/>
>>     <param name="dialplan" value="XML"/>
>>     <param name="context" value="public"/>
>>     <param name="dtmf-duration" value="100"/>
>>     <param name="codec-prefs" value="$${outbound_codec_prefs}"/>
>>     <param name="hold-music" value="$${hold_music}"/>
>>     <param name="use-rtp-timer" value="true"/>
>>     <param name="rtp-timer-name" value="soft"/>
>>     <param name="multiple-registrations" value="true"/>
>>     <param name="manage-presence" value="true"/>
>>     <param name="aggressive-nat-detection" value="true"/>
>>     <param name="NDLB-force-rport" value="true"/>
>>     <param name="inbound-codec-negotiation" value="generous"/>
>>     <param name="nonce-ttl" value="60"/>
>>     <param name="auth-calls" value="true"/>
>>     <param name="rtp-timeout-sec" value="1800"/>
>>     <param name="rtp-ip" value="$${local_ip_v4}"/>
>>     <param name="sip-ip" value="$${local_ip_v4}"/>
>>     <param name="ext-rtp-ip" value="$${external_rtp_ip}"/>
>>     <param name="ext-sip-ip" value="$${external_sip_ip}"/>
>>     <param name="rtp-timeout-sec" value="300"/>
>>     <param name="rtp-hold-timeout-sec" value="1800"/>
>>     <param name="apply-nat-acl" value="nat"/>
>>   </settings>
>> </profile>
>>
>>
>>
>>
>>
>>
>> On Nov 6, 2008, at 8:37 AM, Anthony Minessale wrote:
>>
>>> doh,
>>> I keep doing that sorry.
>>>
>>> apply-nat-acl not apply_nat_acl
>>>
>>>
>>>
>>> On Thu, Nov 6, 2008 at 8:22 AM, David Aldworth  
>>> <daldworth at teliax.com> wrote:
>>> Yes. Below are settings that have been persistent through recent  
>>> testing. Is there anything else we can try or should we open a jira?
>>>
>>>   <settings>
>>>     <param name="debug" value="0"/>
>>>     <param name="sip-trace" value="no"/>
>>>     <param name="rfc2833-pt" value="101"/>
>>>     <param name="sip-port" value="5060"/>
>>>     <param name="dialplan" value="XML"/>
>>>     <param name="context" value="public"/>
>>>     <param name="dtmf-duration" value="100"/>
>>>     <param name="codec-prefs" value="$${outbound_codec_prefs}"/>
>>>     <param name="hold-music" value="$${hold_music}"/>
>>>     <param name="use-rtp-timer" value="true"/>
>>>     <param name="rtp-timer-name" value="soft"/>
>>>     <param name="multiple-registrations" value="true"/>
>>>     <param name="manage-presence" value="true"/>
>>>     <param name="aggressive-nat-detection" value="true"/>
>>>     <param name="NDLB-force-rport" value="true"/>
>>>     <param name="inbound-codec-negotiation" value="generous"/>
>>>     <param name="nonce-ttl" value="60"/>
>>>     <param name="auth-calls" value="true"/>
>>>     <param name="rtp-timeout-sec" value="1800"/>
>>>     <param name="rtp-ip" value="$${local_ip_v4}"/>
>>>     <param name="sip-ip" value="$${local_ip_v4}"/>
>>>     <param name="ext-rtp-ip" value="$${external_rtp_ip}"/>
>>>     <param name="ext-sip-ip" value="$${external_sip_ip}"/>
>>>     <param name="rtp-timeout-sec" value="300"/>
>>>     <param name="rtp-hold-timeout-sec" value="1800"/>
>>>     <param name="apply_nat_acl" value="nat"/>
>>>   </settings>
>>>
>>> On Nov 6, 2008, at 7:01 AM, Anthony Minessale wrote:
>>>
>>>> did you remember to add
>>>> <param name="apply_nat_acl" value="nat"/>
>>>> to the profile in question and restart?
>>>>
>>>> On Wed, Nov 5, 2008 at 10:39 PM, David Aldworth <daldworth at teliax.com 
>>>> > wrote:
>>>> Brian, we updated the acl to:
>>>>
>>>>     <list name="nat" default="allow">
>>>>       <node type="allow" cidr="0.0.0.0/0"/>
>>>>     </list>
>>>>
>>>> And the ACK is still going to the wrong (right but wrong) ip/port.
>>>>
>>>> Is there any way to get that ACK to go to the ip/port of the UDP  
>>>> header?
>>>>
>>>> David
>>>>
>>>> On Nov 5, 2008, at 4:21 PM, Brian West wrote:
>>>>
>>>> > 0.0.0.0/0 should match all IP space.
>>>> >
>>>> > /b
>>>> >
>>>> > On Nov 5, 2008, at 5:16 PM, David Aldworth wrote:
>>>> >
>>>> >> Anthony, In hopes of matching all IP's we added a very simple:
>>>> >>
>>>> >>    <list name="nat" default="allow">
>>>> >>    </list>
>>>> >>
>>>> >> To the acl.conf.xml and we added:
>>>> >>
>>>> >>    <param name="apply_nat_acl" value="nat"/>
>>>> >>
>>>> >> To the sip profile. Unfortunately there was no affect. What  
>>>> would be
>>>> >> the correct acl to match all IP's?
>>>> >>
>>>> >> David
>>>> >
>>>> >
>>>> > _______________________________________________
>>>> > Freeswitch-users mailing list
>>>> > Freeswitch-users at lists.freeswitch.org
>>>> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>> > http://www.freeswitch.org
>>>>
>>>>
>>>> _______________________________________________
>>>> Freeswitch-users mailing list
>>>> Freeswitch-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>> http://www.freeswitch.org
>>>>
>>>>
>>>>
>>>> -- 
>>>> Anthony Minessale II
>>>>
>>>> FreeSWITCH http://www.freeswitch.org/
>>>> ClueCon http://www.cluecon.com/
>>>>
>>>> AIM: anthm
>>>> MSN:anthony_minessale at hotmail.com
>>>> GTALK/JABBER/PAYPAL:anthony.minessale at gmail.com
>>>> IRC: irc.freenode.net #freeswitch
>>>>
>>>> FreeSWITCH Developer Conference
>>>> sip:888 at conference.freeswitch.org
>>>> iax:guest at conference.freeswitch.org/888
>>>> googletalk:conf+888 at conference.freeswitch.org
>>>> pstn:213-799-1400
>>>> _______________________________________________
>>>> Freeswitch-users mailing list
>>>> Freeswitch-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>> http://www.freeswitch.org
>>>
>>>
>>> _______________________________________________
>>> Freeswitch-users mailing list
>>> Freeswitch-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>>
>>>
>>>
>>> -- 
>>> Anthony Minessale II
>>>
>>> FreeSWITCH http://www.freeswitch.org/
>>> ClueCon http://www.cluecon.com/
>>>
>>> AIM: anthm
>>> MSN:anthony_minessale at hotmail.com
>>> GTALK/JABBER/PAYPAL:anthony.minessale at gmail.com
>>> IRC: irc.freenode.net #freeswitch
>>>
>>> FreeSWITCH Developer Conference
>>> sip:888 at conference.freeswitch.org
>>> iax:guest at conference.freeswitch.org/888
>>> googletalk:conf+888 at conference.freeswitch.org
>>> pstn:213-799-1400
>>> _______________________________________________
>>> Freeswitch-users mailing list
>>> Freeswitch-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>
>
>
> _______________________________________________
> Freeswitch-users mailing list
> Freeswitch-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
>
>
> -- 
> Anthony Minessale II
>
> FreeSWITCH http://www.freeswitch.org/
> ClueCon http://www.cluecon.com/
>
> AIM: anthm
> MSN:anthony_minessale at hotmail.com
> GTALK/JABBER/PAYPAL:anthony.minessale at gmail.com
> IRC: irc.freenode.net #freeswitch
>
> FreeSWITCH Developer Conference
> sip:888 at conference.freeswitch.org
> iax:guest at conference.freeswitch.org/888
> googletalk:conf+888 at conference.freeswitch.org
> pstn:213-799-1400
> _______________________________________________
> Freeswitch-users mailing list
> Freeswitch-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20081119/4e98ad3f/attachment-0002.html 


More information about the FreeSWITCH-users mailing list