[Freeswitch-users] AutoNAT - Local Networks not excluded

Anthony Minessale anthony.minessale at gmail.com
Fri Jul 27 19:51:09 MSD 2012


for more complex networks make your own acl in acl.conf.xml
and use it in place of localnet.auto in your sofia profile config.


On Fri, Jul 27, 2012 at 9:49 AM, Phil Quesinberry
<philq at qsystemsengineering.com> wrote:
> With that in mind - in my working configuration with phones both on the
> local LAN with FS as well as remote natted networks, I have:
>
> ./sip_profiles/internal.xml:    <param name="apply-nat-acl"
> value="nat.auto"/>    (All extensions are registered to the internal
> profile)
>
> In most cases, it was necessary to have FS rewrite the contact IP and port
> for remote extensions.
>
> - Phil
>
> I found someone talking about similar problems. I read that
>
> "... some lines of code in sofia_reg.c
>
>          if (is_nat && profile->local_network &&
>
> switch_check_network_list_ip(network_ip, profile->local_network)) {
>
>                  if (profile->debug) {
>
>                          switch_log_printf(SWITCH_CHANNEL_LOG,
>
> SWITCH_LOG_DEBUG, "IP %s is on local network, not seting NAT mode.\n",
>
> network_ip);
>
>                  }
>
>                  is_nat = NULL;
>
>          }
>
> "
>
> So I think there is the possibility to set which are local networks.
>
> Also I found in my sip_profiles for nat-mode contain (as it should be) the
> ext-
>
> IP declaration:
>
>       <param name="ext-sip-ip" value="auto-nat"/>
>
>       <param name="ext-rtp-ip" value="auto-nat"/>
>
> but not the line
>
> <param name="apply-nat-acl" value="rfc1918"/>
>
> May be this line solve my problem.
>
> I'll try as soon as possible, but all my FS servers ara actually in
> production
>
> environments :(
>
> If someone has the chance to test it successfully, please report it.
>
> g
>
> _____________________________________________
> From: Phil Quesinberry
> Sent: Friday, July 27, 2012 10:31 AM
>
> To: 'freeswitch-users at lists.freeswitch.org'
> Subject: RE: re: AutoNAT - Local Networks not excluded
>
> One other thing comes to mind.  A lot of routers (especially SOHO routers)
> have ALG functionality that can break the SIP signaling, even when the ALG
> functionality is supposedly turned off.  You can usually get around this by
> changing the SIP port to something other than 5060.  If the phones connect
> via TLS (usually on port 5061) then this shouldn’t be a problem, as they
> can’t mess with the encrypted traffic.
>
> - Phil
>
> _____________________________________________
> From: Phil Quesinberry
>
> Sent: Friday, July 27, 2012 10:24 AM
> To: 'freeswitch-users at lists.freeswitch.org'
> Subject: RE: re: AutoNAT - Local Networks not excluded
>
> G,
>
> Are you registering your phones to the internal sip profile?  Do you have
> anything like aggressive NAT detection enabled for that profile?  For the
> extensions, are you rewriting the contact IP/port (is
> NDLB-connectile-dysfuncion or NDLB-tls-connectile-dysfunction specified for
> sip-force-contact)?
>
> Do a ‘show registrations’ from the fs_cli as well as a ‘sofia status profile
> internal reg’ and post the results here (you may want to partially obscure
> any external IP addresses shown before posting) to give us more of an idea
> of what’s going on.
>
> - Phil
>
> _____________________________________________
> From: Phil Quesinberry
>
> Sent: Tuesday, July 24, 2012 3:19 PM
> To: 'freeswitch-users at lists.freeswitch.org'
> Subject: re: AutoNAT - Local Networks not excluded
>
> Set rtp-ip and sip-ip to your internal IP address.  I believe that you
> should also be able to set it to:  $${local_ip_v4}  or  $${bind_server_ip}
> as well.
>
> - Phil
>
> ----------
>
> VirteX g.d.monnezza at tiscali.it
> Tue Jul 24 16:12:08 MSD 2012
>
> Hi guys. I appreciate so much the Auto-NAT for uPnP capable firewalls. But
>
> I'm experiencing an issue.
>
> I have a FreeSwitch server behind a NAT, but I can't find a way to avoid
>
> FreeSwitch using external IP (for SIP and RTP) for local networks (i.e.
>
> 192.168.0.0/16).
>
> In my sip profiles for various interfaces I have NOT set the .
>
> Anyway, the sofia status for all interfaces shows the EXT-RTP-IP and
>
> EXT-SIP-IP set (with my public gateway IP). That's ok, even if I didn'
>
> declard it with
>
> My SIP phones register from a network different from the server one, but
>
> still a local network. Then, SIP phones receive (from the server) the rtp
>
> and sip signalling with its external IP. This prevent any communication.
>
> How it is possible to tell FreeSwitch to NOT use ext IP for particular
>
> networks?
>
> Thanks to anyone who will point me in the right direction.
>
> g
>
> --
>
> View this message in context:
> http://old.nabble.com/AutoNAT---Local-Networks-not-excluded-tp34201844p34201844.html
>
> Sent from the Freeswitch-users mailing list archive at Nabble.com.
>
>
> Phil Quesinberry
>
> Q Systems Engineering, Inc.
>
> Electronic Controls and Embedded Systems Development
>
> (410) 969-8002
>
> http://www.qsystemsengineering.com
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> Join Us At ClueCon - Aug 7-9, 2012
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>



-- 
Anthony Minessale II

FreeSWITCH http://www.freeswitch.org/
ClueCon http://www.cluecon.com/
Twitter: http://twitter.com/FreeSWITCH_wire

AIM: anthm
MSN:anthony_minessale at hotmail.com
GTALK/JABBER/PAYPAL:anthony.minessale at gmail.com
IRC: irc.freenode.net #freeswitch

FreeSWITCH Developer Conference
sip:888 at conference.freeswitch.org
googletalk:conf+888 at conference.freeswitch.org
pstn:+19193869900



Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list