[Freeswitch-users] OpenWRT Router changes public IP to it's private IP

Sat Aug 10 04:56:23 MSD 2013

Hi Brian,

Typically what happens is your external source sends the packet to your 
external IP (which is the WAN ip of the openWRT router), the router 
receives it, and if there are NAT rules defined, it will rewrite the 
source (in the DNAT case) to the internal IP of your FS (or webserver, 
etc), you can have it do it based on port it comes in on, ip it comes 
from, etc. It also should do the same on the way out of your network so 
that the 2 devices can have a bi-directional communication.

If your SIP packets on FS are coming with the source as 10.0.0.1 (your 
router's internal interface) it sounds to me like your NAT isn't 
configured right. Double check all of your NAT re-write rules.

I did this over an openVPN setup (haven't done it from WAN -> LAN on 
openWRT, but in the openWRT example I remember it being quite simple, 
you didn't have to write all the rules manually, you just had to enable 
masquerading on the proper zones and it took care of NAT.

I think you would have to write it manually in your case because it 
sounds like you're looking to route different traffic coming in to the 
same IP to different internal systems depending on what port they come 
in on.

Try something along the lines 
of: https://forum.openwrt.org/viewtopic.php?id=35106

Not sure if I'm helping or confusing you more :)

Paul

On Thu, 8 Aug, 2013 at 3:11 PM, Brian Foster <bdfoster at davri.com> wrote:
> Like DNAT vs SNAT? Forwarding rules are set to DNAT in luci if that 
> is what you are referring to.
> 
> Thank you,
> 
> Brian Foster
> Project Manager/Owner's Rep.
> Davri Investments, Inc.
> O: 317-787-2686 x2102
> M: 317-600-9753
> E: bdfoster at davri.com
> Indianapolis, Indiana
> 
> Sent from a mobile device.
> 
> On Aug 8, 2013 6:00 PM, "Jeff Leung" <jleung at v10networks.ca> wrote:
>> You also may want to see if OpenWRT is doing something called 
>> symmetric NAT too. That can cause STUN’s port detection technique 
>> to fail completely.
>> 
>>  
>> 
>> From: freeswitch-users-bounces at lists.freeswitch.org 
>> [mailto:freeswitch-users-bounces at lists.freeswitch.org] On Behalf Of 
>> Brian Foster
>> Sent: Thursday, August 8, 2013 2:49 PM
>> To: FreeSWITCH Users Help
>> Subject: Re: [Freeswitch-users] OpenWRT Router changes public IP to 
>> it's private IP
>> 
>>  
>> 
>> Stun is used on external profile, but I'll double check to see if 
>> they are correct.
>> 
>> Thank you,
>> 
>> Brian Foster
>> Project Manager/Owner's Rep.
>> Davri Investments, Inc.
>> O: 317-787-2686 x2102
>> M: 317-600-9753
>> E: bdfoster at davri.com
>> Indianapolis, Indiana
>> 
>> Sent from a mobile device.
>> 
>> On Aug 8, 2013 5:08 PM, "Jeff Leung" <jleung at v10networks.ca> wrote:
>> 
>> Use STUN. Ext-rtp-ip and ext-sip-ip addresses are a great way to 
>> start looking into this.
>> 
>>  
>> 
>> You can define stun servers as stun:stunserver.here.tld
>> 
>>  
>> 
>> From: freeswitch-users-bounces at lists.freeswitch.org 
>> [mailto:freeswitch-users-bounces at lists.freeswitch.org] On Behalf Of 
>> Brian Foster
>> Sent: Thursday, August 8, 2013 1:38 PM
>> To: FreeSWITCH Users Help
>> Subject: [Freeswitch-users] OpenWRT Router changes public IP to it's 
>> private IP
>> 
>>  
>> 
>> We've got an openwrt router at a site, it's private IP is 10.0.0.1. 
>> Whenever we get an inbound call on the external profile (and 
>> probably outbound calls to, haven't checked yet), it changes the 
>> contact IP to the router's private IP, so that every call we get 
>> looks like it's coming from thr router. We've had some intermittent 
>> audio problems recently and we're trying to narrow things down a 
>> bit. Is this the expected behavior for NAT?
>> 
>> Sorry might seem like a dumb question, but my job entails much more 
>> than keeping the company's server's happy and I'm starting to lose 
>> my grip and I'm definitely not experienced with NAT.
>> 
>> All of my routers in the past have given FS the public IP of the 
>> contacting server. I have web servers behind the same NAT and doing 
>> the same thing, showing the private IP of the router instead of 
>> showing the public IP of the client. So I know it's not an issue 
>> with FS. Just wanted to see if anyone has exoerienced this before. 
>> Makes it difficult to use fail2ban on my servers, as it continually 
>> jails my router.
>> 
>> Thank you,
>> 
>> Brian Foster
>> Project Manager/Owner's Rep.
>> Davri Investments, Inc.
>> O: 317-787-2686 x2102
>> M: 317-600-9753
>> E: bdfoster at davri.com
>> Indianapolis, Indiana
>> 
>> Sent from a mobile device.
>> 
>> 
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>> 
>> 
>> 
>> 
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>> 
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>> 
>> 
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>> 
>> 
>> 
>> 
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>> 
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>> 
>> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20130810/67868271/attachment-0001.html 