[Freeswitch-users] MultiNAT
William King
william.king at quentustech.com
Thu Jul 24 04:35:04 MSD 2014
I'd be curious if having two profiles(each with their own external ip
configurations) would be the best way to handle this. Then you can in
your dialplan choose which profile to send the calls out, and the NAT
would still be handled properly for that route.
William King
Senior Engineer
Quentus Technologies, INC
1037 NE 65th St Suite 273
Seattle, WA 98115
Main: (877) 211-9337
Office: (206) 388-4772
Cell: (253) 686-5518
william.king at quentustech.com
On 07/23/2014 04:43 PM, Kurtis Heimerl wrote:
> If the answer is no, the answer is no. I *think* I may be able to port
> forward 5060->5090 or something in the VPN NAT to enable a new profile,
> but I'm concerned about the reverse direction. Either way, it's not a
> scalable solution, so I'd prefer to set the return ips in the dialplan
> if able.
>
>
> On Wed, Jul 23, 2014 at 4:29 PM, Brian West <brian at freeswitch.org
> <mailto:brian at freeswitch.org>> wrote:
>
> This scenario is going to be a hard one to solve due to that... let
> me think about it.
>
>
> On Wed, Jul 23, 2014 at 2:40 PM, Kurtis Heimerl
> <kheimerl at cs.berkeley.edu <mailto:kheimerl at cs.berkeley.edu>> wrote:
>
> Hrm, this is more complicated to explain than I anticipated.
>
> Basically, this is the fault of VPNs. We have one machine in our
> data center that is running a VPN connecting (X.Y.*.*) to
> carrier 1. That box is one-to-one NATing all communciations to
> our (FS) VoIP server on the local subnet (192,168.*.*). So
> that's NAT 1.
>
> The second NAT is for the actual public access from our VoIP
> box. This has a public IP outside the firewall (A.B.*.*) and
> NATs again to the VoIP server on the local subnet (192.168.*.*)
>
> So, this one machine (192.168.*.*) is actually behind two
> separate NATs at the moment. It has some rules in the IP tables
> to route X.Y traffic to the VPN box, and otherwise route to the
> broader internet. The existing way to deal with a NAT in FS is
> the ext-rtp/sip-ip field in the profile, but that no longer
> works when we have to dynamically set these fields depending on
> which NAT they are going through.
>
> Does that make sense? Even if not, here's the problem: I want to
> set ext-rtp/sip-ip dynamically in the dialplan. Is that possible?
>
>
> On Wed, Jul 23, 2014 at 5:40 AM, Brian West
> <brian at freeswitch.org <mailto:brian at freeswitch.org>> wrote:
>
> I'm guessing both networks are behind the same nat and
> routed? Or is it two different nat'ed networks behind the
> same public IP? If its just two standard networks thats
> fully routed and no nat between the 192.x and the 10.x space
> then just set your local-network-acl to rfc1918.auto.
>
>
> On Wed, Jul 23, 2014 at 12:52 AM, Kurtis Heimerl
> <kheimerl at cs.berkeley.edu <mailto:kheimerl at cs.berkeley.edu>>
> wrote:
>
> Comments in line:
>
>
> On Tue, Jul 22, 2014 at 9:22 PM, Pasha
> <pasha at prosperity4ever.com
> <mailto:pasha at prosperity4ever.com>> wrote:
>
> The problem with that though (if I understand your
> scenario correctly) is that even if there was a way
> to set external IP in freeswitch in the dial plan
> you say that you only have 1 external IP to deal
> with anyway, so what would you set your second IP to
> for routing to work properly?
>
> There's only one actual IP on the box, but it's behind
> *two* different NATs. Setting the ext-rtp/sip-ip to the
> appropriate NAT IP works for both connections, but I
> need to make that dynamic.
>
>
> In my mind what might work for you is if you create
> an alias to your single network controller with the
> second IP that you need, then if you have access to
> the firewall perform NAT so that if connection comes
> in from external IP of vendor #1 on 5060 you forward
> that to 5060 on internal IP 1 of your fresswitch
> box. If call comes in on external IP of vendor #2 on
> 5060 you forward to port 5060 of your internal IP #2
> (alias on freeswitch box)... that's for incoming...
>
>
> I'm not sure I understand this. Does a FS alias allow me
> to have multiple IPs on the same box somehow?
>
>
> I apologize if I didn't fully understand your
> scenario. I'm not even sure why you're having a
> conflict in this case because your providers are
> different, the only time you have an issue with
> single external IP is if you're trying to setup a
> second trunk to the same provider (most of them
> won't allow more than on trunk on a single IP).
>
>
> It's a relatively simple, but apparently uncommon, case,
> I agree. My issue sounds very similar to having multiple
> trunks to the same provider in a way, but I have
> different external IPs for RTP and such instead.
>
>
> Paul
>
>
> On 14-07-22 05:28 PM, Kurtis Heimerl wrote:
>> I can't do that unfortunately. Our providers are
>> hitting the generic SIP Port: 5060 so that's not
>> available. Our system behind the two NATs has only
>> one network interface, and as such only one
>> available public IP. So we can't just set up a new
>> profile. I can probably hack around this in
>> another way (port forwarding through one of the
>> NATs to allow a second profile on the same IP) but
>> that's pretty ugly and unsustainable going
>> forward. I'd much prefer to simply set the
>> expected external IP in the outbound dialplan for
>> each provider.
>>
>>
>> On Tue, Jul 22, 2014 at 5:07 PM, Russell Treleaven
>> <rtreleaven at bunnykick.ca
>> <mailto:rtreleaven at bunnykick.ca>> wrote:
>>
>> Either give them separate ip addresses or
>> separate ports.
>>
>>
>> Sent from my BlackBerry® PlayBook™
>> www.blackberry.com <http://www.blackberry.com>
>>
>> ------------------------------------------------------------------------
>> *From:* "Kurtis Heimerl"
>> <kheimerl at cs.berkeley.edu
>> <mailto:kheimerl at cs.berkeley.edu>>
>> *To:* "FreeSWITCH Users Help"
>> <freeswitch-users at lists.freeswitch.org
>> <mailto:freeswitch-users at lists.freeswitch.org>>
>> *Sent:* 22 July, 2014 8:04 PM
>> *Subject:* Re: [Freeswitch-users] MultiNAT
>>
>> They all have to sit on the same internal IP
>> and Port, so I don't think I can.
>>
>>
>> On Tue, Jul 22, 2014 at 4:57 PM, Russell
>> Treleaven <rtreleaven at bunnykick.ca
>> <mailto:rtreleaven at bunnykick.ca>> wrote:
>>
>> Hi Kurtis,
>>
>> Why not make a separate profile for each
>> provider?
>>
>> Sent from my BlackBerry® PlayBook™
>> www.blackberry.com <http://www.blackberry.com>
>>
>> ------------------------------------------------------------------------
>> *From:* "Kurtis Heimerl"
>> <kheimerl at cs.berkeley.edu
>> <mailto:kheimerl at cs.berkeley.edu>>
>> *To:* "FreeSWITCH Users Help"
>> <freeswitch-users at lists.freeswitch.org
>> <mailto:freeswitch-users at lists.freeswitch.org>>
>> *Sent:* 22 July, 2014 7:14 PM
>> *Subject:* [Freeswitch-users] MultiNAT
>>
>> Hey Users,
>>
>> I have an interesting NAT setup. I'm
>> running FS on the inside of our network as
>> a router/proxy between some SIP phones and
>> DID providers. However, each DID provider
>> is behind a *different* NAT (a property of
>> our VPN setups for them).
>>
>> For instance: DID1 is at IP 192.168.1.1
>> and DID2 is at 10.0.0.1.
>>
>> I have calls working for each of them when
>> I set the following in my external profile:
>>
>> <param name="ext-rtp-ip" value="10.0.0.2"/>
>> <param name="ext-sip-ip" value="10.0.0.2"/>
>>
>> However, I need to dynamically route
>> between *both* of them. I need a mechanism
>> for setting ext-rtp-ip and ext-sip-ip in
>> the dialplan itself!
>>
>> Is there a set way to do this?
>>
>> Thanks!
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> <mailto:consulting at freeswitch.org>
>> http://www.freeswitchsolutions.com
>>
>> FreeSWITCH-powered IP PBX: The CudaTel
>> Communication Server
>>
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> <mailto:FreeSWITCH-users at lists.freeswitch.org>
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> <mailto:consulting at freeswitch.org>
>> http://www.freeswitchsolutions.com
>>
>> FreeSWITCH-powered IP PBX: The CudaTel
>> Communication Server
>>
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> <mailto:FreeSWITCH-users at lists.freeswitch.org>
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
>> http://www.freeswitchsolutions.com
>>
>>
>>
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> <mailto:consulting at freeswitch.org>
> http://www.freeswitchsolutions.com
>
> FreeSWITCH-powered IP PBX: The CudaTel Communication
> Server
>
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> <mailto:FreeSWITCH-users at lists.freeswitch.org>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
> http://www.freeswitchsolutions.com
>
>
>
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> <mailto:FreeSWITCH-users at lists.freeswitch.org>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
>
>
> --
>
> */Brian West/*
> brian at freeswitch.org <mailto:brian at freeswitch.org>
>
>
> */Twitter: @FreeSWITCH , @briankwest/*
> http://www.freeswitchbook.com
> http://www.freeswitchcookbook.com
>
> *T:*+19184209001 <tel:%2B19184209001> | *F:*+19184209002
> <tel:%2B19184209002> | *M:*+1918424WEST (9378)
> *iNUM:*+883 5100 1420 9001 <tel:%2B883%205100%201420%209001>
> | *ISN:*410*543 | *Skype:*briankwest
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
> http://www.freeswitchsolutions.com
>
>
>
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> <mailto:FreeSWITCH-users at lists.freeswitch.org>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
> http://www.freeswitchsolutions.com
>
>
>
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> <mailto:FreeSWITCH-users at lists.freeswitch.org>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
>
>
> --
>
> */Brian West/*
> brian at freeswitch.org <mailto:brian at freeswitch.org>
>
>
> */Twitter: @FreeSWITCH , @briankwest/*
> http://www.freeswitchbook.com
> http://www.freeswitchcookbook.com
>
> *T:*+19184209001 <tel:%2B19184209001> | *F:*+19184209002
> <tel:%2B19184209002> | *M:*+1918424WEST (9378)
> *iNUM:*+883 5100 1420 9001 <tel:%2B883%205100%201420%209001>
> | *ISN:*410*543 | *Skype:*briankwest
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
> http://www.freeswitchsolutions.com
>
>
>
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> <mailto:FreeSWITCH-users at lists.freeswitch.org>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
>
>
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x1DD0C305.asc
Type: application/pgp-keys
Size: 30859 bytes
Desc: not available
Url : http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20140723/2c260b44/attachment-0001.bin
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list