[Freeswitch-users] docker / NAT troubles..

Nathan Neulinger nneul at mst.edu
Wed Apr 6 22:22:16 MSD 2016 

As long as you don't have yet another layer of external access required - the original suggestion I think is probably 
right - you need to make a new set of ACLs for the freeswitch nat acl that do not include the 192.x.x.x network. Then 
that net will be interpreted as external.

-- Nathan

On 04/06/2016 01:13 PM, Oz Mortimer wrote:
> The clients are on the 192. Network.
> The network internal to freeswitch is 17.
> Docker assigns the 17. Ips to the container (which fs is running on).
>
> The signalling is fine, but the sdp needs to show the 192.168.1.168 address as its currently showing the internal
> network (even though ext-rtp-Ip is set and confirmed).
>
> 192.168.1.168 is a bridged network interface.
>
> 192.168.1.something -> 192.168.1.168 (docker vm)->172.17.0.5(docker container)
>
> The docker container has the rtp ports "exposed" (in the same way as it does for the signalling port).
>
> I actually didn't like docker when I first looked at it, but it actually quite nice for development (bar this issue)
> Thanks
> Oz
>
> On 6 Apr 2016, at 19:00, Michael Jerris <mike at jerris.com <mailto:mike at jerris.com>> wrote:
>
>> And your clients are attaching from what network?  Also if your description is correct, then you have internal and
>> external addresses backwards.  Does it actually nat those addresses or is it routed?
>>
>>
>>> On Apr 6, 2016, at 1:49 PM, Oz Mortimer <omortimer at gmail.com <mailto:omortimer at gmail.com>> wrote:
>>>
>>> I know! I've never come across it! It's what I seem to have to do when using a docker container - unless someone
>>> knows different?
>>> Docker uses a vm, which is on the network 192.168.. But the container has an IP of 172.17..
>>> I'm no docker expert and in an ideal world the container should have a 192.168.. Address, but I can't find a way to
>>> make that happen.
>>> Maybe I'm asking in the wrong mailing list - could be a question for docker. Either way, I'd like to figure out what
>>> I'm doing wrong!
>>> Nb. This is no way going to be a production setup - it's a development setup.
>>>
>>> I "think" I understand what I need to do..
>>> Thanks
>>> Oz
>>> On 6 Apr 2016, at 18:39, Michael Jerris <mike at jerris.com <mailto:mike at jerris.com>> wrote:
>>>
>>>> The default acl's treat all rfc1918 addresses as internal.  you'll need to make one that treats your external
>>>> addresses as external even tho they are rfc1918.  Why are you natting from one private address to another?  Its a
>>>> very strange implementation
>>>>
>>>>
>>>>> On Apr 6, 2016, at 1:31 PM, Oz Mortimer <omortimer at gmail.com <mailto:omortimer at gmail.com>> wrote:
>>>>>
>>>>> Hi,
>>>>> Thanks for the reply - I wish I understood it - but I don’t ;)
>>>>> Yes, the natting is between one rfc1918 address space to another.
>>>>>
>>>>> Based on your reply I tried
>>>>>
>>>>> <param name="apply-nat-acl" value="damnnat”/>
>>>>>
>>>>> where acl.conf.xml has
>>>>>
>>>>>  <list name="damnnat" default="allow">
>>>>>       <node type="allow" cidr="192.168.1.0/24"/>
>>>>>       <node type="allow" cidr="172.17.0.0/24"/>
>>>>>     </list>
>>>>>
>>>>> To no avail!. can you give me a pointer to what I need to change and where?
>>>>>
>>>>> Thanks
>>>>> Oz.
>>>>>
>>>>>> On 6 Apr 2016, at 17:58, Michael Jerris <mike at jerris.com <mailto:mike at jerris.com>> wrote:
>>>>>>
>>>>>> you are natting from one rfc1918 address space to another?  If so, all the default nat acl's will be wrong, and
>>>>>> you will have to make your own acl's that match your network environment.
>>>>>>
>>>>>>> On Apr 6, 2016, at 12:48 PM, Oz Mortimer <omortimer at gmail.com <mailto:omortimer at gmail.com>> wrote:
>>>>>>>
>>>>>>> HI,
>>>>>>>
>>>>>>> I’m trying to get FS running in Docker, which largely was pain free (i know, i know, VMs, etc), but I can’t get
>>>>>>> my head around what is going on with RTP. Ive set ext-rtp-ip and it seems to be taking affect:
>>>>>>>
>>>>>>> freeswitch at 7ad22635059e> sofia status profile internal
>>>>>>> =================================================================================================
>>>>>>> Name internal
>>>>>>> Domain Name N/A
>>>>>>> Auto-NAT false
>>>>>>> DBName sofia_reg_internal
>>>>>>> Pres Hosts 172.17.0.5,172.17.0.5
>>>>>>> Dialplan XML
>>>>>>> Context trusted
>>>>>>> Challenge Realm auto_from
>>>>>>> RTP-IP 172.17.0.5
>>>>>>> Ext-RTP-IP 192.168.1.168
>>>>>>> SIP-IP 172.17.0.5
>>>>>>> Ext-SIP-IP 192.168.1.168
>>>>>>> URL sip:mod_sofia at 192.168.1.168:5060
>>>>>>> BIND-URL sip:mod_sofia at 192.168.1.168:5060;maddr=172.17.0.5;transport=udp,tcp
>>>>>>> HOLD-MUSIC local_stream://moh
>>>>>>> OUTBOUND-PROXY N/A
>>>>>>> CODECS IN G729,PCMU,PCMA
>>>>>>> CODECS OUT G729,PCMU,PCMA
>>>>>>> TEL-EVENT 101
>>>>>>> DTMF-MODE none
>>>>>>> CNG 13
>>>>>>> SESSION-TO 0
>>>>>>> MAX-DIALOG 0
>>>>>>> NOMEDIA false
>>>>>>> LATE-NEG true
>>>>>>> PROXY-MEDIA false
>>>>>>> ZRTP-PASSTHRU true
>>>>>>> AGGRESSIVENAT false
>>>>>>> CALLS-IN 2
>>>>>>> FAILED-CALLS-IN 2
>>>>>>> CALLS-OUT 0
>>>>>>> FAILED-CALLS-OUT 0
>>>>>>> REGISTRATIONS 0
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> but when a call is placed i seems to be incorrect in the SDP
>>>>>>>
>>>>>>> 2016-04-06 16:29:49.011107 [DEBUG] mod_sofia.c:2353 Ring SDP:
>>>>>>> v=0
>>>>>>> o=FreeSWITCH 1459942605 1459942606 IN IP4 172.17.0.5
>>>>>>> s=FreeSWITCH
>>>>>>> c=IN IP4 172.17.0.5
>>>>>>> t=0 0
>>>>>>> m=audio 17584 RTP/AVP 8 101
>>>>>>> a=rtpmap:8 PCMA/8000
>>>>>>> a=rtpmap:101 telephone-event/8000
>>>>>>> a=fmtp:101 0-16
>>>>>>> a=ptime:20
>>>>>>> a=sendrecv
>>>>>>>
>>>>>>> Shouldn’t the SDP reflect the Ext-RTP-IP ?
>>>>>>>
>>>>>>> Im sure i’ve missed some sort of config setting or have gone snow blind!.
>>>>>>> fs version is FreeSWITCH (Version 1.6.7 -14-d38d065 64bit)
>>>>>>>
>>>>>>> Any ideas will be greatly received.
>>>>>>> Thanks
>>>>>>> Oz.
>>>>>>> _________________________________________________________________________
>>>>>>> Professional FreeSWITCH Consulting Services:
>>>>>>> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
>>>>>>> http://www.freeswitchsolutions.com <http://www.freeswitchsolutions.com/>
>>>>>>>
>>>>>>> Official FreeSWITCH Sites
>>>>>>> http://www.freeswitch.org <http://www.freeswitch.org/>
>>>>>>> http://confluence.freeswitch.org <http://confluence.freeswitch.org/>
>>>>>>> http://www.cluecon.com <http://www.cluecon.com/>
>>>>>>>
>>>>>>> FreeSWITCH-users mailing list
>>>>>>> FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
>>>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>>>> <http://lists.freeswitch.org/mailman/options/freeswitch-users>
>>>>>>> http://www.freeswitch.org <http://www.freeswitch.org/>
>>>>>>
>>>>>> _________________________________________________________________________
>>>>>> Professional FreeSWITCH Consulting Services:
>>>>>> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
>>>>>> http://www.freeswitchsolutions.com <http://www.freeswitchsolutions.com/>
>>>>>>
>>>>>> Official FreeSWITCH Sites
>>>>>> http://www.freeswitch.org <http://www.freeswitch.org/>
>>>>>> http://confluence.freeswitch.org <http://confluence.freeswitch.org/>
>>>>>> http://www.cluecon.com <http://www.cluecon.com/>
>>>>>>
>>>>>> FreeSWITCH-users mailing list
>>>>>> FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
>>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>>> <http://lists.freeswitch.org/mailman/options/freeswitch-users>
>>>>>> http://www.freeswitch.org <http://www.freeswitch.org/>
>>>>>
>>>>> _________________________________________________________________________
>>>>> Professional FreeSWITCH Consulting Services:
>>>>> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
>>>>> http://www.freeswitchsolutions.com <http://www.freeswitchsolutions.com/>
>>>>>
>>>>> Official FreeSWITCH Sites
>>>>> http://www.freeswitch.org <http://www.freeswitch.org/>
>>>>> http://confluence.freeswitch.org <http://confluence.freeswitch.org/>
>>>>> http://www.cluecon.com <http://www.cluecon.com/>
>>>>>
>>>>> FreeSWITCH-users mailing list
>>>>> FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>> <http://lists.freeswitch.org/mailman/options/freeswitch-users>
>>>>> http://www.freeswitch.org <http://www.freeswitch.org/>
>>>>
>>>> _________________________________________________________________________
>>>> Professional FreeSWITCH Consulting Services:
>>>> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
>>>> http://www.freeswitchsolutions.com <http://www.freeswitchsolutions.com/>
>>>>
>>>> Official FreeSWITCH Sites
>>>> http://www.freeswitch.org <http://www.freeswitch.org/>
>>>> http://confluence.freeswitch.org <http://confluence.freeswitch.org/>
>>>> http://www.cluecon.com <http://www.cluecon.com/>
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>> <http://lists.freeswitch.org/mailman/options/freeswitch-users>
>>>> http://www.freeswitch.org <http://www.freeswitch.org/>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
>>> http://www.freeswitchsolutions.com
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://confluence.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> <http://lists.freeswitch.org/mailman/options/freeswitch-users>
>>> http://www.freeswitch.org
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> <http://lists.freeswitch.org/mailman/options/freeswitch-users>
>> http://www.freeswitch.org
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>

-- 
------------------------------------------------------------
Nathan Neulinger                       nneul at mst.edu
Missouri S&T Information Technology    (573) 612-1412
System Administrator - Architect

Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list