[Freeswitch-users] FreeSWITCH behind NAT

Mundkowsky, Robert rmundkowsky at ets.org
Tue Jan 30 18:03:43 UTC 2018 

I am not an expert, you should get help from FS staff, but anyways, here is some info:

> 1. Do ports need to be opened on the firewall under all circumstances?
> UDP ports for RTP, for instance.

Yes. If you block the ports then nothing can get thru.  For SIP/RTP, you need the SIP port open, and you need a range of ports open for RTP. See the configuration files for the port numbers.

If you use WSS, then you need the WSS port open.


> 2. Is this always a good idea to enable in sip_profiles/internal.xml?
> <param name="nat-options-ping" value="true"/>

Maybe. Some software does not support OPTIONS messages. If it yours does then yeah use it.  See https://freeswitch.org/confluence/display/FREESWITCH/NAT+Traversal

> 3. Is it necessary/recommended to have STUN enabled in vars.xml AND
> setup the nat-options-ping?

I guess here, if you or your client are behind an asymmetric NAT then you need a STUN server. If a symmetric NAT then you need TURN server.  Keep in mind your clients might have all kinds of different situations.


> 4. my sip_profile/internal.xml has this:
> <param name="ext-rtp-ip" value="auto-nat"/> <param name="ext-sip-ip"
> value="auto-nat"/>
>
> Is this an improvement over what's  in confluence of:
> <param name="ext-rtp-ip" value="$${external_rtp_ip}"/>

Not sure, read up on it https://freeswitch.org/confluence/display/FREESWITCH/Auto+Nat


> 5. If the endpoints are configured to connect using TCP, does any of
> this change what's above?

Not sure, but my guess is no

Robert

-----Original Message-----
From: FreeSWITCH-users [mailto:freeswitch-users-bounces at lists.freeswitch.org] On Behalf Of jungle boogie
Sent: Tuesday, January 30, 2018 12:15 AM
To: FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org>
Subject: Re: [Freeswitch-users] FreeSWITCH behind NAT

Hi All,

Can anyone give me some advice? I'll update the docs, if it's needed.

Thanks!

Thus said Jungle Boogie on Sun, 28 Jan 2018 17:51:40 -0800
> Hi All,
>
> I have some questions about this page and what folks do when
> freeswitch is behind NAT:
> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffrees
> witch.org%2Fconfluence%2Fdisplay%2FFREESWITCH%2FNAT%2BTraversal&data=0
> 2%7C01%7Crmundkowsky%40ets.org%7C505306e6c453490da26708d567a0f5d5%7C0b
> a6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C636528863387947052&sdata=L91K
> SrefIPmwVZLdFSPioL6zcM7Be5MlgxPoyUOU70w%3D&reserved=0
>
> 1. Do ports need to be opened on the firewall under all circumstances?
> UDP ports for RTP, for instance.
>
> 2. Is this always a good idea to enable in sip_profiles/internal.xml?
> <param name="nat-options-ping" value="true"/>
>
>
> 3. Is it necessary/recommended to have STUN enabled in vars.xml AND
> setup the nat-options-ping?
>
>
> 4. my sip_profile/internal.xml has this:
> <param name="ext-rtp-ip" value="auto-nat"/> <param name="ext-sip-ip"
> value="auto-nat"/>
>
> Is this an improvement over what's  in confluence of:
> <param name="ext-rtp-ip" value="$${external_rtp_ip}"/>
>
> 5. If the endpoints are configured to connect using TCP, does any of
> this change what's above?
>
> thanks!





_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org
https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.freeswitchsolutions.com&data=02%7C01%7Crmundkowsky%40ets.org%7C505306e6c453490da26708d567a0f5d5%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C636528863387947052&sdata=qvvmQaISaJ37%2FHkzp8eNafIKcIfvWtYI9WYlMUb3HTs%3D&reserved=0

Official FreeSWITCH Sites
https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.freeswitch.org&data=02%7C01%7Crmundkowsky%40ets.org%7C505306e6c453490da26708d567a0f5d5%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C636528863387947052&sdata=2YGYIAS02v0lG%2ByUtZZdCkzFJCgpYU4eUeGuWfcfnfY%3D&reserved=0
https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fconfluence.freeswitch.org&data=02%7C01%7Crmundkowsky%40ets.org%7C505306e6c453490da26708d567a0f5d5%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C636528863387947052&sdata=sWhGrHsJoqBxx9p%2BQ32vxrbyrclq0QCb4llrrfs3QRo%3D&reserved=0
https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.cluecon.com&data=02%7C01%7Crmundkowsky%40ets.org%7C505306e6c453490da26708d567a0f5d5%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C636528863387947052&sdata=wQP9XZziFFiMIkvWB5zr5DwDK5F5%2BDbNJ3gtJCHhYt8%3D&reserved=0

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org
https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.freeswitch.org%2Fmailman%2Flistinfo%2Ffreeswitch-users&data=02%7C01%7Crmundkowsky%40ets.org%7C505306e6c453490da26708d567a0f5d5%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C636528863387947052&sdata=iKUQA2bDbZh4jgK4eN%2F4sJCiHrEqRXTPyPHedufrJws%3D&reserved=0
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.freeswitch.org&data=02%7C01%7Crmundkowsky%40ets.org%7C505306e6c453490da26708d567a0f5d5%7C0ba6e9b760b34fae92f37e6ddd9e9b65%7C0%7C0%7C636528863387947052&sdata=2YGYIAS02v0lG%2ByUtZZdCkzFJCgpYU4eUeGuWfcfnfY%3D&reserved=0

________________________________

This e-mail and any files transmitted with it may contain privileged or confidential information. It is solely for use by the individual for whom it is intended, even if addressed incorrectly. If you received this e-mail in error, please notify the sender; do not disclose, copy, distribute, or take any action in reliance on the contents of this information; and delete it from your system. Any other use of this e-mail is prohibited.


Thank you for your compliance.

________________________________

More information about the FreeSWITCH-users mailing list