[Freeswitch-users] New system: sofia is on wrong IP address

Bote Man botelist at gmail.com
Tue Feb 23 21:35:37 UTC 2021


HO BOY. By “pbx system” may we assume that you mean the linux box running FreeSWITCH?

 

1) First and foremost, it appears that you (inadvertently?) have FreeSWITCH listening on a public interface since sofia status shows both an ipv4 and an ipv6 address. I strongly suggest you eliminate that before attackers attack from those interfaces. Since the FS “Vanilla” configuration files are intended to get you up and running as quickly as possible, they anticipate the most common scenario which is an internal SIP profile to service your phones (named default) and an external SIP profile (named external) that you may or may not need to listen on a different ip:port pair. 

 

I usually rename those files from external.xml to external.hold so they remain as references, but won’t be picked up by FS when it starts since they no longer have the .xml suffix.

 

2) Those two gateway definitions are picked up by an include statement at the top of one of the SIP profiles. I’ve never questioned how or why, but my gateway is included in my internal profile and it works just fine. This is why I say that you might not even need that external profile at all, but you’ll need to investigate that further.

 

3) The SIP profiles as well as all the other XML definitions depend on the “name=” tag at the top, so the filename is irrelevant to FS. The Vanilla configs name the internal profile “default” inside and from your sofia status table it appears that you’ve copied that and named it “phone” so now you have 3 SIP profiles listening, with the internal profile listening on your public IP address.

 

4) The NAT stuff can be tricky, but you probably want to look into that, as well. Here’s a starting point:

https://freeswitch.org/confluence/display/FREESWITCH/NAT+Traversal

 

I’m not sure I’ve gotten everything right in here, but my advice is to trim it down to keep it simple and then build it back to more complexity as you master each part. 

 

Hope this helps.

 

 

--- 

John Boteler 

BnC Group U.S.A. 

 

 

 

From: FreeSWITCH-users <freeswitch-users-bounces at lists.freeswitch.org> On Behalf Of Steven Schoch
Sent: Tuesday, 23 February, 2021 16:01
To: freeswitch-users <FreeSWITCH-users at lists.freeswitch.org>
Subject: [Freeswitch-users] New system: sofia is on wrong IP address

 

The last time I played with FreeSWITCH was 10 years ago, and now I'm helping a local nonprofit retire their obsolete analog phone system.

 

I have a pbx system with 2 network cards: One dedicated to the phones, plugs into a PoE switch. On that network, the pbx has a DHCP server for the phones, as well as an FTP server for the Polycom SoundPoint IP 320 phones. The IP address on that network is 192.168.3.2.

 

Since I'm setting up the system here at home, the other network card is on my Xfinity LAN, with an IP address of 10.0.0.167 (via DHCP from the Comcast modem).

 

I understand the "domain" should be fairly fixed, so I set that to my "phone" network:

 

  <X-PRE-PROCESS cmd="set" data="phone_ip_v4=192.168.3.2"/>

  <X-PRE-PROCESS cmd="set" data="domain=$${phone_ip_v4}"/>

  <X-PRE-PROCESS cmd="set" data="domain_name=eastwest"/>

 

I defined an sofia profile named "phone" with these lines:

 

    <param name="rtp-ip" value="$${phone_ip_v4}"/>

    <param name="sip-ip" value="$${phone_ip_v4}"/>

 

I also used the default "internal" profile, in case an SIP device is hooked up to the main LAN, but that's not important.

However, a "sofia status" shows this:

                     Name                 Type                                         Data                State

=================================================================================================

            external-ipv6        profile     sip:mod_sofia@[2601:647:4802:9220:c816:30ae:6a9a:d191]:5080        RUNNING (0)

              192.168.3.2           alias                                       internal             ALIASED

                 external              profile           sip:mod_sofia at 67.164.101.201:5080 <http://sip:mod_sofia@67.164.101.201:5080>             RUNNING (0)

        external::sip2sip      gateway                               sip:eastwest at sip2sip.info <mailto:sip%3Aeastwest at sip2sip.info>           REGED

      external::flowroute   gateway                 sip:6509889800 at us-west-or.sip-flowroute.com <mailto:sip%3A6509889800 at us-west-or.sip-flowroute.com>              NOREG

                    phone               profile               sip:mod_sofia at 10.0.0.167:5060 <http://sip:mod_sofia@10.0.0.167:5060>   RUNNING (0)

            internal-ipv6         profile     sip:mod_sofia@[2601:647:4802:9220:c816:30ae:6a9a:d191]:5060        RUNNING (0)

                 internal              profile           sip:mod_sofia at 67.164.101.201:5060 <http://sip:mod_sofia@67.164.101.201:5060>             RUNNING (0)

=================================================================================================

5 profiles 1 alias

 

Why does the "phone" profile have "sip:mod_sofia at 10.0.0.167:5060 <http://sip:mod_sofia@10.0.0.167:5060> ". Shouldn't that have the 192.168.3.2 address? And why isn't my phone registering?

 

-- 

Steve

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20210223/9ae7554d/attachment-0001.html>


More information about the FreeSWITCH-users mailing list