[Freeswitch-users] Multi-homed box - strange NAT question

Jim Miller jmiller at wndswp.net
Fri Jan 29 19:06:40 UTC 2021 

Let me try this.

I have a public network interface connected to the external profile with
ip 1.1.1.1/24  (e.g. of course)  I have a private subnet attached to the
internal profile on 192.168.0.2/24.   I've got polycoms registering to
192.168.0.2 using TLS that show up as 192.168.0.1 given they are NAT'd
behind this firewall.  It seems that if the devices try to register to
.2 via an ip on the same subnet that NAT detection is not happy.  When
the clients come from something totally different it works.  Any way to
force this to work?

Jim

On 1/28/21 5:36 PM, Brian West wrote:
> Without a full understanding of your network topology it's difficult
> to say.
>
>
> On Thu, Jan 28, 2021 at 3:53 PM Jim Miller <jmiller at wndswp.net
> <mailto:jmiller at wndswp.net>> wrote:
>
>     Brian
>
>     Not sure I 100% follow.  The clients are on the same /24 as the
>     "internal" profile interface is on.  The only thing is they are
>     behind a NAT. 
>
>     What led me to this was I had a previous configuration whereby the
>     internal and external profiles were on the same interface IP. When
>     the clients connected to the internal profile via an totally
>     different public IP, but also behind a NAT it worked
>     (registrations showed fs_nat and a fs_path properly).  However,
>     for this configuration when I put the clients on a NAT that was on
>     the same subnet as the internal and external shared IP it wouldn't
>     work.  I thought maybe this was an issue with the profiles sharing
>     the same IP.  Thus I split it to the configuration I documented
>     below.  It makes me think that the NAT issue is related to the
>     fact that the profile IP is on the same subnet as the NAT.  
>
>     Jim
>
>     On 1/28/21 10:51 AM, Brian West wrote:
>>     You will require one profile per nat interface, you can't cross
>>     profiles between transit providers without it.
>>
>>     /b
>>
>>
>>     On Thu, Jan 28, 2021 at 7:25 AM Jim Miller <jmiller at wndswp.net
>>     <mailto:jmiller at wndswp.net>> wrote:
>>
>>         Hi Folks
>>
>>         I'm running FreeSWITCH Version 1.10.3-release~64bit (-release
>>         64bit) on
>>         a FreeBSD 12.1 box.
>>
>>         The issue I'm having is related to NAT, I'm sure no one has
>>         ever seen a
>>         post on this topic....
>>
>>         My configuration is a box that is multi homed with an
>>         Internet facing
>>         interface and a private IP LAN interface.  The clients
>>         (Polycoms) are on
>>         the private LAN interface but behind a NAT (pfsense) on this
>>         subnet.  If
>>         I have the clients route directly to the FS box's private LAN
>>         without
>>         NAT I can make this work but as soon as I NAT them (which I
>>         need to for
>>         other reasons) I don't see the registrations show up with
>>         fs_path or the
>>         other variables like I might expect.
>>
>>         I've fiddled with the apply-nat-acl variable to no avail. 
>>
>>         Thoughts?
>>
>>         Thanks
>>
>>         Jim
>>
>>
>>         _________________________________________________________________________
>>
>>         The FreeSWITCH project is sponsored by SignalWire
>>         https://signalwire.com
>>         Enhance your FreeSWITCH install with disruptive priced SMS
>>         and PSTN services.
>>         Build your next product on our scalable cloud platform.
>>
>>         Join our online community to chat in real time
>>         https://signalwire.community
>>
>>         Professional FreeSWITCH Services
>>         sales at freeswitch.com <mailto:sales at freeswitch.com>
>>         https://freeswitch.com
>>
>>         Official FreeSWITCH Sites
>>         https://freeswitch.com/oss
>>         https://freeswitch.org/confluence
>>         https://cluecon.com
>>
>>         FreeSWITCH-users mailing list
>>         FreeSWITCH-users at lists.freeswitch.org
>>         <mailto:FreeSWITCH-users at lists.freeswitch.org>
>>         http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>         UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>         https://freeswitch.com
>>
>>
>>
>>     -- 
>>
>>     Brian West | Co-founder and Developer
>>
>>     Need Commercial support? email sales at freeswitch.com
>>     <mailto:sales at freeswitch.com>
>>
>>     FreeSWITCH Solutions | 17345 Civic Drive #2531 Brookfield, WI
>>     53045
>>     <https://maps.google.com/?q=17345+Civic+Drive+%232531+Brookfield,+WI+53045&entry=gmail&source=g>
>>
>>     Email: brian at freeswitch.com <mailto:brian at freeswitch.com>
>>
>>     Mobile: 918-424-9378
>>
>>     Website: https://www.FreeSWITCH.com <https://www.freeswitch.com/>
>>
>>     https://www.facebook.com/signalwireinc?src=email
>>     <https://www.facebook.com/freeswitch>
>>     https://twitter.com/freeswitch <https://twitter.com/freeswitch>
>>
>
>
> -- 
>
> Brian West | Co-founder and Developer
>
> Need Commercial support? email sales at freeswitch.com
> <mailto:sales at freeswitch.com>
>
> FreeSWITCH Solutions | 17345 Civic Drive #2531 Brookfield, WI 53045
> <https://maps.google.com/?q=17345+Civic+Drive+%232531+Brookfield,+WI+53045&entry=gmail&source=g>
>
> Email: brian at freeswitch.com <mailto:brian at freeswitch.com>
>
> Mobile: 918-424-9378
>
> Website: https://www.FreeSWITCH.com <https://www.freeswitch.com/>
>
> https://www.facebook.com/signalwireinc?src=email
> <https://www.facebook.com/freeswitch> https://twitter.com/freeswitch
> <https://twitter.com/freeswitch>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20210129/e8f1e296/attachment-0001.html>

More information about the FreeSWITCH-users mailing list