<div dir="auto">Sure, eliminate NAT altogether? Haha<div dir="auto"><br></div><div dir="auto">Don't see how else.</div></div><br><div class="gmail_quote"><div dir="ltr">On Tue, Dec 4, 2018, 5:34 PM Kjeld Flarup <<a href="mailto:kjeld.flarup@liberalismen.dk">kjeld.flarup@liberalismen.dk</a> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello<br>
<br>
I have a PBX behind NAT.<br>
Thus I advertise the public IP, and forwards the port to my PBX.<br>
<br>
listen=LOCALIP:5070 advertise EXTERNALIP:5070<br>
<br>
Now clients can connect to the PBX from the Internet. And also inside <br>
the LAN, because I have enabled NAT loopback.<br>
<br>
However some customers sysadmins complains that NAT loopback is a <br>
security risk. I have not been able to find any exploits of this, but <br>
the sales and support people asks if it is possible to remove this NAT <br>
loopback requirement.<br>
<br>
I could look at $rd and if it is local, then I could advertise LOCALIP.<br>
I found set_advertised_address("LOCALIP");<br>
<br>
set_advertised_address however only seems to modify the latest Via <br>
header, not the Record-route, and audio neither works.<br>
<br>
Could I do something to make this work, or is it a dead end?<br>
<br>
<br>
-- <br>
-------------------- Med Liberalistiske Hilsner ----------------------<br>
Civilingeniør, Kjeld Flarup - Mit sind er mere åbent end min tegnebog<br>
Sofienlundvej 6B, 7560 Hjerm, Tlf: 40 29 41 49<br>
Den ikke akademiske hjemmeside for liberalismen - <a href="http://www.liberalismen.dk" rel="noreferrer noreferrer" target="_blank">www.liberalismen.dk</a><br>
<br>
<br>
_______________________________________________<br>
Kamailio (SER) - Users Mailing List<br>
<a href="mailto:sr-users@lists.kamailio.org" target="_blank" rel="noreferrer">sr-users@lists.kamailio.org</a><br>
<a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer noreferrer" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
</blockquote></div>