<div dir="ltr"><div dir="ltr"><div class="gmail_quote"><div dir="ltr" class="gmail_attr">El mar., 26 de feb. de 2019 a la(s) 17:53, Alex Balashov (<a href="mailto:abalashov@evaristesys.com">abalashov@evaristesys.com</a>) escribió:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">I third that. NAT by definition adds complications and overhead, even if<br></blockquote><div>i agree with! i currently have a confusion: as i pointed here: <br><a href="https://lists.kamailio.org/pipermail/sr-users/2019-February/104862.html">https://lists.kamailio.org/pipermail/sr-users/2019-February/104862.html</a><br></div><div>i have kamailio+rtpproxy/rtpengine and asterisk in realtime mode<br></div><div>but if i not bind the asterisk ports agains the public ip there's its no sound..<br></div><div>i mean, i want only let rtpproxy/rtpengine (whatever of two no both) only agains public ip<br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">is nowadays to deploy Kamailio in NAT-only environments such as AWS.<br></blockquote><div>i cannot find some info about deploy agains AWS flavored OS, <br>where the public ip are kind of NAT.. and cannot take as real interface ...<br></div><div>some help with that are appreciated!<br></div><div><br> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
On Tue, Feb 26, 2019 at 01:47:36PM -0800, Joel Serrano wrote:<br>
<br>
> I second that. And to add to Henning's suggestion...<br>
> <br>
> We recently tested that same setup, and we found one "thing": Using<br>
> advertise, you will need a second port (listen transport:ip:port) to talk<br>
> to internal servers that require you to *keep* the private IP. Otherwise<br>
> all outgoing request from that kamailio will have the IP replaced by<br>
> whatever the advertise says and that can mess up your internal routing.<br>
> <br>
> Not an issue, as I said you can configure a second port, but just something<br>
> to know depending on what your setup is gong to look like.<br>
> <br>
> Good luck!<br>
> Joel.<br>
> <br>
> On Tue, Feb 26, 2019 at 1:28 PM Henning Westerholt <<a href="mailto:hw@kamailio.org" target="_blank">hw@kamailio.org</a>> wrote:<br>
> <br>
> > Am Dienstag, 26. Februar 2019, 06:09:08 CET schrieb Pintu Lohar:<br>
> > > Which one among the below option is highly recommended for setting up<br>
> > > Kamailio (for production)<br>
> > > 1. Kamailio behind NAT *or*<br>
> > > 2. Setting up Kamailio using public IP?<br>
> > ><br>
> > > are there any disadvantages if we setup Kamailio behind NAT and use<br>
> > > advertise option in listen parameters?<br>
> > ><br>
> > > We have tested both the options, and both the options work great for us(<br>
> > a.<br>
> > > Kamailio behind NAT with advertising in listen parameters b.Kamailio<br>
> > setup<br>
> > > with public IP). So wondering which one is best and highly recommended?<br>
> > ><br>
> > > Some extra info :<br>
> > > 1. We use TLS<br>
> > > 2. Using coturn for media<br>
> ><br>
> > Hello Pintu,<br>
> ><br>
> > generally speaking, if you have the choice between a network setup with<br>
> > NAT<br>
> > and without NAT (everything else equal) - my recommendation would to<br>
> > choose<br>
> > the one without NAT. It will be easier to debug in case of problems on<br>
> > your<br>
> > side or the client side.<br>
> ><br>
> > Best regards,<br>
> ><br>
> > Henning<br>
> ><br>
> > --<br>
> > Henning Westerholt - <a href="https://skalatan.de/blog/" rel="noreferrer" target="_blank">https://skalatan.de/blog/</a><br>
> > Kamailio services - <a href="https://skalatan.de/services" rel="noreferrer" target="_blank">https://skalatan.de/services</a><br>
> > Kamailio security assessment - <a href="https://skalatan.de/de/assessment" rel="noreferrer" target="_blank">https://skalatan.de/de/assessment</a><br>
> ><br>
> > _______________________________________________<br>
> > Kamailio (SER) - Users Mailing List<br>
> > <a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a><br>
> > <a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
> ><br>
<br>
> _______________________________________________<br>
> Kamailio (SER) - Users Mailing List<br>
> <a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a><br>
> <a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
<br>
<br>
-- <br>
Alex Balashov | Principal | Evariste Systems LLC<br>
<br>
Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free) <br>
Web: <a href="http://www.evaristesys.com/" rel="noreferrer" target="_blank">http://www.evaristesys.com/</a>, <a href="http://www.csrpswitch.com/" rel="noreferrer" target="_blank">http://www.csrpswitch.com/</a><br>
<br>
_______________________________________________<br>
Kamailio (SER) - Users Mailing List<br>
<a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a><br>
<a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
</blockquote></div></div></div>