Hello Sammy,
The default kamailio.cfg was quite intimidating for me while trying to read it, so I got a simpler one that just proxies all requests to a backend PBX and started from there.
Here's my current configuration file (Public IP masked):
#!KAMAILIO

#!define IPADDRESS "X.X.X.X"

#!define FLAG_FROM_SWITCH 1
#!define FLAG_FROM_USER 2

#!define NODE_FAILURE 100
mpath = "/usr/lib/x86_64-linux-gnu/kamailio/modules"
listen = "X.X.X.X"

# ------------------ module loading ----------------------------------
loadmodule "mi_fifo.so"
loadmodule "tm.so"
loadmodule "rr.so"
loadmodule "pv.so"
loadmodule "sl.so"
loadmodule "maxfwd.so"
loadmodule "nathelper.so"
loadmodule "textops.so"
loadmodule "sdpops.so"
loadmodule "siputils.so"
loadmodule "xlog.so"
loadmodule "sanity.so"
loadmodule "path.so"
loadmodule "dispatcher.so"
loadmodule "usrloc.so"

# ----------------- setting module-specific parameters ---------------
modparam("mi_fifo", "fifo_name", "/var/run/kamailio/kamailio_fifo")
modparam("nathelper|registrar", "received_avp", "$avp(s:rcv)")
modparam("dispatcher", "dst_avp", "$avp(AVP_DST)")
modparam("dispatcher", "grp_avp", "$avp(GRP_DST)")
modparam("dispatcher", "cnt_avp", "$avp(CNT_DST)")
modparam("dispatcher", "ds_ping_method", "OPTIONS")
modparam("dispatcher", "ds_ping_interval", 3)
modparam("dispatcher", "ds_probing_threshhold", 1)
modparam("dispatcher", "ds_probing_mode", 1)
# -------------------------  request routing logic -------------------
# main routing logic

route {
        # Handle insane requests
        route(SANITY_CHECK);

        # CANCEL processing
        if (is_method("CANCEL")) {
                if (t_check_trans()) {
                        t_relay();
                }
                exit;
        }

        # Determine where the requests are coming from
        route(CHECK_SOURCE_IP);
       
        # Handle NAT
        route(NAT_DETECT);

        # Handle existing SIP dialogs
        route(WITHINDLG);

        # Process new SIP dialogs below
        if (is_method("INVITE|REFER")) {
                record_route();
        }
      
        if (is_method("REGISTER")) {
            add_path();
        }

        if (isflagset(FLAG_FROM_SWITCH)) {
                # don't send INVITE from SWITCH back to SWITCH, set reply route to handle NAT and forward them along
                t_on_reply("EXTERNAL_REPLY");
        } else {
                # Route to one of the switches
                #route(TO_SWITCH_NODE);
               if(!ds_select_dst("1", "1")) {
                   sl_send_reply("503", "No route available");
                   exit;
               }
        }

        route(RELAY);
}

# Failover gracefully
route[TO_SWITCH_NODE] {
    ds_select_dst("1", "1");
    t_on_failure(NODE_FAILURE);
    t_relay();
    exit();
}

failure_route[NODE_FAILURE] {
    ds_mark_dst("p");
    ds_next_dst();
    t_on_failure(NODE_FAILURE);
    t_relay();
}

route[SANITY_CHECK]
{
        if (!sanity_check()) {
                exit;
        }

        if (!mf_process_maxfwd_header("10")) {
                send_reply("483", "Too Many Hops");
                exit;
        }

        if ($ua == "friendly-scanner" ||
                $ua == "sundayddr" ||
                $ua =~ "sipcli" ) {
                exit;
        }

        if ($si == IPADDRESS) {
                exit;
        }

}


route[CHECK_SOURCE_IP]
{
        if (ds_is_from_list("1")) {
                setflag(FLAG_FROM_SWITCH);
        } else {
                setflag(FLAG_FROM_USER);
        }
}

# Handle requests within SIP dialogs
route[WITHINDLG]
{
        if (has_totag()) {
                # sequential request withing a dialog should
                # take the path determined by record-routing
                #lookup("location");
                if (loose_route()) {
                        route(RELAY);
                } else {
                        if (is_method("NOTIFY")) {
                                route(RELAY);
                        }
                        if (is_method("SUBSCRIBE") && uri == myself) {
                                # in-dialog subscribe requests
                                exit;
                        }
                        if (is_method("ACK")) {
                                if (t_check_trans()) {
                                        # no loose-route, but stateful ACK;
                                        # must be an ACK after a 487
                                        # or e.g. 404 from upstream server
                                        t_relay();
                                        exit;
                                } else {
                                        # ACK without matching transaction ... ignore and discard
                                        exit;
                                }
                        }
                        sl_send_reply("404","Not here");
                }
                exit;
        }
}

onreply_route[EXTERNAL_REPLY]
{
        route(NAT_TEST_AND_CORRECT);
}


route[NAT_TEST_AND_CORRECT]
{
        if (nat_uac_test("19")) {
                if (is_method("REGISTER")) {
                        fix_nated_register();
                } else {
                        fix_nated_contact();
                }
                force_rport();
        }
        if (has_body("application/sdp") && nat_uac_test("8")) {
                fix_nated_sdp("10");
        }
}

route[RELAY]
{
        if (!t_relay()) {
            xlog("L_WARN", "RELAY failed!\n");
                sl_reply_error();
        }
        exit;
}

route[NAT_DETECT] {
    force_rport();
    if(nat_uac_test("19")) {
        if(is_method("REGISTER")) {
            fix_nated_register();
            add_path_received();
            #save("location");
        } else {
            # Disabled, maybe unnecessary
#           if(is_first_hop())
#               set_contact_alias();
            fix_nated_contact();
        }

        if (sdp_content()) {
            fix_nated_sdp("10");
        }
    }
    return;
}

Regards,
Iskren

On 05/05/17 16:36, SamyGo wrote:
Hi,
Can you share the config file. Seems you've made changes to configuration file. Using save("location") w/o any authentication above it will result in anyone getting 200OK for a REGISTER. 

Looking at the config will help point you to the right way.

Regards,
Sammy


On Fri, May 5, 2017 at 10:56 AM, Iskren Hadzhinedev <iskren.hadzhinedev@ikiji.com> wrote:
Hi list!

I'm using kamailio 4.2 for load-balancing and failover via dispatcher, but I'm having some NAT related issues and I was hoping that someone might point me in the right direction.
My setup is the following:

PSTN - PBX - kamailio - NAT - client

Calls from the NATed client to PSTN and/or PBX features (e.g. voicemail) work just fine.
However, when a call comes from PSTN to the client, kamailio sends the INVITE to the client's RFC1918 IP and I can't figure out how to send it to the correct destination. I tried loading the registrar and usrloc modules and used save("location") during REGISTER and lookup("location") just before loose_route(), but the end result was that kamailio replied to REGISTERs with any username/password with a 200 OK and the endpoints never registered with the PBX.
I can attach the config file if that will help.

Thanks for all input in advance!

Regards,
Iskren

_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users



_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users