Sure, eliminate NAT altogether? Haha
Don't see how else.
On Tue, Dec 4, 2018, 5:34 PM Kjeld Flarup <kjeld.flarup@liberalismen.dk wrote:
Hello
I have a PBX behind NAT. Thus I advertise the public IP, and forwards the port to my PBX.
listen=LOCALIP:5070 advertise EXTERNALIP:5070
Now clients can connect to the PBX from the Internet. And also inside the LAN, because I have enabled NAT loopback.
However some customers sysadmins complains that NAT loopback is a security risk. I have not been able to find any exploits of this, but the sales and support people asks if it is possible to remove this NAT loopback requirement.
I could look at $rd and if it is local, then I could advertise LOCALIP. I found set_advertised_address("LOCALIP");
set_advertised_address however only seems to modify the latest Via header, not the Record-route, and audio neither works.
Could I do something to make this work, or is it a dead end?
-- -------------------- Med Liberalistiske Hilsner ---------------------- Civilingeniør, Kjeld Flarup - Mit sind er mere åbent end min tegnebog Sofienlundvej 6B, 7560 Hjerm, Tlf: 40 29 41 49 Den ikke akademiske hjemmeside for liberalismen - www.liberalismen.dk
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users