Sure, eliminate NAT altogether? Haha
Don't see how else.
On Tue, Dec 4, 2018, 5:34 PM Kjeld Flarup <kjeld.flarup(a)liberalismen.dk
wrote:
Hello
I have a PBX behind NAT.
Thus I advertise the public IP, and forwards the port to my PBX.
listen=LOCALIP:5070 advertise EXTERNALIP:5070
Now clients can connect to the PBX from the Internet. And also inside
the LAN, because I have enabled NAT loopback.
However some customers sysadmins complains that NAT loopback is a
security risk. I have not been able to find any exploits of this, but
the sales and support people asks if it is possible to remove this NAT
loopback requirement.
I could look at $rd and if it is local, then I could advertise LOCALIP.
I found set_advertised_address("LOCALIP");
set_advertised_address however only seems to modify the latest Via
header, not the Record-route, and audio neither works.
Could I do something to make this work, or is it a dead end?
--
-------------------- Med Liberalistiske Hilsner ----------------------
Civilingeniør, Kjeld Flarup - Mit sind er mere åbent end min tegnebog
Sofienlundvej 6B, 7560 Hjerm, Tlf: 40 29 41 49
Den ikke akademiske hjemmeside for liberalismen -
www.liberalismen.dk
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users