On Tue, Dec 4, 2018, 5:34 PM Kjeld Flarup <kjeld.flarup@liberalismen.dk wrote:

Hello

I have a PBX behind NAT.
Thus I advertise the public IP, and forwards the port to my PBX.

listen=LOCALIP:5070 advertise EXTERNALIP:5070

Now clients can connect to the PBX from the Internet. And also inside
the LAN, because I have enabled NAT loopback.

However some customers sysadmins complains that NAT loopback is a
security risk. I have not been able to find any exploits of this, but
the sales and support people asks if it is possible to remove this NAT
loopback requirement.

I could look at $rd and if it is local, then I could advertise LOCALIP.
I found set_advertised_address("LOCALIP");

set_advertised_address however only seems to modify the latest Via
header, not the Record-route, and audio neither works.

Could I do something to make this work, or is it a dead end?

--
-------------------- Med Liberalistiske Hilsner ----------------------
Civilingeniør, Kjeld Flarup - Mit sind er mere åbent end min tegnebog
Sofienlundvej 6B, 7560 Hjerm, Tlf: 40 29 41 49
Den ikke akademiske hjemmeside for liberalismen - www.liberalismen.dk

_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users