I think i see what's happening, ACK is going through the REALY route, but at that point it does NOT have a$du (and $sndto(ip) is null)

note: all those ERROR is juts me logging.

ERROR: <script>: [WITHINDLG] ACK Packet coming from PUBLIC:58031 and going to <null>
exec: *** cfgtrace:request_route=[DEFAULT_ROUTE] c=[/etc/kamailio/kamailio.cfg] l=710 a=5 n=route
exec: *** cfgtrace:request_route=[NATMANAGE] c=[/etc/kamailio/kamailio.cfg] l=950 a=2 n=return
exec: *** cfgtrace:request_route=[DEFAULT_ROUTE] c=[/etc/kamailio/kamailio.cfg] l=715 a=5 n=route
exec: *** cfgtrace:request_route=[RELAY] c=[/etc/kamailio/kamailio.cfg] l=624 a=16 n=if
exec: *** cfgtrace:request_route=[RELAY] c=[/etc/kamailio/kamailio.cfg] l=621 a=25 n=is_method
exec: *** cfgtrace:request_route=[RELAY] c=[/etc/kamailio/kamailio.cfg] l=627 a=16 n=if
exec: *** cfgtrace:request_route=[RELAY] c=[/etc/kamailio/kamailio.cfg] l=624 a=25 n=is_method
exec: *** cfgtrace:request_route=[DEFAULT_ROUTE] c=[/etc/kamailio/kamailio.cfg] l=631 a=16 n=if
exec: *** cfgtrace:request_route=[RELAY] c=[/etc/kamailio/kamailio.cfg] l=627 a=25 n=is_method
exec: *** cfgtrace:request_route=[DEFAULT_ROUTE] c=[/etc/kamailio/kamailio.cfg] l=631 a=5 n=route
exec: *** cfgtrace:request_route=[CHECK_DEST_NET] c=[/etc/kamailio/kamailio.cfg] l=600 a=26 n=xlog
ERROR: <script>: [CHECK_SOURCE] Packet received on: 172.31.69.53:5060
exec: *** cfgtrace:request_route=[CHECK_DEST_NET] c=[/etc/kamailio/kamailio.cfg] l=601 a=26 n=xlog
exec: *** cfgtrace:request_route=[CHECK_DEST_NET] c=[/etc/kamailio/kamailio.cfg] l=602 a=26 n=xlog
exec: *** cfgtrace:request_route=[CHECK_DEST_NET] c=[/etc/kamailio/kamailio.cfg] l=610 a=16 n=if
DEBUG: pv [pv_core.c:1122]: pv_get_dsturi(): no destination URI
exec: *** cfgtrace:request_route=[CHECK_DEST_NET] c=[/etc/kamailio/kamailio.cfg] l=608 a=39 n=setflag
exec: *** cfgtrace:request_route=[CHECK_DEST_NET] c=[/etc/kamailio/kamailio.cfg] l=609 a=26 n=xlog
DEBUG: pv [pv_core.c:1122]: pv_get_dsturi(): no destination URI
ERROR: <script>: [CHECK_SOURCE] Packet going to PUBLIC -> [<null>]


whereas an INVITE _does_ have a $du (remember all work, except ACK)

ERROR: <script>: [WITHINDLG] ACK Packet coming from PUBLIC:58031 and going to <null>
exec: *** cfgtrace:request_route=[DEFAULT_ROUTE] c=[/etc/kamailio/kamailio.cfg] l=710 a=5 n=route
exec: *** cfgtrace:request_route=[NATMANAGE] c=[/etc/kamailio/kamailio.cfg] l=950 a=2 n=return
exec: *** cfgtrace:request_route=[DEFAULT_ROUTE] c=[/etc/kamailio/kamailio.cfg] l=715 a=5 n=route
exec: *** cfgtrace:request_route=[RELAY] c=[/etc/kamailio/kamailio.cfg] l=624 a=16 n=if
exec: *** cfgtrace:request_route=[RELAY] c=[/etc/kamailio/kamailio.cfg] l=621 a=25 n=is_method
exec: *** cfgtrace:request_route=[RELAY] c=[/etc/kamailio/kamailio.cfg] l=627 a=16 n=if
exec: *** cfgtrace:request_route=[RELAY] c=[/etc/kamailio/kamailio.cfg] l=624 a=25 n=is_method
exec: *** cfgtrace:request_route=[DEFAULT_ROUTE] c=[/etc/kamailio/kamailio.cfg] l=631 a=16 n=if
exec: *** cfgtrace:request_route=[RELAY] c=[/etc/kamailio/kamailio.cfg] l=627 a=25 n=is_method
exec: *** cfgtrace:request_route=[DEFAULT_ROUTE] c=[/etc/kamailio/kamailio.cfg] l=631 a=5 n=route
exec: *** cfgtrace:request_route=[CHECK_DEST_NET] c=[/etc/kamailio/kamailio.cfg] l=600 a=26 n=xlog
ERROR: <script>: [CHECK_SOURCE] Packet received on: 172.31.69.53:5060
exec: *** cfgtrace:request_route=[CHECK_DEST_NET] c=[/etc/kamailio/kamailio.cfg] l=601 a=26 n=xlog
exec: *** cfgtrace:request_route=[CHECK_DEST_NET] c=[/etc/kamailio/kamailio.cfg] l=602 a=26 n=xlog
exec: *** cfgtrace:request_route=[CHECK_DEST_NET] c=[/etc/kamailio/kamailio.cfg] l=610 a=16 n=if
DEBUG: pv [pv_core.c:1122]: pv_get_dsturi(): no destination URI
exec: *** cfgtrace:request_route=[CHECK_DEST_NET] c=[/etc/kamailio/kamailio.cfg] l=608 a=39 n=setflag
exec: *** cfgtrace:request_route=[CHECK_DEST_NET] c=[/etc/kamailio/kamailio.cfg] l=609 a=26 n=xlog
DEBUG: pv [pv_core.c:1122]: pv_get_dsturi(): no destination URI
ERROR: <script>: [CHECK_SOURCE] Packet going to PUBLIC -> [<null>]

Why would an ACK not have a $du?

Regards,

David Villasmil
phone: +34669448337


On Mon, Apr 1, 2019 at 7:50 PM David Villasmil <david.villasmil.work@gmail.com> wrote:
This is an AWS instance. And i want to segregate public from private.
AWS does not provide actual public IPs on the instances themselves, so on the same interface:

5060 will serve public requests.
5066 will server private requests. 

The firewall will only allow public traffic to port 5060 while blocking 5066.
Only internal ips will be allowed to 5066.

David

Regards,

David Villasmil
phone: +34669448337


On Mon, Apr 1, 2019 at 7:35 PM Antony Stone <Antony.Stone@kamailio.open.source.it> wrote:
On Monday 01 April 2019 at 20:29:22, David Villasmil wrote:

> Sergiu,
>
> I don't think mhomed will help in this case, since both sockets are able to
> reach the endpoint. They are both on the same subnet.

Why?

What is the purpose of this rather odd networking setup?


Antony

--
"It would appear we have reached the limits of what it is possible to achieve
with computer technology, although one should be careful with such statements;
they tend to sound pretty silly in five years."

 - John von Neumann (1949)

                                                   Please reply to the list;
                                                         please *don't* CC me.

_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users