[SR-Users] Another NAT question
Moacir Ferreira
moacirferreira at hotmail.com
Sat Oct 13 23:43:08 CEST 2012
Hi,
I have a scenario where I got a firewall with 3 interfaces: internal, DMZ and external. All the traffic from internal going to external is NATed. However, the traffic between internal and DMZ is NOT NATed. The external and DMZ are using public IP addresses. On the DMZ I have a Kamailio server running with RTPProxy + NAT Helper.
Everything works fine when public (from the internet) users (UAs) are behind NAT as Kamailio will force the RTP to go via RTPProxy. However, when the public user has a public IP, it will fail to establish the RTP to a user who registered on Kamailio coming from the internal firewall interface.
The reason is that, as I don't do NAT between internal and DMZ firewall interfaces, Kamailio will not RTPRroxy in between the UAs because, from the way Kamailio detects NAT, they are not behind NAT. So the public user UA tries to reach a private IP address. If the "inside" user tries to call a public user (a user on the Internet with a public IP), it works.
Yes, I could do NAT in between the internal and DMZ firewall interfaces. However, this would force all RTP traffic of my UAs at the LAN go to Kamailio RTPProxy, an bad effect that I would like to avoid.
So my question is: what would be the best approach to solve this issue using Kamailio and RTPProxy in such scenario?
Cheers!
Moacir
More information about the sr-users
mailing list