[SR-Users] Kamailio behind NAT - best practice

Ovidiu Sas osas at voipembedded.com
Fri Jan 4 18:57:57 CET 2013


Hello Klauss,

I use record_route_preset for this kind of scenarios:
http://kamailio.org/docs/modules/3.3.x/modules_k/rr.html#id2550086
That was the main reason that I enhanced record_route_preset with the
second parameter (see the Note on string2).

I haven't tried your idea with two sockets.  Let us know if it's working.
If you need to use the same port on the internal and external
interface, you could add a new IP to the host and listen on two
sockets on the same port and force the socket when sending a request
out.
listen=udp:10.10.0.2
listen=udp:10.10.0.3 advertise pu.bl.ic.ip


Regards,
Ovidiu Sas


-- 
VoIP Embedded, Inc.
http://www.voipembedded.com

On Thu, Jan 3, 2013 at 5:11 AM, Klaus Darilion
<klaus.mailinglists at pernau.at> wrote:
> Hi!
>
> Up to now I could avoid Kamailio setups with Kamailio behind NAt. But this
> time I have to deal with it. That's why I want to ask what others did as
> best practice.
>
> The scenario is:
>
>
> Asterisk 1----\       Kamailio+RTPPROXY
>                \         |10.10.0.2
> Asterisk n------\        |
>                  --------|------------- FW --SIP-trunk--- ITSP
> Freeswitch 1----/              10.10.0.1   public-IP
>                /
> Freeswitch n--/
>            10.10.0.x
>
> Kamailio and rtpproxy have a private IP. Internal communication uses private
> IPs, external communication uses a public IP which is NATed 1:1 to
> Kamailio's IP address. No registrations, just forwarding of messages.
>
> Using the global "advertised_address" setting with the public IP does not
> work, as there is also internal communication. Using
> set_advertised_address() is also cumbersome.
>
> So it seems, the easiest solution would be to use 2 sockets on Kamailio,
> e.g. port 5050 and port 5060. Then I could use the listen with dedicated
> advertised addresses:
> listen=udp:10.10.0.2:5050
> listen=udp:10.10.0.2:5060 advertise pu.bl.ic.ip:5060
>
> If I understand it correctly, this should solve all issues with
> Record-Routing and Via-headers.
>
> For RTP-Proxy it seems necessary to detect the direction of each message and
> set the IP address in rtpproxy_manage("","ip.add.re.ss") manually.
>
> Thus, it seems straight forward - or do I miss something? Any comments and
> practical experience?
>
> Thanks
> Klaus



More information about the sr-users mailing list