[SR-Users] Complex NAT Scenario,HELP!

Daniel-Constantin Mierla miconda at gmail.com
Wed Jul 30 11:06:44 CEST 2014 

Hello,

what is ip 1.1.1.1 in your trace? I see you use it with advertise for 
listen. In that case, you don't need set advertised address function in 
routing blocks.

Few things that you should check:
- the listen on the dms address has to be with advertise of firewall 
port forwarding public address
- the rtp relay has to advertise also the firewall port forwarding 
public address
- you have to do rtp bridging -- I see you use rtpengine (or its former 
version mediaproxy-ng). I think that doesn't have support of bridging 
two ipv4 networks, you would need to run two instances, and bridge the 
local interfaces via linux config. Alternative is to use rtpproxy which 
can do bridging and you can force media ip to be firewall public address 
via rtpproxy_manage() parameter or use a patch for adding advertised 
address parameter to rtpproxy (I made one available at 
https://github.com/miconda/rtpproxy/commits/master)

Cheers,
Daniel

On 25/07/14 11:35, Agiftel wrote:
> Hi all, I need help configuring a little bit complex NAT/PAT scenario. Idea
> is that clients on Internet registers themselvs against kamailio and then it
> routes requests to Alcatel PBX. kamailio acts also as NAT proxy ( so that
> clients on internet does not need vpn connection. Something like EDGE SERVER
> for MS Lync clients)
> Below the scenario
>
> Alcatel PBX: 10.9.6.3
> Kamailio internal NIC: 172.16.52.240
> Kamailio DMZ NIC: 10.9.23.180
> PU.BL.I.C.IP: 1.2.3.4
>
>
> ALCATEL PBX(LAN 10.9.6.3)————--------------
> 							        |
> 								|———-(LAN INT 172.16.52.240)
> 										|
> 										|KAMAILIO (2 NICs)
> 										————————————
> 										|
> 										|
> 								|		|
> 								|————(LAN dmz 10.9.23.180)
> 						PAT/NAT	|
> 								|————firewal
> 										|
> 										|
> 										PU.BL.I.C.IP
>
> 										^
> 										|
> 										|
> 									Client on internet
>
> As you can see there is a firewall that make NAT and PAT from PU.BL.I.C.IP
> to internal Kamailio DMZ nic.
> natted ports are 5060 and range from 30000 to 65000 ( for RTP )
>
> I'am tryng to use kamailio.cfg that comes with installation.. Now I am
> making some changes but is not working.
> Internal client ( lan 172.16.52.x ), registered on kamailio, can make call
> to alcatel phones and viceversa.
> External client ( on internet ) can register to kamailio but cannot call
> alcatel phone nor client registered on kamailio.


-- 
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda

More information about the sr-users mailing list