[SR-Users] Kamailio and NAT
Daniel-Constantin Mierla
miconda at gmail.com
Wed Jan 13 23:28:04 CET 2016
Hello,
it looks like you have a symmetric nat router, so the allocated port is
randomly selected.
If you don't control the nat router to set a static forwarding rule or
it doesn't provide the option to set static forwarding, then you are
pretty much left with sniffing the traffic to discover the external port
and advertise it.
Cheers,
Daniel
On 13/01/16 20:31, Nelson Migliaro wrote:
> Hello,
>
> I finally were able to run my Kamailio behind NAT but in order to
> accomplish that I included:
>
> listen=udp:SOURCE-IP:5060 advertise PUBLIC-IP:52548
>
> 52548 is the port my internet router change when doing NAT
> (5060->52548). I found this port sniffing traffic
>
> Conclusions at this point are:
>
> ---------------------------------------------1--------------------------------------------------------------------------------------------------
> If I use this line:
>
> listen=udp:SOURCE-IP:5060 advertise PUBLIC-IP:5060 it does not work :(
>
> When I dial a call, INVITE / ACK / Trying / OK goes fine because they
> are part of the same transaction
> When remote party disconnects the call, BYE goes to PUBLIC-IP port
> 5060 and router blocks de request. I assume vendor sends BYE to 5060
> because it is a new transaction
>
> -----------------------------------------------2--------------------------------------------------------------------------------------------------
>
> If I use this line:
>
> listen=udp:SOURCE-IP:5060 advertise PUBLIC-IP:52548 it work !!!!!!
>
> When I dial a call, INVITE / ACK / Trying / OK goes fine because they
> are part of the same transaction
> When remote party disconnects the call, BYE goes to PUBLIC-IP port
> 52548 and router forward the request to Kamailio. Since there is an
> open connection.
>
> I need to find the way to find the way to advertise the public port
> internet router is doing NAT (PAT).
>
> ---------------------------------------------------------------------------------------------------------------------------------------------------
> This trace is a call that worked fine because I included line:
>
> listen=udp:SOURCE-IP:5060 advertise PUBLIC-IP:52548
>
>
> This trace is an INVITE with this line: listen=udp:SOURCE-IP:5060
> advertise PUBLIC-IP:52548
> 2016/01/13 20:10:15.793568 PRIVATE-IP-KAMAILIO:5060 -> VENDOR-IP:5060
> INVITE sip:NUM-DESTINATION at VENDOR-IP SIP/2.0
> Record-Route:
> <sip:PUBLIC-IP:52548;lr=on;ftag=as3b72a453;vsf=AAAAAAEECQkCAgsNAXBeL0NPXVQfU0suMTY5LjIzMQ--;vst=AAAAAAAAAAAAAAAAAABCUEIAX1lKWF5MF0tB
> A-;nat=yes>
> Via: SIP/2.0/UDP
> PUBLIC-IP:52548;branch=z9hG4bKdd74.992e238037882e809653f713a5a580a9.0
> Via: SIP/2.0/UDP
> PRIVATE-IP-SOFTPHONE:5060;received=PRIVATE-IP-SOFTPHONE;branch=z9hG4bK2f4e76ba;rport=5060
> Max-Forwards: 69
> From: NUM-SOURCE <sip:NUM-SOURCE at PRIVATE-IP-KAMAILIO>;tag=as3b72a453
> To: <sip:NUM-DESTINATION at sip.VENDOR-IP>
> Contact: <sip:NUM-SOURCE at PRIVATE-IP-SOFTPHONE:5060;alias=PUBLIC-IP~5060~1>
> Call-ID: 329950447629810f7bdeaeed0cc034e1 at PRIVATE-IP-SOFTPHONE:5060
> CSeq: 102 INVITE
> User-Agent: Kamailio
> Date: Wed, 13 Jan 2016 19:10:15 GMT
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY,
> INFO, PUBLISH, MESSAGE
> Supported: replaces, timer
> Content-Type: application/sdp
> Content-Length: 255
>
>
> Trying.....
>
> 2016/01/13 20:10:15.842055 VENDOR-IP:5060 -> PRIVATE-IP-KAMAILIO:5060
> SIP/2.0 100 trying -- your call is important to us
> Via: SIP/2.0/UDP
> PUBLIC-IP:52548;branch=z9hG4bKdd74.992e238037882e809653f713a5a580a9.1;rport=52548
> Via: SIP/2.0/UDP
> PRIVATE-IP-SOFTPHONE:5060;received=PRIVATE-IP-SOFTPHONE;branch=z9hG4bK2f4e76ba;rport=5060
> From: NUM-SOURCE <sip:NUM-SOURCE at PRIVATE-IP-KAMAILIO>;tag=as3b72a453
> To: <sip:NUM-DESTINATION at VENDOR-IP>
> Call-ID: 329950447629810f7bdeaeed0cc034e1 at PRIVATE-IP-SOFTPHONE:5060
> CSeq: 102 INVITE
> Server: kamailio
> Content-Length: 0
>
>
>
>
> And finally a BYE
>
> 2016/01/13 20:10:28.545526 VENDOR-IP:5060 -> PRIVATE-IP-KAMAILIO:5060
> BYE sip:34982298000 at PRIVATE-IP-SOFTPHONE:5060;alias=PUBLIC-IP~5060~1
> SIP/2.0
> Via: SIP/2.0/UDP
> VENDOR-IP;branch=z9hG4bK26d8.847e6e14eef37e2cfc8b5e81d33de73d.0
> From: <sip:675896262 at PRIVATE-IP-KAMAILIO>;tag=gK0293ed93
> To: "NUM-SOURCE" <sip:NUM-SOURCE at norvoz.es
> <mailto:sip%3ANUM-SOURCE at norvoz.es>>;tag=as3b72a453
> Call-ID: 329950447629810f7bdeaeed0cc034e1 at PRIVATE-IP-SOFTPHONE:5060
> CSeq: 28731 BYE
> Max-Forwards: 69
> Route:
> <sip:PUBLIC-IP:52548;lr=on;ftag=as3b72a453;vsf=AAAAAAEECQkCAgsNAXBeL0NPXVQfU0suMTY5LjIzMQ--;vst=AAAAAAAAAAAAAAAAAABCUEIAX1lKWF5MF0tBMzA-;na
> yes>
> Reason: Q.850;cause=16
> Content-Length: 0
>
>
>
> -----------------------------------------------------------------------------------------------------------------------------------------------------------------------
> -----------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Finally, It is finally working because I hardcoded NAT´d port.
> I would like to find a way to avoid setting the port in "hard".
>
> Thank you
>
>
>
>
--
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Book: SIP Routing With Kamailio - http://www.asipto.com
http://miconda.eu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20160113/87006185/attachment.html>
More information about the sr-users
mailing list