[SR-Users] Fwd: Kamailio and NAT
Daniel-Constantin Mierla
miconda at gmail.com
Thu Jan 14 15:43:32 CET 2016
Is the kamailio behind nat communicating with another kamailio on a public
IP?
Cheers,
DAniel
On Thu, Jan 14, 2016 at 1:33 PM, Nelson Migliaro <eng.migliaro at gmail.com>
wrote:
> Thank you Daniel for your answer,
>
> As you mention, there is a symmetric nat and router does not allow a
> static NAT.
>
> By sniffing traffic I can see the port is using new but in case it change,
> how can automate the process of advertising the correct port?
>
> Cheers!
>
>
> ---------- Forwarded message ----------
> From: Daniel-Constantin Mierla <miconda at gmail.com>
> Date: 2016-01-13 23:28 GMT+01:00
> Subject: Re: [SR-Users] Kamailio and NAT
> To: "Kamailio (SER) - Users Mailing List" <sr-users at lists.sip-router.org>
>
>
> Hello,
>
> it looks like you have a symmetric nat router, so the allocated port is
> randomly selected.
>
> If you don't control the nat router to set a static forwarding rule or it
> doesn't provide the option to set static forwarding, then you are pretty
> much left with sniffing the traffic to discover the external port and
> advertise it.
>
> Cheers,
> Daniel
>
>
>
>
> On 13/01/16 20:31, Nelson Migliaro wrote:
>
> Hello,
>
> I finally were able to run my Kamailio behind NAT but in order to
> accomplish that I included:
>
> listen=udp:SOURCE-IP:5060 advertise PUBLIC-IP:52548
>
> 52548 is the port my internet router change when doing NAT (5060->52548).
> I found this port sniffing traffic
>
> Conclusions at this point are:
>
>
> ---------------------------------------------1--------------------------------------------------------------------------------------------------
> If I use this line:
>
> listen=udp:SOURCE-IP:5060 advertise PUBLIC-IP:5060 it does not work :(
>
> When I dial a call, INVITE / ACK / Trying / OK goes fine because they are
> part of the same transaction
> When remote party disconnects the call, BYE goes to PUBLIC-IP port 5060
> and router blocks de request. I assume vendor sends BYE to 5060 because it
> is a new transaction
>
> -----------------------------------------------2--------------------------------------------------------------------------------------------------
>
> If I use this line:
>
> listen=udp:SOURCE-IP:5060 advertise PUBLIC-IP:52548 it work !!!!!!
>
> When I dial a call, INVITE / ACK / Trying / OK goes fine because they are
> part of the same transaction
> When remote party disconnects the call, BYE goes to PUBLIC-IP port 52548
> and router forward the request to Kamailio. Since there is an open
> connection.
>
> I need to find the way to find the way to advertise the public port
> internet router is doing NAT (PAT).
>
>
> ---------------------------------------------------------------------------------------------------------------------------------------------------
> This trace is a call that worked fine because I included line:
>
> listen=udp:SOURCE-IP:5060 advertise PUBLIC-IP:52548
>
>
> This trace is an INVITE with this line: listen=udp:SOURCE-IP:5060
> advertise PUBLIC-IP:52548
> 2016/01/13 20:10:15.793568 PRIVATE-IP-KAMAILIO:5060 -> VENDOR-IP:5060
> INVITE sip:NUM-DESTINATION at VENDOR-IP SIP/2.0
> Record-Route: <
> sip:PUBLIC-IP:52548;lr=on;ftag=as3b72a453;vsf=AAAAAAEECQkCAgsNAXBeL0NPXVQfU0suMTY5LjIzMQ--;vst=AAAAAAAAAAAAAAAAAABCUEIAX1lKWF5MF0tB
> A-;nat=yes>
> Via: SIP/2.0/UDP
> PUBLIC-IP:52548;branch=z9hG4bKdd74.992e238037882e809653f713a5a580a9.0
> Via: SIP/2.0/UDP
> PRIVATE-IP-SOFTPHONE:5060;received=PRIVATE-IP-SOFTPHONE;branch=z9hG4bK2f4e76ba;rport=5060
> Max-Forwards: 69
> From: NUM-SOURCE <sip:NUM-SOURCE at PRIVATE-IP-KAMAILIO>;tag=as3b72a453
> To: <sip:NUM-DESTINATION at sip.VENDOR-IP>
> Contact: <sip:NUM-SOURCE at PRIVATE-IP-SOFTPHONE:5060;alias=PUBLIC-IP~5060~1>
> Call-ID: 329950447629810f7bdeaeed0cc034e1 at PRIVATE-IP-SOFTPHONE:5060
> CSeq: 102 INVITE
> User-Agent: Kamailio
> Date: Wed, 13 Jan 2016 19:10:15 GMT
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO,
> PUBLISH, MESSAGE
> Supported: replaces, timer
> Content-Type: application/sdp
> Content-Length: 255
>
>
> Trying.....
>
> 2016/01/13 20:10:15.842055 VENDOR-IP:5060 -> PRIVATE-IP-KAMAILIO:5060
> SIP/2.0 100 trying -- your call is important to us
> Via: SIP/2.0/UDP
> PUBLIC-IP:52548;branch=z9hG4bKdd74.992e238037882e809653f713a5a580a9.1;rport=52548
> Via: SIP/2.0/UDP
> PRIVATE-IP-SOFTPHONE:5060;received=PRIVATE-IP-SOFTPHONE;branch=z9hG4bK2f4e76ba;rport=5060
> From: NUM-SOURCE <sip:NUM-SOURCE at PRIVATE-IP-KAMAILIO>;tag=as3b72a453
> To: <sip:NUM-DESTINATION at VENDOR-IP>
> Call-ID: 329950447629810f7bdeaeed0cc034e1 at PRIVATE-IP-SOFTPHONE:5060
> CSeq: 102 INVITE
> Server: kamailio
> Content-Length: 0
>
>
>
>
> And finally a BYE
>
> 2016/01/13 20:10:28.545526 VENDOR-IP:5060 -> PRIVATE-IP-KAMAILIO:5060
> BYE sip:34982298000 at PRIVATE-IP-SOFTPHONE:5060;alias=PUBLIC-IP~5060~1
> SIP/2.0
> Via: SIP/2.0/UDP
> VENDOR-IP;branch=z9hG4bK26d8.847e6e14eef37e2cfc8b5e81d33de73d.0
> From: <sip:675896262 at PRIVATE-IP-KAMAILIO>;tag=gK0293ed93
> To: "NUM-SOURCE" <sip:NUM-SOURCE@ <sip%3ANUM-SOURCE at norvoz.es>VENDOR-IP
> >;tag=as3b72a453
> Call-ID: 329950447629810f7bdeaeed0cc034e1 at PRIVATE-IP-SOFTPHONE:5060
> CSeq: 28731 BYE
> Max-Forwards: 69
> Route: <
> sip:PUBLIC-IP:52548;lr=on;ftag=as3b72a453;vsf=AAAAAAEECQkCAgsNAXBeL0NPXVQfU0suMTY5LjIzMQ--;vst=AAAAAAAAAAAAAAAAAABCUEIAX1lKWF5MF0tBMzA-;na
> yes>
> Reason: Q.850;cause=16
> Content-Length: 0
>
>
>
>
> -----------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> -----------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Finally, It is finally working because I hardcoded NAT´d port.
> I would like to find a way to avoid setting the port in "hard".
>
> Thank you
>
>
>
>
>
> --
> Daniel-Constantin Mierlahttp://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
> Book: SIP Routing With Kamailio - http://www.asipto.comhttp://miconda.eu
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
--
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/micond
<http://www.linkedin.com/in/miconda>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20160114/c3a7482b/attachment.html>
More information about the sr-users
mailing list