pojogas at gmail.com
Tue Dec 4 23:42:22 CET 2018
Sure, eliminate NAT altogether? Haha
Don't see how else.
On Tue, Dec 4, 2018, 5:34 PM Kjeld Flarup <kjeld.flarup at liberalismen.dk
> I have a PBX behind NAT.
> Thus I advertise the public IP, and forwards the port to my PBX.
> listen=LOCALIP:5070 advertise EXTERNALIP:5070
> Now clients can connect to the PBX from the Internet. And also inside
> the LAN, because I have enabled NAT loopback.
> However some customers sysadmins complains that NAT loopback is a
> security risk. I have not been able to find any exploits of this, but
> the sales and support people asks if it is possible to remove this NAT
> loopback requirement.
> I could look at $rd and if it is local, then I could advertise LOCALIP.
> I found set_advertised_address("LOCALIP");
> set_advertised_address however only seems to modify the latest Via
> header, not the Record-route, and audio neither works.
> Could I do something to make this work, or is it a dead end?
> -------------------- Med Liberalistiske Hilsner ----------------------
> Civilingeniør, Kjeld Flarup - Mit sind er mere åbent end min tegnebog
> Sofienlundvej 6B, 7560 Hjerm, Tlf: 40 29 41 49
> Den ikke akademiske hjemmeside for liberalismen - www.liberalismen.dk
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the sr-users