[SR-Users] Kamailio behind NAT or With Public IP - Which one is highly recommended

Alex Balashov abalashov at evaristesys.com
Tue Feb 26 22:49:12 CET 2019


I third that. NAT by definition adds complications and overhead, even if
they are not significant from a modern economic perspective. If you have
the luxury to take NAT out of the equation, you definitely should. But
if you can't, Kamailio copes with this very well and has an ample
feature set to accommodate that type of deployment, given how common it
is nowadays to deploy Kamailio in NAT-only environments such as AWS.

On Tue, Feb 26, 2019 at 01:47:36PM -0800, Joel Serrano wrote:

> I second that. And to add to Henning's suggestion...
> 
> We recently tested that same setup, and we found one "thing": Using
> advertise, you will need a second port (listen transport:ip:port) to talk
> to internal servers that require you to *keep* the private IP. Otherwise
> all outgoing request from that kamailio will have the IP replaced by
> whatever the advertise says and that can mess up your internal routing.
> 
> Not an issue, as I said you can configure a second port, but just something
> to know depending on what your setup is gong to look like.
> 
> Good luck!
> Joel.
> 
> On Tue, Feb 26, 2019 at 1:28 PM Henning Westerholt <hw at kamailio.org> wrote:
> 
> > Am Dienstag, 26. Februar 2019, 06:09:08 CET schrieb Pintu Lohar:
> > > Which one among the below option is highly recommended for setting up
> > > Kamailio (for production)
> > >   1.  Kamailio behind NAT *or*
> > >    2. Setting up Kamailio using public IP?
> > >
> > >  are there any disadvantages if we setup Kamailio behind NAT and use
> > > advertise option in listen parameters?
> > >
> > > We have tested both the options, and both the options work great for us(
> > a.
> > > Kamailio behind NAT with advertising in listen parameters b.Kamailio
> > setup
> > > with public IP).  So wondering which one is best and highly recommended?
> > >
> > > Some extra info :
> > > 1. We use TLS
> > > 2. Using coturn for media
> >
> > Hello Pintu,
> >
> > generally speaking, if you have the choice between a network setup with
> > NAT
> > and without NAT (everything else equal) - my recommendation would to
> > choose
> > the one without NAT. It will be easier to debug in case of problems on
> > your
> > side or the client side.
> >
> > Best regards,
> >
> > Henning
> >
> > --
> > Henning Westerholt - https://skalatan.de/blog/
> > Kamailio services - https://skalatan.de/services
> > Kamailio security assessment - https://skalatan.de/de/assessment
> >
> > _______________________________________________
> > Kamailio (SER) - Users Mailing List
> > sr-users at lists.kamailio.org
> > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
> >

> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users


-- 
Alex Balashov | Principal | Evariste Systems LLC

Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free) 
Web: http://www.evaristesys.com/, http://www.csrpswitch.com/



More information about the sr-users mailing list