[SR-Users] Using Kamalio as a proxy for internal servers

Henning Westerholt hw at skalatan.de
Fri Sep 11 11:58:17 CEST 2020


Hi Moshe,

usually you specify the socket that you be used (either by IP, or in new release by socket name). That can be done in the cfg or also in some modules, e.g. dispatcher.

Cheers,

Henning

--
Henning Westerholt – https://skalatan.de/blog/
Kamailio services – https://gilawa.com<https://gilawa.com/>

From: sr-users <sr-users-bounces at lists.kamailio.org> On Behalf Of Moshe Katz
Sent: Monday, September 7, 2020 2:45 PM
To: Kamailio (SER) - Users Mailing List <sr-users at lists.kamailio.org>
Subject: Re: [SR-Users] Using Kamalio as a proxy for internal servers

Olle,
If I define another listen line, how do I tell Kamailio to use one listen line for inside traffic and the other for outside traffic?


Sergey,

Using IPv6 internally is a great idea. I'll have to see if I can try it.


Thank you both!


On Mon, Sep 7, 2020 at 7:39 AM Olle E. Johansson <oej at edvina.net<mailto:oej at edvina.net>> wrote:



On 7 Sep 2020, at 12:24, Sergey Safarov <s.safarov at gmail.com<mailto:s.safarov at gmail.com>> wrote:

To resolve such an issue I switched to use IPv6 on internal SIP servers for signaling and IPv4 for RTPmedia.

For me works like a charm.
Very elegant solution!

/O


On Mon, Sep 7, 2020 at 9:58 AM Olle E. Johansson <oej at edvina.net<mailto:oej at edvina.net>> wrote:
You need to define another listen= without the advertise for communication with internal servers. Either another IP or another port.

/O


On 6 Sep 2020, at 17:34, Moshe Katz <kohenkatz at gmail.com<mailto:kohenkatz at gmail.com>> wrote:

Hello all,

(Note: I previously posted a more detailed version of this question on StackOverflow at https://stackoverflow.com/q/63760506/829970 . This version is simplified to fit better in an email.)

I have Kamailio 5.4.1 (and RTPEngine) running on an internal server with a private IP address 172.31.7.96 and One-to-one NAT to an external IP address. The external IP is 192.0.2.100. (Note: The internal IP addresses are all unedited, but the public IPs have been replaced with TEST-NET-1 and TEST-NET-2 example addresses.) I will eventually be doing transcoding with RTPEngine, but for now this is a simple SIP Proxy.

Kamailio is installed on Ubuntu 18.04 using the DEB packages from dev.kamailio.org/kamailio54<http://dev.kamailio.org/kamailio54> and is using the stock configuration that comes with those packages, except for the following changes:


#!define WITH_NAT

#!define WITH_RTPENGINE

#!define WITH_MYSQL

#!define WITH_AUTH

#!define WITH_IPAUTH



listen=udp:0.0.0.0:5060<http://0.0.0.0:5060/> advertise 192.0.2.100:5060<http://192.0.2.100:5060/>



#!define DBURL "mysql://kamailio:REAL_PASSWORD_HERE@127.0.0.1/kamailio<http://kamailio:REAL_PASSWORD_HERE@127.0.0.1/kamailio>"

I have internal SIP servers with private IP addresses in the 172.31.7.0/24<http://172.31.7.0/24> range that I want to have send all SIP traffic through the Kamailio server. The internal servers are running a Java SIP client with the `OUTBOUND_PROXY` setting set to 172.31.7.96.

The problem I have is that the SIP `200 OK` message sent by Kamailio to my SIP server has its `Record-Route` header set to the public IP address `192.0.2.100` instead of the private address `172.31.7.96`. The SIP client therefore tries to send the `ACK` message back to the public address, but it has no route to the public address so the ACK never gets sent.

How can I configure Kamailio to use the public IP for external traffic but the private IP for communicating with internal machines on the same subnet?

I tried setting `mhomed=1`, but the machine isn't actually multi-homed so that didn't work.

I thought of adding a second listen line `listen=udp:172.31.7.96:5061<http://172.31.7.96:5061/>` and having the internal servers talk to port 5061, but that doesn't work because Kamailio uses the 5061 definition for the external side too.

I see in the docs that it is possible to name the listener lines, but I don't understand how to use those names in a way that would be relevant to my issue.

Thank you very much for your help,

Moshe
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users at lists.kamailio.org<mailto:sr-users at lists.kamailio.org>
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users at lists.kamailio.org<mailto:sr-users at lists.kamailio.org>
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users at lists.kamailio.org<mailto:sr-users at lists.kamailio.org>
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users at lists.kamailio.org<mailto:sr-users at lists.kamailio.org>
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20200911/1a9fb583/attachment.htm>


More information about the sr-users mailing list