You need to define another listen= without the advertise for communication with internal servers. Either another IP or another port.
/O > On 6 Sep 2020, at 17:34, Moshe Katz <[email protected]> wrote: > > Hello all, > > (Note: I previously posted a more detailed version of this question on > StackOverflow at https://stackoverflow.com/q/63760506/829970 > <https://stackoverflow.com/q/63760506/829970> . This version is simplified to > fit better in an email.) > > I have Kamailio 5.4.1 (and RTPEngine) running on an internal server with a > private IP address 172.31.7.96 and One-to-one NAT to an external IP address. > The external IP is 192.0.2.100. (Note: The internal IP addresses are all > unedited, but the public IPs have been replaced with TEST-NET-1 and > TEST-NET-2 example addresses.) I will eventually be doing transcoding with > RTPEngine, but for now this is a simple SIP Proxy. > > Kamailio is installed on Ubuntu 18.04 using the DEB packages from > dev.kamailio.org/kamailio54 <http://dev.kamailio.org/kamailio54> and is using > the stock configuration that comes with those packages, except for the > following changes: > > #!define WITH_NAT > #!define WITH_RTPENGINE > #!define WITH_MYSQL > #!define WITH_AUTH > #!define WITH_IPAUTH > > listen=udp:0.0.0.0:5060 <http://0.0.0.0:5060/> advertise 192.0.2.100:5060 > <http://192.0.2.100:5060/> > > #!define DBURL "mysql://kamailio:[email protected]/kamailio > <http://kamailio:[email protected]/kamailio>" > > I have internal SIP servers with private IP addresses in the 172.31.7.0/24 > <http://172.31.7.0/24> range that I want to have send all SIP traffic through > the Kamailio server. The internal servers are running a Java SIP client with > the `OUTBOUND_PROXY` setting set to 172.31.7.96. > > The problem I have is that the SIP `200 OK` message sent by Kamailio to my > SIP server has its `Record-Route` header set to the public IP address > `192.0.2.100` instead of the private address `172.31.7.96`. The SIP client > therefore tries to send the `ACK` message back to the public address, but it > has no route to the public address so the ACK never gets sent. > > How can I configure Kamailio to use the public IP for external traffic but > the private IP for communicating with internal machines on the same subnet? > > I tried setting `mhomed=1`, but the machine isn't actually multi-homed so > that didn't work. > > I thought of adding a second listen line `listen=udp:172.31.7.96:5061 > <http://172.31.7.96:5061/>` and having the internal servers talk to port > 5061, but that doesn't work because Kamailio uses the 5061 definition for the > external side too. > > I see in the docs that it is possible to name the listener lines, but I don't > understand how to use those names in a way that would be relevant to my issue. > > Thank you very much for your help, > > Moshe > _______________________________________________ > Kamailio (SER) - Users Mailing List > [email protected] > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________ Kamailio (SER) - Users Mailing List [email protected] https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
