[OpenSIPS-Users] mhomed OpenSIPs behind NAT - How to control NAT IP

Antonios Psaras apsaras at microbase.gr
Thu Apr 3 13:56:31 UTC 2025 

Hello Bogdan.

 

What we need is to advertise different IP for the same interface different IP based on Client Source IP.

 

For example

 

OpenSIPs Interface IP is 10.0.0.10 and NAT IP is 1.2.3.4

 

When Client IP is 10.0.0.100 we need to advertise 10.0.0.10

 

When Client IP is 4.3.2.1 we need to advertise 1.2.3.4

 

Thank you once more for your support

 

Best regards

 

Antonis Psaras

 

 

From: Bogdan-Andrei Iancu <bogdan at opensips.org> 
Sent: Πέμπτη, 3 Απριλίου 2025 09:57
To: apsaras at microbase.gr; 'OpenSIPS users mailling list' <users at lists.opensips.org>; 'Johan De Clercq' <Johan at democon.be>
Subject: Re: [OpenSIPS-Users] mhomed OpenSIPs behind NAT - How to control NAT IP

 

Hi,

You can have a socket on the private interface (behind NAT) which is advertising in the outbound SIP packages a different IP address (the public IP of the NAT , for example) than the one of the socket.

Isn't this what you were asking for?

Regards,



Bogdan-Andrei Iancu
 
OpenSIPS Founder and Developer
  https://www.opensips-solutions.com
  https://www.siphub.com

On 02.04.2025 15:32, Antonios Psaras wrote:

Thank you Bogdan.

 

I can not see how advertise option will be use in that case.

 

We use the socket option and my question is if I can handle that within the script.

 

Ie.

 

socket = udp:10.0.0.10:5060 as 1.2.3.4:5060

 

if source_ip=~”^10.”

                Do not use NAT IP on header

else

                User it.

 

 

 

From: Bogdan-Andrei Iancu  <mailto:bogdan at opensips.org> <bogdan at opensips.org> 
Sent: Τετάρτη, 2 Απριλίου 2025 15:03
To: apsaras at microbase.gr <mailto:apsaras at microbase.gr> ; OpenSIPS users mailling list  <mailto:users at lists.opensips.org> <users at lists.opensips.org>; 'Johan De Clercq'  <mailto:Johan at democon.be> <Johan at democon.be>
Subject: Re: [OpenSIPS-Users] mhomed OpenSIPs behind NAT - How to control NAT IP

 

Hi Antonioss,

See the "advertise" option - there is a global one, or a per-socket on:
    https://www.opensips.org/Documentation/Script-CoreParameters-3-5#advertised_address
    https://www.opensips.org/Documentation/Script-CoreParameters-3-5#socket  (the AS option)

Regards,




Bogdan-Andrei Iancu
 
OpenSIPS Founder and Developer
  https://www.opensips-solutions.com
  https://www.siphub.com

On 02.04.2025 15:00, Antonios Psaras wrote:

Hello Johan

 

Thank you for your prompt reply.

 

My question is how do I force opensips not to use NAT IP which is defined on socket level?

 

As you mention rtpengine as well, what flags should I pass in order not to use the NAT IP which is also defined as configuration on “external” interface.

 

Thank you once more for your support.

 

Antonis Psaras

 

From: Johan De Clercq  <mailto:Johan at democon.be> <Johan at democon.be> 
Sent: Τετάρτη, 2 Απριλίου 2025 13:23
To: apsaras at microbase.gr <mailto:apsaras at microbase.gr> ; OpenSIPS users mailling list  <mailto:users at lists.opensips.org> <users at lists.opensips.org>
Subject: Re: [OpenSIPS-Users] mhomed OpenSIPs behind NAT - How to control NAT IP

 

Antonias, 

yes you can.  You need to if then else the stuff.  if $si==1.2.34 then use nat 

                                                                                                    else don't use nat.

 

Note, not only for opensips headers, but you will also need different flags for rtpengine. 

 

 

 

Op wo 2 apr 2025 om 11:35 schreef Antonios Psaras <apsaras at microbase.gr <mailto:apsaras at microbase.gr> >:

Dear all.

 

I have the following setup.

 

OpenSIPs Server has two interfaces (DMZ / LAN). DMZ is behind NAT. RTP Engines is also configured.

 

Everything was fine until an end point with in DMZ asked for SIP Trunking. The issue here is that if DMZ Client tries to connect to OpenSIPs DMZ interface, OpenSIPs will reply with NAT IP on SIP body as well as NAT IP on SDP.

 

My thought is to create an other socket on DMZ interface with a different port without NAT configuration and ask the DMZ Client to connect on that interface. That will required extra configuration per peer as I will need to specify the preferred communication socket ie on load balancing configuration. Moreover I should configure a new RTPEngine Service without NAT configuration and route those calls to that one. 

 

Most probably the above scenario will work but I am looking for any alternatives to minimize configuration and complexity. 

 

Is there any way to control the usage of NAT IP on OpenSIPs script. Ie if source IP is with in DMZ do not send NAT IP in SIP Headers.

 

Regards

 

_______________________________________________
Users mailing list
Users at lists.opensips.org <mailto:Users at lists.opensips.org> 
http://lists.opensips.org/cgi-bin/mailman/listinfo/users






_______________________________________________
Users mailing list
Users at lists.opensips.org <mailto:Users at lists.opensips.org> 
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20250403/44d193f7/attachment.html>

More information about the Users mailing list