[OpenSIPS-Users] mhomed OpenSIPs behind NAT - How to control NAT IP
Bogdan-Andrei Iancu
bogdan at opensips.org
Mon Apr 7 09:45:41 UTC 2025
Hi Antonios,
There are 2 different approaches here.
a) you can use the set_advertised_address(), in a per message manner,
but sometimes is difficult to control (you need to manually do the
persistence across the call)
https://www.opensips.org/Documentation/Script-CoreFunctions-3-5#set_advertised_address
b) if you have only 2 classes of sources (from public network and from
private network), just use 2 different sockets with different
advertising. Say 10.0.0.10:5060 no advertising, for traffic from
10.0.x.x, and 10.0.0.10:5066 with advertising of 1.2.3.4:5060 (the nat
fwd should be from 1.2.3.4:5060 -> 10.0.0.10:5066 !) for the public
traffic. This is much easier to deal with, as the depending on which
interface the traffic goes, the advertising will automatically be done.
Best regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
https://www.opensips-solutions.com
https://www.siphub.com
On 03.04.2025 16:56, Antonios Psaras wrote:
>
> Hello Bogdan.
>
> What we need is to advertise different IP for the same interface
> different IP based on Client Source IP.
>
> For example
>
> OpenSIPs Interface IP is 10.0.0.10 and NAT IP is 1.2.3.4
>
> When Client IP is 10.0.0.100 we need to advertise 10.0.0.10
>
> When Client IP is 4.3.2.1 we need to advertise 1.2.3.4
>
> Thank you once more for your support
>
> Best regards
>
> Antonis Psaras
>
> *From:* Bogdan-Andrei Iancu <bogdan at opensips.org>
> *Sent:* Πέμπτη, 3 Απριλίου 2025 09:57
> *To:* apsaras at microbase.gr; 'OpenSIPS users mailling list'
> <users at lists.opensips.org>; 'Johan De Clercq' <Johan at democon.be>
> *Subject:* Re: [OpenSIPS-Users] mhomed OpenSIPs behind NAT - How to
> control NAT IP
>
> Hi,
>
> You can have a socket on the private interface (behind NAT) which is
> advertising in the outbound SIP packages a different IP address (the
> public IP of the NAT , for example) than the one of the socket.
>
> Isn't this what you were asking for?
>
> Regards,
>
> Bogdan-Andrei Iancu
> OpenSIPS Founder and Developer
> https://www.opensips-solutions.com
> https://www.siphub.com
>
> On 02.04.2025 15:32, Antonios Psaras wrote:
>
> Thank you Bogdan.
>
> I can not see how advertise option will be use in that case.
>
> We use the socket option and my question is if I can handle that
> within the script.
>
> Ie.
>
> socket = udp:10.0.0.10:5060 as 1.2.3.4:5060
>
> if source_ip=~”^10.”
>
> Do not use NAT IP on header
>
> else
>
> User it.
>
> *From:* Bogdan-Andrei Iancu <bogdan at opensips.org>
> <mailto:bogdan at opensips.org>
> *Sent:* Τετάρτη, 2 Απριλίου 2025 15:03
> *To:* apsaras at microbase.gr; OpenSIPS users mailling list
> <users at lists.opensips.org> <mailto:users at lists.opensips.org>;
> 'Johan De Clercq' <Johan at democon.be> <mailto:Johan at democon.be>
> *Subject:* Re: [OpenSIPS-Users] mhomed OpenSIPs behind NAT - How
> to control NAT IP
>
> Hi Antonioss,
>
> See the "advertise" option - there is a global one, or a
> per-socket on:
> https://www.opensips.org/Documentation/Script-CoreParameters-3-5#advertised_address
> https://www.opensips.org/Documentation/Script-CoreParameters-3-5#socket
> (the AS option)
>
> Regards,
>
>
> Bogdan-Andrei Iancu
>
>
>
> OpenSIPS Founder and Developer
>
> https://www.opensips-solutions.com
>
> https://www.siphub.com
>
> On 02.04.2025 15:00, Antonios Psaras wrote:
>
> Hello Johan
>
> Thank you for your prompt reply.
>
> My question is how do I force opensips not to use NAT IP which
> is defined on socket level?
>
> As you mention rtpengine as well, what flags should I pass in
> order not to use the NAT IP which is also defined as
> configuration on “external” interface.
>
> Thank you once more for your support.
>
> *Antonis Psaras*
>
> *From:* Johan De Clercq <Johan at democon.be>
> <mailto:Johan at democon.be>
> *Sent:* Τετάρτη, 2 Απριλίου 2025 13:23
> *To:* apsaras at microbase.gr; OpenSIPS users mailling list
> <users at lists.opensips.org> <mailto:users at lists.opensips.org>
> *Subject:* Re: [OpenSIPS-Users] mhomed OpenSIPs behind NAT -
> How to control NAT IP
>
> Antonias,
>
> yes you can. You need to if then else the stuff. if
> $si==1.2.34 then use nat
>
> else don't use nat.
>
> Note, not only for opensips headers, but you will also need
> different flags for rtpengine.
>
> Op wo 2 apr 2025 om 11:35 schreef Antonios Psaras
> <apsaras at microbase.gr>:
>
> Dear all.
>
> I have the following setup.
>
> OpenSIPs Server has two interfaces (DMZ / LAN). DMZ is
> behind NAT. RTP Engines is also configured.
>
> Everything was fine until an end point with in DMZ asked
> for SIP Trunking. The issue here is that if DMZ Client
> tries to connect to OpenSIPs DMZ interface, OpenSIPs will
> reply with NAT IP on SIP body as well as NAT IP on SDP.
>
> My thought is to create an other socket on DMZ interface
> with a different port without NAT configuration and ask
> the DMZ Client to connect on that interface. That will
> required extra configuration per peer as I will need to
> specify the preferred communication socket ie on load
> balancing configuration. Moreover I should configure a new
> RTPEngine Service without NAT configuration and route
> those calls to that one.
>
> Most probably the above scenario will work but I am
> looking for any alternatives to minimize configuration and
> complexity.
>
> Is there any way to control the usage of NAT IP on
> OpenSIPs script. Ie if source IP is with in DMZ do not
> send NAT IP in SIP Headers.
>
> Regards
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
>
>
> _______________________________________________
>
> Users mailing list
>
> Users at lists.opensips.org
>
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20250407/46fe328c/attachment.html>
More information about the Users
mailing list