Thank you Daniel for your answer, As you mention, there is a symmetric nat and router does not allow a static NAT.
By sniffing traffic I can see the port is using new but in case it change, how can automate the process of advertising the correct port? Cheers! ---------- Forwarded message ---------- From: Daniel-Constantin Mierla <mico...@gmail.com> Date: 2016-01-13 23:28 GMT+01:00 Subject: Re: [SR-Users] Kamailio and NAT To: "Kamailio (SER) - Users Mailing List" <sr-users@lists.sip-router.org> Hello, it looks like you have a symmetric nat router, so the allocated port is randomly selected. If you don't control the nat router to set a static forwarding rule or it doesn't provide the option to set static forwarding, then you are pretty much left with sniffing the traffic to discover the external port and advertise it. Cheers, Daniel On 13/01/16 20:31, Nelson Migliaro wrote: Hello, I finally were able to run my Kamailio behind NAT but in order to accomplish that I included: listen=udp:SOURCE-IP:5060 advertise PUBLIC-IP:52548 52548 is the port my internet router change when doing NAT (5060->52548). I found this port sniffing traffic Conclusions at this point are: ---------------------------------------------1-------------------------------------------------------------------------------------------------- If I use this line: listen=udp:SOURCE-IP:5060 advertise PUBLIC-IP:5060 it does not work :( When I dial a call, INVITE / ACK / Trying / OK goes fine because they are part of the same transaction When remote party disconnects the call, BYE goes to PUBLIC-IP port 5060 and router blocks de request. I assume vendor sends BYE to 5060 because it is a new transaction -----------------------------------------------2-------------------------------------------------------------------------------------------------- If I use this line: listen=udp:SOURCE-IP:5060 advertise PUBLIC-IP:52548 it work !!!!!! When I dial a call, INVITE / ACK / Trying / OK goes fine because they are part of the same transaction When remote party disconnects the call, BYE goes to PUBLIC-IP port 52548 and router forward the request to Kamailio. Since there is an open connection. I need to find the way to find the way to advertise the public port internet router is doing NAT (PAT). --------------------------------------------------------------------------------------------------------------------------------------------------- This trace is a call that worked fine because I included line: listen=udp:SOURCE-IP:5060 advertise PUBLIC-IP:52548 This trace is an INVITE with this line: listen=udp:SOURCE-IP:5060 advertise PUBLIC-IP:52548 2016/01/13 20:10:15.793568 PRIVATE-IP-KAMAILIO:5060 -> VENDOR-IP:5060 INVITE sip:NUM-DESTINATION@VENDOR-IP SIP/2.0 Record-Route: < sip:PUBLIC-IP:52548;lr=on;ftag=as3b72a453;vsf=AAAAAAEECQkCAgsNAXBeL0NPXVQfU0suMTY5LjIzMQ--;vst=AAAAAAAAAAAAAAAAAABCUEIAX1lKWF5MF0tB A-;nat=yes> Via: SIP/2.0/UDP PUBLIC-IP:52548;branch=z9hG4bKdd74.992e238037882e809653f713a5a580a9.0 Via: SIP/2.0/UDP PRIVATE-IP-SOFTPHONE:5060;received=PRIVATE-IP-SOFTPHONE;branch=z9hG4bK2f4e76ba;rport=5060 Max-Forwards: 69 From: NUM-SOURCE <sip:NUM-SOURCE@PRIVATE-IP-KAMAILIO>;tag=as3b72a453 To: <sip:NUM-DESTINATION@sip.VENDOR-IP> Contact: <sip:NUM-SOURCE@PRIVATE-IP-SOFTPHONE:5060;alias=PUBLIC-IP~5060~1> Call-ID: 329950447629810f7bdeaeed0cc034e1@PRIVATE-IP-SOFTPHONE:5060 CSeq: 102 INVITE User-Agent: Kamailio Date: Wed, 13 Jan 2016 19:10:15 GMT Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE Supported: replaces, timer Content-Type: application/sdp Content-Length: 255 Trying..... 2016/01/13 20:10:15.842055 VENDOR-IP:5060 -> PRIVATE-IP-KAMAILIO:5060 SIP/2.0 100 trying -- your call is important to us Via: SIP/2.0/UDP PUBLIC-IP:52548;branch=z9hG4bKdd74.992e238037882e809653f713a5a580a9.1;rport=52548 Via: SIP/2.0/UDP PRIVATE-IP-SOFTPHONE:5060;received=PRIVATE-IP-SOFTPHONE;branch=z9hG4bK2f4e76ba;rport=5060 From: NUM-SOURCE <sip:NUM-SOURCE@PRIVATE-IP-KAMAILIO>;tag=as3b72a453 To: <sip:NUM-DESTINATION@VENDOR-IP> Call-ID: 329950447629810f7bdeaeed0cc034e1@PRIVATE-IP-SOFTPHONE:5060 CSeq: 102 INVITE Server: kamailio Content-Length: 0 And finally a BYE 2016/01/13 20:10:28.545526 VENDOR-IP:5060 -> PRIVATE-IP-KAMAILIO:5060 BYE sip:34982298000@PRIVATE-IP-SOFTPHONE:5060;alias=PUBLIC-IP~5060~1 SIP/2.0 Via: SIP/2.0/UDP VENDOR-IP;branch=z9hG4bK26d8.847e6e14eef37e2cfc8b5e81d33de73d.0 From: <sip:675896262@PRIVATE-IP-KAMAILIO>;tag=gK0293ed93 To: "NUM-SOURCE" <sip:NUM-SOURCE@ <sip%3anum-sou...@norvoz.es>VENDOR-IP >;tag=as3b72a453 Call-ID: 329950447629810f7bdeaeed0cc034e1@PRIVATE-IP-SOFTPHONE:5060 CSeq: 28731 BYE Max-Forwards: 69 Route: < sip:PUBLIC-IP:52548;lr=on;ftag=as3b72a453;vsf=AAAAAAEECQkCAgsNAXBeL0NPXVQfU0suMTY5LjIzMQ--;vst=AAAAAAAAAAAAAAAAAABCUEIAX1lKWF5MF0tBMzA-;na yes> Reason: Q.850;cause=16 Content-Length: 0 ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- Finally, It is finally working because I hardcoded NAT´d port. I would like to find a way to avoid setting the port in "hard". Thank you -- Daniel-Constantin Mierlahttp://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda Book: SIP Routing With Kamailio - http://www.asipto.comhttp://miconda.eu _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
