From owner-freebsd-net@freebsd.org Mon May 23 03:31:19 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EE2E7B462AE; Mon, 23 May 2016 03:31:19 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [78.47.246.247]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 7CD0C1706; Mon, 23 May 2016 03:31:18 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (root@eg.sd.rdtc.ru [62.231.161.221]) by hz.grosbein.net (8.14.9/8.14.9) with ESMTP id u4N3V6M7046751 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 23 May 2016 05:31:07 +0200 (CEST) (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: ler@lerctr.org Received: from eg.sd.rdtc.ru (eugen@localhost [127.0.0.1]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTP id u4N3V1Bt024465; Mon, 23 May 2016 10:31:01 +0700 (KRAT) (envelope-from eugen@grosbein.net) Subject: Re: NAT SIP ALG To: Larry Rosenman References: <5734D478.2010809@grosbein.net> <9F55FBCB-4B1A-4134-8912-9A5B25F37703@Lodge.me.uk> <5735C8FB.908@grosbein.net> <027cf5fb5beaf0ab01045f49a4a2adb1@thebighonker.lerctr.org> Cc: freebsd-net@freebsd.org, James Lodge , owner-freebsd-net@freebsd.org From: Eugene Grosbein X-Enigmail-Draft-Status: N1110 Message-ID: <57427975.4070404@grosbein.net> Date: Mon, 23 May 2016 10:31:01 +0700 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 MIME-Version: 1.0 In-Reply-To: <027cf5fb5beaf0ab01045f49a4a2adb1@thebighonker.lerctr.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_00, DATE_IN_FUTURE_96_Q, LOCAL_FROM autolearn=no version=3.3.2 X-Spam-Report: * 0.0 DATE_IN_FUTURE_96_Q Date: is 4 days to 4 months after Received: date * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * 2.6 LOCAL_FROM From my domains X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on hz.grosbein.net X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 May 2016 03:31:20 -0000 On 13.05.2016 20:32, Larry Rosenman wrote: > On 2016-05-13 07:30, Eugene Grosbein wrote: >> 13.05.2016 5:26, James Lodge wrote: >> >>> I use siproxd on pfsense and it works really well. >> >> How do you use them? >> >> I have SIP PBX inside private network that has old slow Cisco router as >> NAT box. >> >> The PBX registers with several distinct external SIP providers and >> accepts external >> calls for local call center. I need to replace Cisco router with >> something having much >> more horsepower and consider FreeBSD/amd64 but need to make sure SIP >> won't break. >> >> Will siproxd help me in such case? I still need the PBX to be able to >> register >> directly to external SIP providers as it is administrated by outsourced >> company. >> > > My asterisk server (pbx) registers through my NAT without ANY rules or > what have you. I do have the NAT > option turned on for the 4 providers I connect to. > > That said, sipoxd/pfSense may work as well. I do go through pfSense, > but again do NOT have any SUP proxying. The asterisk server just keeps > a registration open. > > I can get and receive calls. This network uses Asterisk too as internal IP PBX. My router has two external internet connections supplied by distinct ISPs. Internal PBX makes outgoing call using external SIP provider and uses something like this in the first INVITE packet: Content-Type: application/sdp. Content-Length: 268. . v=0. o=root 653657088 653657089 IN IP4 172.19.8.27. s=SimplePBX. c=IN IP4 172.19.8.27. Intelligent NAT ALG should replace noted internal IP with one of its external addresses corresponding to used IP route to SIP provider. How can incoming voice RTP traffic pass without such translation? Eugene Grosbein