A problem NAT traversal

[fangqikun]

1. Brekeke Product Name and Version: 3.5.5.2/424-1

2. Java version: OpenJDK 64-Bit Server VM 1.7.0_95

3. OS type and the version:CentOS 6.7 2.6.32-573.18.1.el6.x86_64

4. UA (phone), gateway or other hardware/software involved: eyebeam

5. Your problem:
i configure brekeke server IP address 10.34.14.24, and mapped to the public IP address 61.132.137.139, in WEB interface "network - Interface address 1" Enter the public IP address "61.132.137.139", when public and private network client called, the packet capture as follows:

server:
https://imageshack.com/i/pmE3Y8plp

public client
https://imageshack.com/i/pnUhmUHcp

brekeke server forwards private network client 200 OK message to the public network client, sends the address 10.34.14.24, public network client after receiving the message, SDP message sent to the 10.34.14.24, not 61.132.137.139.
What caused the problem?

[ambrosio]

Do you have any settings at [Remote Address Pattern 1] and [External IP address pattern] in [Configuration]->[System] page?

They should be blank.



Also do you have any DialPlan rules?

[fangqikun]

[Remote Address Pattern 1] and [External IP Address Pattern] is blank, I don't have set any DialPlan rules

[ambrosio]

Can you see the global IP address "61.132.137.139" in the SIP Server's Status page as "interface"? If not, restart the SIP Server.

Are there any other IP addresses shown as "interface"?

[fangqikun]

Can you see the global IP address "61.132.137.139" in the SIP Server's Status page as "interface"? If not, restart the SIP Server.

Are there any other IP addresses shown as "interface"?

interface: 61.132.137.139,10.34.14.24

[ambrosio]

Can you capture packets at the SIP Server's PC (10.34.14.24)?
If so, can you paste the "200 OK" SIP packet here?

[fangqikun]

it is my 10.34.14.24 packets

http://imageshack.com/a/img922/1923/SAhMzR.png

[ambrosio]

It seems 10.34.14.30 behaves weird.

It should act as a router but it seems not.
What kind of product is it?

Can you find SIP-ALG option in the 10.34.14.30's setting? If so, disable it.

[fangqikun]

10.34.14.30 is a Fortinet firewall, I have closed the sip-alg before, but I think it has nothing to do with the firewall. In another test environment,when brekeke sip server sends 200 OK SDP to the public network client, the IP address within the data packet has been modified into Brekeke sip server's public IP address. in the problems environment,When Brekeke sip server in the public network to send 200 OK SDP, IP addresses of the data package is still a private IP address of the Brekeke sip server.

I think problem is that the judge client wrong of private or public network of Brekeke Sip Server. How do I force the server to assume that the client is in the public as well?

normal test environment
http://imageshack.com/a/img922/6783/ElZaYG.png

brekeke sip server: LAN: 192.168.31.146 GATEWAY: 192.168.31.1 Public IP : 114.97.65.168
public Client: Lan: 10.137.185.132 Public IP: 183.162.9.185

Lan client: 192.168.31.174


Problems Test Environment

https://imageshack.com/i/pmSAhMzRp
Brekeke sip server: LAN: 10.34.14.24 GATEWAY: 10.34.14.30 Public IP: 61.132.137.139

public client: LAN: 192.168.31.174

Lan Client: Lan: 10.34.240.131

[ambrosio]

The best way is you use another router/firewall as you does at another environment.
The current firewall doesn't handle packet routing correctly.

As you recognized, the firewall replaced the sender's IP address with its local IP address.

http://imageshack.com/i/pmE3Y8plp
Refer the above image. As you can see, the INVITE packet seems sent from 10.34.14.30 but it should indicate the client side's public IP address.
Since the INVITE looks came from the same LAN, Brekeke SIP Server doesn't handle NAT.


Anyway.. let you try this DialPaln rule. It will point 61.132.137.139 in SDP. If it doesn't work, you may need to use another firewall.

[Matching Patterns]
$request = ^INVITE
$addr = 10.34.14.30

[Deploy Patterns]
&net.rtp.ifsrc = 61.132.137.139
$continue = true