Hi All,
Apologies to anyone if this is against the grain, I posted this at the SignalWire forum, but the readership here might be larger.
The original post is here: https://support.signalwire.com/port...l-profile-and-internal-profile-in-a-container
In effect, I have a Fusion + Freeswitch Install inside of a Podman (Docker like) container. The additional complication is there are
one/two routers, each doing natting or portforwarding to keep the whole system working.
I am able to make extension to extension calls internally whether the phones are on the same subnet as the container's host,
different subnets and also via the installation's natted public ip/dns name. I am trying to integrate a backend SIP Trunk. I created the Gateways and the external sip profile. I can make outbound calls. Everything works, the signalling and media. Inbound calls fail. The internal SIP device will ring, but the ACKs/SDP 200 OK seem to be directed at a non-routable IP addresses assigned by the container's internal networking scheme. The call coming from the backend provider rings, the internal SIP device attempts to answer, but the backend provider does not see the response.
I am pretty sure this is a natting problem. When I look at the Contact: element in the SDP 200 message from the internal device
to FS it shows:
Contact: <sip:1000@10.0.2.100:35096;received=10.0.2.100:35096;transport=tcp>;expires=600;+org.linphone.specs="conference/2.0,ephemeral/1.1,groupchat/1.2,lime"
That 10.0.2.100 address is not routable except inside the Podman container. The other odd thing is that in order to get the internal device to ring, it required me to add 10.0.2.100 to the providers ACL. Prior to adding this to the ACL, bridging would fail and the call would be terminated. I am not sure why inside of the same container it would be necessary to give ACLs to the bridge which is simply moving external to internal.
As in the original post, I am attaching the sip trace of the internal and external profile. It feels like I am totally goofing up something simple.
I've tried ACLs, acl-nat for different lists. Any help would be appreciated.
Thanks,
-Greg
Apologies to anyone if this is against the grain, I posted this at the SignalWire forum, but the readership here might be larger.
The original post is here: https://support.signalwire.com/port...l-profile-and-internal-profile-in-a-container
In effect, I have a Fusion + Freeswitch Install inside of a Podman (Docker like) container. The additional complication is there are
one/two routers, each doing natting or portforwarding to keep the whole system working.
I am able to make extension to extension calls internally whether the phones are on the same subnet as the container's host,
different subnets and also via the installation's natted public ip/dns name. I am trying to integrate a backend SIP Trunk. I created the Gateways and the external sip profile. I can make outbound calls. Everything works, the signalling and media. Inbound calls fail. The internal SIP device will ring, but the ACKs/SDP 200 OK seem to be directed at a non-routable IP addresses assigned by the container's internal networking scheme. The call coming from the backend provider rings, the internal SIP device attempts to answer, but the backend provider does not see the response.
I am pretty sure this is a natting problem. When I look at the Contact: element in the SDP 200 message from the internal device
to FS it shows:
Contact: <sip:1000@10.0.2.100:35096;received=10.0.2.100:35096;transport=tcp>;expires=600;+org.linphone.specs="conference/2.0,ephemeral/1.1,groupchat/1.2,lime"
That 10.0.2.100 address is not routable except inside the Podman container. The other odd thing is that in order to get the internal device to ring, it required me to add 10.0.2.100 to the providers ACL. Prior to adding this to the ACL, bridging would fail and the call would be terminated. I am not sure why inside of the same container it would be necessary to give ACLs to the bridge which is simply moving external to internal.
As in the original post, I am attaching the sip trace of the internal and external profile. It feels like I am totally goofing up something simple.
I've tried ACLs, acl-nat for different lists. Any help would be appreciated.
Thanks,
-Greg