I hate to plug my own articles, but in this case it might help:
http://www.evaristesys.com/blog/kamailio-as-an-sbc-five-years-on/
-- Sent from mobile. Apologies for brevity and errors.
-----Original Message----- From: Ellad Yatsko eyatsko@ngs.ru To: sr-users@lists.kamailio.org Sent: Mon, 22 Oct 2018 3:28 AM Subject: [SR-Users] Kamailio as SBC
Hello!
I'd like to implement the following diagram:
Users -> Internet -> Kamailio -> Asterisk
1. Kamailio has no own users, it just re-writes headers and re-send REGISTER messages to Asterisk where usres are located.
2. Depending on Astersisk's answers Kamailio either form UL (using original IP from the first, original REGISTER from Users) or translates Asterisk's answer back to Users. If it is error (e.g. forbidden/notfound) Kamailio blocks User's IP (for instance using pike module) and Fail2Ban adds affected IP into IPSet's List to block it by IPTables Permanently.
3. INVITEs are translated to Asterisk as to the only Upstream SIP-Server. And again Errors from Asterisk are processed in the same way as Bad REGISTERs. Pike in conjunction with IPSet/IPTables block affected IPs.
4. Astersisk sees all registrations from Internet user as they are directly behind Kamailio. Kamailio rewirtes headers twice: from Users to Asterisk and from Asterisk to Users - this allows to hide topology from users (they deal ONLY with Kamailio) and block non-static IPs on the Asterisk's side.
Is this possible?
Kind regards, Ellad Yatsko
_______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users