Check if you are not using NAT gateway IP address for outgoing packets.
On 3 Oct 2024, at 15:39, Ben Kaufman via sr-users sr-users@lists.kamailio.org wrote:
Following up here. On the host where I had the problem I changed from using docker's bridged network to using host mode networking, and the problem persisted, then matching your description. I rebooted the host. My only guess is that there was some type of state being inaccurately tracked by the host firewall as the underlying issue, because it happened with only one target, and the translated port was persistent across Kamailio restarts. Did you find out anything more about your problem?
Regards, Kaufman
From: David Villasmil <david.villasmil.work@gmail.com mailto:david.villasmil.work@gmail.com> Sent: Tuesday, September 10, 2024 9:26 AM To: Ben Kaufman <bkaufman@bcmone.com mailto:bkaufman@bcmone.com> Cc: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org mailto:sr-users@lists.kamailio.org> Subject: Re: [SR-Users] kamailio sending from udp non-listening port
CAUTION: This email originated from outside the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
Hello ben,
Yes it’s running on kubernetes, but I’m using host networking, so it shouldn’t do that.. I don’t think it’s on Kamailio’s side, but maybe someone has gone through this and can help us!
Regards,
David Villasmil email: david.villasmil.work@gmail.com mailto:david.villasmil.work@gmail.com
On Tue, 10 Sep 2024 at 15:30, Ben Kaufman <bkaufman@bcmone.com mailto:bkaufman@bcmone.com> wrote: I have a similar issue, but my case is even more simple in that I have only a single UDP socket. Are you running Kamailio in docker? In my case, I was able to observe that Kamailio was using the correct socket address and port, but docker's outbound NAT, was changing not only the source address of the packet, but also the source port as well. Host is running Amazon Linux 2023, docker from their packages.
Kaufman Senior Voice Engineer
E: bkaufman@bcmone.com mailto:bkaufman@bcmone.com
SIP.US https://www.google.com/url?q=http://sip.us/&source=gmail-imap&ust=1728568955000000&usg=AOvVaw37L0ij8aOQb8-wBFWCUa-_ Client Support: 800.566.9810 | SIPTRUNK Client Support: 800.250.6510 | Flowroute Client Support: 855.356.9768 https://www.google.com/url?q=https://www.sip.us/&source=gmail-imap&ust=1728568955000000&usg=AOvVaw02JU_oSfqgH9BK9v5k8Qto https://www.google.com/url?q=https://www.siptrunk.com/&source=gmail-imap&ust=1728568955000000&usg=AOvVaw3SJ9Vi5uKUE9l0Sy_wO1dN https://www.google.com/url?q=https://www.flowroute.com/&source=gmail-imap&ust=1728568955000000&usg=AOvVaw3bIiB1z2lr8wz-kfgCGtaa
From: David Villasmil via sr-users <sr-users@lists.kamailio.org mailto:sr-users@lists.kamailio.org> Sent: Tuesday, September 10, 2024 5:31 AM To: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org mailto:sr-users@lists.kamailio.org> Cc: David Villasmil <david.villasmil.work@gmail.com mailto:david.villasmil.work@gmail.com> Subject: [SR-Users] kamailio sending from udp non-listening port
CAUTION: This email originated from outside the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
Hello guys,
i'm seeing something weird, and i'm working if you can let me know. I have a kamailio in AWS with a private IP listening on several sockets:
Listening on udp: 10.1.2.36:5070 https://www.google.com/url?q=http://10.1.2.36:5070/&source=gmail-imap&ust=1728568955000000&usg=AOvVaw0DPm8YcAkmGRRF2AjIrB-p udp: 10.1.2.36:5080 https://www.google.com/url?q=http://10.1.2.36:5080/&source=gmail-imap&ust=1728568955000000&usg=AOvVaw1_GxG1eIBK02zzEZXOmWZ5 udp: 10.1.2.36:5160 https://www.google.com/url?q=http://10.1.2.36:5160/&source=gmail-imap&ust=1728568955000000&usg=AOvVaw0YqWXjLvXCDs7TvofLr51b advertise 4.3.2.1:5160 https://www.google.com/url?q=http://4.3.2.1:5160/&source=gmail-imap&ust=1728568955000000&usg=AOvVaw039p3o3LLRHohjyv74Ik53 udp: 0.0.0.0:5066 https://www.google.com/url?q=http://0.0.0.0:5066/&source=gmail-imap&ust=1728568955000000&usg=AOvVaw2pn-ls2XoqNhMCB9o9xGce tls: 10.1.2.36:443 https://www.google.com/url?q=http://10.1.2.36:443/&source=gmail-imap&ust=1728568955000000&usg=AOvVaw2vTT6rqqni7NdTei3R3rFB advertise sip.something.com:443 https://www.google.com/url?q=http://sip.something.com:443/&source=gmail-imap&ust=1728568955000000&usg=AOvVaw09ml85A5cPLWH7Iots0ENy tls: 10.1.2.36:444 https://www.google.com/url?q=http://10.1.2.36:444/&source=gmail-imap&ust=1728568955000000&usg=AOvVaw2iitiO3VCfeOPqA2vWDV1j advertise sip.something.com:444 https://www.google.com/url?q=http://sip.something.com:444/&source=gmail-imap&ust=1728568955000000&usg=AOvVaw3phHn-MBN7P8TxYXOcgrJO tls: 10.1.2.36:5061 https://www.google.com/url?q=http://10.1.2.36:5061/&source=gmail-imap&ust=1728568955000000&usg=AOvVaw0HjRKnDFlHM6dT3o4ODrU8
When forwarding a udp invite received on 10.1.2.36:5080 https://www.google.com/url?q=http://10.1.2.36:5080/&source=gmail-imap&ust=1728568955000000&usg=AOvVaw1_GxG1eIBK02zzEZXOmWZ5 to a public ip provider say on 8.8.8.8:5060 https://www.google.com/url?q=http://8.8.8.8:5060/&source=gmail-imap&ust=1728568955000000&usg=AOvVaw22D_m1M8rAFfjghqMFvrak, i'm forcing the outgoing socket with force_socket via 10.1.2.36:5160 https://www.google.com/url?q=http://10.1.2.36:5160/&source=gmail-imap&ust=1728568955000000&usg=AOvVaw0YqWXjLvXCDs7TvofLr51b. But the outgoing invite does NOT use 5160, it uses some random port...
Anybody knows why this might be?
my problem is, that call goes to freeswitch... call is setup properly and connects fine. But 15 minutes later the end provider sends back a reINVITE, which freeswitch then sends TO THE RANDOM PORT kamailio used to send the INVITE... but by this time kamailio doesn't seem to even see the packet...
help is greatly appreciated!
David
Regards,
David Villasmil email: david.villasmil.work@gmail.com mailto:david.villasmil.work@gmail.com
Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: