Skip to main content

General NAT example scenarios

Click here to expand Table of Contents

Scenario 1

FS (192.168.0.4) -> NAT (Public IP 1.2.3.4) -> INTERNET -> NAT (Public IP 5.6.7.8) -> FS (192.168.0.5)

In this scenario you have to do two things.

  1. Setup a profile with ext-sip-ip and ext-rtp-ip set.
  2. If you setup ext-sip-ip and ext-rtp-ip on a profile then that profile CAN NOT BE USED BY ANYTHING BEHIND THE SAME NAT PERIOD.
  3. Port forward the ports for that profile.

Scenario 2

FS (192.168.0.4) -> NAT (Public IP 1.2.3.4) -> INTERNET -> NAT (Public IP 5.6.7.8) -> PHONE (192.168.1.100)

Prior to setting up your plan you must decide which domain you are going to use for your phone registration and which port the profile will listen to. The general SIP structure being.

Phone {port} -> NAT 1 -> INTERNET -> NAT 2 -> {port}FS sip_profile {sip_profile domain} -> REGISTER {sip_profile domain} or Dialplan {sip_profile domain}

The easiest would be to use the default domain. Keeping in mind you still have to create a new sip_profile (for example, we'll call it doublenat.xml) to handle the double NAT. The steps look like this.

  1. copy the external.xml and rename it doublenat.xml
  2. in doublenat.xml, change the profile name: <profile name="doublenat">
  3. add the <param name="ext-rtp-ip" value="$${external_rtp_ip}"/>
  4. add the <param name="ext-sip-ip" value="$${external_sip_ip}"/>
  5. add the <param name="force-register-domain" value="$${domain}"/>
  6. add the <param name="auth-calls" value="true"/>
  7. change port to 5090 ( make sure to change it on the phone as well )
  8. add the <param name="aggressive-nat-detection" value="true"/>
  9. add the <param name="apply-nat-acl" value="rfc1918"/>
  10. register the phone
  11. check to see if your phone is registered with the doublenat profile.
sofia status profile doublenat

If your phone is not registered to doublenat then add :5090 to the domain/proxy on the phone configuration.

Example External IP:

 216.109.112.135:5090

Example Domain:

example.com:5090

Keep in mind this profile will only be suitable for the double NAT scenario. Also keep in mind that this is the toughest scenario to conquer so you still may have adjustments on your phone or router.

Scenario 3

FS (192.168.0.4) -> NAT (Public IP 1.2.3.4) -> INTERNET -> Softphone Registering to FS

In this scenario you also need a dedicated profile. Getting devices to register to your FS instance sitting behind NAT.

  1. dedicated profile with ext-sip-ip and ext-rtp-ip set. Again NOTHING BEHIND THE SAME NAT WILL BE ABLE TO USE THIS PROFILE PERIOD.

Scenario 4

PHONE -> FS -> NAT -> Public Internet

In this case you setup a profile for the phones to register without the ext-sip-ip and ext-rtp-ip options set. This profile would be used for all devices registering to the

FS instance that are behind the same NAT.

Then your outbound call would traverse another profile setup to bust through the NAT with the proper ext-sip-ip and ext-rtp-ip options set.

Scenario 5

FS (1.2.3.4) -> INTERNET -> NAT (Public IP 5.6.7.8) -> Client (192.168.0.5)

More in depth article at Nat

See Also

Auto NAT - let FreeSWITCH do the work

NAT Traversal

External profile

Access Control List (ACL) About modifying NAT behavior when matching a certain access list

General NAT example scenarios - real-world examples

NAT - Network Address Translation

NAT traversal - user NAT traversal

sofia ext-rtp-ip settings