Community discussions

MikroTik App
Member Candidate
Member Candidate
Topic Author
Posts: 180
Joined: Sat Jul 28, 2012 5:21 pm

IP address and SIP algo

Sat Nov 21, 2020 4:37 pm

I had an issue with one of my SIP trunk yesterday and had to do some packet sniffing on the wan side.

My setup was as follow:

Cable modem <->Mikrotik<->PaBx

The cable modem is setup as bridge and provide to the Mikrotik via DHCP a routable wan IP address (lets say
However, the cable modem has also a non routable IP address (lets say to access its dashboard.
So I added to the Mikrotik WAN interface a static IP address of to be able to access this webpage.

My PaBx has a local LAN address (lets say

Now when my PaBX send a REGISTER SIP request, on the LAN side, it shows (in the packet content) as coming from
But on WAN side, after the SIP algo, instead of showing coming from the address, it shows (again in the packet content) as coming from the address.

If I remove the address from the WAN interface, the SIP packet is properly sent to the WAN side with the address.

How can I force the WAN address to use the address for all traffic that is not going local? As the address is obtained by DHCP, the preferred source field is not available in the dynamic route. But again it is not a problem with the packet header, just the SIP content.

Is it a SIP algo problem?

For now I am just disabling the local non routable address on the WAN side. But I would like to learn how to avoid that issue in the future.
Forum Guru
Forum Guru
Posts: 7910
Joined: Mon Dec 04, 2017 9:19 pm

Re: IP address and SIP algo

Sat Nov 21, 2020 9:42 pm

It's a generic problem of the "masquerade" approach (where an address is chosen automatically by out-interface rather than specified manually) when there is more than one IP address attached to an interface. Similar issues arise in other use cases than SIP ALG. I haven't found anywhere by what criteria the IP address to be used for "simple" (masquerade) and "complex" (SIP ALG) NATing is chosen if more than one is available.

So first question, do you use action=masquerade or action=src-nat to-addresses= on WAN?

Second question - can't you disable SIP ALG and tell the PBX through what public IP it is connected to the internet, so that it would populate the SIP messages with the correct address on its own? Mikrotik's NAT does not change the source port of LAN->WAN connections if it is not in conflict with an already existing connection to the same destination, so this usually doesn't cause a problem.

NB1: The pref-src field of the route is only relevant for packets sent by the Mikrotik itself, not for the packets it forwards from one interface to another.

NB2: ALG means Application Layer Gateway, it has nothing to do with "algorithm".
Don't write novels, post /export hide-sensitive file=x. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.

Who is online

Users browsing this forum: aboiles, Bing [Bot] and 42 guests