Community discussions

MikroTik App
 
patrickmkt
Member Candidate
Member Candidate
Topic Author
Posts: 174
Joined: Sat Jul 28, 2012 5:21 pm

IP address and SIP algo

Sat Nov 21, 2020 4:37 pm

I had an issue with one of my SIP trunk yesterday and had to do some packet sniffing on the wan side.

My setup was as follow:

Cable modem <->Mikrotik<->PaBx

The cable modem is setup as bridge and provide to the Mikrotik via DHCP a routable wan IP address (lets say 5.5.5.5).
However, the cable modem has also a non routable IP address (lets say 192.168.100.1) to access its dashboard.
So I added to the Mikrotik WAN interface a static IP address of 192.168.100.10 to be able to access this webpage.

My PaBx has a local LAN address (lets say 192.168.200.20)


Now when my PaBX send a REGISTER SIP request, on the LAN side, it shows (in the packet content) as coming from 192.168.200.20.
But on WAN side, after the SIP algo, instead of showing coming from the 5.5.5.5 address, it shows (again in the packet content) as coming from the 192.168.100.10 address.

If I remove the 192.168.100.10 address from the WAN interface, the SIP packet is properly sent to the WAN side with the 5.5.5.5 address.

How can I force the WAN address to use the 5.5.5.5 address for all traffic that is not going local? As the 5.5.5.5 address is obtained by DHCP, the preferred source field is not available in the dynamic 0.0.0.0/0 route. But again it is not a problem with the packet header, just the SIP content.

Is it a SIP algo problem?

For now I am just disabling the local non routable address on the WAN side. But I would like to learn how to avoid that issue in the future.
 
sindy
Forum Guru
Forum Guru
Posts: 6262
Joined: Mon Dec 04, 2017 9:19 pm

Re: IP address and SIP algo

Sat Nov 21, 2020 9:42 pm

It's a generic problem of the "masquerade" approach (where an address is chosen automatically by out-interface rather than specified manually) when there is more than one IP address attached to an interface. Similar issues arise in other use cases than SIP ALG. I haven't found anywhere by what criteria the IP address to be used for "simple" (masquerade) and "complex" (SIP ALG) NATing is chosen if more than one is available.

So first question, do you use action=masquerade or action=src-nat to-addresses=5.5.5.5 on WAN?

Second question - can't you disable SIP ALG and tell the PBX through what public IP it is connected to the internet, so that it would populate the SIP messages with the correct address on its own? Mikrotik's NAT does not change the source port of LAN->WAN connections if it is not in conflict with an already existing connection to the same destination, so this usually doesn't cause a problem.

NB1: The pref-src field of the route is only relevant for packets sent by the Mikrotik itself, not for the packets it forwards from one interface to another.

NB2: ALG means Application Layer Gateway, it has nothing to do with "algorithm".
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.

Who is online

Users browsing this forum: Google [Bot], sindy, Znevna and 89 guests