Registering on SIP via NAT reflection

salmanghiyas · Sep 11, 2021, 9:14 PM

Hello all,

I’m facing an issue on my pfsense.

I have 6 different ISPs with public IPs terminated on every pfsense interface.

I have a SIP asterisk server hosted on LAN which is accessible through one public IP via port forwarding.

We have different branches in the country so our users register on the SIP server from different remote sites.

All is working fine when any user from outside hit our Public IP on 5060 and easily gets registered to the SIP server.

But our local users which are on the same LAN can only register from private local IP which causes NAT issues.

I want my local LAN users to get registered from the Public IP, someone told me it’s possible with NAT reflection so I tried it with both NAT + Proxy and Pure NAT but I’m only able to access the server for SSH and HTTP.

Users can’t register on SIP server via NAT reflection.

Am I missing something?

Or what’s the correct way to do it?

KOM · Sep 12, 2021, 3:30 AM

@salmanghiyas said in Registering on SIP via NAT reflection:

But our local users which are on the same LAN can only register from private local IP which causes NAT issues.

Can you explain this a little more? What NAT issues are you seeing?

salmanghiyas · Sep 13, 2021, 4:19 PM

@kom said in Registering on SIP via NAT reflection:

@salmanghiyas said in Registering on SIP via NAT reflection:

But our local users which are on the same LAN can only register from private local IP which causes NAT issues.

Can you explain this a little more? What NAT issues are you seeing?

my clients cannot register to my SIP server on LAN through public IP.

SteveITS · Sep 13, 2021, 4:19 PM

@salmanghiyas Generally the advice is to use split DNS so LAN devices connect to the server's LAN address (whatever kind of server it is).

Did you check "Enable automatic outbound NAT for Reflection"?

salmanghiyas · Sep 14, 2021, 2:18 PM

@steveits said in Registering on SIP via NAT reflection:

@salmanghiyas Generally the advice is to use split DNS so LAN devices connect to the server's LAN address (whatever kind of server it is).

Did you check "Enable automatic outbound NAT for Reflection"?

I would need to study in Split DNS on how to do that, havent tried it yet, any help or guide would be much appreciated.

And YES "Enable automatic outbound NAT for reflection" is checked.

SteveITS · Sep 14, 2021, 2:18 PM

@salmanghiyas Split DNS is basically just overriding local DNS for a hostname. So the entire Internet resolves www.example.com to a public IP, and devices on the LAN are told www.example.com is a private IP via a host override.