I'm trying to make a custom SIP software work on an EC2 instance. My software at the moment doesn't have NAT handling capabilities, and I was wondering If I could get it to work transparently with the public (elastic) IP associated to the EC2 instance.
Here's the output of "iconfig -a" run on my EC2 box:
eth0 Link encap:Ethernet HWaddr XXXXXX
inet addr: PRIVATE-IP-ADDRESS Bcast:10.48.195.255 Mask:255.255.254.0
inet6 addr: XXXXXX/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3825 errors:0 dropped:0 overruns:0 frame:0
TX packets:3596 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:259666 (253.5 KiB) TX bytes:1106872 (1.0 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:78 errors:0 dropped:0 overruns:0 frame:0
TX packets:78 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:6892 (6.7 KiB) TX bytes:6892 (6.7 KiB)
Is there a way to change this so that my application can transparently open a UDP socket on the PUBLIC (elastic) IP address? And basically work as if the public IP was normally assigned to eth0.
I thought about using iptables DNAT/SNAT or adding the IP address manually, but no success so far.
I recommend buying static IP for EC2. You will save a lot of effort. Nonetheless you will have to think about NAT in SIP communication in general. Btw in most of the cases the nat traversal is handled from the infrastructure - sip routers/gateways/sip servers - which add/remove "route" headers in your SIP messages.
SIP services intent to have public endpoints, so I am not sure if you'll ever have to implement NAT capabilities. This custom SIP Software you talk about, I assume it's client, not server.
The answer is no. There is no good way to get a SIP server application to work transparently on the internet when it's using a private IP address. The server application needs to know both its public IP address and the fact that it should use that IP address in preference to the private one. SIP requires inserting the public address in a number of headers such as Record-Route, Route and Contact. As a server it will also need to use the public IP address in SDP payloads for INVITE requests and responses. Most SIP server applications have the ability to do this and if you are writing a custom server then it would be advisable to add the capability to yours.
Apart from the above there is one way you could get away with using the private IP address and that is to use install a SIP Application Layer Gateway (ALG) in front of your application and use it to mangle all the private IP addresses in the SIP packets from your server. However SIP ALG's are a disaster and always cause more problems than they solve so I'd highly recommend you don't go down this path.
I had some problems similar to this that I solved by editing my sip_nat.conf file to have the following:
externip=x.x.x.x
localnet=10.0.0.0/255.0.0.0
nat=yes
Your mileage may vary, of course, but this seemed to solve a lot of problems. Of course, you'll have to figure out someway to update Asterisk's configs and reload the settings if your IP changes or if you launch a new instance.
My understanding is without telling it the IP address, it's always pinging some server to get it back, but that Asterisk has a problem where if it receives any other data before the ping response it isn't smart enough to know that it's not the IP address. Hard coding it seems to solve a lot of problems.
Answer from https://forums.aws.amazon.com/
The Elastic IP address is mapped to the instance using 1:1 NAT. The instance itself is not aware of the public address. As this address can't be bound to the interface, I'm afraid you will need to handle it in another way. You will want to avoid changing the network configuration as it might result in loss of connectivity.
Here is another way in which you can make your sip works well with asterisk.
In sip.conf or chan_sip.conf -> [general] settings, add these
nat=force_rport,comedia
externip=<PUBLIC_IP/ELASTIC_IP>
localnet=<PRIVATE_IP>/20
If you are not using Elastic IP, then you may have to change the public ip everytime you restart the server.
Hope this helps
Related
First of all, I am no developer or network specialist, so please keep things simple. Here's my basic situation:
I have a local server (Apache on Ubuntu 20.04) with several vhosts that need to connect to a Oracle-DB that's installed on a VBox CentOS VM. I do a lot of travel, so the IP I use to connect to the internet changes almost daily, and sometimes I have no internet connection at all. A colleague set my system up to be able to connect via static IP, but unfortunately yesterday something happeneded (vBox went into guru-mode and never got out it) and I had to reinstall and set up the whole thing. But it doesn't work.
As the above mentioned colleague isn't available anymore, I need some external help. Here's what I have:
VBox on Ubuntu, with a host-only adapter set up to have a static IP (192.168.56.10), DHCP off and another bridged adapter
VM with CentOS 7 (system for the Oracle DB)
ifcofig of that VM:
enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.43.121 netmask 255.255.255.0 broadcast 192.168.43.255
inet6 fe80::5255:9ce9:96c4:7810 prefixlen 64 scopeid 0x20
ether 08:00:27:b2:8b:0d txqueuelen 1000 (Ethernet)
RX packets 43 bytes 4140 (4.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 69 bytes 7329 (7.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
enp0s8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.56.5 netmask 255.255.255.0 broadcast 192.168.56.255
inet6 fe80::6408:c9ff:7c9a:dfb0 prefixlen 64 scopeid 0x20
ether 08:00:27:52:35:de txqueuelen 1000 (Ethernet)
RX packets 1 bytes 590 (590.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 38 bytes 5225 (5.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
enp0s8 is the one that connects to the host-only adapter, and it's configured to have a static IP (192.168.56.10). Yet, after restarting the VM it shows with another IP.
Regardless of this I can't connect via SQLDeveloper (on the host) other than using the IP of enp0s3, and only while I'm connected to the internet (wireless) and the provider doesn't change the IP. It wouldn't be a grate deal to change that IP everytime I start to work, but I have 4 different DBs and sometimes 3 or 4 local websites that have their own config files to connect to the DBs.
Short: I need a way to connect from my host to the Oracle DB on the VM without having to change the configuration files of my vhosts or SQLDeveloper.
I will gladly post any further information you may need, but I'm a new user and apparently not allowed to post pics/screenshots yet.
Thanks.
Skip all this networking futzing and setup port forwards. You can tell VirtualBox to map port 1521 on your host to port 1521 on the vm, so SQL Developer can simply connect to localhost:1521/database in your connection.
I talk about this in more details here
Disclaimer: I'm the product manager at Oracle for SQL Developer.
I have recently started trying to learn the boost multicast receiver example and what it is doing [code]. I understand basic multicast receivers/sends but I have been struggling to understand a few things:
Within the code they have a listener address and a multicast address. Is the multicast address the address on the local machine that the packet is being sent to, while the listener address is the address of the machine?
Followup to the first question - In the default code they have the listener address as 0.0.0.0 . In older network code I never explicitly came into contact with this. What is the purpose of the listen address and is there any good reference for what its uses are?
When I set the listener address to 0.0.0.0 and my multicast address to 224.0.0.10 and run a netstat I cannot find the multicast address. I would expect to see the address that I am listening on unless I am not understanding something correctly.
I want to find all the existed IPs in my subnet on AWS. I use ping -b in my EC2. But there is no response.
$ ifconfig eth0
eth0 Link encap:Ethernet HWaddr 06:8f:a3:06:38:75
inet addr:172.16.33.10 Bcast:172.16.33.255 Mask:255.255.255.0
inet6 addr: fe80::48f:a3ff:fe06:3875/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:9001 Metric:1
RX packets:54018 errors:0 dropped:0 overruns:0 frame:0
TX packets:39295 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:41673791 (41.6 MB) TX bytes:9891811 (9.8 MB)
$ ping -v -b 172.16.33.255
WARNING: pinging broadcast address
PING 172.16.33.255 (172.16.33.255) 56(84) bytes of data.
I have modified the security group and allowed all traffic. I wonder if AWS forbids the ping -b.
When this answer was originally written in 2017, the AWS VPC network did not have broadcast or multicast capability.
Q. Does Amazon VPC support multicast or broadcast?
No.
https://aws.amazon.com/vpc/faqs/
https://web.archive.org/web/20170717010042/https://aws.amazon.com/vpc/faqs/
In 2022, it is still true that broadcast is not supported, and it seems unlikely that it ever will be...
We do not support broadcast in a VPC
https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html
...however, multicast is now possible using a VPC Transit Gateway to handle the nuts and bolts of actually replicating and delivering the packets. This isn't transparent as it might be within a subnet in a conventional LAN -- you have to statically configure the participating machines or use IGMPv2 -- but it's genuine multicast beyond that.
The Ethernet network in Amazon VPC is not the LAN that it appears to be -- it's a software defined network that rides on an underlying network that is fundamentally point-to-point. Transit Gateway is how AWS decided to implement multicast support.
See Another Day, Another Billion Packets (YouTube, official AWS) for some solid insights into how the network works.
I have just installed uCLinux at Altera DE2-115 (FPGA BOARD), I have full access to the terminal, the things that happen:
I want to set an IP and also MASK for my eth0, when I do "ifconfig" it only shows me:
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
there is no eth0 or eth1, and there are two ethernet ports, the eth0 have a ethernet cable plugged in (fully working with internet and lan network).
why there are no eth0 or eth1?
also:
when I want to mount my SD-card Drive I do the following:
mkdir /mnt/sd
mount /dev/mmcblk0p1 /mnt/sd
and I get:
mount: mounting /dev/mmcblk0p1 on /mnt/sd failed: No such device or address
as if there was no SD Card device... in my dev folder there are the followings:
mmc0
mmcblk0
mmcblk0p1
mmcblk0p2
mmcblk0p3
and I have tried mounting with every single one of them, also the SD Card Drive supports FAT16 and that is the file system Iam using at the moment on my SD Card.
What can I do to be able to access the ethernet "eth0" and/or "eth1", and SD Card?
You need a couple of things for ethernet on Linux:
The hardware (magnetics + phy), this seem exist in your case o.k.
Some FPGA design which connect the hardware to your processor. This is often called IP core. You can compare it with the network card in a PC.
A piece of software which must meet the ethernet IP core. In Linux this is the proper driver.
Are you sure that piece 2 is in your hardware design?
Are you sure you have the proper driver in linux activated?
On my computer, when I try to ping to a multicast address, none of them return a response.
On the other hand, there is a Unix server I know that does have ping to these addresses.
Is there a way to add a route from my computer to this one, so that I can use these addresses?
No, ICMP is not typically used with multicast because it is a prime source for DoS amplification. Similarly multicast doesn't tend to be that useful as you need multicast enabled and configured routers to cross LAN segments.
See this answer if you are wanting to use multicast pings for discovery of local machines:
Multicast Ping (Windows)