SIP and EC2 Elastic IP Addresses
I am trying to create a custom SIP program for an EC2 instance. My software does not have NAT handling capabilities at the moment, and I was wondering if I could get it to work transparently with the public (elastic) IP associated with the EC2 instance.
Here's the output of "iconfig -a" running on my EC2 box:
eth0 Link encap: Ethernet HWaddr XXXXXX
inet addr: PRIVATE-IP-ADDRESS Bcast: 10.48.195.255 Mask: 255.255.254.0
inet6 addr: XXXXXX / 64 Scope:
UP BROADCAST RUNNING MULTICAST MTU link : 1500 Metric
3825 : 1 RX packets: errors: 0 flushed: 0 overruns: 0 frames: 0
TX packets: 3596 errors: 0 dropped: 0 overruns: 0 carrier: 0
collisions: 0 txqueuelen: 1000
RX bytes: 259666 (253.5 KiB) TX bytes: 1106872 ( 1.0 MiB)
lo Link encap: Local Loopback
inet addr: 127.0.0.1 Mask: 255.0.0.0
inet6 addr :: 1/128 Scope: Host
UP LOOPBACK RUNNING MTU: 16436 Metric: 1
RX packets: 78 errors: 0 dropped: 0 overruns: 0 frames: 0
TX packets: 78 errors: 0 dropped: 0 overruns: 0 carriers: 0
collisions: 0 txqueuelen: 0
RX bytes: 6892 (6.7 KiB) TX bytes: 6892 (6.7 KiB)
Is there a way to change this so that my application can transparently open a UDP socket on a PUBLIC (elastic) IP address? And it basically works as if the public IP was normally assigned to eth0.
I've been thinking about using iptables DNAT / SNAT or manually adding the IP address, but haven't gotten anywhere.
source to share
The answer to this question is https://forums.aws.amazon.com/
The elastic IP address is mapped to the instance using 1: 1 NAT. The instance itself is unaware of the public address. Since this address cannot be bound to an interface, I am afraid you will have to handle it differently. You want to avoid changing your network configuration as this could result in a loss of connection.
source to share
The answer is no. There is no good way to make a SIP server application work transparently on the internet when it is using a private IP address. The server application must know both its public IP address and the fact that it must use that IP address, preferring a private one. SIP requires the insertion of a common address into multiple headers such as Record-Route, Route, and Contact. You will also need to use the public IP address in the SDP files for INVITE requests and responses as a server. Most SIP server applications have the ability to do this, and if you are writing a custom server then it would be wise to add this capability to yours.
Apart from the above, you can avoid using a private IP by using the SIP Application Layer Gateway (ALG) installation in front of your application and use it to manage all the private IPs in SIP packets from your server. However, SIP ALGs are a disaster and always cause more problems than they solve, so I highly recommend that you don't go that route.
source to share
I recommend buying a static IP for EC2. You will save a lot . However, you have to think about NAT in SIP communications in general. By the way, in most cases nat interception is done from the infrastructure - sip routers / gateways / sip servers - which add / remove route headers in your SIP messages. SIP services intend to have public endpoints, so I'm not sure if you'll ever need to implement NAT capabilities. This is the usual SIP software you are talking about, I am assuming it is a client and not a server.
source to share
I had some problems like this which I solved by editing the sip_nat.conf file to have the following:
externip=x.x.x.x
localnet=10.0.0.0/255.0.0.0
nat=yes
Your mileage may vary, of course, but that seems to solve a lot of problems. You will of course have to figure out how to update your Asterisk configurations and reload the settings if your IP changes or if you start a new instance.
My understanding doesn't talk about this IP address, it always pings some server to get it back, but Asterisk has a problem where if it gets any other data before the ping response, it is not smart enough to know that this is not an IP address. Hardcoding seems to solve a lot of problems.
source to share
Here's another way you can take a sip with an asterisk.
In sip.conf or chan_sip.conf settings -> [general]
add these
nat=force_rport,comedia
externip=<PUBLIC_IP/ELASTIC_IP>
localnet=<PRIVATE_IP>/20
If you are not using Elastic IP, you may need to change the public ip every time you restart the server. Hope it helps
source to share