Hi,
we want to test a VoIP phone server (nethserver8 with PBX).
The first step after installation is the configuration of a “voice-proxy”, but we get an error:
Warning: IP addresses don't match
In order for the devices in the PBX local network to work correctly,
the 'hairpin NAT' function, also known as NAT reflection / NAT hairpining
/ NAT on a stick / loopback NAT, must be enabled on the firewall (more
precisely on the device that manages the NAT of the public IP).
Don’t understand, what they mean ?
The DNS is OK from outside and from inside,
We have a firewall rule (all lans:3443 > 10.2.2.2:443)
Thanks,
I think, I’ve understood the function of NAT. But the question is:
Do we need an extra NAT rule for PBX in DMZ ?
The PBX machine is a VM in orange with a debian12 base. Updates with “apt update && apt upgrade” are working. That’s why we think that DNAT and SNAT are OK
Hi,
why you think, that SNAT is not correct ?
But I tried to create a SNAT rule.
Name IP
DMZ Gateway 10.2.2.1
PBX.server (local in orange) 10.2.2.2
Public IP (example) 80.90.100.200
Phones in orange 10.2.2.3…10.2.2.9
DNS for DMZ 88.99.98.111
This is the mask of firewall rule:
source address: 10.2.2.2
NAT
…Source NAT … … … … … … New source: RED (80.90.100.200)
Target: ???
Don’t know what to write for target (ALL lans ? only RED lan ? …)
My limited understanding is
You cname ( mypbx.net )
Must be linked to your external IP.
So internal devices must reach it in the same way. You could add your cname in the edit hosts tab to link to your local devices to the pbx. With a SNAT rule.
