This might be a newbie question. I am developing a SIP endpoint for an environment that will not have ICE/TURN/STUN. The SIP endpoint will be behind a NATing firewall with a known public address. My endpoint can be dialed into directly (no proxies) from another endpoint that can be located either inside or outside the firewall. How can my endpoint detect whether the incoming INVITE is from an endpoint inside or outside the firewall? This is needed to put either the private or public IP in the Contact header and in the media description in SDP in its 200 response to the INVITE? Again, it is not how to detect its public IP, but rather how to distinguish which IP address to send back to the caller. Thanks!
Asked
Active
Viewed 228 times
1 Answers
0
There is no generic way and it depends on the firewall and if you use the same interface for public and private. Best way is hands-down to use different interface for public and private (and different sip providers) for public and private.
If the remote parties give correct Via you can use the Via header.
If your firewall allows, and you have a set of IPs that you know will be private for sure, you can get the physical source IP of the incoming messages in the NIST implementation, you could cast the inbound messages to gov.nist.javax.sip.message.SIPMessage and use getRemoteAddress() then check the address with your app logic. I think this is what you are trying to do. I don't recommend it, because your app might find itself in custom networks, ALGs or behind other nodes that stamp hints (such as X-Auth-IP). You app will be far more portable if you separate the interfaces.
Vladimir Ralev
- 1,371
- 9
- 18