Skip to content

feat: Add NAT localnet support with custom ports 6060/6061 #113

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
paolovisintin wants to merge 7 commits into
base: main
Choose a base branch
from
Open

feat: Add NAT localnet support with custom ports 6060/6061 #113

paolovisintin wants to merge 7 commits into from

Conversation

@paolovisintin
Copy link
Collaborator

@paolovisintin paolovisintin commented Dec 18, 2025
edited by Amygos
Loading

This pull request introduces several improvements and fixes related to SIP proxy networking, firewall configuration, and developer tooling. The main focus is on enhancing Kamailio's handling of internal and external networks, opening new SIP-related ports, and providing new scripts and ignore rules for development convenience.

Kamailio SIP Proxy Improvements:

  • Enhanced the SET_SOCKET route in kamailio.cfg to more robustly determine and set the correct network socket for SIP messages, including explicit handling for INTERNAL_NETWORK (service network for Asterisk) and LOCALNETWORKS, with improved logging for debugging. [1] [2] [3] [4]
  • Modified NAT scenario handling in bootstrap.sh to add listeners for new SIP ports (6060/udp, 6060/tcp, 6061/tls) when behind NAT.
  • Added support for the SERVICE_IP variable in the Kamailio configuration template for better separation of service and private networks.

Firewall and Network Configuration:

  • Updated the firewall module to open additional SIP-related ports (6060/tcp, 6060/udp, 6061/tcp) alongside the standard SIP and RTP ports to support new proxy scenarios.

Developer Tooling and Scripts:

  • Added a new script baresipCall.sh to automate SIP call testing between different network scenarios (LAN, WAN, reverse), including colored output and progress visualization.
  • Improved the rsync.sh script by fixing the remote path for syncing project files to use /home/$2/ns8-nethvoice-proxy/
  • Updated ignore files to exclude SpecStory auto-save files from indexing and git, and to ignore project identity and explanation files in .specstory/. [1] [2]

@Amygos Amygos requested a review from Copilot January 7, 2026 15:58
Copilot AI reviewed Jan 7, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds support for NAT configurations with custom ports 6060/6061 and introduces a LOCAL_SOURCE_SUBNETS feature to handle SIP clients from local subnets differently than external clients, avoiding the use of advertised public IP for internal clients.

Key changes:

  • Added custom TCP/UDP port 6060 and TLS port 6061 for SIP traffic
  • Implemented LOCAL_SOURCE_SUBNETS functionality to selectively use private IP for clients in specified local subnets
  • Added firewall rules, configuration validation, and comprehensive documentation

Reviewed changes

Copilot reviewed 13 out of 13 changed files in this pull request and generated 9 comments.

Show a summary per file
File Description
imageroot/actions/create-module/20firewall Opens custom ports 6060 (TCP/UDP) and 6061 (TCP) in firewall
modules/kamailio/bootstrap.sh Adds listen directives for custom ports 6060/6061 and initializes LOCAL_SOURCE_SUBNETS environment variable
modules/kamailio/config/kamailio.cfg Implements CHECK_LOCAL_SOURCE route to selectively use private IP for requests from configured local subnets
modules/kamailio/config/template.kamailio-local.cfg Adds LOCAL_SOURCE_SUBNETS configuration variable
imageroot/actions/configure-module/20configure Handles LOCAL_SOURCE_SUBNETS configuration from API input
imageroot/actions/get-configuration/20read Returns LOCAL_SOURCE_SUBNETS in configuration output
imageroot/actions/configure-module/validate-input.json Adds validation schema for local_source_subnets array with CIDR pattern
tests/10_actions/15_configure_local_source_subnets.robot Adds automated tests for LOCAL_SOURCE_SUBNETS configuration
examples/test-local-source-subnets.sh Provides test script for manual verification of LOCAL_SOURCE_SUBNETS
examples/configure-with-local-subnets.json Sample configuration with local_source_subnets
docs/LOCAL_SOURCE_SUBNETS.md Technical documentation for LOCAL_SOURCE_SUBNETS feature
README_LOCAL_SOURCE_SUBNETS_IT.md Italian user guide for LOCAL_SOURCE_SUBNETS
CHANGELOG.md Documents the new LOCAL_SOURCE_SUBNETS feature

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@Amygos Amygos force-pushed the 157-under-nat-localnet branch from 4e2b18c to 33786ee Compare January 26, 2026 08:55
Paolo added 6 commits January 26, 2026 10:36
@Amygos
feat: Add custom ports to firewall configuration
17ef3c6 
Open custom ports:
  * 6060 udp/tcp: SIP
  * 6061 tcp: SIPS
@Amygos
feat(kamailio): support fo custom ports
23d7249 
Enable port 6060 and 6061 in the Kamailio bootstrap script.
@Amygos
fix(kamailio): ensure correct socket for local/internal nets
5a6821a 
Update SET_SOCKET route to handle LOCALNETWORKS and INTERNAL_NETWORK
more accurately. This forces PRIVATE_IP for LAN SIP traffic and uses
SERVICE_IP for service network destinations (e.g., Asterisk). Fixes NAT
connectivity issues for clients behind local subnets by ensuring
advertised address matches network scope.
@Amygos
feat: add script for making SIP calls in dev env
1fd8257 
Add a script for making SIP calls using the baresip application.
The script includes functions for printing banners, scenarios, usage,
steps, success messages, and information messages. It also includes
functions for starting the caller and callee, initiating the call,
displaying progress, and cleaning up after the call. The script
supports LAN, WAN reverse call scenarios.
@Amygos
build: Fix rsync destination path in script
ebe2599 
Updated the rsync destination path in.sh script to correctly sync files
the specified directory on the server.
@Amygos
feat: Add .cursorindexingignore and .specstory/.gitignore
93fc0b7 
Added .cursorindexingignore to exclude SpecStory auto-save files from
indexing and allow explicit context inclusion via @ references. Also
added .specstory/.gitignore to ignore SpecStory project identity and
explanation files.
@Amygos Amygos force-pushed the 157-under-nat-localnet branch from 33786ee to 93fc0b7 Compare January 26, 2026 10:26
@Amygos
fix(kamailio): guard TT157 logs with debug checks
b4b659c 
Wrap TT157 xlog statements in conditional debug checks to reduce
unnecessary log noise in production.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Amygos Amygos Amygos left review comments

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@paolovisintin @Amygos