(Dear hackers, at the moment of publishing all the IP addresses releases and data vanished)
Droplet and floating IP
Floating IP 220.127.116.11 pointed in the Digital Ocean console to the newly created droplet with Debian linux. IP addresses of test droplet:
root@test:~# /sbin/ifconfig | grep -B 1 'inet ' eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 18.104.22.168 netmask 255.255.240.0 broadcast 22.214.171.124 -- eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.16.0.5 netmask 255.255.0.0 broadcast 10.16.255.255
For test purpose I’ve installed Asterisk from the OS repository (
apt-get install -yqq asterisk) and configured SIP client to register on 126.96.36.199. No luck as expected, SIP packets does not flowing properly:
Okay, lets try to update sip.conf with following. It’s typical setup for asterisk behind NAT (there is description notes in default sip.conf about externip, externhost and externaddr)
And get random results, but in most of cases SIP registration did not worked.
After quick investigation (why there is 3rd IP in the SIP dump), I decided to change SIP bind address to the private IP:
udpbindaddr=10.16.0.5 tcpenable=yes tcpbindaddr=10.16.0.5 ; ... externip=188.8.131.52 nat=force_rport,comedia
Now all right
Calls also working
Let’s try to get the same result with docker.
It works if asterisk can bind to the same private IP address where floating IP points, but requires to run container with
docker run -ti --rm \ --net=host \ --name asterisk \ -v /etc/asterisk/sip.conf:/etc/asterisk/sip.conf \ andrius/asterisk \ asterisk -vvvddddc
Technically that’s enough for most of use cases, but such Asterisk won’t fit well into development environment with docker-compose; other containers won’t “see” it. I’ll be digging this little bit more. Perhaps if I would pass NET_ADMIN capability or will start container in privileged mode, I would be able to do necessary trick with iptables.