Problem with NAT options

Heya

I’m having troubling setting up jitsi on a production environment, works fine in dev and local. The difference is there’s a NAT in preproduction so i’m not able to reach the jitsi server directly.
Here’s what I get :

Dev (ok) :
web : me -> reverse proxy(10.0.0.9) -> jitsi(10.0.0.10)
UDP : me -> jitsi(10.0.0.10)

preprod (not ok) :
web : me -> reverse proxy(1.1.1.1) -> jitsi(10.0.1.10)
UDP : me -> jitsi(10.0.1.10)

The problem is that somehow, jitsi tells me to join the UDP 10000 on the jitsi’s private IP(10.0.1.10), which obviously I can’t reach because it’s in a different LAN.

I’ve set the following for JVB :

org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=10.0.1.10
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=1.1.1.1

What did I miss ?

Thx for your help

Needed to forward the UDP/10000 on the router

That’s done and I can see some traffic coming, but I can clearly see requests going to the private IP from my computer with tcpdump, and the address is in a xml response from http-bind

Did you restart the services?
Could you try to comment the org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES line?

both are already done =)

I managed to make it work if i expose jitsi directly on the IP address that’s natted, hence bypassing the reverse proxy.
How does jitsi know which IP to send you to connect to with UDP 10000 ? Does it tell you to connect to the private IP if the source of the request is from its LAN, and to the public IP if the source is outside of it ?

What is the IP of “me” on this case? Is it from 10.0.1.0/24 block?
Did you test with 3 or more clients or P2P?

That’s kind of stuff I see with tcpdump :

12:23:10.055175 IP 10.0.1.234.43276 > 1.1.1.1.10000: UDP, length 100
12:23:10.070652 IP 10.0.1.234.43276 > 10.0.1.10.10000: UDP, length 100

Some of the traffic goes to the public IP and I can see it on the jitsi server, but some is going to 10.0.1.10 which isn’t normal.

For some reason I haven’t looked up yet, even with 2 peeps it seems to go through my server and not peer to peer (or at least I can see some UDP10000 traffic)

bump !

turns out the problem was coming from my load balancer =)

1 Like