[Freeswitch-users] ACL not working
Diego Viola
diego.viola at gmail.com
Tue Apr 21 04:09:49 PDT 2009
Oh it was because I had auth-calls set to true, now I turned it false and it
works as I expect!
Silly me, thanks everyone anyway =D
Diego
On Tue, Apr 21, 2009 at 7:08 AM, Diego Viola <diego.viola at gmail.com> wrote:
> Ok I just remade the config and now it's working as it should, it's not
> letting me register.
>
> 2009-04-21 07:06:03 [WARNING] sofia_reg.c:1283
> sofia_reg_handle_sip_i_register() IP 192.168.0.100 Rejected by acl "domains"
>
> However, I have this:
>
> <param name="apply-inbound-acl" value="domains"/>
>
> And this:
>
> <list name="domains" default="deny">
> <!-- <node type="allow" domain="$${domain}"/>-->
> <node type="deny" cidr="192.168.0.100/32"/>
> <node type="deny" cidr="192.168.0.0/24"/>
> </list>
>
> And I can still call the conference (3030) without being registered. Why is
> this?
>
> Thanks.
>
>
>
> On Tue, Apr 21, 2009 at 6:43 AM, Diego Viola <diego.viola at gmail.com>wrote:
>
>> freeswitch at internal> acl
>> false
>>
>>
>> On Tue, Apr 21, 2009 at 5:08 AM, Diego Viola <diego.viola at gmail.com>wrote:
>>
>>> Hey guys,
>>>
>>> I'm currently testing FS inside a LAN. FreeSWITCH is running on
>>> 192.168.0.101 and my softphone is on 192.168.0.100.
>>>
>>> I can register and make calls just fine, but I want to deny everything in
>>> order to learn how the ACL works.
>>>
>>> I have this on the internal profile:
>>>
>>> <param name="apply-nat-acl" value="rfc1918"/>
>>> <param name="apply-inbound-acl" value="domains"/>
>>> <param name="apply-register-acl" value="domains"/>
>>>
>>> And this is how my acl.conf.xml looks, it's all set to deny:
>>>
>>> <configuration name="acl.conf" description="Network Lists">
>>> <network-lists>
>>>
>>> <list name="dl-candidates" default="deny">
>>> <node type="deny" cidr="10.0.0.0/8"/>
>>> <node type="deny" cidr="172.16.0.0/12"/>
>>> <node type="deny" cidr="192.168.0.0/16"/>
>>> </list>
>>>
>>> <list name="rfc1918" default="deny">
>>> <node type="deny" cidr="10.0.0.0/8"/>
>>> <node type="deny" cidr="172.16.0.0/12"/>
>>> <node type="deny" cidr="192.168.0.0/16"/>
>>> </list>
>>>
>>> <list name="lan" default="deny">
>>> <node type="deny" cidr="192.168.42.0/24"/>
>>> <node type="deny" cidr="192.168.42.42/32"/>
>>> </list>
>>>
>>> <list name="strict" default="deny">
>>> <node type="deny" cidr="208.102.123.124/32"/>
>>> </list>
>>> <!--
>>> This will traverse the directory adding all users
>>> with the cidr= tag to this ACL, when this ACL matches
>>> the users variables and params apply as if they
>>> digest authenticated.
>>> -->
>>> <list name="domains" default="deny">
>>> <node type="deny" domain="$${domain}"/>
>>> <node type="deny" cidr="192.168.0.0/24"/>
>>> </list>
>>>
>>> </network-lists>
>>> </configuration>
>>>
>>> But I'm still allowed to register with the 1000 user and make calls, to
>>> the conference extension, etc... I can't understand this, if it's all to
>>> deny and the cidr is set to 192.168.0.0/24 on the "domains" context,
>>> which is what hte profile uses, shouldn't the registration/call be denied. I
>>> have tried many conbinations but whenever I change something it wont make
>>> any difference.
>>>
>>> Please help me.
>>>
>>> Thanks,
>>>
>>> Diego
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20090421/20d347c4/attachment-0002.html
More information about the FreeSWITCH-users
mailing list