[Freeswitch-users] ACL
Cyril Zlachevsky
cyril.zlachevsky at gmail.com
Wed Jun 8 04:16:45 MSD 2011
Hi,
Can't stand what should I do for ACL working.
I'm forwarding a call from a particular static IP to number at voipprovider.
I refused of using FS default configs because they are complicated and redundant for me.
This is my configuration:
<?xml version="1.0"?>
<document type="freeswitch/xml">
<X-PRE-PROCESS cmd="set" data="local_address=$${local_ip_v4}"/>
<X-PRE-PROCESS cmd="set" data="sipnet_proxy=voiprovider.com"/>
<X-PRE-PROCESS cmd="set" data="sipnet_login=echo"/>
<X-PRE-PROCESS cmd="set" data="sipnet_password=echo"/>
<X-PRE-PROCESS cmd="set" data="sound_prefix=$${sounds_dir}/en/us/callie"/>
<section name="configuration">
<configuration name="switch.conf">
<settings>
<param name="colorize-console" value="true"/>
<param name="max-sessions" value="1000"/>
<param name="sessions-per-second" value="30"/>
<param name="loglevel" value="debug"/>
</settings>
</configuration>
<configuration name="modules.conf">
<modules>
<load module="mod_console"/>
<load module="mod_logfile"/>
<load module="mod_sofia"/>
<load module="mod_dialplan_xml"/>
<load module="mod_dptools"/>
<load module="mod_commands"/>
<load module="mod_expr"/>
<load module="mod_sndfile"/>
</modules>
</configuration>
<X-PRE-PROCESS cmd="set" data="global_codec_prefs=G7221 at 32000h,G7221 at 16000h,G722,PCMU,PCMA,GSM"/>
<X-PRE-PROCESS cmd="set" data="outbound_codec_prefs=PCMU,PCMA,GSM"/>
<configuration name="console.conf">
<mappings>
<map name="all" value="console,debug,info,notice,warning,err,crit,alert"/>
</mappings>
<settings>
<param name="colorize" value="true"/>
<param name="loglevel" value="info"/>
</settings>
</configuration>
<configuration name="logfile.conf">
<settings>
<param name="rotate-on-hup" value="true"/>
</settings>
<profiles>
<profile name="default">
<settings>
<param name="logfile" value="/var/log/freeswitch/freeswitch.log"/>
<param name="rollover" value="10485760"/>
</settings>
<mappings>
<map name="all" value="debug,info,notice,warning,err,crit,alert"/>
</mappings>
</profile>
</profiles>
</configuration>
<configuration name="acl.conf" description="Network Lists">
<network-lists>
<list name="strict" default="allow">
<node type="allow" cidr="195.225.XXX.XXX/32"/>
</list>
<list name="domains" default="deny">
<node type="allow" domain="$${domain}"/>
</list>
</network-lists>
</configuration>
<configuration name="sofia.conf">
<global_settings>
<param name="log-level" value="0"/>
<param name="debug-presence" value="0"/>
</global_settings>
<profiles>
<profile name="local">
<domains>
<domain name="all" alias="true" parse="false"/>
</domains>
<settings>
<param name="context" value="local"/>
<param name="sip-port" value="5060"/>
<param name="dialplan" value="XML"/>
<param name="rtp-ip" value="$${local_address}"/>
<param name="sip-ip" value="$${local_address}"/>
</settings>
</profile>
<profile name="sipnet">
<domains>
<domain name="all" alias="false" parse="false"/>
</domains>
<settings>
<param name="context" value="sipnet"/>
<param name="sip-port" value="5080"/>
<param name="dialplan" value="XML"/>
<param name="rtp-ip" value="$${local_address}"/>
<param name="sip-ip" value="$${local_address}"/>
<!--param name="auth-calls" value="false"/-->
<param name="auth-calls" value="true"/>
<param name="apply-inbound-acl" value="strict"/>
</settings>
<gateways>
<gateway name="sipnet">
<param name="proxy" value="$${sipnet_proxy}"/>
<param name="realm" value="asterisk"/>
<param name="username" value="$${sipnet_login}"/>
<param name="password" value="$${sipnet_password}"/>
<param name="local-network-acl" value="strict"/>
</gateway>
</gateways>
</profile>
</profiles>
</configuration>
</section>
<section name="dialplan">
<context name="local">
<extension name="local-accounts">
<condition field="destination_number" expression="^(10[1-3])$">
<action application="bridge" data="user/$1@$${local_address}"/>
</condition>
</extension>
<extension name="sipnet">
<condition field="destination_number" expression="^(\d+)$">
<action application="set" data="effective_caller_id_number=$${sipnet_login}"/>
<action application="bridge"
data="{sip_invite_domain=$${sipnet_proxy}}sofia/sipnet/$1@$${sipnet_proxy}"/>
</condition>
</extension>
</context>
</section>
<section name="directory">
<domain name="$${local_address}">
<params>
<param name="dial-string"
value="{presence_id=${dialed_user}@${dialed_domain}}${sofia_contact(${dialed_user}@${dialed_domain})}"/>
</params>
<groups>
<group name="local">
<users>
<user id="inboundtest"></user>
<params>
<param name="debug" value="yes"/>
<param name="register" value="true"/>
<param name="apply-inbound-acl" value="strict"/>
<param name="apply-register-acl" value="strict"/>
</params>
</users>
</group>
</groups>
</domain>
</section>
</document>
When I start FS, I can't see my IP 195.225.XXX.XXX in freeswitch.log - only this:
[NOTICE] switch_core.c:1088 Created ip list rfc1918.auto default (deny)
[NOTICE] switch_utils.c:248 Adding 10.0.0.0/8 (allow) [] to list rfc1918.auto
[NOTICE] switch_utils.c:248 Adding 172.16.0.0/12 (allow) [] to list rfc1918.auto
[NOTICE] switch_utils.c:248 Adding 192.168.0.0/16 (allow) [] to list rfc1918.auto
[NOTICE] switch_core.c:1096 Created ip list wan.auto default (allow)
[NOTICE] switch_utils.c:248 Adding 10.0.0.0/8 (deny) [] to list wan.auto
[NOTICE] switch_utils.c:248 Adding 172.16.0.0/12 (deny) [] to list wan.auto
[NOTICE] switch_utils.c:248 Adding 192.168.0.0/16 (deny) [] to list wan.auto
[NOTICE] switch_core.c:1104 Created ip list nat.auto default (deny)
[NOTICE] switch_core.c:1106 Adding 88.198.XXX.XXX/255.255.255.255 (deny) to list nat.auto
[NOTICE] switch_utils.c:248 Adding 10.0.0.0/8 (allow) [] to list nat.auto
[NOTICE] switch_utils.c:248 Adding 172.16.0.0/12 (allow) [] to list nat.auto
[NOTICE] switch_utils.c:248 Adding 192.168.0.0/16 (allow) [] to list nat.auto
[NOTICE] switch_core.c:1115 Created ip list loopback.auto default (deny)
[NOTICE] switch_utils.c:248 Adding 127.0.0.0/8 (allow) [] to list loopback.auto
[NOTICE] switch_core.c:1121 Created ip list localnet.auto default (deny)
[NOTICE] switch_core.c:1124 Adding 88.198.XXX.XXX/255.255.255.255 (allow) to list localnet.auto
With my current configuration FS allow to register from any IP.
Where is my error?
More information about the FreeSWITCH-users
mailing list