[Freeswitch-users] ACL

Cyril Zlachevsky cyril.zlachevsky at gmail.com
Wed Jun 8 04:16:45 MSD 2011


Hi,
Can't stand what should I do for ACL working.

I'm forwarding a call from a particular static IP to number at voipprovider.
I refused of using FS default configs because they are complicated and redundant for me.

This is my configuration:
<?xml version="1.0"?>
<document type="freeswitch/xml">

<X-PRE-PROCESS cmd="set" data="local_address=$${local_ip_v4}"/>

<X-PRE-PROCESS cmd="set" data="sipnet_proxy=voiprovider.com"/>
<X-PRE-PROCESS cmd="set" data="sipnet_login=echo"/>
<X-PRE-PROCESS cmd="set" data="sipnet_password=echo"/>

<X-PRE-PROCESS cmd="set" data="sound_prefix=$${sounds_dir}/en/us/callie"/>

<section name="configuration">

<configuration name="switch.conf">
   <settings>
     <param name="colorize-console" value="true"/>
     <param name="max-sessions" value="1000"/>
     <param name="sessions-per-second" value="30"/>
     <param name="loglevel" value="debug"/>
   </settings>
</configuration>

<configuration name="modules.conf">
   <modules>
     <load module="mod_console"/>
     <load module="mod_logfile"/>
     <load module="mod_sofia"/>
     <load module="mod_dialplan_xml"/>
     <load module="mod_dptools"/>
     <load module="mod_commands"/>
     <load module="mod_expr"/>
     <load module="mod_sndfile"/>
   </modules>
</configuration>

<X-PRE-PROCESS cmd="set" data="global_codec_prefs=G7221 at 32000h,G7221 at 16000h,G722,PCMU,PCMA,GSM"/>
<X-PRE-PROCESS cmd="set" data="outbound_codec_prefs=PCMU,PCMA,GSM"/>

<configuration name="console.conf">
   <mappings>
     <map name="all" value="console,debug,info,notice,warning,err,crit,alert"/>
   </mappings>
   <settings>
     <param name="colorize" value="true"/>
     <param name="loglevel" value="info"/>
   </settings>
</configuration>

<configuration name="logfile.conf">
   <settings>
     <param name="rotate-on-hup" value="true"/>
   </settings>
   <profiles>
     <profile name="default">
       <settings>
         <param name="logfile" value="/var/log/freeswitch/freeswitch.log"/>
         <param name="rollover" value="10485760"/>
       </settings>
       <mappings>
         <map name="all" value="debug,info,notice,warning,err,crit,alert"/>
       </mappings>
     </profile>
   </profiles>
</configuration>

<configuration name="acl.conf" description="Network Lists">
   <network-lists>
     <list name="strict" default="allow">
       <node type="allow" cidr="195.225.XXX.XXX/32"/>
     </list>
     <list name="domains" default="deny">
       <node type="allow" domain="$${domain}"/>
     </list>
   </network-lists>
</configuration>

<configuration name="sofia.conf">
   <global_settings>
     <param name="log-level" value="0"/>
     <param name="debug-presence" value="0"/>
   </global_settings>
   <profiles>
     <profile name="local">
       <domains>
         <domain name="all" alias="true" parse="false"/>
       </domains>
       <settings>
         <param name="context" value="local"/>
         <param name="sip-port" value="5060"/>
         <param name="dialplan" value="XML"/>
         <param name="rtp-ip" value="$${local_address}"/>
         <param name="sip-ip" value="$${local_address}"/>
       </settings>
     </profile>
     <profile name="sipnet">
       <domains>
         <domain name="all" alias="false" parse="false"/>
       </domains>
       <settings>
         <param name="context" value="sipnet"/>
         <param name="sip-port" value="5080"/>
         <param name="dialplan" value="XML"/>
         <param name="rtp-ip" value="$${local_address}"/>
         <param name="sip-ip" value="$${local_address}"/>
         <!--param name="auth-calls" value="false"/-->
         <param name="auth-calls" value="true"/>
         <param name="apply-inbound-acl" value="strict"/>
       </settings>
       <gateways>
         <gateway name="sipnet">
           <param name="proxy" value="$${sipnet_proxy}"/>
           <param name="realm" value="asterisk"/>
           <param name="username" value="$${sipnet_login}"/>
           <param name="password" value="$${sipnet_password}"/>
           <param name="local-network-acl" value="strict"/>
         </gateway>
       </gateways>
     </profile>
   </profiles>
  </configuration>
</section>

<section name="dialplan">
   <context name="local">
     <extension name="local-accounts">
       <condition field="destination_number" expression="^(10[1-3])$">
         <action application="bridge" data="user/$1@$${local_address}"/>
       </condition>
     </extension>
     <extension name="sipnet">
       <condition field="destination_number" expression="^(\d+)$">
         <action application="set" data="effective_caller_id_number=$${sipnet_login}"/>
         <action application="bridge"
data="{sip_invite_domain=$${sipnet_proxy}}sofia/sipnet/$1@$${sipnet_proxy}"/>
       </condition>
     </extension>
   </context>
</section>

<section name="directory">
   <domain name="$${local_address}">
     <params>
       <param name="dial-string"
value="{presence_id=${dialed_user}@${dialed_domain}}${sofia_contact(${dialed_user}@${dialed_domain})}"/>
     </params>
     <groups>
       <group name="local">
         <users>
           <user id="inboundtest"></user>
           <params>
             <param name="debug" value="yes"/>
             <param name="register" value="true"/>
             <param name="apply-inbound-acl" value="strict"/>
             <param name="apply-register-acl" value="strict"/>
           </params>
          </users>
       </group>
     </groups>
   </domain>
</section>
</document>

When I start FS, I can't see my IP 195.225.XXX.XXX in freeswitch.log - only this:
[NOTICE] switch_core.c:1088 Created ip list rfc1918.auto default (deny)
[NOTICE] switch_utils.c:248 Adding 10.0.0.0/8 (allow) [] to list rfc1918.auto
[NOTICE] switch_utils.c:248 Adding 172.16.0.0/12 (allow) [] to list rfc1918.auto
[NOTICE] switch_utils.c:248 Adding 192.168.0.0/16 (allow) [] to list rfc1918.auto
[NOTICE] switch_core.c:1096 Created ip list wan.auto default (allow)
[NOTICE] switch_utils.c:248 Adding 10.0.0.0/8 (deny) [] to list wan.auto
[NOTICE] switch_utils.c:248 Adding 172.16.0.0/12 (deny) [] to list wan.auto
[NOTICE] switch_utils.c:248 Adding 192.168.0.0/16 (deny) [] to list wan.auto
[NOTICE] switch_core.c:1104 Created ip list nat.auto default (deny)
[NOTICE] switch_core.c:1106 Adding 88.198.XXX.XXX/255.255.255.255 (deny) to list nat.auto
[NOTICE] switch_utils.c:248 Adding 10.0.0.0/8 (allow) [] to list nat.auto
[NOTICE] switch_utils.c:248 Adding 172.16.0.0/12 (allow) [] to list nat.auto
[NOTICE] switch_utils.c:248 Adding 192.168.0.0/16 (allow) [] to list nat.auto
[NOTICE] switch_core.c:1115 Created ip list loopback.auto default (deny)
[NOTICE] switch_utils.c:248 Adding 127.0.0.0/8 (allow) [] to list loopback.auto
[NOTICE] switch_core.c:1121 Created ip list localnet.auto default (deny)
[NOTICE] switch_core.c:1124 Adding 88.198.XXX.XXX/255.255.255.255 (allow) to list localnet.auto

With my current configuration FS allow to register from any IP.
Where is my error?



More information about the FreeSWITCH-users mailing list