[Freeswitch-users] Should vpn address space be defined as part of local network?
Brian West
brian at freeswitch.org
Tue Jul 28 04:01:15 MSD 2015
Or create your OWN ACL that covers you local network space.
On Mon, Jul 27, 2015 at 6:58 PM, Rajil Saraswat <rajil.s at gmail.com> wrote:
> Hello all,
>
> I am trying to get my head around the nat.auto and localnet.auto acls.
>
> I have a VPN server using the 10.8.0.0/24 address space with gateway
> on 10.8.0.1. The PBX is on the local lan (172.16.5.0/24) with ip
> 172.16.5.5. When freeswitch starts i see it builds the following acls
>
> nat.auto
> Created ip list nat.auto default (deny)
> Adding 172.16.5.5/255.255.255.0 (deny) to list nat.auto
> Adding 10.0.0.0/8 (allow) [] to list nat.auto
> Adding 172.16.0.0/12 (allow) [] to list nat.auto
>
> localnet.auto
> Created ip list localnet.auto default (deny)
> Adding 172.16.5.5/255.255.255.0 (allow) to list localnet.auto
>
>
> Do i need to move my vpn address space (10.8.0.0/16) from nat.auto to
> the localnet.auto so that it not natted? Something like this:
>
> nat.auto
> 172.16.5.5/255.255.255.0 (deny)
> 10.0.0.0/8 (allow)
> 172.16.0.0/12 (allow)
> 10.8.0.0/16 (deny)
>
> localnet.auto
> 172.16.5.5/255.255.255.0 (allow)
> 10.8.0.0/16 (allow)
>
> Thanks
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
--
*Brian West*
brian at freeswitch.org
*Twitter: @FreeSWITCH , @briankwest*
http://www.freeswitchbook.com
http://www.freeswitchcookbook.com
Got Bugs? Report them here <https://freeswitch.org/jira>! | Reddit:
/r/freeswitch <https://www.reddit.com/r/freeswitch>
*T:*+19184209001 | *F:*+19184209002 | *M:*+1918424WEST (9378)
*iNUM:*+883 5100 1420 9001 | *ISN:*410*543 | *Skype:*briankwest
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20150727/71ae3081/attachment.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list