[Freeswitch-users] Strange ACL behavior

Wed Jan 4 17:54:11 UTC 2023

The issue I see is we've done a bad job of documenting the negative vs
positive ACL cases, they are used in various ways, so a default allow, vs
deny on the acl vs each entry.

Which setting are you using the ACL in, and how is the ACL setup?

/b

On Wed, Jan 4, 2023 at 4:29 AM Gregor Nanger <gregor at infomedia.si> wrote:

> Well, I double checked. And if I test in CLI with acl it works ok.
>
> Could it be, that FS takes this IP as external as similar IP (same subnet)
> is used in gateway to register trunk? And since it is external there is no
> apply_inbound_acl on this profile.
>
> On Wed, 4 Jan 2023 at 02:48, Brian West <brian at freeswitch.com> wrote:
>
>> Pay attention to the default allow / deny settings you may have it
>> inverted
>>
>> On Tue, Jan 3, 2023 at 7:32 AM Gregor Nanger <gregor at infomedia.si> wrote:
>>
>>> Only difference between IPs that are correctly authenticated and this
>>> one is that for non working IP I get in log:
>>> fc740b4d-d48d-41c9-b06d-75cc8f23a833 2023-01-02 15:09:48.685609 97.43%
>>> [INFO] sofia.c:10462 sofia/*external*/xxxxxxxxx at xxx.xxx.xxx.186receiving
>>> invite from xxx.xxx.xxx.186:5060
>>>
>>> there is external instead of internal. One of our gateway is registered
>>> to similar IP. For example: non authenticated IP is: xxx.xxx.xxx.186 and
>>> gateways is connected to xxx.xxx.xxx.190
>>>
>>> Since it is the same subdomain, is it possible that FS thinks that this
>>> is from external?
>>>
>>> BR, Gregor
>>>
>>> On Tue, 3 Jan 2023 at 09:50, Gregor Nanger <gregor at infomedia.si> wrote:
>>>
>>>> I have defined ACL with IPs and if I test IP in CLI with acl
>>>> xxx.xxx.xxx.xxx aclname, I get true. But when a call is made from this IP,
>>>> it doesn't get authenticated.
>>>>
>>>> Any ideas why?
>>>>
>>>> BR, Gregor
>>>>
>>>
>>>
>>> --
>>> Gregor Nanger
>>>
>>> *CTO*
>>> t./f.: 00386 (0) 7 6000 308/309 • m:. 00386 (0)41 756485
>>> • Infomedia d.o.o. • Jerebova 3, Novo mesto, Slovenia
>>> • www.infomedia.si
>>> _________________________________________________________________________
>>>
>>> The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
>>> Enhance your FreeSWITCH install with disruptive priced SMS and PSTN
>>> services.
>>> Build your next product on our scalable cloud platform.
>>>
>>> Join our online community to chat in real time
>>> https://signalwire.community
>>>
>>> Professional FreeSWITCH Services
>>> sales at freeswitch.com
>>> https://freeswitch.com
>>>
>>> Official FreeSWITCH Sites
>>> https://freeswitch.com/oss
>>> https://freeswitch.org/confluence
>>> https://cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> https://freeswitch.com
>>
>>
>>
>> --
>>
>> Brian West | Co-founder and Developer
>>
>> Need Commercial support? email sales at freeswitch.com
>>
>> FreeSWITCH Solutions | 17345 Civic Drive #2531 Brookfield, WI 53045
>> <https://maps.google.com/?q=17345+Civic+Drive+%232531+Brookfield,+WI+53045&entry=gmail&source=g>
>>
>> Email: brian at freeswitch.com
>>
>> Mobile: 918-424-9378
>>
>> Website: https://www.FreeSWITCH.com <https://www.freeswitch.com/>
>>
>> [image: https://www.facebook.com/signalwireinc?src=email]
>> <https://www.facebook.com/freeswitch> [image:
>> https://twitter.com/freeswitch] <https://twitter.com/freeswitch>
>> _________________________________________________________________________
>>
>> The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
>> Enhance your FreeSWITCH install with disruptive priced SMS and PSTN
>> services.
>> Build your next product on our scalable cloud platform.
>>
>> Join our online community to chat in real time
>> https://signalwire.community
>>
>> Professional FreeSWITCH Services
>> sales at freeswitch.com
>> https://freeswitch.com
>>
>> Official FreeSWITCH Sites
>> https://freeswitch.com/oss
>> https://freeswitch.org/confluence
>> https://cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> https://freeswitch.com
>
>
>
> --
> Gregor Nanger
>
> *CTO*
> t./f.: 00386 (0) 7 6000 308/309 • m:. 00386 (0)41 756485
> • Infomedia d.o.o. • Jerebova 3, Novo mesto, Slovenia
> • www.infomedia.si
> _________________________________________________________________________
>
> The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
> Enhance your FreeSWITCH install with disruptive priced SMS and PSTN
> services.
> Build your next product on our scalable cloud platform.
>
> Join our online community to chat in real time
> https://signalwire.community
>
> Professional FreeSWITCH Services
> sales at freeswitch.com
> https://freeswitch.com
>
> Official FreeSWITCH Sites
> https://freeswitch.com/oss
> https://freeswitch.org/confluence
> https://cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> https://freeswitch.com

-- 

Brian West | Co-founder and Developer

Need Commercial support? email sales at freeswitch.com

FreeSWITCH Solutions | 17345 Civic Drive #2531 Brookfield, WI 53045
<https://maps.google.com/?q=17345+Civic+Drive+%232531+Brookfield,+WI+53045&entry=gmail&source=g>

Email: brian at freeswitch.com

Mobile: 918-424-9378

Website: https://www.FreeSWITCH.com <https://www.freeswitch.com/>

[image: https://www.facebook.com/signalwireinc?src=email]
<https://www.facebook.com/freeswitch> [image:
https://twitter.com/freeswitch] <https://twitter.com/freeswitch>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20230104/0dbb79eb/attachment-0001.html>