[Freeswitch-users] Strange ACL behavior
Gregor Nanger
gregor at infomedia.si
Wed Jan 4 21:31:30 UTC 2023
No, you've made a good job. I overlooked that invite is coming to port
5080. Although that I lost hours looking at it.
Thank you for your time.
/g
On Wed, 4 Jan 2023 at 18:55, Brian West <brian at freeswitch.com> wrote:
> The issue I see is we've done a bad job of documenting the negative vs
> positive ACL cases, they are used in various ways, so a default allow, vs
> deny on the acl vs each entry.
>
> Which setting are you using the ACL in, and how is the ACL setup?
>
> /b
>
>
> On Wed, Jan 4, 2023 at 4:29 AM Gregor Nanger <gregor at infomedia.si> wrote:
>
>> Well, I double checked. And if I test in CLI with acl it works ok.
>>
>> Could it be, that FS takes this IP as external as similar IP (same
>> subnet) is used in gateway to register trunk? And since it is external
>> there is no apply_inbound_acl on this profile.
>>
>> On Wed, 4 Jan 2023 at 02:48, Brian West <brian at freeswitch.com> wrote:
>>
>>> Pay attention to the default allow / deny settings you may have it
>>> inverted
>>>
>>> On Tue, Jan 3, 2023 at 7:32 AM Gregor Nanger <gregor at infomedia.si>
>>> wrote:
>>>
>>>> Only difference between IPs that are correctly authenticated and this
>>>> one is that for non working IP I get in log:
>>>> fc740b4d-d48d-41c9-b06d-75cc8f23a833 2023-01-02 15:09:48.685609 97.43%
>>>> [INFO] sofia.c:10462 sofia/*external*
>>>> /xxxxxxxxx at xxx.xxx.xxx.186receiving invite from xxx.xxx.xxx.186:5060
>>>>
>>>> there is external instead of internal. One of our gateway is registered
>>>> to similar IP. For example: non authenticated IP is: xxx.xxx.xxx.186 and
>>>> gateways is connected to xxx.xxx.xxx.190
>>>>
>>>> Since it is the same subdomain, is it possible that FS thinks that this
>>>> is from external?
>>>>
>>>> BR, Gregor
>>>>
>>>> On Tue, 3 Jan 2023 at 09:50, Gregor Nanger <gregor at infomedia.si> wrote:
>>>>
>>>>> I have defined ACL with IPs and if I test IP in CLI with acl
>>>>> xxx.xxx.xxx.xxx aclname, I get true. But when a call is made from this IP,
>>>>> it doesn't get authenticated.
>>>>>
>>>>> Any ideas why?
>>>>>
>>>>> BR, Gregor
>>>>>
>>>>
>>>>
>>>> --
>>>> Gregor Nanger
>>>>
>>>> *CTO*
>>>> t./f.: 00386 (0) 7 6000 308/309 • m:. 00386 (0)41 756485
>>>> • Infomedia d.o.o. • Jerebova 3, Novo mesto, Slovenia
>>>> • www.infomedia.si
>>>>
>>>> _________________________________________________________________________
>>>>
>>>> The FreeSWITCH project is sponsored by SignalWire
>>>> https://signalwire.com
>>>> Enhance your FreeSWITCH install with disruptive priced SMS and PSTN
>>>> services.
>>>> Build your next product on our scalable cloud platform.
>>>>
>>>> Join our online community to chat in real time
>>>> https://signalwire.community
>>>>
>>>> Professional FreeSWITCH Services
>>>> sales at freeswitch.com
>>>> https://freeswitch.com
>>>>
>>>> Official FreeSWITCH Sites
>>>> https://freeswitch.com/oss
>>>> https://freeswitch.org/confluence
>>>> https://cluecon.com
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:
>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>> https://freeswitch.com
>>>
>>>
>>>
>>> --
>>>
>>> Brian West | Co-founder and Developer
>>>
>>> Need Commercial support? email sales at freeswitch.com
>>>
>>> FreeSWITCH Solutions | 17345 Civic Drive #2531 Brookfield, WI 53045
>>> <https://maps.google.com/?q=17345+Civic+Drive+%232531+Brookfield,+WI+53045&entry=gmail&source=g>
>>>
>>> Email: brian at freeswitch.com
>>>
>>> Mobile: 918-424-9378
>>>
>>> Website: https://www.FreeSWITCH.com <https://www.freeswitch.com/>
>>>
>>> [image: https://www.facebook.com/signalwireinc?src=email]
>>> <https://www.facebook.com/freeswitch> [image:
>>> https://twitter.com/freeswitch] <https://twitter.com/freeswitch>
>>> _________________________________________________________________________
>>>
>>> The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
>>> Enhance your FreeSWITCH install with disruptive priced SMS and PSTN
>>> services.
>>> Build your next product on our scalable cloud platform.
>>>
>>> Join our online community to chat in real time
>>> https://signalwire.community
>>>
>>> Professional FreeSWITCH Services
>>> sales at freeswitch.com
>>> https://freeswitch.com
>>>
>>> Official FreeSWITCH Sites
>>> https://freeswitch.com/oss
>>> https://freeswitch.org/confluence
>>> https://cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> https://freeswitch.com
>>
>>
>>
>> --
>> Gregor Nanger
>>
>> *CTO*
>> t./f.: 00386 (0) 7 6000 308/309 • m:. 00386 (0)41 756485
>> • Infomedia d.o.o. • Jerebova 3, Novo mesto, Slovenia
>> • www.infomedia.si
>> _________________________________________________________________________
>>
>> The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
>> Enhance your FreeSWITCH install with disruptive priced SMS and PSTN
>> services.
>> Build your next product on our scalable cloud platform.
>>
>> Join our online community to chat in real time
>> https://signalwire.community
>>
>> Professional FreeSWITCH Services
>> sales at freeswitch.com
>> https://freeswitch.com
>>
>> Official FreeSWITCH Sites
>> https://freeswitch.com/oss
>> https://freeswitch.org/confluence
>> https://cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> https://freeswitch.com
>
>
>
> --
>
> Brian West | Co-founder and Developer
>
> Need Commercial support? email sales at freeswitch.com
>
> FreeSWITCH Solutions | 17345 Civic Drive #2531 Brookfield, WI 53045
> <https://maps.google.com/?q=17345+Civic+Drive+%232531+Brookfield,+WI+53045&entry=gmail&source=g>
>
> Email: brian at freeswitch.com
>
> Mobile: 918-424-9378
>
> Website: https://www.FreeSWITCH.com <https://www.freeswitch.com/>
>
> [image: https://www.facebook.com/signalwireinc?src=email]
> <https://www.facebook.com/freeswitch> [image:
> https://twitter.com/freeswitch] <https://twitter.com/freeswitch>
> _________________________________________________________________________
>
> The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
> Enhance your FreeSWITCH install with disruptive priced SMS and PSTN
> services.
> Build your next product on our scalable cloud platform.
>
> Join our online community to chat in real time
> https://signalwire.community
>
> Professional FreeSWITCH Services
> sales at freeswitch.com
> https://freeswitch.com
>
> Official FreeSWITCH Sites
> https://freeswitch.com/oss
> https://freeswitch.org/confluence
> https://cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> https://freeswitch.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20230104/d2d87de0/attachment-0001.html>
More information about the FreeSWITCH-users
mailing list