[Freeswitch-users] Strange ACL behavior

Brian West brian at freeswitch.com
Wed Jan 4 22:22:04 UTC 2023 

Excellent that its resolved, but we still need to clean up the areas where
ACLs docs to help make some of these more clear.

On Wed, Jan 4, 2023 at 3:32 PM Gregor Nanger <gregor at infomedia.si> wrote:

> No, you've made a good job. I overlooked that invite is coming to port
> 5080. Although that I lost hours looking at it.
>
> Thank you for your time.
>
> /g
>
> On Wed, 4 Jan 2023 at 18:55, Brian West <brian at freeswitch.com> wrote:
>
>> The issue I see is we've done a bad job of documenting the negative vs
>> positive ACL cases, they are used in various ways, so a default allow, vs
>> deny on the acl vs each entry.
>>
>> Which setting are you using the ACL in, and how is the ACL setup?
>>
>> /b
>>
>>
>> On Wed, Jan 4, 2023 at 4:29 AM Gregor Nanger <gregor at infomedia.si> wrote:
>>
>>> Well, I double checked. And if I test in CLI with acl it works ok.
>>>
>>> Could it be, that FS takes this IP as external as similar IP (same
>>> subnet) is used in gateway to register trunk? And since it is external
>>> there is no apply_inbound_acl on this profile.
>>>
>>> On Wed, 4 Jan 2023 at 02:48, Brian West <brian at freeswitch.com> wrote:
>>>
>>>> Pay attention to the default allow / deny settings you may have it
>>>> inverted
>>>>
>>>> On Tue, Jan 3, 2023 at 7:32 AM Gregor Nanger <gregor at infomedia.si>
>>>> wrote:
>>>>
>>>>> Only difference between IPs that are correctly authenticated and this
>>>>> one is that for non working IP I get in log:
>>>>> fc740b4d-d48d-41c9-b06d-75cc8f23a833 2023-01-02 15:09:48.685609 97.43%
>>>>> [INFO] sofia.c:10462 sofia/*external*
>>>>> /xxxxxxxxx at xxx.xxx.xxx.186receiving invite from xxx.xxx.xxx.186:5060
>>>>>
>>>>> there is external instead of internal. One of our gateway is
>>>>> registered to similar IP. For example: non authenticated IP is:
>>>>> xxx.xxx.xxx.186 and gateways is connected to xxx.xxx.xxx.190
>>>>>
>>>>> Since it is the same subdomain, is it possible that FS thinks that
>>>>> this is from external?
>>>>>
>>>>> BR, Gregor
>>>>>
>>>>> On Tue, 3 Jan 2023 at 09:50, Gregor Nanger <gregor at infomedia.si>
>>>>> wrote:
>>>>>
>>>>>> I have defined ACL with IPs and if I test IP in CLI with acl
>>>>>> xxx.xxx.xxx.xxx aclname, I get true. But when a call is made from this IP,
>>>>>> it doesn't get authenticated.
>>>>>>
>>>>>> Any ideas why?
>>>>>>
>>>>>> BR, Gregor
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Gregor Nanger
>>>>>
>>>>> *CTO*
>>>>> t./f.: 00386 (0) 7 6000 308/309 • m:. 00386 (0)41 756485
>>>>> • Infomedia d.o.o. • Jerebova 3, Novo mesto, Slovenia
>>>>> • www.infomedia.si
>>>>>
>>>>> _________________________________________________________________________
>>>>>
>>>>> The FreeSWITCH project is sponsored by SignalWire
>>>>> https://signalwire.com
>>>>> Enhance your FreeSWITCH install with disruptive priced SMS and PSTN
>>>>> services.
>>>>> Build your next product on our scalable cloud platform.
>>>>>
>>>>> Join our online community to chat in real time
>>>>> https://signalwire.community
>>>>>
>>>>> Professional FreeSWITCH Services
>>>>> sales at freeswitch.com
>>>>> https://freeswitch.com
>>>>>
>>>>> Official FreeSWITCH Sites
>>>>> https://freeswitch.com/oss
>>>>> https://freeswitch.org/confluence
>>>>> https://cluecon.com
>>>>>
>>>>> FreeSWITCH-users mailing list
>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>> UNSUBSCRIBE:
>>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>> https://freeswitch.com
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> Brian West | Co-founder and Developer
>>>>
>>>> Need Commercial support? email sales at freeswitch.com
>>>>
>>>> FreeSWITCH Solutions | 17345 Civic Drive #2531 Brookfield, WI 53045
>>>> <https://maps.google.com/?q=17345+Civic+Drive+%232531+Brookfield,+WI+53045&entry=gmail&source=g>
>>>>
>>>> Email: brian at freeswitch.com
>>>>
>>>> Mobile: 918-424-9378
>>>>
>>>> Website: https://www.FreeSWITCH.com <https://www.freeswitch.com/>
>>>>
>>>> [image: https://www.facebook.com/signalwireinc?src=email]
>>>> <https://www.facebook.com/freeswitch> [image:
>>>> https://twitter.com/freeswitch] <https://twitter.com/freeswitch>
>>>>
>>>> _________________________________________________________________________
>>>>
>>>> The FreeSWITCH project is sponsored by SignalWire
>>>> https://signalwire.com
>>>> Enhance your FreeSWITCH install with disruptive priced SMS and PSTN
>>>> services.
>>>> Build your next product on our scalable cloud platform.
>>>>
>>>> Join our online community to chat in real time
>>>> https://signalwire.community
>>>>
>>>> Professional FreeSWITCH Services
>>>> sales at freeswitch.com
>>>> https://freeswitch.com
>>>>
>>>> Official FreeSWITCH Sites
>>>> https://freeswitch.com/oss
>>>> https://freeswitch.org/confluence
>>>> https://cluecon.com
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:
>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>> https://freeswitch.com
>>>
>>>
>>>
>>> --
>>> Gregor Nanger
>>>
>>> *CTO*
>>> t./f.: 00386 (0) 7 6000 308/309 • m:. 00386 (0)41 756485
>>> • Infomedia d.o.o. • Jerebova 3, Novo mesto, Slovenia
>>> • www.infomedia.si
>>> _________________________________________________________________________
>>>
>>> The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
>>> Enhance your FreeSWITCH install with disruptive priced SMS and PSTN
>>> services.
>>> Build your next product on our scalable cloud platform.
>>>
>>> Join our online community to chat in real time
>>> https://signalwire.community
>>>
>>> Professional FreeSWITCH Services
>>> sales at freeswitch.com
>>> https://freeswitch.com
>>>
>>> Official FreeSWITCH Sites
>>> https://freeswitch.com/oss
>>> https://freeswitch.org/confluence
>>> https://cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> https://freeswitch.com
>>
>>
>>
>> --
>>
>> Brian West | Co-founder and Developer
>>
>> Need Commercial support? email sales at freeswitch.com
>>
>> FreeSWITCH Solutions | 17345 Civic Drive #2531 Brookfield, WI 53045
>> <https://maps.google.com/?q=17345+Civic+Drive+%232531+Brookfield,+WI+53045&entry=gmail&source=g>
>>
>> Email: brian at freeswitch.com
>>
>> Mobile: 918-424-9378
>>
>> Website: https://www.FreeSWITCH.com <https://www.freeswitch.com/>
>>
>> [image: https://www.facebook.com/signalwireinc?src=email]
>> <https://www.facebook.com/freeswitch> [image:
>> https://twitter.com/freeswitch] <https://twitter.com/freeswitch>
>> _________________________________________________________________________
>>
>> The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
>> Enhance your FreeSWITCH install with disruptive priced SMS and PSTN
>> services.
>> Build your next product on our scalable cloud platform.
>>
>> Join our online community to chat in real time
>> https://signalwire.community
>>
>> Professional FreeSWITCH Services
>> sales at freeswitch.com
>> https://freeswitch.com
>>
>> Official FreeSWITCH Sites
>> https://freeswitch.com/oss
>> https://freeswitch.org/confluence
>> https://cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> https://freeswitch.com
>
>
>
> _________________________________________________________________________
>
> The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
> Enhance your FreeSWITCH install with disruptive priced SMS and PSTN
> services.
> Build your next product on our scalable cloud platform.
>
> Join our online community to chat in real time
> https://signalwire.community
>
> Professional FreeSWITCH Services
> sales at freeswitch.com
> https://freeswitch.com
>
> Official FreeSWITCH Sites
> https://freeswitch.com/oss
> https://freeswitch.org/confluence
> https://cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> https://freeswitch.com



-- 

Brian West | Co-founder and Developer

Need Commercial support? email sales at freeswitch.com

FreeSWITCH Solutions | 17345 Civic Drive #2531 Brookfield, WI 53045
<https://maps.google.com/?q=17345+Civic+Drive+%232531+Brookfield,+WI+53045&entry=gmail&source=g>

Email: brian at freeswitch.com

Mobile: 918-424-9378

Website: https://www.FreeSWITCH.com <https://www.freeswitch.com/>

[image: https://www.facebook.com/signalwireinc?src=email]
<https://www.facebook.com/freeswitch> [image:
https://twitter.com/freeswitch] <https://twitter.com/freeswitch>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20230104/4c52eb4f/attachment-0001.html>

More information about the FreeSWITCH-users mailing list