Oh it was because I had auth-calls set to true, now I turned it false and it works as I expect!<br><br>Silly me, thanks everyone anyway =D<br><br>Diego<br><br><div class="gmail_quote">On Tue, Apr 21, 2009 at 7:08 AM, Diego Viola <span dir="ltr"><<a href="mailto:diego.viola@gmail.com">diego.viola@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Ok I just remade the config and now it's working as it should, it's not letting me register.<br>
<br>2009-04-21 07:06:03 [WARNING] sofia_reg.c:1283 sofia_reg_handle_sip_i_register() IP 192.168.0.100 Rejected by acl "domains"<br>
<br>However, I have this:<div class="im"><br><br> <param name="apply-inbound-acl" value="domains"/><br><br></div>And this:<div class="im"><br><br> <list name="domains" default="deny"><br>
</div> <!-- <node type="allow" domain="$${domain}"/>--><br>
<node type="deny" cidr="<a href="http://192.168.0.100/32" target="_blank">192.168.0.100/32</a>"/><div class="im"><br> <node type="deny" cidr="<a href="http://192.168.0.0/24" target="_blank">192.168.0.0/24</a>"/><br>
</list><br><br></div>And I can still call the conference (3030) without being registered. Why is this?<br><br>Thanks.<div><div></div><div class="h5"><br><br><br><div class="gmail_quote">On Tue, Apr 21, 2009 at 6:43 AM, Diego Viola <span dir="ltr"><<a href="mailto:diego.viola@gmail.com" target="_blank">diego.viola@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">freeswitch@internal> acl<br>false<br><br><br><div class="gmail_quote"><div>On Tue, Apr 21, 2009 at 5:08 AM, Diego Viola <span dir="ltr"><<a href="mailto:diego.viola@gmail.com" target="_blank">diego.viola@gmail.com</a>></span> wrote:<br>
</div><div><div></div><div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Hey guys,<br><br>I'm currently testing FS inside a LAN. FreeSWITCH is running on 192.168.0.101 and my softphone is on 192.168.0.100.<br>
<br>I can register and make calls just fine, but I want to deny everything in order to learn how the ACL works.<br>
<br>I have this on the internal profile:<br><br> <param name="apply-nat-acl" value="rfc1918"/><br> <param name="apply-inbound-acl" value="domains"/><br> <param name="apply-register-acl" value="domains"/><br>
<br>And this is how my acl.conf.xml looks, it's all set to deny:<br><br><configuration name="acl.conf" description="Network Lists"><br> <network-lists><br><br> <list name="dl-candidates" default="deny"><br>
<node type="deny" cidr="<a href="http://10.0.0.0/8" target="_blank">10.0.0.0/8</a>"/><br> <node type="deny" cidr="<a href="http://172.16.0.0/12" target="_blank">172.16.0.0/12</a>"/><br>
<node type="deny" cidr="<a href="http://192.168.0.0/16" target="_blank">192.168.0.0/16</a>"/><br>
</list><br><br> <list name="rfc1918" default="deny"><br> <node type="deny" cidr="<a href="http://10.0.0.0/8" target="_blank">10.0.0.0/8</a>"/><br> <node type="deny" cidr="<a href="http://172.16.0.0/12" target="_blank">172.16.0.0/12</a>"/><br>
<node type="deny" cidr="<a href="http://192.168.0.0/16" target="_blank">192.168.0.0/16</a>"/><br> </list><br><br> <list name="lan" default="deny"><br>
<node type="deny" cidr="<a href="http://192.168.42.0/24" target="_blank">192.168.42.0/24</a>"/><br>
<node type="deny" cidr="<a href="http://192.168.42.42/32" target="_blank">192.168.42.42/32</a>"/><br> </list><br><br> <list name="strict" default="deny"><br>
<node type="deny" cidr="<a href="http://208.102.123.124/32" target="_blank">208.102.123.124/32</a>"/><br>
</list><br> <!--<br> This will traverse the directory adding all users<br> with the cidr= tag to this ACL, when this ACL matches<br> the users variables and params apply as if they<br>
digest authenticated.<br> --><br> <list name="domains" default="deny"><br> <node type="deny" domain="$${domain}"/><br> <node type="deny" cidr="<a href="http://192.168.0.0/24" target="_blank">192.168.0.0/24</a>"/><br>
</list><br><br> </network-lists><br></configuration><br><br>But I'm still allowed to register with the 1000 user and make calls, to the conference extension, etc... I can't understand this, if it's all to deny and the cidr is set to <a href="http://192.168.0.0/24" target="_blank">192.168.0.0/24</a> on the "domains" context, which is what hte profile uses, shouldn't the registration/call be denied. I have tried many conbinations but whenever I change something it wont make any difference.<br>
<br>Please help me.<br><br>Thanks,<br><font color="#888888"><br>Diego<br>
</font></blockquote></div></div></div><br>
</blockquote></div><br>
</div></div></blockquote></div><br>