If I make any changes on the acl.conf.xml, it doesn't take any effect.<br><br>Why is that? What am I doing wrong?<br><br>Diego<br><br><div class="gmail_quote">On Tue, Apr 21, 2009 at 5:29 AM, Diego Viola <span dir="ltr"><<a href="mailto:diego.viola@gmail.com">diego.viola@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">More info:<br><br> <X-PRE-PROCESS cmd="set" data="internal_auth_calls=true"/><br>
<!-- <param name="accept-blind-reg" value="true"/> --><br> <!-- <param name="accept-blind-auth" value="true"/> --><br>
<br>So any ideas?<div><div></div><div class="h5"><br><br><div class="gmail_quote">On Tue, Apr 21, 2009 at 5:08 AM, Diego Viola <span dir="ltr"><<a href="mailto:diego.viola@gmail.com" target="_blank">diego.viola@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Hey guys,<br><br>I'm currently testing FS inside a LAN. FreeSWITCH is running on 192.168.0.101 and my softphone is on 192.168.0.100.<br><br>I can register and make calls just fine, but I want to deny everything in order to learn how the ACL works.<br>
<br>I have this on the internal profile:<br><br> <param name="apply-nat-acl" value="rfc1918"/><br> <param name="apply-inbound-acl" value="domains"/><br> <param name="apply-register-acl" value="domains"/><br>
<br>And this is how my acl.conf.xml looks, it's all set to deny:<br><br><configuration name="acl.conf" description="Network Lists"><br> <network-lists><br><br> <list name="dl-candidates" default="deny"><br>
<node type="deny" cidr="<a href="http://10.0.0.0/8" target="_blank">10.0.0.0/8</a>"/><br> <node type="deny" cidr="<a href="http://172.16.0.0/12" target="_blank">172.16.0.0/12</a>"/><br>
<node type="deny" cidr="<a href="http://192.168.0.0/16" target="_blank">192.168.0.0/16</a>"/><br>
</list><br><br> <list name="rfc1918" default="deny"><br> <node type="deny" cidr="<a href="http://10.0.0.0/8" target="_blank">10.0.0.0/8</a>"/><br> <node type="deny" cidr="<a href="http://172.16.0.0/12" target="_blank">172.16.0.0/12</a>"/><br>
<node type="deny" cidr="<a href="http://192.168.0.0/16" target="_blank">192.168.0.0/16</a>"/><br> </list><br><br> <list name="lan" default="deny"><br>
<node type="deny" cidr="<a href="http://192.168.42.0/24" target="_blank">192.168.42.0/24</a>"/><br>
<node type="deny" cidr="<a href="http://192.168.42.42/32" target="_blank">192.168.42.42/32</a>"/><br> </list><br><br> <list name="strict" default="deny"><br>
<node type="deny" cidr="<a href="http://208.102.123.124/32" target="_blank">208.102.123.124/32</a>"/><br>
</list><br> <!--<br> This will traverse the directory adding all users<br> with the cidr= tag to this ACL, when this ACL matches<br> the users variables and params apply as if they<br>
digest authenticated.<br> --><br> <list name="domains" default="deny"><br> <node type="deny" domain="$${domain}"/><br> <node type="deny" cidr="<a href="http://192.168.0.0/24" target="_blank">192.168.0.0/24</a>"/><br>
</list><br><br> </network-lists><br></configuration><br><br>But I'm still allowed to register with the 1000 user and make calls, to the conference extension, etc... I can't understand this, if it's all to deny and the cidr is set to <a href="http://192.168.0.0/24" target="_blank">192.168.0.0/24</a> on the "domains" context, which is what hte profile uses, shouldn't the registration/call be denied. I have tried many conbinations but whenever I change something it wont make any difference.<br>
<br>Please help me.<br><br>Thanks,<br><font color="#888888"><br>Diego<br>
</font></blockquote></div><br>
</div></div></blockquote></div><br>