<meta charset="utf-8"><span class="Apple-style-span" style="border-collapse: collapse; font-family: arial, sans-serif; font-size: 13px; "> <list name="strict" <b>default="allow"</b>><br> <node type="allow" cidr="195.225.XXX.XXX/32"/><br>
</list></span><br><br><div class="gmail_quote">You want a default of 'deny'. The default is what to do with any IP not on the list, what you've set allows every IP.</div><div class="gmail_quote"><br>
</div><div class="gmail_quote">I would suggest you build your config off the default config by the way, customising them to suit you and removing what you don't need. The directory structure is there to help you manage things (what you've posted makes it look like you might be using a flat file?). There's a lot of parameters you've missed out setting.</div>
<div class="gmail_quote"><br></div><div class="gmail_quote">For example:</div><div class="gmail_quote"><span class="Apple-style-span" style="border-collapse: collapse; font-family: arial, sans-serif; font-size: 13px; "><X-PRE-PROCESS cmd="set" data="global_codec_prefs=G7221@32000h,G7221@16000h,G722,PCMU,PCMA,GSM"/></span></div>
<meta charset="utf-8"><span class="Apple-style-span" style="border-collapse: collapse; font-family: arial, sans-serif; font-size: 13px; "><X-PRE-PROCESS cmd="set" data="outbound_codec_prefs=PCMU,PCMA,GSM"/></span><div class="gmail_quote">
<br></div><div class="gmail_quote">These will have absolutely no effect. They set a global variable that you can use elsewhere in your configuration, but you're not actually using them. You should be setting the inbound & outbound codec preferences on the sofia profile in a param, either using the global variable e.g. $${outbound_codec_prefs} or by setting them explicitly there.</div>
<div class="gmail_quote"><br></div><div class="gmail_quote">-Steve</div><div class="gmail_quote"><br></div><div class="gmail_quote"><br></div><div class="gmail_quote">On 8 June 2011 01:16, Cyril Zlachevsky <span dir="ltr"><<a href="mailto:cyril.zlachevsky@gmail.com">cyril.zlachevsky@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">Hi,<br>
Can't stand what should I do for ACL working.<br>
<br>
I'm forwarding a call from a particular static IP to number@voipprovider.<br>
I refused of using FS default configs because they are complicated and redundant for me.<br>
<br>
This is my configuration:<br>
<?xml version="1.0"?><br>
<document type="freeswitch/xml"><br>
<br>
<X-PRE-PROCESS cmd="set" data="local_address=$${local_ip_v4}"/><br>
<br>
<X-PRE-PROCESS cmd="set" data="sipnet_proxy=<a href="http://voiprovider.com" target="_blank">voiprovider.com</a>"/><br>
<X-PRE-PROCESS cmd="set" data="sipnet_login=echo"/><br>
<X-PRE-PROCESS cmd="set" data="sipnet_password=echo"/><br>
<br>
<X-PRE-PROCESS cmd="set" data="sound_prefix=$${sounds_dir}/en/us/callie"/><br>
<br>
<section name="configuration"><br>
<br>
<configuration name="switch.conf"><br>
<settings><br>
<param name="colorize-console" value="true"/><br>
<param name="max-sessions" value="1000"/><br>
<param name="sessions-per-second" value="30"/><br>
<param name="loglevel" value="debug"/><br>
</settings><br>
</configuration><br>
<br>
<configuration name="modules.conf"><br>
<modules><br>
<load module="mod_console"/><br>
<load module="mod_logfile"/><br>
<load module="mod_sofia"/><br>
<load module="mod_dialplan_xml"/><br>
<load module="mod_dptools"/><br>
<load module="mod_commands"/><br>
<load module="mod_expr"/><br>
<load module="mod_sndfile"/><br>
</modules><br>
</configuration><br>
<br>
<X-PRE-PROCESS cmd="set" data="global_codec_prefs=G7221@32000h,G7221@16000h,G722,PCMU,PCMA,GSM"/><br>
<X-PRE-PROCESS cmd="set" data="outbound_codec_prefs=PCMU,PCMA,GSM"/><br>
<br>
<configuration name="console.conf"><br>
<mappings><br>
<map name="all" value="console,debug,info,notice,warning,err,crit,alert"/><br>
</mappings><br>
<settings><br>
<param name="colorize" value="true"/><br>
<param name="loglevel" value="info"/><br>
</settings><br>
</configuration><br>
<br>
<configuration name="logfile.conf"><br>
<settings><br>
<param name="rotate-on-hup" value="true"/><br>
</settings><br>
<profiles><br>
<profile name="default"><br>
<settings><br>
<param name="logfile" value="/var/log/freeswitch/freeswitch.log"/><br>
<param name="rollover" value="10485760"/><br>
</settings><br>
<mappings><br>
<map name="all" value="debug,info,notice,warning,err,crit,alert"/><br>
</mappings><br>
</profile><br>
</profiles><br>
</configuration><br>
<br>
<configuration name="acl.conf" description="Network Lists"><br>
<network-lists><br>
<list name="strict" default="allow"><br>
<node type="allow" cidr="195.225.XXX.XXX/32"/><br>
</list><br>
<list name="domains" default="deny"><br>
<node type="allow" domain="$${domain}"/><br>
</list><br>
</network-lists><br>
</configuration><br>
<br>
<configuration name="sofia.conf"><br>
<global_settings><br>
<param name="log-level" value="0"/><br>
<param name="debug-presence" value="0"/><br>
</global_settings><br>
<profiles><br>
<profile name="local"><br>
<domains><br>
<domain name="all" alias="true" parse="false"/><br>
</domains><br>
<settings><br>
<param name="context" value="local"/><br>
<param name="sip-port" value="5060"/><br>
<param name="dialplan" value="XML"/><br>
<param name="rtp-ip" value="$${local_address}"/><br>
<param name="sip-ip" value="$${local_address}"/><br>
</settings><br>
</profile><br>
<profile name="sipnet"><br>
<domains><br>
<domain name="all" alias="false" parse="false"/><br>
</domains><br>
<settings><br>
<param name="context" value="sipnet"/><br>
<param name="sip-port" value="5080"/><br>
<param name="dialplan" value="XML"/><br>
<param name="rtp-ip" value="$${local_address}"/><br>
<param name="sip-ip" value="$${local_address}"/><br>
<!--param name="auth-calls" value="false"/--><br>
<param name="auth-calls" value="true"/><br>
<param name="apply-inbound-acl" value="strict"/><br>
</settings><br>
<gateways><br>
<gateway name="sipnet"><br>
<param name="proxy" value="$${sipnet_proxy}"/><br>
<param name="realm" value="asterisk"/><br>
<param name="username" value="$${sipnet_login}"/><br>
<param name="password" value="$${sipnet_password}"/><br>
<param name="local-network-acl" value="strict"/><br>
</gateway><br>
</gateways><br>
</profile><br>
</profiles><br>
</configuration><br>
</section><br>
<br>
<section name="dialplan"><br>
<context name="local"><br>
<extension name="local-accounts"><br>
<condition field="destination_number" expression="^(10[1-3])$"><br>
<action application="bridge" data="user/$1@$${local_address}"/><br>
</condition><br>
</extension><br>
<extension name="sipnet"><br>
<condition field="destination_number" expression="^(\d+)$"><br>
<action application="set" data="effective_caller_id_number=$${sipnet_login}"/><br>
<action application="bridge"<br>
data="{sip_invite_domain=$${sipnet_proxy}}sofia/sipnet/$1@$${sipnet_proxy}"/><br>
</condition><br>
</extension><br>
</context><br>
</section><br>
<br>
<section name="directory"><br>
<domain name="$${local_address}"><br>
<params><br>
<param name="dial-string"<br>
value="{presence_id=${dialed_user}@${dialed_domain}}${sofia_contact(${dialed_user}@${dialed_domain})}"/><br>
</params><br>
<groups><br>
<group name="local"><br>
<users><br>
<user id="inboundtest"></user><br>
<params><br>
<param name="debug" value="yes"/><br>
<param name="register" value="true"/><br>
<param name="apply-inbound-acl" value="strict"/><br>
<param name="apply-register-acl" value="strict"/><br>
</params><br>
</users><br>
</group><br>
</groups><br>
</domain><br>
</section><br>
</document><br>
<br>
When I start FS, I can't see my IP 195.225.XXX.XXX in freeswitch.log - only this:<br>
[NOTICE] switch_core.c:1088 Created ip list rfc1918.auto default (deny)<br>
[NOTICE] switch_utils.c:248 Adding <a href="http://10.0.0.0/8" target="_blank">10.0.0.0/8</a> (allow) [] to list rfc1918.auto<br>
[NOTICE] switch_utils.c:248 Adding <a href="http://172.16.0.0/12" target="_blank">172.16.0.0/12</a> (allow) [] to list rfc1918.auto<br>
[NOTICE] switch_utils.c:248 Adding <a href="http://192.168.0.0/16" target="_blank">192.168.0.0/16</a> (allow) [] to list rfc1918.auto<br>
[NOTICE] switch_core.c:1096 Created ip list wan.auto default (allow)<br>
[NOTICE] switch_utils.c:248 Adding <a href="http://10.0.0.0/8" target="_blank">10.0.0.0/8</a> (deny) [] to list wan.auto<br>
[NOTICE] switch_utils.c:248 Adding <a href="http://172.16.0.0/12" target="_blank">172.16.0.0/12</a> (deny) [] to list wan.auto<br>
[NOTICE] switch_utils.c:248 Adding <a href="http://192.168.0.0/16" target="_blank">192.168.0.0/16</a> (deny) [] to list wan.auto<br>
[NOTICE] switch_core.c:1104 Created ip list nat.auto default (deny)<br>
[NOTICE] switch_core.c:1106 Adding 88.198.XXX.XXX/<a href="http://255.255.255.255" target="_blank">255.255.255.255</a> (deny) to list nat.auto<br>
[NOTICE] switch_utils.c:248 Adding <a href="http://10.0.0.0/8" target="_blank">10.0.0.0/8</a> (allow) [] to list nat.auto<br>
[NOTICE] switch_utils.c:248 Adding <a href="http://172.16.0.0/12" target="_blank">172.16.0.0/12</a> (allow) [] to list nat.auto<br>
[NOTICE] switch_utils.c:248 Adding <a href="http://192.168.0.0/16" target="_blank">192.168.0.0/16</a> (allow) [] to list nat.auto<br>
[NOTICE] switch_core.c:1115 Created ip list loopback.auto default (deny)<br>
[NOTICE] switch_utils.c:248 Adding <a href="http://127.0.0.0/8" target="_blank">127.0.0.0/8</a> (allow) [] to list loopback.auto<br>
[NOTICE] switch_core.c:1121 Created ip list localnet.auto default (deny)<br>
[NOTICE] switch_core.c:1124 Adding 88.198.XXX.XXX/<a href="http://255.255.255.255" target="_blank">255.255.255.255</a> (allow) to list localnet.auto<br>
<br>
With my current configuration FS allow to register from any IP.<br>
Where is my error?<br>
<br>
_______________________________________________<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
</blockquote></div><br>