<div dir="ltr"><br>Ok, this is not as easy as it looks. If we use the ACL system, we block unauthenticated users to come in and reduce some extra load on the DP/LUA/MySQL to reject the call. While ACL implemented, FS will reject the call.<br>

<br><b>Rejected by acl &quot;default&quot;. Falling back to Digest auth<br><br></b>Before moving forward, the only way to reach dialplan now is Digest authentication. Which now makes things easy, as we can grab accountcode from the username etc.<br>

<br>Now if we don&#39;t apply ACL, and let caller reach the directory to look for credentials, that is allow acl on directory, directory wont return anything if user is not matched. Correct me if I am wrong, can we query the directory for both user or cidr or one of them? <br>

<br>-Goni<br><br><br><div class="gmail_quote">On Mon, Feb 27, 2012 at 12:10 PM, Avi Marcus <span dir="ltr">&lt;<a href="mailto:avi@avimarcus.net">avi@avimarcus.net</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

<div dir="ltr">If you want to do it in SQL.. I think you&#39;re using mysql? (I&#39;m sure PG has similar functions. As does PHP, ip2long)<div>MySQL has two IP functions.. the storage is easy: <a href="http://dev.mysql.com/doc/refman/5.0/en/miscellaneous-functions.html#function_inet-aton" target="_blank">http://dev.mysql.com/doc/refman/5.0/en/miscellaneous-functions.html#function_inet-aton</a></div>



<div><br></div><div>The cidr /24 part is hard. This site seems to show you how but I don&#39;t quite understand it all: <a href="http://www.finnie.org/2007/12/05/mysql-and-cidr-selection/" target="_blank">http://www.finnie.org/2007/12/05/mysql-and-cidr-selection/</a></div>

<span class="HOEnZb"><font color="#888888">

<div><br></div></font></span><div><span class="HOEnZb"><font color="#888888"><div dir="ltr"><span style="font-family:Verdana,Arial,Helvetica,sans-serif"><span style="font-size:small">-Avi</span></span></div></font></span><div>

<div class="h5">
<br><br><div class="gmail_quote">On Mon, Feb 27, 2012 at 10:57 AM, Muhammad Naseer Bhatti <span dir="ltr">&lt;<a href="mailto:nbhatti@gmail.com" target="_blank">nbhatti@gmail.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">



<div dir="ltr"><br><div class="gmail_quote"><div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>You are manually matching the CIDR to an account-code, by looking it up?</div>





</div></blockquote></div><div>Yes. SELECT * from acl_node where caller_ip = blah; and I get the accountcode.<br> <br></div><div><blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">





<div dir="ltr"><div>But FS already matched it and set a channel variable for the accountcode (if you set one in the directory file). (This is as long as you have the CIDR in the directory and not using the ACL system.)</div>





</div></blockquote></div><div>I got your point. I am using ACL system not the CIDR in user directory. Let me try setting it up in the directory and see if I get the chan var.<br><br>Goni<br> </div><div><div><blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">





<div dir="ltr"><span><font color="#888888">

<div><br></div><div dir="ltr"><span style="font-family:Verdana,Arial,Helvetica,sans-serif"><span style="font-size:small">-Avi</span></span></div></font></span><div><div>
<br><br><div class="gmail_quote">On Mon, Feb 27, 2012 at 10:24 AM, Muhammad Naseer Bhatti <span dir="ltr">&lt;<a href="mailto:nbhatti@gmail.com" target="_blank">nbhatti@gmail.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">







<div dir="ltr"><br>A  node have a CIDR, for example, <a href="http://192.168.10.0/24" target="_blank">192.168.10.0/24</a>. So anything in between 192.168.10.1 and 192.168.10.254 will be processed and passed to the DP, by FreeSWITCH, in this case. Everything is ok till here. (I am using xml_curl to service acl config) Now the call is sent to the dialplan for processing. LUA scripts in my case. The IP address seen in the channel variables is in IP format, 192.168.10.20 without the subnet or cidr information.  Single IP address matches perfect and I get the accountcode associated with the IP from the database, but when I have CIDR <a href="http://192.168.10.0/24" target="_blank">192.168.10.0/24</a> in the DB and the IP is 192.168.10.20, how can I match it? Or I would have to expand the cidr range and set them all in the database?<br>









<br>Goni<br><br><br>. CIDR will be saved in cidr format. My question was, the ip address will be seen in the channel variables, but to match is against the <br><div><div><br><div class="gmail_quote">On Mon, Feb 27, 2012 at 1:00 AM, Avi Marcus <span dir="ltr">&lt;<a href="mailto:avi@avimarcus.net" target="_blank">avi@avimarcus.net</a>&gt;</span> wrote:<br>









<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">How do you set several CIDR for one user?<div><br></div><div>OK, so if you have it matching on an account - use something like the variable accountcode. What more do you need for your billing..?</div>









<div><span><font color="#888888"><div dir="ltr">

<span style="font-family:Verdana,Arial,Helvetica,sans-serif"><span style="font-size:small">-Avi </span></span></div></font></span><div><div>
<br><br><div class="gmail_quote">On Sun, Feb 26, 2012 at 11:46 PM, Muhammad Naseer Bhatti <span dir="ltr">&lt;<a href="mailto:nbhatti@gmail.com" target="_blank">nbhatti@gmail.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">











<div dir="ltr"><br>This is not a problem. I can set several CIDR(s) for a single user. If an IP address exists in the DB, the system will not allow any other user to enter that IP address for him. This is different. I match the account with incoming network_addr of the caller. Since I am saving currently everything as /32 and static match the IP address from the DB, so I get the account code no problem. FS accepts the range happily. /24 or whatever, issue is only how to process that information when it hits the dialplan and later mangled by the scripts to parse.<div>











<div><br>

<br><div class="gmail_quote">On Mon, Feb 27, 2012 at 12:36 AM, Avi Marcus <span dir="ltr">&lt;<a href="mailto:avi@avimarcus.net" target="_blank">avi@avimarcus.net</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">













<div dir="ltr">I suppose the issue is that each extensions seems to only have one CIDR option per directory-extension.<div>I use the variable accountcode for billing.. so a hack would be to create users e.g. 1234-a, 1234-b, 1234-c each with their own CIDR and the same accountcode of 1234.</div>















<div><br></div><div>Does someone else have a recommendation of how to enter several ranges of IPs for ACL for a particular user?<br clear="all"><div dir="ltr"><span style="font-family:Verdana,Arial,Helvetica,sans-serif"><span style="font-size:small">-Avi</span></span></div>















<br>
<br><br><div class="gmail_quote"><div><div>On Sun, Feb 26, 2012 at 10:55 PM, Muhammad Naseer Bhatti <span dir="ltr">&lt;<a href="mailto:nbhatti@gmail.com" target="_blank">nbhatti@gmail.com</a>&gt;</span> wrote:<br>

</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div>

<div dir="ltr">Hello,<br>In order to allow ACL authentication, ACL is defined for FreeSWITCH and IP address is entered in CIDR format. A /32 will have only 1 IP and /24 will have 254 IP address range. Now, FS will allow the call if the IP address falls under the subnet. For example, caller IP address is 192.168.10.24 while the ACL node is defined as <a href="http://192.168.10.0/24" target="_blank">192.168.10.0/24</a>. This works fine, but when it come to identify the incoming call for billing purpose, how can we identify the IP address matches to which customer? Or which ACL node for FreeSWITCH. One possible solution is to expand the CIDR used by FS, and then match the caller IP address, but I guess this will take too much resources. Am I missing something here? Or restrict the user to enter only 1 IP address per account?<br>

















<br>Thanks,<br>Goni<br></div>
<br></div></div>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div><br></div></div>
<br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div><br></div></div></div>
<br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div><br></div></div></div></div>
<br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div><br></div></div></div>
<br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div><br></div></div></div>
<br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div></div></div><br></div>
<br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div><br></div></div></div></div>
<br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div><br></div>