<font face="Verdana, Arial, Helvetica, sans-serif">Hi Cal!</font><div><font face="Verdana, Arial, Helvetica, sans-serif"><br></font></div><div><font face="Verdana, Arial, Helvetica, sans-serif">I think I got it now and it may help you. </font></div>
<div><font face="Verdana, Arial, Helvetica, sans-serif"><br></font></div><div><font face="Verdana, Arial, Helvetica, sans-serif">If call is coming to port 5060, then it is automaticly routed as sip_profiles/internal profile. In internal.xml it is rule to obbey "domains" list from acl.conf.xml. So, whatever you do in acl, nothing will change behaviour.</font></div>
<div><font face="Verdana, Arial, Helvetica, sans-serif"><br></font></div><div><font face="Verdana, Arial, Helvetica, sans-serif">So what I did? I expanded domains list to add IP node of my provider. Now incoming call is granted from acl and doesn't require authentication, but automaticlly goes to public dial plan. I still have to figure it out why does it go to public diaplan. In the end, this is what I wanted, but just want to know wha it goes to public, where is this rule set.</font></div>
<div><font face="Verdana, Arial, Helvetica, sans-serif"><br></font></div><div><font face="Verdana, Arial, Helvetica, sans-serif">Gregor<br></font><br><div class="gmail_quote">2012/11/29 Cal Leeming [Simplicity Media Ltd] <span dir="ltr"><<a href="mailto:cal.leeming@simplicitymedialtd.co.uk" target="_blank">cal.leeming@simplicitymedialtd.co.uk</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Gregor,<div><br></div><div>I have to admit, every time I've tried using ACLs for inbound authentication (i.e. an inbound DID), it always gave me the same damn error (rejected by ACL 'domains' etc).</div>
<div>
<br></div><div>I've searched endlessly for a reason why, but couldn't seem to find a combination of variables that worked.</div><div><br></div><div>I figured that it must be working else everyone would be complaining, and that my own lack of knowledge/experience with FreeSWITCH meant I was getting something fundamentally wrong in the config.</div>
<div><br></div><div>So, I removed ACLs, threw up an iptables rule and put a TODO in the project plan to fix ACLs before release lol.</div><div><br></div><div>I'll have another look at this, and see if I can figure out wtf I'm doing wrong. </div>
<div><br></div><div>This may/may not be the same problem your having, but I'll report back either way and hopefully it'll help!</div><span class="HOEnZb"><font color="#888888"><div><br>Cal</div></font></span><div class="HOEnZb">
<div class="h5"><div><br><br><div class="gmail_quote">On Thu, Nov 29, 2012 at 11:15 AM, Gregor Nanger <span dir="ltr"><<a href="mailto:gregor@infomedia.si" target="_blank">gregor@infomedia.si</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I thought that just set acl and set in /sip_profiles/external.xml <span style="background-color:rgb(249,249,249);line-height:1.1em"><param name="apply-inbound-acl" value="</span><span style="color:rgb(34,34,34);font-size:13px;font-family:arial,sans-serif">testdid</span><span style="background-color:rgb(249,249,249);line-height:1.1em">"/> would solve this, but it doesn't working.</span><div>
<span style="line-height:14.300000190734863px"><br></span></div><div><span style="line-height:14.300000190734863px">Trunk DID provider I am using is sending calls to FS. Now I just want to get this calls into public dialplan based only on IP, not authorization. :-(<br>
</span><div><div><br><br><br><div class="gmail_quote">2012/11/29 Sanjay Soni <span dir="ltr"><<a href="mailto:ssoni@lifesize.com" target="_blank">ssoni@lifesize.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I was getting similar problem and modifying acl.conf didn't work for me. What work for me was modifying sip_profiles/internal.xml and sip_profiles/external.xml with Either<br>
param name="local-network-acl" value="localnet.auto" - For Private IPs (This is default)<br>
Or<br>
param name="candidate-acl" value="wan.auto"<br>
param name="local-network-acl" value="localnet.auto" - For Public IPs.<br>
<div><div><br>
<br>
<br>
-----Original Message-----<br>
From: <a href="mailto:freeswitch-users-bounces@lists.freeswitch.org" target="_blank">freeswitch-users-bounces@lists.freeswitch.org</a> [mailto:<a href="mailto:freeswitch-users-bounces@lists.freeswitch.org" target="_blank">freeswitch-users-bounces@lists.freeswitch.org</a>] On Behalf Of Paul Cupis<br>
Sent: 29 November 2012 16:02<br>
To: FreeSWITCH Users Help<br>
Subject: Re: [Freeswitch-users] Inbound DID trunk without authentication<br>
<br>
On Thu, Nov 29, 2012 at 09:36:25AM +0100, Gregor Nanger wrote:<br>
> in acl.conf.xml i add:<br>
><br>
> <list name="testdid" default="deny"><br>
> <node type="allow" cidr="xxx.xxx.xxx.xxx/32"/><br>
> </list><br>
<br>
> What I see in console I keep getting rejected by ACL "domains"<br>
><br>
> If I understand correctly if IP of inbound call is in ACL then call is<br>
> transfered to public dialplan?<br>
><br>
> I need this gateway only for inbound calls.<br>
<br>
Try adding:<br>
<br>
<node type="allow" cidr="xxx.xxx.xxx.xxx/32"/><br>
<br>
into the existing stanza in acl.conf.xml which starts with:<br>
<br>
<list name="domains" ...<br>
<br>
as this is the ACL which your SIP profile seems to be using to authenticate<br>
incoming calls.<br>
<br>
Regards,<br>
<br>
<br>
_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br>
_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
</div></div></blockquote></div><br><br></div></div></div>
<br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div><br></div>
</div></div><br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div><br><br></div>