<div dir="ltr">I've tried entering this in acl.conf.xml:<div><br></div><div><br></div><div><div style="font-size:12.8000001907349px"> <list name="domains" default="deny"></div><div> <node type="allow" host="<a href="http://miccgw1.design.mitel.com">miccgw1.design.mitel.com</a>" mask="255.255.255.0"/></div></div><div> </list><br></div><div><br></div><div>After reloadacl (no errors), I tried making a call:</div><div><br></div><div><br></div><div>2015-02-06 15:47:51.831958 [NOTICE] switch_channel.c:1055 New Channel sofia/internal/<a href="mailto:5401@miccgw1.design.mitel.com">5401@miccgw1.design.mitel.com</a> [fbcbdde0-6b3e-43e1-9fcf-f592c83b0efb]<br></div><div><br></div><div>but the incoming call still gets rejected:</div><div><br></div><div>2015-02-06 15:47:51.831958 [DEBUG] sofia.c:8775 IP 10.47.41.109 Rejected by acl "domains". Falling back to Digest auth.<br></div><div><br></div><div><div>2015-02-06 15:47:51.871962 [DEBUG] sofia.c:8775 IP 10.47.41.109 Rejected by acl "domains". Falling back to Digest auth.</div><div>2015-02-06 15:47:51.871962 [WARNING] sofia_reg.c:2752 Can't find user [@<a href="http://10.47.26.44">10.47.26.44</a>] from 10.47.41.109</div><div>You must define a domain called '10.47.26.44' in your directory and add a user with the id="" attribute</div><div>and you must configure your device to use the proper domain in it's authentication credentials.</div></div><div><br></div><div>If I want to get rid of the error, I need to specify the IP address of the originating pbx:</div><div><br></div><div><div> <node type="allow" cidr="<a href="http://10.47.41.109/32">10.47.41.109/32</a>" /></div></div><div><br></div><div>Any thoughts on how to get the acl file to support hostnames?</div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Feb 5, 2015 at 11:42 AM, Brian West <span dir="ltr"><<a href="mailto:brian@freeswitch.org" target="_blank">brian@freeswitch.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Looking at the code it looks like it would accept host.</div><div class="gmail_extra"><br><div class="gmail_quote"><div><div class="h5">On Thu, Feb 5, 2015 at 9:59 AM, Szeto, Steven <span dir="ltr"><<a href="mailto:steven.szeto@mitel.com" target="_blank">steven.szeto@mitel.com</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5"><div dir="ltr"><div>Suppose I have a switch with DNS hostname of "<a href="http://myswitch.company.com" target="_blank">myswitch.company.com</a>" and an IP address of 10.11.12.13.</div><div><br></div><div>If I want to allow this switch's phones to call FreeSwitch, I have to update the acl.conf.xml file with an entry that looks like this:</div><div><br></div><div><div> <list name="domains" default="deny"></div></div><div><br></div><div><div> <node type="allow" cidr="<a href="http://10.11.12.13/32" target="_blank">10.11.12.13/32</a>" /></div></div><div><br></div><div><div> </list></div></div><div><br></div><div><br></div><div>What I would like to do is use the DNS hostname of the switch instead. So the above entry should look something like this:</div><div><br></div><div><div> <list name="domains" default="deny"></div><div><br></div><div> <node type="allow" host="<a href="http://myswitch.company.com" target="_blank">myswitch.company.com</a>" /></div><div><br></div><div> </list></div></div><div><br></div><div>When I try the above, the calls are rejected by FreeSwitch.</div><div><br></div><div>When creating its Access Control List, is there a way to tell FreeSwitch to do a hostname lookup when hosts are specified?</div><div><br></div><div>Regards,</div><div>Steve </div></div>
<br>
</div></div><font size="1">This e-mail (including any attachments) is for the sole use of the intended recipient(s) and may contain information that is confidential and/or protected by legal privilege. Any unauthorized review, use, copy, disclosure or distribution of this e-mail is strictly prohibited. If you are not the intended recipient, please notify Mitel immediately and destroy all copies of this e-mail. Mitel does not accept any liability for breach of security, error or virus that may result from the transmission of this message.</font><br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div><div dir="ltr">
<p><font face="courier new, monospace"><b><i><font size="4">Brian West</font></i></b><br><span style="font-size:x-small"><a href="mailto:brian@freeswitch.org" target="_blank">brian@freeswitch.org</a></span></font></p>
<p><font size="1" face="courier new, monospace"><img src="http://billing.freeswitch.org/templates/default/img/whmcslogo.png"><br></font></p><p><font face="courier new, monospace"><b><i>Twitter: @FreeSWITCH , @briankwest</i></b><br><a href="http://www.freeswitchbook.com" target="_blank">http://www.freeswitchbook.com</a><br><a href="http://www.freeswitchcookbook.com" target="_blank">http://www.freeswitchcookbook.com</a></font></p>
<p><font face="courier new, monospace"><b>T:</b><a href="tel:%2B19184209001" value="+19184209001" target="_blank">+19184209001</a> | <b>F:</b><a href="tel:%2B19184209002" value="+19184209002" target="_blank">+19184209002</a> | <b>M:</b>+1918424WEST (9378)<br><b>iNUM:</b>+883 5100 1420 9001 | <b>ISN:</b>410*543 | <b>Skype:</b>briankwest</font></p></div></div>
</div>
<br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br></blockquote></div><br></div>
<br>
<font size="1">This e-mail (including any attachments) is for the sole use of the intended recipient(s) and may contain information that is confidential and/or protected by legal privilege. Any unauthorized review, use, copy, disclosure or distribution of this e-mail is strictly prohibited. If you are not the intended recipient, please notify Mitel immediately and destroy all copies of this e-mail. Mitel does not accept any liability for breach of security, error or virus that may result from the transmission of this message.</font>