<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On 27 July 2015 at 19:01, Brian West <span dir="ltr"><<a href="mailto:brian@freeswitch.org" target="_blank">brian@freeswitch.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Or create your OWN ACL that covers you local network space.</div><div class="gmail_extra"><br><div class="gmail_quote"><span class="">On Mon, Jul 27, 2015 at 6:58 PM, Rajil Saraswat <span dir="ltr"><<a href="mailto:rajil.s@gmail.com" target="_blank">rajil.s@gmail.com</a>></span> wrote:<br></span><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">Hello all,<br>
<br>
I am trying to get my head around the nat.auto and localnet.auto acls.<br>
<br></span>
I have a VPN server using the <a href="http://10.8.0.0/24" rel="noreferrer" target="_blank">10.8.0.0/24</a> address space with gateway<br>
on 10.8.0.1. The PBX is on the local lan (<a href="http://172.16.5.0/24" rel="noreferrer" target="_blank">172.16.5.0/24</a>) with ip<span class=""><br>
172.16.5.5. When freeswitch starts i see it builds the following acls<br>
<br>
nat.auto<br>
Created ip list nat.auto default (deny)<br></span>
Adding <a href="http://172.16.5.5/255.255.255.0" rel="noreferrer" target="_blank">172.16.5.5/255.255.255.0</a> (deny) to list nat.auto<br>
Adding <a href="http://10.0.0.0/8" rel="noreferrer" target="_blank">10.0.0.0/8</a> (allow) [] to list nat.auto<br>
Adding <a href="http://172.16.0.0/12" rel="noreferrer" target="_blank">172.16.0.0/12</a> (allow) [] to list nat.auto<span class=""><br>
<br>
localnet.auto<br>
Created ip list localnet.auto default (deny)<br></span>
Adding <a href="http://172.16.5.5/255.255.255.0" rel="noreferrer" target="_blank">172.16.5.5/255.255.255.0</a> (allow) to list localnet.auto<br>
<br>
<br>
Do i need to move my vpn address space (<a href="http://10.8.0.0/16" rel="noreferrer" target="_blank">10.8.0.0/16</a>) from nat.auto to<span class=""><br>
the localnet.auto so that it not natted? Something like this:<br>
<br>
nat.auto<br>
</span><a href="http://172.16.5.5/255.255.255.0" rel="noreferrer" target="_blank">172.16.5.5/255.255.255.0</a> (deny)<br>
<a href="http://10.0.0.0/8" rel="noreferrer" target="_blank">10.0.0.0/8</a> (allow)<br>
<a href="http://172.16.0.0/12" rel="noreferrer" target="_blank">172.16.0.0/12</a> (allow)<br>
<a href="http://10.8.0.0/16" rel="noreferrer" target="_blank">10.8.0.0/16</a> (deny)<br>
<br>
localnet.auto<br>
<a href="http://172.16.5.5/255.255.255.0" rel="noreferrer" target="_blank">172.16.5.5/255.255.255.0</a> (allow)<br>
<a href="http://10.8.0.0/16" rel="noreferrer" target="_blank">10.8.0.0/16</a> (allow)<br>
<br>
Thanks<br>
<br>
_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
</blockquote></div><br><br></div></blockquote></div><br>Is the local network space only (for the purpose of NAT) defined as
the LAN on which PBX is running or should it include all the class C
address space which it is connected to via VPN?<br><br>Thanks<br><br><br></div></div>