
<div dir="ltr">If there is no nat between you and that network consider it local.</div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Jul 27, 2015 at 7:21 PM, Rajil Saraswat <span dir="ltr">&lt;<a href="mailto:rajil.s@gmail.com" target="_blank">rajil.s@gmail.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div><div class="h5"><div class="gmail_quote">On 27 July 2015 at 19:01, Brian West <span dir="ltr">&lt;<a href="mailto:brian@freeswitch.org" target="_blank">brian@freeswitch.org</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Or create your OWN ACL that covers you local network space.</div><div class="gmail_extra"><br><div class="gmail_quote"><span>On Mon, Jul 27, 2015 at 6:58 PM, Rajil Saraswat <span dir="ltr">&lt;<a href="mailto:rajil.s@gmail.com" target="_blank">rajil.s@gmail.com</a>&gt;</span> wrote:<br></span><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>Hello all,<br>

<br>

I am trying to get my head around the nat.auto and localnet.auto acls.<br>

<br></span>

I have a VPN server using the <a href="http://10.8.0.0/24" rel="noreferrer" target="_blank">10.8.0.0/24</a> address space with gateway<br>

on 10.8.0.1. The PBX is on the local lan (<a href="http://172.16.5.0/24" rel="noreferrer" target="_blank">172.16.5.0/24</a>) with ip<span><br>

172.16.5.5.  When freeswitch starts i see it builds the following acls<br>

<br>

nat.auto<br>

Created ip list nat.auto default (deny)<br></span>

Adding <a href="http://172.16.5.5/255.255.255.0" rel="noreferrer" target="_blank">172.16.5.5/255.255.255.0</a> (deny) to list nat.auto<br>

Adding <a href="http://10.0.0.0/8" rel="noreferrer" target="_blank">10.0.0.0/8</a> (allow) [] to list nat.auto<br>

Adding <a href="http://172.16.0.0/12" rel="noreferrer" target="_blank">172.16.0.0/12</a> (allow) [] to list nat.auto<span><br>

<br>

localnet.auto<br>

Created ip list localnet.auto default (deny)<br></span>

Adding <a href="http://172.16.5.5/255.255.255.0" rel="noreferrer" target="_blank">172.16.5.5/255.255.255.0</a> (allow) to list localnet.auto<br>

<br>

<br>

Do i need to move my vpn address space (<a href="http://10.8.0.0/16" rel="noreferrer" target="_blank">10.8.0.0/16</a>) from nat.auto to<span><br>

the localnet.auto so that it not natted? Something like this:<br>

<br>

nat.auto<br>

</span><a href="http://172.16.5.5/255.255.255.0" rel="noreferrer" target="_blank">172.16.5.5/255.255.255.0</a> (deny)<br>

<a href="http://10.0.0.0/8" rel="noreferrer" target="_blank">10.0.0.0/8</a> (allow)<br>

<a href="http://172.16.0.0/12" rel="noreferrer" target="_blank">172.16.0.0/12</a> (allow)<br>

<a href="http://10.8.0.0/16" rel="noreferrer" target="_blank">10.8.0.0/16</a> (deny)<br>

<br>

localnet.auto<br>

<a href="http://172.16.5.5/255.255.255.0" rel="noreferrer" target="_blank">172.16.5.5/255.255.255.0</a> (allow)<br>

<a href="http://10.8.0.0/16" rel="noreferrer" target="_blank">10.8.0.0/16</a> (allow)<br>

<br>

Thanks<br>

<br>

_________________________________________________________________________<br>

Professional FreeSWITCH Consulting Services:<br>

<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>

<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.freeswitchsolutions.com</a><br>

<br>

Official FreeSWITCH Sites<br>

<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>

<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.org</a><br>

<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>

<br>

FreeSWITCH-users mailing list<br>

<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>

<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>

UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>

<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>

</blockquote></div><br><br></div></blockquote></div><br></div></div>Is the local network space only (for the purpose of NAT) defined as

 the LAN on which PBX is running or should it include all the class C 

address space which it is connected to via VPN?<br><br>Thanks<br><br><br></div></div>

<br>_________________________________________________________________________<br>

Professional FreeSWITCH Consulting Services:<br>

<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>

<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.freeswitchsolutions.com</a><br>

<br>

Official FreeSWITCH Sites<br>

<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>

<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.org</a><br>

<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>

<br>

FreeSWITCH-users mailing list<br>

<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>

<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>

UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>

<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr">


<p><font face="courier new, monospace"><b><i><font size="4">Brian West</font></i></b><br><span style="font-size:x-small"><a href="mailto:brian@freeswitch.org" target="_blank">brian@freeswitch.org</a></span></font></p>

<p><font size="1" face="courier new, monospace"><img src="http://billing.freeswitch.org/templates/default/img/whmcslogo.png"><br></font></p><p><font size="2" face="monospace, monospace"><b><i>Twitter: @FreeSWITCH , @briankwest</i></b><br><a href="http://www.freeswitchbook.com" target="_blank">http://www.freeswitchbook.com</a><br><a href="http://www.freeswitchcookbook.com" target="_blank">http://www.freeswitchcookbook.com</a></font></p><p><font face="monospace, monospace">Got Bugs? Report them <a href="https://freeswitch.org/jira" target="_blank">here</a>! | Reddit: <a href="https://www.reddit.com/r/freeswitch" target="_blank">/r/freeswitch</a></font></p>

<p><font size="2" face="monospace, monospace"><b>T:</b>+19184209001 | <b>F:</b>+19184209002 | <b>M:</b>+1918424WEST (9378)<br><b>iNUM:</b>+883 5100 1420 9001 | <b>ISN:</b>410*543 | <b>Skype:</b>briankwest</font></p></div></div></div></div></div></div></div></div></div></div>

</div>