<div dir="ltr">Hello,<div><br></div><div>Every time fs receives a REGISTER it will look up the user trying to register (if the profile is configured to authenticate) in the directory path. You can register via any profile if configured. You can control what user may register where by enabling multi-domain as per <a href="https://wiki.freeswitch.org/wiki/Multiple_Companies">https://wiki.freeswitch.org/wiki/Multiple_Companies</a>.</div><div><br></div><div>By default, the directory.xml is as follows:</div><div><br></div><div><div><font face="monospace, monospace"><include></font></div><div><font face="monospace, monospace"> <!--the domain or ip (the right hand side of the @ in the addr--></font></div><div><font face="monospace, monospace"> <domain name="$${domain}"></font></div><div><span style="font-family:monospace,monospace"> ...</span></div><div><font face="monospace, monospace"> <groups></font></div><div><font face="monospace, monospace"> <group name="default"></font></div><div><font face="monospace, monospace"> <users></font></div><div><font face="monospace, monospace"> <X-PRE-PROCESS cmd="include" data="default/*.xml"/></font></div><div><font face="monospace, monospace"> </users></font></div><div><font face="monospace, monospace"> </group></font></div><div><font face="monospace, monospace">...</font></div></div><div><br></div><div><font face="arial, helvetica, sans-serif">So, as you can see, there's only one domain directory ($${domain} which is the ip address of your server) which has only one group called "users" which <i>includes</i> any xml in "default/" </font></div><div><br></div><div>hope this helps.</div><div><br></div><div>David</div></div><div hspace="streak-pt-mark" style="max-height:1px"><img style="width:0px;max-height:0px;overflow:hidden" src="https://mailfoogae.appspot.com/t?sender=aZGF2aWQudmlsbGFzbWlsLndvcmtAZ21haWwuY29t&type=zerocontent&guid=468d816b-58cc-4808-b5a9-4deed0efea7d"><font color="#ffffff" size="1">ᐧ</font></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div>Regards,</div><div><br></div>David Villasmil<div>email: <a href="mailto:david.villasmil.work@gmail.com" target="_blank">david.villasmil.work@gmail.com</a></div><div>phone: +34669448337</div></div></div></div>
<br><div class="gmail_quote">On Mon, Dec 12, 2016 at 9:42 PM, Valter Nogueira <span dir="ltr"><<a href="mailto:valter@fastway.com.br" target="_blank">valter@fastway.com.br</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div><div><div>I am studying opensips and kamailio, but to be honest, I am a little affraid of them - just because I am not sure if I can figure out every situation in route.<br><br></div>My environment is strictly controlled with iptables drop policy and just friendly traffic is allowed.<br><br></div>What I understood by now is that I must have a profile for every NIC used to route traffic.<br><br></div>What I don't get yet is how directory relates to profiles. In file directory/default/<a href="http://example.com">example.com</a>.<wbr>xml there is a user "joe" which have a gateway defined inside it and that sofia shows in every gateway availble (expect in internal)<br><br></div>Just to make me more confused: <a href="https://wiki.freeswitch.org/wiki/SBC_Setup" target="_blank">https://wiki.freeswitch.org/<wbr>wiki/SBC_Setup</a><br><br></div>In which internal and external are binded to the same ip+port but to different vlans. How vlans tags are binded to internatl and external profiles?<br><br><br></div><div class="gmail_extra"><br clear="all"><div><div class="m_-1853857067862833071gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><br><br></div><div>Atenciosamente,<br><br><img src="http://fastway.com.br/assinaturas/jpg/assinatura_branca_valter-min.jpg"><br></div></div></div></div></div></div></div></div></div></div><div><div class="h5">
<br><div class="gmail_quote">2016-12-12 9:09 GMT-02:00 David Villasmil <span dir="ltr"><<a href="mailto:david.villasmil.work@gmail.com" target="_blank">david.villasmil.work@gmail.<wbr>com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">At the very least start by looking at Homer (<a href="http://sipcapture.org/" target="_blank">http://sipcapture.org/</a>) which works beautifully with kamailio (i assume also openSIPS) and freeswitch. and it generates by default some nice graphs and alarms.</div><div class="gmail_extra"><br clear="all"><div><div class="m_-1853857067862833071m_4293907271943176416gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div>Regards,</div><div><br></div>David Villasmil<div>email: <a href="mailto:david.villasmil.work@gmail.com" target="_blank">david.villasmil.work@gmail.com</a></div><div>phone: <a href="tel:+34%20669%2044%2083%2037" value="+34669448337" target="_blank">+34669448337</a></div></div></div></div>
<br><div class="gmail_quote">On Mon, Dec 12, 2016 at 10:19 AM, Stanislav Sinyagin <span dir="ltr"><<a href="mailto:ssinyagin@gmail.com" target="_blank">ssinyagin@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">but that's part of a job for an end-to-end system designer, it's not<br>
something specific to a particular piece of software.<br>
<br>
For the scenario that Valter has described, FreeSWITCH (or two servers<br>
in a cluster) will do the job just fine. But of course it needs to be<br>
designed, configured and tested properly, with security in mind.<br>
<br>
I would agree, it's good to place Kamailio as the first-hop Internet<br>
gateway if you need to process INVITEs from unknown sources in<br>
Internet. It has nice features that minimize the impact of various DOS<br>
attacks or hacking. Also if you need to scale up, Kamailio will serve<br>
nicely as a load-balancer. But there's nothing wrong in placing<br>
FreeSWITCH alone in the Internet if you know what you're doing.<br>
<div class="m_-1853857067862833071m_4293907271943176416HOEnZb"><div class="m_-1853857067862833071m_4293907271943176416h5"><br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
On Mon, Dec 12, 2016 at 4:43 AM, Kamil Nigmatullin<br>
<<a href="mailto:kamil.nigmatullin@gmail.com" target="_blank">kamil.nigmatullin@gmail.com</a>> wrote:<br>
> The first was the problem, where attacker somehow got login and password (i<br>
> think they broke thier ATA) from clinet and used it. But for this client<br>
> there was a limit of one line. I used limit module with local database. What<br>
> attacker actially did, is that they used REFER attack, where they put their<br>
> own number as a referrer, and opened unlimited lines to PSTN. So the,<br>
> solution was - to replace limit functunality to opensips.<br>
><br>
> The second - it is not actually the FS issue. It is because Freeswitch is<br>
> not flexible enouph to work at the low level where Kamailio or opensips<br>
> operates. E.g, we programmed opensips to lookup for UserAgent database, we<br>
> add useragent for each client manually. And only using client's IP and<br>
> user-agent we allow this user to call to PSTN. We watch for blacklists of IP<br>
> adresses, subnets. If it comes from Gaza, Panama, China we block it. And a<br>
> lot of other things. Most of them is not out-of-box in opensips, but it is<br>
> not hard to implement. All this functionality is very important. We lost<br>
> about $10k last time. This is very serious.<br>
><br>
> 2016-12-12 8:56 GMT+06:00 Alex Balashov <<a href="mailto:abalashov@evaristesys.com" target="_blank">abalashov@evaristesys.com</a>>:<br>
>><br>
>> On Mon, Dec 12, 2016 at 08:17:57AM +0600, Kamil Nigmatullin wrote:<br>
>><br>
>> > I love freeswitch, but frankly I would not recomend to set it as SBC. I<br>
>> > personally faced two attacks where FS was not good at. And we lost a lot<br>
>> > of<br>
>> > money. It works perfectly as NAT between internal and extenal networks,<br>
>> > actually in everything but it is weak as a firewall. Stanislav knows<br>
>> > that,<br>
>> > he helped me to resolve the problem first time when it happend. I cannot<br>
>> > go<br>
>> > into details as this is open forum. You need to put either kamailio or<br>
>> > opensips in front of FS.<br>
>><br>
>> Strongly agree.<br>
>><br>
>> --<br>
>> Alex Balashov | Principal | Evariste Systems LLC<br>
>><br>
>> Tel: <a href="tel:%2B1-706-510-6800" value="+17065106800" target="_blank">+1-706-510-6800</a> (direct) / <a href="tel:%2B1-800-250-5920" value="+18002505920" target="_blank">+1-800-250-5920</a> (toll-free)<br>
>> Web: <a href="http://www.evaristesys.com/" rel="noreferrer" target="_blank">http://www.evaristesys.com/</a>, <a href="http://www.csrpswitch.com/" rel="noreferrer" target="_blank">http://www.csrpswitch.com/</a><br>
>><br>
>> ______________________________<wbr>______________________________<wbr>_____________<br>
>> Professional FreeSWITCH Consulting Services:<br>
>> <a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
>> <a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.freeswitchsolutions<wbr>.com</a><br>
>><br>
>> Official FreeSWITCH Sites<br>
>> <a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
>> <a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.o<wbr>rg</a><br>
>> <a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
>><br>
>> FreeSWITCH-users mailing list<br>
>> <a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswi<wbr>tch.org</a><br>
>> <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/ma<wbr>ilman/listinfo/freeswitch-user<wbr>s</a><br>
>> UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.frees<wbr>witch.org/mailman/options/free<wbr>switch-users</a><br>
>> <a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
><br>
><br>
><br>
><br>
> --<br>
> Kamil Nigmatullin<br>
> Tel: 77272323748<br>
> mob: 7 <a href="tel:%28707%29%202517003" value="+17072517003" target="_blank">(707) 2517003</a><br>
> Skype: kamil.nigmatullin<br>
><br>
> ______________________________<wbr>______________________________<wbr>_____________<br>
> Professional FreeSWITCH Consulting Services:<br>
> <a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
> <a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.freeswitchsolutions<wbr>.com</a><br>
><br>
> Official FreeSWITCH Sites<br>
> <a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
> <a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.o<wbr>rg</a><br>
> <a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
><br>
> FreeSWITCH-users mailing list<br>
> <a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswi<wbr>tch.org</a><br>
> <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/ma<wbr>ilman/listinfo/freeswitch-user<wbr>s</a><br>
> UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.frees<wbr>witch.org/mailman/options/free<wbr>switch-users</a><br>
> <a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<br>
______________________________<wbr>______________________________<wbr>_____________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.freeswitchsolutions<wbr>.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.o<wbr>rg</a><br>
<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswi<wbr>tch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/ma<wbr>ilman/listinfo/freeswitch-user<wbr>s</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.frees<wbr>witch.org/mailman/options/free<wbr>switch-users</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
</div></div></blockquote></div><br></div>
<br>______________________________<wbr>______________________________<wbr>_____________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.freeswitchsolutions<wbr>.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.o<wbr>rg</a><br>
<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswi<wbr>tch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/ma<wbr>ilman/listinfo/freeswitch-user<wbr>s</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.frees<wbr>witch.org/mailman/options/<wbr>freeswitch-users</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br></blockquote></div><br></div></div></div>
<br>______________________________<wbr>______________________________<wbr>_____________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.<wbr>freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.<wbr>org</a><br>
<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.<wbr>freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/<wbr>mailman/listinfo/freeswitch-<wbr>users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.<wbr>freeswitch.org/mailman/<wbr>options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br></blockquote></div><br></div>