[Freeswitch-users] ACL not working

Diego Viola diego.viola at gmail.com
Tue Apr 21 04:09:49 PDT 2009


Oh it was because I had auth-calls set to true, now I turned it false and it
works as I expect!

Silly me, thanks everyone anyway =D

Diego

On Tue, Apr 21, 2009 at 7:08 AM, Diego Viola <diego.viola at gmail.com> wrote:

> Ok I just remade the config and now it's working as it should, it's not
> letting me register.
>
> 2009-04-21 07:06:03 [WARNING] sofia_reg.c:1283
> sofia_reg_handle_sip_i_register() IP 192.168.0.100 Rejected by acl "domains"
>
> However, I have this:
>
>     <param name="apply-inbound-acl" value="domains"/>
>
> And this:
>
>     <list name="domains" default="deny">
>             <!--      <node type="allow" domain="$${domain}"/>-->
>         <node type="deny" cidr="192.168.0.100/32"/>
>         <node type="deny" cidr="192.168.0.0/24"/>
>     </list>
>
> And I can still call the conference (3030) without being registered. Why is
> this?
>
> Thanks.
>
>
>
> On Tue, Apr 21, 2009 at 6:43 AM, Diego Viola <diego.viola at gmail.com>wrote:
>
>> freeswitch at internal> acl
>> false
>>
>>
>> On Tue, Apr 21, 2009 at 5:08 AM, Diego Viola <diego.viola at gmail.com>wrote:
>>
>>> Hey guys,
>>>
>>> I'm currently testing FS inside a LAN. FreeSWITCH is running on
>>> 192.168.0.101 and my softphone is on 192.168.0.100.
>>>
>>> I can register and make calls just fine, but I want to deny everything in
>>> order to learn how the ACL works.
>>>
>>> I have this on the internal profile:
>>>
>>>     <param name="apply-nat-acl" value="rfc1918"/>
>>>     <param name="apply-inbound-acl" value="domains"/>
>>>     <param name="apply-register-acl" value="domains"/>
>>>
>>> And this is how my acl.conf.xml looks, it's all set to deny:
>>>
>>> <configuration name="acl.conf" description="Network Lists">
>>>   <network-lists>
>>>
>>>     <list name="dl-candidates" default="deny">
>>>       <node type="deny" cidr="10.0.0.0/8"/>
>>>       <node type="deny" cidr="172.16.0.0/12"/>
>>>       <node type="deny" cidr="192.168.0.0/16"/>
>>>     </list>
>>>
>>>     <list name="rfc1918" default="deny">
>>>       <node type="deny" cidr="10.0.0.0/8"/>
>>>       <node type="deny" cidr="172.16.0.0/12"/>
>>>       <node type="deny" cidr="192.168.0.0/16"/>
>>>     </list>
>>>
>>>     <list name="lan" default="deny">
>>>       <node type="deny" cidr="192.168.42.0/24"/>
>>>       <node type="deny" cidr="192.168.42.42/32"/>
>>>     </list>
>>>
>>>     <list name="strict" default="deny">
>>>       <node type="deny" cidr="208.102.123.124/32"/>
>>>     </list>
>>>     <!--
>>>         This will traverse the directory adding all users
>>>         with the cidr= tag to this ACL, when this ACL matches
>>>         the users variables and params apply as if they
>>>         digest authenticated.
>>>     -->
>>>     <list name="domains" default="deny">
>>>       <node type="deny" domain="$${domain}"/>
>>>       <node type="deny" cidr="192.168.0.0/24"/>
>>>     </list>
>>>
>>>   </network-lists>
>>> </configuration>
>>>
>>> But I'm still allowed to register with the 1000 user and make calls, to
>>> the conference extension, etc... I can't understand this, if it's all to
>>> deny and the cidr is set to 192.168.0.0/24 on the "domains" context,
>>> which is what hte profile uses, shouldn't the registration/call be denied. I
>>> have tried many conbinations but whenever I change something it wont make
>>> any difference.
>>>
>>> Please help me.
>>>
>>> Thanks,
>>>
>>> Diego
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20090421/20d347c4/attachment-0002.html 


More information about the FreeSWITCH-users mailing list