[Freeswitch-users] Two Major Problems

Tjardick van der Kraan tjardick at vanderkraan.net
Sun Apr 11 14:35:34 PDT 2010


Use the CIDR XML key not domain:

http://wiki.freeswitch.org/wiki/Acl

Regards,

Tj

On 09 Apr 2010, at 19:07, Ken Fulmer wrote:

> Per your suggestion, I changed the following in the conf/ 
> autoload_configs/acl.conf.xml file:
>
>     <list name="domains" default="deny">
>       <node type="allow" domain="10.10.3.10"/>
>       <node type="allow" domain="10.10.3.11"/>
>     </list>
>
> 10.10.3.10 and 10.10.3.11 are the ip addresses of our internal  
> servers. However, the calls still fail with the 407 Proxy  
> Authentication Required message.
>
> I get the following log output when I issue the command, reloadacl:
>
> 2010-04-09 12:06:31.259954 [NOTICE] switch_core.c:954 Created ip  
> list rfc1918.auto default (deny)
> freeswitch at internal> 2010-04-09 12:06:31.259954 [NOTICE]  
> switch_utils.c:195 Adding 10.0.0.0/8 (allow) [] to list rfc1918.auto
> 2010-04-09 12:06:31.259954 [NOTICE] switch_utils.c:195 Adding  
> 172.16.0.0/12 (allow) [] to list rfc1918.auto
> 2010-04-09 12:06:31.259954 [NOTICE] switch_utils.c:195 Adding  
> 192.168.0.0/16 (allow) [] to list rfc1918.auto
> 2010-04-09 12:06:31.259954 [NOTICE] switch_core.c:962 Created ip  
> list wan.auto default (allow)
> 2010-04-09 12:06:31.259954 [NOTICE] switch_utils.c:195 Adding  
> 10.0.0.0/8 (deny) [] to list wan.auto
> 2010-04-09 12:06:31.259954 [NOTICE] switch_utils.c:195 Adding  
> 172.16.0.0/12 (deny) [] to list wan.auto
> 2010-04-09 12:06:31.259954 [NOTICE] switch_utils.c:195 Adding  
> 192.168.0.0/16 (deny) [] to list wan.auto
> 2010-04-09 12:06:31.259954 [NOTICE] switch_core.c:970 Created ip  
> list nat.auto default (deny)
> 2010-04-09 12:06:31.259954 [NOTICE] switch_core.c:972 Adding  
> 10.10.3.12/255.255.255.128 (deny) to list nat.auto
> 2010-04-09 12:06:31.259954 [NOTICE] switch_utils.c:195 Adding  
> 10.0.0.0/8 (allow) [] to list nat.auto
> 2010-04-09 12:06:31.259954 [NOTICE] switch_utils.c:195 Adding  
> 172.16.0.0/12 (allow) [] to list nat.auto
> 2010-04-09 12:06:31.259954 [NOTICE] switch_utils.c:195 Adding  
> 192.168.0.0/16 (allow) [] to list nat.auto
> 2010-04-09 12:06:31.259954 [NOTICE] switch_core.c:981 Created ip  
> list loopback.auto default (deny)
> 2010-04-09 12:06:31.259954 [NOTICE] switch_utils.c:195 Adding  
> 127.0.0.0/8 (allow) [] to list loopback.auto
> 2010-04-09 12:06:31.259954 [NOTICE] switch_core.c:987 Created ip  
> list localnet.auto default (deny)
> 2010-04-09 12:06:31.259954 [NOTICE] switch_core.c:990 Adding  
> 10.10.3.12/255.255.255.128 (allow) to list localnet.auto
> 2010-04-09 12:06:31.259954 [NOTICE] switch_core.c:1015 Created ip  
> list domains default (deny)
> 2010-04-09 12:06:31.259954 [WARNING] switch_core.c:1046 Cannot  
> locate domain 10.10.3.10
> 2010-04-09 12:06:31.259954 [WARNING] switch_core.c:1046 Cannot  
> locate domain 10.10.3.11
>
> Am I doing something incorrectly?
>
> Thanks,
>
> Ken
>
> From: freeswitch-users-bounces at lists.freeswitch.org [mailto:freeswitch-users-bounces at lists.freeswitch.org 
> ] On Behalf Of Michael Collins
> Sent: Thursday, April 08, 2010 6:25 PM
> To: freeswitch-users at lists.freeswitch.org
> Subject: Re: [Freeswitch-users] Two Major Problems
>
>
>
> On Thu, Apr 8, 2010 at 3:18 PM, Ken Fulmer <kenfulmer at icstechnologysolutions.com 
> > wrote:
> Actually, I did purchase a license and installed it today. One call  
> establishes at 729. When I hang up the phone and try again, it’s 711.
> Make sure that the encoder/decoder isn't still in use prior to  
> trying the second call. After you hang up, do a "show channels" and  
> see if the call is still "up" or not. Also, do "g729_status" to see  
> if the encoder or decoder is in use. Keep doing "g729_status" until  
> the 'coders are not in use. If there is a long delay then open up a  
> JIRA ticket on jira.freeswitch.org.
>
> The Proxy Authentication Required is being sent by FreeSwitch to the  
> internal PBX. I have registration disabled on the FreeSwitch gateway  
> and the internal server.
> By default the SIP profile will challenge if the IP address of the  
> caller is not in the ACL. Open conf/autoload_configs/acl.conf.xml  
> and locate the "domains" node. Add your PBX's IP address. You'll see  
> an example in the comments. Once you're done editing, save the file  
> and then go to the fs_cli and do:
> reloadacl reloadxml
>
> Then make a call from PBX to FS and it should go through.
> -MC
>
> _______________________________________________
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20100411/bf2901d9/attachment-0019.html 


More information about the FreeSWITCH-users mailing list