[Freeswitch-users] Two Major Problems

David Ponzone david.ponzone at gmail.com
Tue Apr 20 13:24:31 PDT 2010


ken,

are you sure it's not apply-inbound-acl you want to set ?

David Ponzone  Direction Technique
email: david.ponzone at ipeva.fr
tel:      01 74 03 18 97
gsm:   06 66 98 76 34

Service Client IPeva
tel:      0811 46 26 26
www.ipeva.fr  -   www.ipeva-studio.com

Ce message et toutes les pièces jointes sont confidentiels et établis  
à l'intention exclusive de ses destinataires. Toute utilisation ou  
diffusion non autorisée est interdite. Tout message électronique est  
susceptible d'altération. IPeva décline toute responsabilité au  
titre de ce message s'il a été altéré, déformé ou falsifié. Si  
vous n'êtes pas destinataire de ce message, merci de le détruire  
immédiatement et d'avertir l'expéditeur.




Le 20/04/2010 à 22:03, Ken Fulmer a écrit :

> I’m now using an ACL list called “lan”.
>
>     <list name="lan" default="allow">
>      <node type="allow" cidr="10.10.3.0/25"/>
>     </list>
>
> In the external sip profile, I have the following statement:
>
>     <param name="local-network-acl" value="lan"/>
>
> I still get the Proxy Authentication Required error. Am I doing  
> something wrong?
>
> Thanks,
>
> Ken
>
>
> From: freeswitch-users-bounces at lists.freeswitch.org [mailto:freeswitch-users-bounces at lists.freeswitch.org 
> ] On Behalf Of Tjardick van der Kraan
> Sent: Sunday, April 11, 2010 4:36 PM
> To: freeswitch-users at lists.freeswitch.org
> Subject: Re: [Freeswitch-users] Two Major Problems
>
> Use the CIDR XML key not domain:
>
> http://wiki.freeswitch.org/wiki/Acl
>
> Regards,
>
> Tj
>
> On 09 Apr 2010, at 19:07, Ken Fulmer wrote:
>
>
> Per your suggestion, I changed the following in the conf/ 
> autoload_configs/acl.conf.xml file:
>
>     <list name="domains" default="deny">
>       <node type="allow" domain="10.10.3.10"/>
>       <node type="allow" domain="10.10.3.11"/>
>     </list>
>
> 10.10.3.10 and 10.10.3.11 are the ip addresses of our internal  
> servers. However, the calls still fail with the 407 Proxy  
> Authentication Required message.
>
> I get the following log output when I issue the command, reloadacl:
>
> 2010-04-09 12:06:31.259954 [NOTICE] switch_core.c:954 Created ip  
> list rfc1918.auto default (deny)
> freeswitch at internal> 2010-04-09 12:06:31.259954 [NOTICE]  
> switch_utils.c:195 Adding 10.0.0.0/8 (allow) [] to list rfc1918.auto
> 2010-04-09 12:06:31.259954 [NOTICE] switch_utils.c:195 Adding  
> 172.16.0.0/12 (allow) [] to list rfc1918.auto
> 2010-04-09 12:06:31.259954 [NOTICE] switch_utils.c:195 Adding  
> 192.168.0.0/16 (allow) [] to list rfc1918.auto
> 2010-04-09 12:06:31.259954 [NOTICE] switch_core.c:962 Created ip  
> list wan.auto default (allow)
> 2010-04-09 12:06:31.259954 [NOTICE] switch_utils.c:195 Adding  
> 10.0.0.0/8 (deny) [] to list wan.auto
> 2010-04-09 12:06:31.259954 [NOTICE] switch_utils.c:195 Adding  
> 172.16.0.0/12 (deny) [] to list wan.auto
> 2010-04-09 12:06:31.259954 [NOTICE] switch_utils.c:195 Adding  
> 192.168.0.0/16 (deny) [] to list wan.auto
> 2010-04-09 12:06:31.259954 [NOTICE] switch_core.c:970 Created ip  
> list nat.auto default (deny)
> 2010-04-09 12:06:31.259954 [NOTICE] switch_core.c:972 Adding  
> 10.10.3.12/255.255.255.128 (deny) to list nat.auto
> 2010-04-09 12:06:31.259954 [NOTICE] switch_utils.c:195 Adding  
> 10.0.0.0/8 (allow) [] to list nat.auto
> 2010-04-09 12:06:31.259954 [NOTICE] switch_utils.c:195 Adding  
> 172.16.0.0/12 (allow) [] to list nat.auto
> 2010-04-09 12:06:31.259954 [NOTICE] switch_utils.c:195 Adding  
> 192.168.0.0/16 (allow) [] to list nat.auto
> 2010-04-09 12:06:31.259954 [NOTICE] switch_core.c:981 Created ip  
> list loopback.auto default (deny)
> 2010-04-09 12:06:31.259954 [NOTICE] switch_utils.c:195 Adding  
> 127.0.0.0/8 (allow) [] to list loopback.auto
> 2010-04-09 12:06:31.259954 [NOTICE] switch_core.c:987 Created ip  
> list localnet.auto default (deny)
> 2010-04-09 12:06:31.259954 [NOTICE] switch_core.c:990 Adding  
> 10.10.3.12/255.255.255.128 (allow) to list localnet.auto
> 2010-04-09 12:06:31.259954 [NOTICE] switch_core.c:1015 Created ip  
> list domains default (deny)
> 2010-04-09 12:06:31.259954 [WARNING] switch_core.c:1046 Cannot  
> locate domain 10.10.3.10
> 2010-04-09 12:06:31.259954 [WARNING] switch_core.c:1046 Cannot  
> locate domain 10.10.3.11
>
> Am I doing something incorrectly?
>
> Thanks,
>
> Ken
>
> From: freeswitch-users-bounces at lists.freeswitch.org [mailto:freeswitch-users-bounces at lists.freeswitch.org 
> ] On Behalf Of Michael Collins
> Sent: Thursday, April 08, 2010 6:25 PM
> To: freeswitch-users at lists.freeswitch.org
> Subject: Re: [Freeswitch-users] Two Major Problems
>
>
>
> On Thu, Apr 8, 2010 at 3:18 PM, Ken Fulmer <kenfulmer at icstechnologysolutions.com 
> > wrote:
> Actually, I did purchase a license and installed it today. One call  
> establishes at 729. When I hang up the phone and try again, it’s  
> 711.
> Make sure that the encoder/decoder isn't still in use prior to  
> trying the second call. After you hang up, do a "show channels" and  
> see if the call is still "up" or not. Also, do "g729_status" to see  
> if the encoder or decoder is in use. Keep doing "g729_status" until  
> the 'coders are not in use. If there is a long delay then open up a  
> JIRA ticket on jira.freeswitch.org.
>
> The Proxy Authentication Required is being sent by FreeSwitch to the  
> internal PBX. I have registration disabled on the FreeSwitch gateway  
> and the internal server.
> By default the SIP profile will challenge if the IP address of the  
> caller is not in the ACL. Open conf/autoload_configs/acl.conf.xml  
> and locate the "domains" node. Add your PBX's IP address. You'll see  
> an example in the comments. Once you're done editing, save the file  
> and then go to the fs_cli and do:
> reloadacl reloadxml
>
> Then make a call from PBX to FS and it should go through.
> -MC
>
> _______________________________________________
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
> _______________________________________________
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20100420/14375b37/attachment-0001.html 


More information about the FreeSWITCH-users mailing list