[Freeswitch-users] ACL question and js error

Michael Collins msc at freeswitch.org
Tue Feb 9 07:45:26 PST 2010


On Tue, Feb 9, 2010 at 1:53 AM, Matthew Law <matt at webcontracts.co.uk> wrote:

> On Sun, February 7, 2010 2:59 pm, Frank Carmickle wrote:
> > On Sun, Feb 07, Matthew Law wrote:
> >> After some more experiments I have a working replacement for the
> >> asterisk
> >> box we were using before, which is great.
> >>
> >> I had problems getting incoming calls to work. Changing the entry in
> >> acl.conf.xml from:
> >>
> >> <list name="domains" default="deny">
> >>    <node type="allow" domain="$${domain}"/>
> >> </list>
> >>
> >> to:
> >>
> >> <list name="domains" default="allow">
> >>    <node type="allow" domain="$${domain}"/>
> >> </list>
> >>
> >> and reloading xml works but this gets reverted every time FS starts up.
> >> I've scanned the wiki docs and can't see anything pertaining to that.
> >> Why/where is this happening and how do I make it the default?  Actually,
> >> the question should probably be is it sensible to do that? - the box is
> >> out on the internet and I really only want to take incoming calls from
> >> voiptalk.org, but I can't find a list of IPs on their site which I
> could
> >> create an acl from...
> >
> > This is what gateway definitions are for in sofia.
>
> I'm still struggling with this.  How where do I tell sofia to allow
> incoming connections from this gateway?
>
> Here's my sip_profiles/external/voiptalk.org.xml with the sensitive stuff
> removed:
>
> <include>
>        <gateway name="voiptalk">
>                <param name="username" value="XXXXXXX" />
>                <param name="realm" value="voiptalk.org" />
>                <param name="from-user" value="XXXXXXX"/>
>                <param name="from-domain" value="voiptalk.org"/>
>                <param name="password" value="XXXXXXX" />
>                <param name="extension" value="voiptalk-incoming"/>
>                <param name="proxy" value="voiptalk.org"/>
>                <param name="register-proxy" value="voiptalk.org"/>
>                <param name="expire-seconds" value="600"/>
>                <param name="register" value="true"/>
>                <param name="ping" value="25"/>
>        </gateway>
> </include>
>
> Do I need to add something to this file or maybe sofia.conf.xml to allow
> connections from this domain?  Most everything else is working now, just
> banging my head on this.
>
> Matt,

Are you trying to let calls in from voiptalk.org? Do you want to auth all
inbound calls or do you just want to blanket allow them and handle them in
the dialplan? If you just want to allow calls in from the voiptalk.org IP
address then you need to use the cidr tag in acl.conf.xml:
<list name="domains" default="deny">
    <node type="allow" domain="$${domain}"/>
    <node type="allow" cidr="1.2.3.4/32"/>
 </list>

-MC
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20100209/7685f314/attachment-0002.html 


More information about the FreeSWITCH-users mailing list