[Freeswitch-users] LAN being blocked
Joli Martinez
mrjoli021 at gmail.com
Mon Jul 13 02:54:30 MSD 2015
I want my external profile to pick up the public IP. which it is doing
correctly, but my internal profile to use IP 192.168.21.250 on port 5060.
I have changed the internal.xml to point to 192.168.21.250 and for some
reason the 192.168.1.250 keeps showing up. Also I need the profile to be
on 5060. I have also changed the the vars.xml to show 5060 and nothing. I
have restarted Freeswitch after each change and verified that nothing else
is running on 5060. The server does have two interfaces and the default gw
is set to 192.168.21.50. The 192.168.1.250 is only for out of band
management and will not need access to FS.
Sofia status
freeswitch at internal> sofia status
Name Type Data
State
=================================================================================================
192.168.1.250 alias internal
ALIASED
192.168.21.250 alias internal
ALIASED
external profile sip:mod_sofia at 1.1.1.1:5080 RUNNING
(0)
internal-ipv6 profile sip:mod_sofia at 1.1.1.1:5040 RUNNING
(0)
internal profile sip:mod_sofia at 1.1.1.1:5041 RUNNING
(0)
=================================================================================================
3 profiles 2 aliases
netstat -nat
[root at Switch01 sip_profiles]# netstat -nat | grep 192.168.21.250
tcp 0 0 192.168.21.250:5080 0.0.0.0:*
LISTEN
internal.xml
<!-- port to bind to for sip traffic -->
<param name="sip-port" value="$${internal_sip_port}"/>
<!-- <param name="sip-port" value="5060"/> -->
<param name="dialplan" value="XML"/>
<param name="dtmf-duration" value="2000"/>
<param name="inbound-codec-prefs" value=
"$${global_codec_prefs}"/>
<param name="outbound-codec-prefs" value=
"$${global_codec_prefs}"/>
<param name="rtp-timer-name" value="soft"/>
<!-- ip address to use for rtp, DO NOT USE HOSTNAMES ONLY
IP ADDRESSES -->
<!-- <param name="rtp-ip" value="$${local_ip_v4}"/> -->
<param name="rtp-ip" value="192.168.21.250"/>
<!-- ip address to bind to, DO NOT USE HOSTNAMES ONLY IP
ADDRESSES -->
<!-- <param name="sip-ip" value="$${local_ip_v4}"/> -->
<param name="sip-ip" value="192.168.21.250"/>
vars.xml
<!-- Internal SIP Profile -->
<X-PRE-PROCESS cmd="set" data="internal_auth_calls=true"/>
<X-PRE-PROCESS cmd="set" data="internal_sip_port=5060"/>
<X-PRE-PROCESS cmd="set" data="internal_tls_port=5061"/>
<X-PRE-PROCESS cmd="set" data="internal_ssl_enable=false"/>
<X-PRE-PROCESS cmd="set" data="internal_ssl_dir=$${base_dir}/conf/ssl"/>
<!-- External SIP Profile -->
<X-PRE-PROCESS cmd="set" data="external_auth_calls=false"/>
<X-PRE-PROCESS cmd="set" data="external_sip_port=5080"/>
<X-PRE-PROCESS cmd="set" data="external_tls_port=5081"/>
<X-PRE-PROCESS cmd="set" data="external_ssl_enable=false"/>
<X-PRE-PROCESS cmd="set" data="external_ssl_dir=$${base_dir}/conf/ssl"/>
On Sun, Jul 12, 2015 at 1:50 AM, Stanislav Sinyagin <ssinyagin at gmail.com>
wrote:
> it's the wrong parameter, see the description above it in vars.xml.
> The right ones are external_rtp_ip and external_sip_ip
>
>
> On Sat, Jul 11, 2015 at 11:35 PM, Joli Martinez <mrjoli021 at gmail.com>
> wrote:
> > I changed the vars.xml and the internal.xml restarted Freeswitch and
> still
> > shows both IP's
> >
> > vars.xml
> >
> > <!-- <X-PRE-PROCESS cmd="set" data="bind_server_ip=auto"/> -->
> >
> > <X-PRE-PROCESS cmd="set" data="bind_server_ip=192.168.21.250"/>
> >
> >
> > On Sat, Jul 11, 2015 at 5:18 PM, Michael Jerris <mike at jerris.com> wrote:
> >>
> >> by default we figure out the IPv4 address which would route to the
> >> Internet and we set that to a variable. you can override this, check
> out
> >> vars.xml, it should be documented in there
> >>
> >> On Saturday, July 11, 2015, Joli Martinez <mrjoli021 at gmail.com> wrote:
> >>>
> >>> freeswitch at internal> sofia status
> >>>
> >>> Name Type
> >>> Data State
> >>>
> >>>
> >>>
> =================================================================================================
> >>>
> >>> 192.168.1.250 alias
> >>> internal ALIASED
> >>>
> >>> 192.168.21.250 alias
> >>> internal ALIASED
> >>>
> >>> external profile
> >>> sip:mod_sofia at 99.58.100.184:5080 RUNNING (0)
> >>>
> >>> internal-ipv6 profile
> >>> sip:mod_sofia at 99.58.100.184:6693 RUNNING (0)
> >>>
> >>> internal profile
> >>> sip:mod_sofia at 99.58.100.184:6693 RUNNING (0)
> >>>
> >>>
> >>>
> =================================================================================================
> >>>
> >>> 3 profiles 2 aliases
> >>>
> >>>
> >>> freeswitch at internal>
> >>>
> >>>
> >>>
> >>> 192.168.21.250 is the interface for FS. 192.168.1.250 is Lan2. LAN2
> >>> should not be connected to FS.
> >>>
> >>> How can I fix this?
> >>>
> >>>
> >>>
> >>> On Sat, Jul 11, 2015 at 3:52 PM, Stanislav Sinyagin <
> ssinyagin at gmail.com>
> >>> wrote:
> >>>>
> >>>> What do you see in "sofia status" output? It should list the IP
> >>>> addresses and ports where it binds.
> >>>>
> >>>> Also "netstat -an" is useful for troubleshooting.
> >>>>
> >>>> On Jul 11, 2015 9:37 PM, "Joli Martinez" <mrjoli021 at gmail.com> wrote:
> >>>>>
> >>>>> Hello,
> >>>>>
> >>>>> I have installed Freeswitch and fusionPBX. My LAN network is
> >>>>> 192.168.21.0/24. PBX is 250. I am trying to register a phone to
> >>>>> Freeswitch. When I do tcpdump on the LAN interface on port 5060, I
> see
> >>>>> traffic hitting the box from the phone, but on the Freeswitch CLI I
> see
> >>>>> nothing. I am assuming an ACL is blocking the traffic. Where can I
> allow
> >>>>> the LAN side to register?
> >>>>>
> >>>>> I have tried the acl.xml and added the following and it still doesn't
> >>>>> work. After I did this I reloaded the ACL and also restarted FS.
> >>>>>
> >>>>> <list name="lan" default="allow">
> >>>>> <!-- <node type="deny" cidr="192.168.21.0/24"/> -->
> >>>>> <node type="allow" cidr="192.168.21.0/24"/>
> >>>>> </list>
> >>>>>
> >>>>> <!--
> >>>>> This will traverse the directory adding all users
> >>>>> with the cidr= tag to this ACL, when this ACL matches
> >>>>> the users variables and params apply as if they
> >>>>> digest authenticated.
> >>>>> -->
> >>>>> <list name="domains" default="deny">
> >>>>> <!-- domain= is special it scans the domain from the directory
> to
> >>>>> build the ACL -->
> >>>>> <node type="allow" domain="$${domain}"/>
> >>>>> <node type="allow" cidr="192.168.21.1/32"/>
> >>>>> <!-- use cidr= if you wish to allow ip ranges to this domains
> >>>>> acl. -->
> >>>>> <node type="allow" cidr="192.168.21.0/24"/>
> >>>>>
> >>>>>
> >>>>>
> _________________________________________________________________________
> >>>>> Professional FreeSWITCH Consulting Services:
> >>>>> consulting at freeswitch.org
> >>>>> http://www.freeswitchsolutions.com
> >>>>>
> >>>>> Official FreeSWITCH Sites
> >>>>> http://www.freeswitch.org
> >>>>> http://confluence.freeswitch.org
> >>>>> http://www.cluecon.com
> >>>>>
> >>>>> FreeSWITCH-users mailing list
> >>>>> FreeSWITCH-users at lists.freeswitch.org
> >>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> >>>>>
> >>>>> UNSUBSCRIBE:
> http://lists.freeswitch.org/mailman/options/freeswitch-users
> >>>>> http://www.freeswitch.org
> >>>>
> >>>>
> >>>>
> >>>>
> _________________________________________________________________________
> >>>> Professional FreeSWITCH Consulting Services:
> >>>> consulting at freeswitch.org
> >>>> http://www.freeswitchsolutions.com
> >>>>
> >>>> Official FreeSWITCH Sites
> >>>> http://www.freeswitch.org
> >>>> http://confluence.freeswitch.org
> >>>> http://www.cluecon.com
> >>>>
> >>>> FreeSWITCH-users mailing list
> >>>> FreeSWITCH-users at lists.freeswitch.org
> >>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> >>>> UNSUBSCRIBE:
> http://lists.freeswitch.org/mailman/options/freeswitch-users
> >>>> http://www.freeswitch.org
> >>>
> >>>
> >>
> >>
> _________________________________________________________________________
> >> Professional FreeSWITCH Consulting Services:
> >> consulting at freeswitch.org
> >> http://www.freeswitchsolutions.com
> >>
> >> Official FreeSWITCH Sites
> >> http://www.freeswitch.org
> >> http://confluence.freeswitch.org
> >> http://www.cluecon.com
> >>
> >> FreeSWITCH-users mailing list
> >> FreeSWITCH-users at lists.freeswitch.org
> >> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> >> UNSUBSCRIBE:
> http://lists.freeswitch.org/mailman/options/freeswitch-users
> >> http://www.freeswitch.org
> >
> >
> >
> > _________________________________________________________________________
> > Professional FreeSWITCH Consulting Services:
> > consulting at freeswitch.org
> > http://www.freeswitchsolutions.com
> >
> > Official FreeSWITCH Sites
> > http://www.freeswitch.org
> > http://confluence.freeswitch.org
> > http://www.cluecon.com
> >
> > FreeSWITCH-users mailing list
> > FreeSWITCH-users at lists.freeswitch.org
> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> > http://www.freeswitch.org
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20150712/ab2b10b7/attachment-0001.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list