[Freeswitch-users] Should vpn address space be defined as part of local network?

Rajil Saraswat rajil.s at gmail.com
Tue Jul 28 04:21:55 MSD 2015


On 27 July 2015 at 19:01, Brian West <brian at freeswitch.org> wrote:

> Or create your OWN ACL that covers you local network space.
>
> On Mon, Jul 27, 2015 at 6:58 PM, Rajil Saraswat <rajil.s at gmail.com> wrote:
>
>> Hello all,
>>
>> I am trying to get my head around the nat.auto and localnet.auto acls.
>>
>> I have a VPN server using the 10.8.0.0/24 address space with gateway
>> on 10.8.0.1. The PBX is on the local lan (172.16.5.0/24) with ip
>> 172.16.5.5.  When freeswitch starts i see it builds the following acls
>>
>> nat.auto
>> Created ip list nat.auto default (deny)
>> Adding 172.16.5.5/255.255.255.0 (deny) to list nat.auto
>> Adding 10.0.0.0/8 (allow) [] to list nat.auto
>> Adding 172.16.0.0/12 (allow) [] to list nat.auto
>>
>> localnet.auto
>> Created ip list localnet.auto default (deny)
>> Adding 172.16.5.5/255.255.255.0 (allow) to list localnet.auto
>>
>>
>> Do i need to move my vpn address space (10.8.0.0/16) from nat.auto to
>> the localnet.auto so that it not natted? Something like this:
>>
>> nat.auto
>> 172.16.5.5/255.255.255.0 (deny)
>> 10.0.0.0/8 (allow)
>> 172.16.0.0/12 (allow)
>> 10.8.0.0/16 (deny)
>>
>> localnet.auto
>> 172.16.5.5/255.255.255.0 (allow)
>> 10.8.0.0/16 (allow)
>>
>> Thanks
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>
>
>
Is the local network space only (for the purpose of NAT) defined as the LAN
on which PBX is running or should it include all the class C address space
which it is connected to via VPN?

Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20150727/20651709/attachment.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list