[Freeswitch-users] Should vpn address space be defined as part of local network?

Brian West brian at freeswitch.org
Tue Jul 28 04:46:24 MSD 2015


If there is no nat between you and that network consider it local.

On Mon, Jul 27, 2015 at 7:21 PM, Rajil Saraswat <rajil.s at gmail.com> wrote:

> On 27 July 2015 at 19:01, Brian West <brian at freeswitch.org> wrote:
>
>> Or create your OWN ACL that covers you local network space.
>>
>> On Mon, Jul 27, 2015 at 6:58 PM, Rajil Saraswat <rajil.s at gmail.com>
>> wrote:
>>
>>> Hello all,
>>>
>>> I am trying to get my head around the nat.auto and localnet.auto acls.
>>>
>>> I have a VPN server using the 10.8.0.0/24 address space with gateway
>>> on 10.8.0.1. The PBX is on the local lan (172.16.5.0/24) with ip
>>> 172.16.5.5.  When freeswitch starts i see it builds the following acls
>>>
>>> nat.auto
>>> Created ip list nat.auto default (deny)
>>> Adding 172.16.5.5/255.255.255.0 (deny) to list nat.auto
>>> Adding 10.0.0.0/8 (allow) [] to list nat.auto
>>> Adding 172.16.0.0/12 (allow) [] to list nat.auto
>>>
>>> localnet.auto
>>> Created ip list localnet.auto default (deny)
>>> Adding 172.16.5.5/255.255.255.0 (allow) to list localnet.auto
>>>
>>>
>>> Do i need to move my vpn address space (10.8.0.0/16) from nat.auto to
>>> the localnet.auto so that it not natted? Something like this:
>>>
>>> nat.auto
>>> 172.16.5.5/255.255.255.0 (deny)
>>> 10.0.0.0/8 (allow)
>>> 172.16.0.0/12 (allow)
>>> 10.8.0.0/16 (deny)
>>>
>>> localnet.auto
>>> 172.16.5.5/255.255.255.0 (allow)
>>> 10.8.0.0/16 (allow)
>>>
>>> Thanks
>>>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://confluence.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>
>>
>>
> Is the local network space only (for the purpose of NAT) defined as the
> LAN on which PBX is running or should it include all the class C address
> space which it is connected to via VPN?
>
> Thanks
>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>



-- 

*Brian West*
brian at freeswitch.org


*Twitter: @FreeSWITCH , @briankwest*
http://www.freeswitchbook.com
http://www.freeswitchcookbook.com

Got Bugs? Report them here <https://freeswitch.org/jira>! | Reddit:
/r/freeswitch <https://www.reddit.com/r/freeswitch>

*T:*+19184209001 | *F:*+19184209002 | *M:*+1918424WEST (9378)
*iNUM:*+883 5100 1420 9001 | *ISN:*410*543 | *Skype:*briankwest
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20150727/f087a02a/attachment-0001.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list