Ok I just remade the config and now it's working as it should, it's not letting me register.
2009-04-21 07:06:03 [WARNING] sofia_reg.c:1283 sofia_reg_handle_sip_i_register() IP 192.168.0.100 Rejected by acl "domains" However, I have this: <param name="apply-inbound-acl" value="domains"/> And this: <list name="domains" default="deny"> <!-- <node type="allow" domain="$${domain}"/>--> <node type="deny" cidr="192.168.0.100/32"/> <node type="deny" cidr="192.168.0.0/24"/> </list> And I can still call the conference (3030) without being registered. Why is this? Thanks. On Tue, Apr 21, 2009 at 6:43 AM, Diego Viola <diego.vi...@gmail.com> wrote: > freeswi...@internal> acl > false > > > On Tue, Apr 21, 2009 at 5:08 AM, Diego Viola <diego.vi...@gmail.com>wrote: > >> Hey guys, >> >> I'm currently testing FS inside a LAN. FreeSWITCH is running on >> 192.168.0.101 and my softphone is on 192.168.0.100. >> >> I can register and make calls just fine, but I want to deny everything in >> order to learn how the ACL works. >> >> I have this on the internal profile: >> >> <param name="apply-nat-acl" value="rfc1918"/> >> <param name="apply-inbound-acl" value="domains"/> >> <param name="apply-register-acl" value="domains"/> >> >> And this is how my acl.conf.xml looks, it's all set to deny: >> >> <configuration name="acl.conf" description="Network Lists"> >> <network-lists> >> >> <list name="dl-candidates" default="deny"> >> <node type="deny" cidr="10.0.0.0/8"/> >> <node type="deny" cidr="172.16.0.0/12"/> >> <node type="deny" cidr="192.168.0.0/16"/> >> </list> >> >> <list name="rfc1918" default="deny"> >> <node type="deny" cidr="10.0.0.0/8"/> >> <node type="deny" cidr="172.16.0.0/12"/> >> <node type="deny" cidr="192.168.0.0/16"/> >> </list> >> >> <list name="lan" default="deny"> >> <node type="deny" cidr="192.168.42.0/24"/> >> <node type="deny" cidr="192.168.42.42/32"/> >> </list> >> >> <list name="strict" default="deny"> >> <node type="deny" cidr="208.102.123.124/32"/> >> </list> >> <!-- >> This will traverse the directory adding all users >> with the cidr= tag to this ACL, when this ACL matches >> the users variables and params apply as if they >> digest authenticated. >> --> >> <list name="domains" default="deny"> >> <node type="deny" domain="$${domain}"/> >> <node type="deny" cidr="192.168.0.0/24"/> >> </list> >> >> </network-lists> >> </configuration> >> >> But I'm still allowed to register with the 1000 user and make calls, to >> the conference extension, etc... I can't understand this, if it's all to >> deny and the cidr is set to 192.168.0.0/24 on the "domains" context, >> which is what hte profile uses, shouldn't the registration/call be denied. I >> have tried many conbinations but whenever I change something it wont make >> any difference. >> >> Please help me. >> >> Thanks, >> >> Diego >> > >
_______________________________________________ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org