Oh it was because I had auth-calls set to true, now I turned it false and it works as I expect!
Silly me, thanks everyone anyway =D Diego On Tue, Apr 21, 2009 at 7:08 AM, Diego Viola <diego.vi...@gmail.com> wrote: > Ok I just remade the config and now it's working as it should, it's not > letting me register. > > 2009-04-21 07:06:03 [WARNING] sofia_reg.c:1283 > sofia_reg_handle_sip_i_register() IP 192.168.0.100 Rejected by acl "domains" > > However, I have this: > > <param name="apply-inbound-acl" value="domains"/> > > And this: > > <list name="domains" default="deny"> > <!-- <node type="allow" domain="$${domain}"/>--> > <node type="deny" cidr="192.168.0.100/32"/> > <node type="deny" cidr="192.168.0.0/24"/> > </list> > > And I can still call the conference (3030) without being registered. Why is > this? > > Thanks. > > > > On Tue, Apr 21, 2009 at 6:43 AM, Diego Viola <diego.vi...@gmail.com>wrote: > >> freeswi...@internal> acl >> false >> >> >> On Tue, Apr 21, 2009 at 5:08 AM, Diego Viola <diego.vi...@gmail.com>wrote: >> >>> Hey guys, >>> >>> I'm currently testing FS inside a LAN. FreeSWITCH is running on >>> 192.168.0.101 and my softphone is on 192.168.0.100. >>> >>> I can register and make calls just fine, but I want to deny everything in >>> order to learn how the ACL works. >>> >>> I have this on the internal profile: >>> >>> <param name="apply-nat-acl" value="rfc1918"/> >>> <param name="apply-inbound-acl" value="domains"/> >>> <param name="apply-register-acl" value="domains"/> >>> >>> And this is how my acl.conf.xml looks, it's all set to deny: >>> >>> <configuration name="acl.conf" description="Network Lists"> >>> <network-lists> >>> >>> <list name="dl-candidates" default="deny"> >>> <node type="deny" cidr="10.0.0.0/8"/> >>> <node type="deny" cidr="172.16.0.0/12"/> >>> <node type="deny" cidr="192.168.0.0/16"/> >>> </list> >>> >>> <list name="rfc1918" default="deny"> >>> <node type="deny" cidr="10.0.0.0/8"/> >>> <node type="deny" cidr="172.16.0.0/12"/> >>> <node type="deny" cidr="192.168.0.0/16"/> >>> </list> >>> >>> <list name="lan" default="deny"> >>> <node type="deny" cidr="192.168.42.0/24"/> >>> <node type="deny" cidr="192.168.42.42/32"/> >>> </list> >>> >>> <list name="strict" default="deny"> >>> <node type="deny" cidr="208.102.123.124/32"/> >>> </list> >>> <!-- >>> This will traverse the directory adding all users >>> with the cidr= tag to this ACL, when this ACL matches >>> the users variables and params apply as if they >>> digest authenticated. >>> --> >>> <list name="domains" default="deny"> >>> <node type="deny" domain="$${domain}"/> >>> <node type="deny" cidr="192.168.0.0/24"/> >>> </list> >>> >>> </network-lists> >>> </configuration> >>> >>> But I'm still allowed to register with the 1000 user and make calls, to >>> the conference extension, etc... I can't understand this, if it's all to >>> deny and the cidr is set to 192.168.0.0/24 on the "domains" context, >>> which is what hte profile uses, shouldn't the registration/call be denied. I >>> have tried many conbinations but whenever I change something it wont make >>> any difference. >>> >>> Please help me. >>> >>> Thanks, >>> >>> Diego >>> >> >> >
_______________________________________________ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org