[asterisk-users] sip peer permit/deny - Need some explanation
Rob Hillis
rob at hillis.dyndns.org
Sun Jan 11 16:31:34 CST 2009
Administrator TOOTAI wrote:
> [MyPeer]
> host=xxx.xxx.xxx.139
> deny=0.0.0.0/0.0.0.0
> permit=xxx.xxx.xxx.136/255.255.255.248 ;IP address from range 138 to 142
> permit=yyy.yyy.yyy.yyy/255.255.255.255
> On incoming calls, when the peer address is the one terminating with
> .139 everything is OK.
>
> If I change the external IP from the peer *ON* the peer machine to let's
> say .140 (or any other permitted address from this peer), incoming calls
> are not recognized despite the deny/permit stanza. If I modify the host
> to .140 in my peer definition, it's again working normally.
>
> Question is: why even by allowing in the permit stuff the allowed IPs
> from a peer, Asterisk does only accept calls from those peers if the
> peer machine has the IP address from the host definition in my peer sip.conf
>
Since you are including a specific IP address in the host line, Asterisk
will not accept calls from any other IP address. If you want to accept
calls from multiple IP addresses, you *must* set host to dynamic and
then use the permit/deny lines to restrict calls accordingly.
Of course, since your sip peer is now set to "dynamic", it will now need
to register with Asterisk.
More information about the asterisk-users
mailing list