[asterisk-users] Possibly I don't understand sip peers
Bruce Ferrell
bferrell at baywinds.org
Fri Jul 31 10:57:20 CDT 2009
Andrew Thomas wrote:
>>> [peer]
>>> defaultip=xxx.xxx.xxx.xxx
>>> host=xxx.xxx.xxx.xxx
>>> deny=0.0.0.0/0.0.0.0
>
>>> allow=xxx.xxx.xxx.0/255.255.255.0 <---- read what you've put!!! The
> 'allow' should be 'permit' as Jared already told you (and he should know
> what he's talking about).
>
>>> insecure=port,invite
>>>
>
>
>
>
>
>
> -----Original Message-----
> From: asterisk-users-bounces at lists.digium.com
> [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Bruce
> Ferrell
> Sent: 29 July 2009 23:34
> To: jsmith at digium.com; Asterisk Users Mailing List - Non-Commercial
> Discussion
> Subject: Re: [asterisk-users] Possibly I don't understand sip peers
>
>
>
> Jared Smith wrote:
>> On Tue, 2009-07-28 at 16:06 -0700, Bruce Ferrell wrote:
>>> I have a carrier who tells me he will be sending me traffic from a
> wide
>>> range of IP addresses.
>>>
>>> so I set up a realtime peer as follows:
>>>
>>> [peer]
>>> defaultip=xxx.xxx.xxx.xxx
>>> host=xxx.xxx.xxx.xxx
>>> deny=0.0.0.0/0.0.0.0
>>> allow=xxx.xxx.xxx.0/255.255.255.0
>>> insecure=port,invite
>>>
>>>
>>> Yes, he's really claiming to originate from any of the IP in the
> block
>>> When I leave the host blank, we reject calls with a 404.
>>>
>>> shouldn't I be able to put in a kind of "wildcard" for his IP block
> or
>>> am I just being silly? If not, what am I doing wrong?
>> I think you've got your syntax wrong there... "permit" and "deny"
>> statements are used to create Access Control Lists and to limit the IP
>> address ranges. The "allow" and "disallow" statements are to allow or
>> disallow various codecs. They way you've specified it above, you're
>> allowing a codec called xxx.xxx.xxx.0/255.255.255.0, which probably
>> isn't what you want.
>>
>>
>
> I have the codec permissions in the columns allow and disallow. Those
> seem to work ok.
>
> it's permit/deny/mask I seem to be having a problem with. Like I say, I
> don't think I understand their use or perhaps they don't work in
> realtime
>
Now that we're done making fun of me because I mis entered allow/permit,
can we address what I was trying to ask...
deny=0.0.0.0/0.0.0.0
permit=xxx.xxx.xxx.xxx/255.255.255.0
mask=255.255.255.0
if host is set to a specific IP in the range specified by permit, calls
are rejected if not from that specific IP.
if host is set to dymanic, calls are rejected.
defaultip is set to the specific IP
what do I not understand?
I really appreciate your help, even the snarky stuff
More information about the asterisk-users
mailing list