[asterisk-users] sip peer permit/deny - Need some explanation

Benoit maverick at maverick.eu.org
Sun Jan 11 16:46:41 CST 2009


Something like has been discussed a few day ago, i think you need to 
remove the host=
string and add username/password.

Right now asterisk may allow you request from the autorized IP ranges, 
but the authentification
of the request fail due to the invalid host. you need to switch to 
username/password authentification.

Administrator TOOTAI a écrit :
> Hi all,
>
> I tested with few Asterisk versions from 1.4.18 to 1.4.21, same result.
>
> Here is the problem: I have a peer -which is peer AND user- setted up 
> like this
>
> [MyPeer]
> ;
> type=peer
> host=xxx.xxx.xxx.139
> deny=0.0.0.0/0.0.0.0
> permit=xxx.xxx.xxx.136/255.255.255.248 ;IP address from range 138 to 142
> permit=yyy.yyy.yyy.yyy/255.255.255.255
> context=from-MyPeer
> dtfmode=auto
> disallow=all
> allow=ulaw,alaw
> insecure=port,invite
> nat=yes
> canreinvite=no
> call-limit=15
> accountcode=MyPeer
>
> On incoming calls, when the peer address is the one terminating with 
> .139 everything is OK.
>
> If I change the external IP from the peer *ON* the peer machine to let's 
> say .140 (or any other permitted address from this peer), incoming calls 
> are not recognized despite the deny/permit stanza. If I modify the host 
> to .140 in my peer definition, it's again working normally.
>
> Question is: why even by allowing in the permit stuff the allowed IPs 
> from a peer, Asterisk does only accept calls from those peers if the 
> peer machine has the IP address from the host definition in my peer sip.conf
>
> Thanks for any hint.
>   





More information about the asterisk-users mailing list