Eric "ManxPower" Wieling wrote:
Larry Alkoff wrote:
Eric "ManxPower" Wieling wrote:
Larry Alkoff wrote:
Hello Eric.
I don't fully understand your example.
I _think_ you have in extensions.conf:
[incoming]
include => extensions
[extensions]
exten => 667
more exten here
[toll-trunks]
exten => 91NXXNXXXXXX
more exten here
[toll-access]
include => extensions
include => toll-trunks
My understanding of 'include' is it's as if the 'include'
were typed line by line into the context.
Since both extensions and toll-trunks are mixed together in
[toll-access], doesn't that give anyone who gains access to extensions
in [incoming] also access to toll-trunks? How does anyone on the
inside gain access to [toll-access]?
Also I don't understand the 'doubling' of [extensions] by including it
in another context.
I'm probably missing something here. Can you help me understand
this better?
No. Any device in the [incoming] context will only have access to
anything in the [incoming] and [extensions] context. i.e. it will
not have access to any exten => lines that allow dialing out of the
system. include => is only "one-way"
I have a feeling that the answer is contained in your words but still
don't quite get it.
Let me ask this: How do inside devices get access to [toll-access]?
I would like my inside devices to have access to everything unless I
specifically deny access.
Contexts are both one of the most important and most difficult concepts
to understand in Asterisk.
Calls from inside devices land in the toll-access context in
extensions.conf. This is because of the context=toll-access line in
that device's section of sip.conf. This context in extensions.conf
include =>'s the toll-trunks context. Therefore, the inside device gets
access to the toll-trunks context.
I _think_ we are getting somewhere.
You are essentially saying that, in order to have access to
[toll-access] I would need a line context=toll-access
in a specific device(s).
In my case, the system is for my house. So I have it setup to ring
_all_ phones when a call comes in and would like my wife and I to be
able to call _anywhere_. Since we never know which phone will be handy,
it's necessary to give full access to all phones, which I think means
context=toll-access in sip.conf for all phones.
Doesn't that give access to any outside caller who can break into the
system?
Searching voip-info
(my other bible besides "The Future of Telephony" book)
they specically say
"You should consider that if any channel, incoming line, etc can enter
an extension context that it has the capability of accessing any
extension within that context.
Therefore, you should NOT allow access to outgoing or toll services in
contexts that are accessible (especially without a password) from
incoming channels "
Doesn't that mean that
1. I have to have context=toll-access]
in any phone that can make toll calls
2, There is no way to give access to all internal phones unless I
violate voip-info's security directive above?
Since I can give a password from sip.conf, is there an easy way to
automatically give that password in calls made from my internal phones
in such a way that external callers won't know the password even if they
breach the system?
How do people breach a system anyway? I've heard about hitting an '*'
as soon as the connection is made but don't understand it.
Or much else apparently <g>.
Larry
--
Larry Alkoff N2LA - Austin TX
Using Thunderbird on Linux
_______________________________________________
--Bandwidth and Colocation provided by Easynews.com --
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
