It just have ACL concept. You can add permitted IPs List to any peer then
only from that IPs user can register. If you want to permit all you can add
0.0.0.0 to ACL

 

From: asterisk-users-boun...@lists.digium.com
[mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of RR
Sent: Thursday, March 10, 2011 7:04 AM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: [asterisk-users] [1.8] Unable to Register: Registration denied
because of contact ACL

 

Hello All,

 

Some new security stuff is going on I suppose in 1.8 that I am not familiar
with and would appreciate your help

 

In a scenario such as the following:

 

Internet --> SBC --> Asterisk 

 

upon trying to register an endpoint, the following is being observed on the
Asterisk Console. Have Googled this but haven't come up with anything that
helped much.

 

[Mar 10 11:53:59] ERROR[21272]: netsock2.c:94 ast_sockaddr_stringify_fmt:
getnameinfo(): ai_family not supported

[Mar 10 11:53:59] WARNING[21272]: chan_sip.c:13120 parse_register_contact:
Domain '172.16.16.6:5060' disallowed by contact ACL (violating IP )

[Mar 10 11:53:59] WARNING[21272]: chan_sip.c:13837 register_verify:
Registration denied because of contact ACL

 

Note, that the server IP is 172.16.16.11 and the SBC internal Interface IP
is 172.16.16.6

 

the following lines have been added to sip.conf

 

dynamic_exclude_static = yes

autodomain=yes

domain=172.16.16.6

allowexternaldomains=no

 

In addition, in the general endpoint template in sip.conf, I have the lines

 

contactdeny=0.0.0.0/0.0.0.0

contactpermit=172.16.16.0/255.255.255.0

host=dynamic

 

What else am I missing?

 

Thanks

\RR

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
               http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Reply via email to