Re: [asterisk-users] sip peer permit/deny - Need some explanation
Rob Hillis a écrit : Administrator TOOTAI wrote: [MyPeer] host=xxx.xxx.xxx.139 deny=0.0.0.0/0.0.0.0 permit=xxx.xxx.xxx.136/255.255.255.248 ;IP address from range 138 to 142 permit=yyy.yyy.yyy.yyy/255.255.255.255 On incoming calls, when the peer address is the one terminating with .139 everything is OK. If I change the external IP from the peer *ON* the peer machine to let's say .140 (or any other permitted address from this peer), incoming calls are not recognized despite the deny/permit stanza. If I modify the host to .140 in my peer definition, it's again working normally. Question is: why even by allowing in the permit stuff the allowed IPs from a peer, Asterisk does only accept calls from those peers if the peer machine has the IP address from the host definition in my peer sip.conf Since you are including a specific IP address in the host line, Asterisk will not accept calls from any other IP address. If you want to accept calls from multiple IP addresses, you *must* set host to dynamic and then use the permit/deny lines to restrict calls accordingly. Of course, since your sip peer is now set to dynamic, it will now need to register with Asterisk. Thanks for all your answers. I really was out of this behaviour: as my conf is a friend (user+peer) I was thinking that the use of the host=IP address will be the IP to send calls, the deny/permit stuff will be used for incoming calls eg in user role. I solved my problem by adding as much [sip peer0|1|2|...] with the right IP in host= as needed. In this case no need to change setup on both sides. Regards -- Daniel ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] sip peer permit/deny - Need some explanation
Hi all, I tested with few Asterisk versions from 1.4.18 to 1.4.21, same result. Here is the problem: I have a peer -which is peer AND user- setted up like this [MyPeer] ; type=peer host=xxx.xxx.xxx.139 deny=0.0.0.0/0.0.0.0 permit=xxx.xxx.xxx.136/255.255.255.248 ;IP address from range 138 to 142 permit=yyy.yyy.yyy.yyy/255.255.255.255 context=from-MyPeer dtfmode=auto disallow=all allow=ulaw,alaw insecure=port,invite nat=yes canreinvite=no call-limit=15 accountcode=MyPeer On incoming calls, when the peer address is the one terminating with .139 everything is OK. If I change the external IP from the peer *ON* the peer machine to let's say .140 (or any other permitted address from this peer), incoming calls are not recognized despite the deny/permit stanza. If I modify the host to .140 in my peer definition, it's again working normally. Question is: why even by allowing in the permit stuff the allowed IPs from a peer, Asterisk does only accept calls from those peers if the peer machine has the IP address from the host definition in my peer sip.conf Thanks for any hint. -- Daniel ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] sip peer permit/deny - Need some explanation
Administrator TOOTAI wrote: [MyPeer] host=xxx.xxx.xxx.139 deny=0.0.0.0/0.0.0.0 permit=xxx.xxx.xxx.136/255.255.255.248 ;IP address from range 138 to 142 permit=yyy.yyy.yyy.yyy/255.255.255.255 On incoming calls, when the peer address is the one terminating with .139 everything is OK. If I change the external IP from the peer *ON* the peer machine to let's say .140 (or any other permitted address from this peer), incoming calls are not recognized despite the deny/permit stanza. If I modify the host to .140 in my peer definition, it's again working normally. Question is: why even by allowing in the permit stuff the allowed IPs from a peer, Asterisk does only accept calls from those peers if the peer machine has the IP address from the host definition in my peer sip.conf Since you are including a specific IP address in the host line, Asterisk will not accept calls from any other IP address. If you want to accept calls from multiple IP addresses, you *must* set host to dynamic and then use the permit/deny lines to restrict calls accordingly. Of course, since your sip peer is now set to dynamic, it will now need to register with Asterisk. ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] sip peer permit/deny - Need some explanation
Something like has been discussed a few day ago, i think you need to remove the host= string and add username/password. Right now asterisk may allow you request from the autorized IP ranges, but the authentification of the request fail due to the invalid host. you need to switch to username/password authentification. Administrator TOOTAI a écrit : Hi all, I tested with few Asterisk versions from 1.4.18 to 1.4.21, same result. Here is the problem: I have a peer -which is peer AND user- setted up like this [MyPeer] ; type=peer host=xxx.xxx.xxx.139 deny=0.0.0.0/0.0.0.0 permit=xxx.xxx.xxx.136/255.255.255.248 ;IP address from range 138 to 142 permit=yyy.yyy.yyy.yyy/255.255.255.255 context=from-MyPeer dtfmode=auto disallow=all allow=ulaw,alaw insecure=port,invite nat=yes canreinvite=no call-limit=15 accountcode=MyPeer On incoming calls, when the peer address is the one terminating with .139 everything is OK. If I change the external IP from the peer *ON* the peer machine to let's say .140 (or any other permitted address from this peer), incoming calls are not recognized despite the deny/permit stanza. If I modify the host to .140 in my peer definition, it's again working normally. Question is: why even by allowing in the permit stuff the allowed IPs from a peer, Asterisk does only accept calls from those peers if the peer machine has the IP address from the host definition in my peer sip.conf Thanks for any hint. ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] sip peer permit/deny - Need some explanation
Is it possible to list multiple hosts, separating them with ampersands? Frank -Original Message- From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Rob Hillis Sent: Sunday, January 11, 2009 4:32 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] sip peer permit/deny - Need some explanation Administrator TOOTAI wrote: [MyPeer] host=xxx.xxx.xxx.139 deny=0.0.0.0/0.0.0.0 permit=xxx.xxx.xxx.136/255.255.255.248 ;IP address from range 138 to 142 permit=yyy.yyy.yyy.yyy/255.255.255.255 On incoming calls, when the peer address is the one terminating with .139 everything is OK. If I change the external IP from the peer *ON* the peer machine to let's say .140 (or any other permitted address from this peer), incoming calls are not recognized despite the deny/permit stanza. If I modify the host to .140 in my peer definition, it's again working normally. Question is: why even by allowing in the permit stuff the allowed IPs from a peer, Asterisk does only accept calls from those peers if the peer machine has the IP address from the host definition in my peer sip.conf Since you are including a specific IP address in the host line, Asterisk will not accept calls from any other IP address. If you want to accept calls from multiple IP addresses, you *must* set host to dynamic and then use the permit/deny lines to restrict calls accordingly. Of course, since your sip peer is now set to dynamic, it will now need to register with Asterisk. ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users