Thomas Haeger
2003-Oct-22 03:22 UTC
[Asterisk-Users] SIP and permit specified ip addresses
Hi all, can somebody explain me how exactly the "type", "host", "permit" and "deny" option in sip.conf play together? Where is the difference between "user" and "peer" ? I want configure SIP so that it is only from specified net section possible to make a call. I have tried following: [test] type=peer callerid=testaccount context=voipin dtmfmode=inband ; Choices are inband, rfc2833, or info deny=0.0.0.0/0.0.0.0 permit=172.20.0.0/255.255.0.0 Here i thought that it is possible to make a call only for computers from the 172.20.0.0 net section. But this don't work. No computer can make a call. The only thing that worked for me was following: [test] type=peer callerid=testaccount context=voipin host=172.20.23.206 The address 172.20.23.206 is the ip from the client pc. This works, but i want specify a net section so that more computers are allowed to make calls. Can sombody help me with this ? Thank you very much. Thomas.
Stephen R. Besch
2003-Oct-22 06:27 UTC
[Asterisk-Users] SIP and permit specified ip addresses
Comments inline Thomas Haeger wrote:>Hi all, > >can somebody explain me how exactly the "type", "host", "permit" and "deny" >option in sip.conf play together? > >Where is the difference between "user" and "peer" ? > >I want configure SIP so that it is only from specified net section possible >to make a call. > >I have tried following: > >[test] >type=peer >callerid=testaccount >context=voipin >dtmfmode=inband ; Choices are inband, rfc2833, or info >deny=0.0.0.0/0.0.0.0 >permit=172.20.0.0/255.255.0.0 > >Here i thought that it is possible to make a call only for computers from >the 172.20.0.0 net section. >But this don't work. No computer can make a call. > >First, you must have a separate named entry for each phone that is going to be served by *. The permit and deny should go in the general section and if they work like they do everywhere else, will limit the ip address range of phones connecting to *. Really only useful if you are letting the phone pass it's IP address to * (using dynamic as the host). If the phones have fixed IP addresses, I wouldn't use dynamic, just specify the IP as you did in your working example. The peer type means that the phone referenced by the relevant entry can both make and receive calls. But the details are somewhat more complicated. See the many useful comments in the list over the last several weeks.>The only thing that worked for me was following: >[test] >type=peer >callerid=testaccount >context=voipin >host=172.20.23.206 > >The address 172.20.23.206 is the ip from the client pc. This works, but i >want specify a net section so that more computers are allowed to make calls. > >Can sombody help me with this ? >As far as I know, there is no mechanism for this. You could specify host dynamic with a very short registration time, but this would require that the connecting PC was nice enough to dissappear after each call and then, nobody could receive calls. Asterisk would need to be patched to automatically clone a phone definition each time a new IP came in. I suspect that this would not be an easy task.> >Thank you very much. > > >Thomas. > >_______________________________________________ >Asterisk-Users mailing list >Asterisk-Users@lists.digium.com >http://lists.digium.com/mailman/listinfo/asterisk-users > > > > >