asterisk users - Nov 2012 - Allowing peers from specific subnet only

Hi;

How I can make my configuration to allow the sip phones only from specific IP
addresses range (for example from 192.168.10.1 - 192.168.10.50) to be allowed to
connect for asterisk?

In other words, in addition to be authenticated based on the username and
password, it is required that the IP address of the Phone to be from this range.
How?

Regards
Bilal

Hi

You can achieve this with either permit/deny or contactpermit/contactdeny

Single IP should be defined like :

deny=0.0.0.0/0.0.0.0
permit=192.168.2.1/255.255.255.255

And networks in similar way with appropriate subnet mask
deny=0.0.0.0/0.0.0.0
permit=192.168.2.0/255.255.255.0

You can also specify multiple subnets with ';' like:

permit=192.168.2.0/255.255.255.0;192.168.1.0/255.255.255.0

Regards,
Zohair Raza


On Mon, Nov 19, 2012 at 4:12 PM, bilal ghayyad <bilmar_gh at yahoo.com>
wrote:
> Hi;
>
> How I can make my configuration to allow the sip phones only from specific
> IP addresses range (for example from 192.168.10.1 - 192.168.10.50) to be
> allowed to connect for asterisk?
>
> In other words, in addition to be authenticated based on the username and
> password, it is required that the IP address of the Phone to be from this
> range. How?
>
> Regards
> Bilal
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>                http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.digium.com/pipermail/asterisk-users/attachments/20121119/b324cd60/attachment.htm>

bilal ghayyad wrote:
> Hi;
Hola,
> How I can make my configuration to allow the sip phones only from specific
IP addresses range (for example from 192.168.10.1 - 192.168.10.50) to be allowed
to connect for asterisk?
>
> In other words, in addition to be authenticated based on the username and
password, it is required that the IP address of the Phone to be from this range.
How?
This can be accomplished using ACLs. They are configured using the deny 
and permit settings within sip.conf.

Example:

deny=0.0.0.0/0.0.0.0
permit=172.16.10.0/255.255.255.0

This permits only devices from the 172.16.10.1-172.16.10.255 range.

For cases where you may want to configure this in one place and share it 
around Asterisk 11 has introduced what are called "Named ACLs".

You can find further information on those at 
https://wiki.asterisk.org/wiki/display/AST/Named+ACLs

Cheers,

-- 
Joshua Colp
Digium, Inc. | Senior Software Developer
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at:  www.digium.com  & www.asterisk.org

Hello

In SIP.find you can to use

Deny=0.0.0.0/0.0.0.0
Permit=192.168.1.25/255.255.255

Regards
On Nov 19, 2012 7:12 AM, "bilal ghayyad" <bilmar_gh at
yahoo.com> wrote:
> Hi;
>
> How I can make my configuration to allow the sip phones only from specific
> IP addresses range (for example from 192.168.10.1 - 192.168.10.50) to be
> allowed to connect for asterisk?
>
> In other words, in addition to be authenticated based on the username and
> password, it is required that the IP address of the Phone to be from this
> range. How?
>
> Regards
> Bilal
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>                http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.digium.com/pipermail/asterisk-users/attachments/20121119/97294a30/attachment.htm>