asterisk users - Jul 2009 - Possibly I don't understand sip peers

I have a carrier who tells me he will be sending me traffic from a wide
range of IP addresses.

so I set up a realtime peer as follows:

[peer]
defaultip=xxx.xxx.xxx.xxx
host=xxx.xxx.xxx.xxx
deny=0.0.0.0/0.0.0.0
allow=xxx.xxx.xxx.0/255.255.255.0
insecure=port,invite


Yes, he's really claiming to originate from any of the IP in the block

When I leave the host blank, we reject calls with a 404.

shouldn't I be able to put in a kind of "wildcard" for his IP
block or
am I just being silly?  If not, what am I doing wrong?

Bruce

On Tue, 2009-07-28 at 16:06 -0700, Bruce Ferrell wrote:
> I have a carrier who tells me he will be sending me traffic from a wide
> range of IP addresses.
> 
> so I set up a realtime peer as follows:
> 
> [peer]
> defaultip=xxx.xxx.xxx.xxx
> host=xxx.xxx.xxx.xxx
> deny=0.0.0.0/0.0.0.0
> allow=xxx.xxx.xxx.0/255.255.255.0
> insecure=port,invite
> 
> 
> Yes, he's really claiming to originate from any of the IP in the block
> 
> When I leave the host blank, we reject calls with a 404.
> 
> shouldn't I be able to put in a kind of "wildcard" for his IP
block or
> am I just being silly?  If not, what am I doing wrong?
I think you've got your syntax wrong there... "permit" and
"deny"
statements are used to create Access Control Lists and to limit the IP
address ranges.  The "allow" and "disallow" statements are
to allow or
disallow various codecs.  They way you've specified it above, you're
allowing a codec called xxx.xxx.xxx.0/255.255.255.0, which probably
isn't what you want.


-- 
Jared Smith
Training Manager
Digium, Inc.

>>
>> [peer]
>> defaultip=xxx.xxx.xxx.xxx
>> host=xxx.xxx.xxx.xxx
>> deny=0.0.0.0/0.0.0.0
>> allow=xxx.xxx.xxx.0/255.255.255.0 <---- read what you've put!!! 
The
'allow' should be 'permit' as Jared already told you (and he
should know
what he's talking about).
>> insecure=port,invite
>>


 	 	
	  	

-----Original Message-----
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Bruce
Ferrell
Sent: 29 July 2009 23:34
To: jsmith at digium.com; Asterisk Users Mailing List - Non-Commercial
Discussion
Subject: Re: [asterisk-users] Possibly I don't understand sip peers



Jared Smith wrote:
> On Tue, 2009-07-28 at 16:06 -0700, Bruce Ferrell wrote:
>> I have a carrier who tells me he will be sending me traffic from a
wide
>> range of IP addresses.
>>
>> so I set up a realtime peer as follows:
>>
>> [peer]
>> defaultip=xxx.xxx.xxx.xxx
>> host=xxx.xxx.xxx.xxx
>> deny=0.0.0.0/0.0.0.0
>> allow=xxx.xxx.xxx.0/255.255.255.0
>> insecure=port,invite
>>
>>
>> Yes, he's really claiming to originate from any of the IP in the
block
>>
>> When I leave the host blank, we reject calls with a 404.
>>
>> shouldn't I be able to put in a kind of "wildcard" for
his IP block
or
>> am I just being silly?  If not, what am I doing wrong?
> 
> I think you've got your syntax wrong there... "permit" and
"deny"
> statements are used to create Access Control Lists and to limit the IP
> address ranges.  The "allow" and "disallow" statements
are to allow or
> disallow various codecs.  They way you've specified it above,
you're
> allowing a codec called xxx.xxx.xxx.0/255.255.255.0, which probably
> isn't what you want.
> 
> 
I have the codec permissions in the columns allow and disallow.  Those
seem to work ok.

it's permit/deny/mask I seem to be having a problem with.  Like I say, I
don't think I understand their use or perhaps they don't work in
realtime



_______________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

AstriCon 2009 - October 13 - 15 Phoenix, Arizona
Register Now: http://www.astricon.net

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users