Bruce Ferrell
2009-Jul-28 23:06 UTC
[asterisk-users] Possibly I don't understand sip peers
I have a carrier who tells me he will be sending me traffic from a wide range of IP addresses. so I set up a realtime peer as follows: [peer] defaultip=xxx.xxx.xxx.xxx host=xxx.xxx.xxx.xxx deny=0.0.0.0/0.0.0.0 allow=xxx.xxx.xxx.0/255.255.255.0 insecure=port,invite Yes, he's really claiming to originate from any of the IP in the block When I leave the host blank, we reject calls with a 404. shouldn't I be able to put in a kind of "wildcard" for his IP block or am I just being silly? If not, what am I doing wrong? Bruce
On Tue, 2009-07-28 at 16:06 -0700, Bruce Ferrell wrote:> I have a carrier who tells me he will be sending me traffic from a wide > range of IP addresses. > > so I set up a realtime peer as follows: > > [peer] > defaultip=xxx.xxx.xxx.xxx > host=xxx.xxx.xxx.xxx > deny=0.0.0.0/0.0.0.0 > allow=xxx.xxx.xxx.0/255.255.255.0 > insecure=port,invite > > > Yes, he's really claiming to originate from any of the IP in the block > > When I leave the host blank, we reject calls with a 404. > > shouldn't I be able to put in a kind of "wildcard" for his IP block or > am I just being silly? If not, what am I doing wrong?I think you've got your syntax wrong there... "permit" and "deny" statements are used to create Access Control Lists and to limit the IP address ranges. The "allow" and "disallow" statements are to allow or disallow various codecs. They way you've specified it above, you're allowing a codec called xxx.xxx.xxx.0/255.255.255.0, which probably isn't what you want. -- Jared Smith Training Manager Digium, Inc.
Andrew Thomas
2009-Jul-30 16:40 UTC
[asterisk-users] Possibly I don't understand sip peers
>> >> [peer] >> defaultip=xxx.xxx.xxx.xxx >> host=xxx.xxx.xxx.xxx >> deny=0.0.0.0/0.0.0.0>> allow=xxx.xxx.xxx.0/255.255.255.0 <---- read what you've put!!! The'allow' should be 'permit' as Jared already told you (and he should know what he's talking about).>> insecure=port,invite >>-----Original Message----- From: asterisk-users-bounces at lists.digium.com [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Bruce Ferrell Sent: 29 July 2009 23:34 To: jsmith at digium.com; Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] Possibly I don't understand sip peers Jared Smith wrote:> On Tue, 2009-07-28 at 16:06 -0700, Bruce Ferrell wrote: >> I have a carrier who tells me he will be sending me traffic from awide>> range of IP addresses. >> >> so I set up a realtime peer as follows: >> >> [peer] >> defaultip=xxx.xxx.xxx.xxx >> host=xxx.xxx.xxx.xxx >> deny=0.0.0.0/0.0.0.0 >> allow=xxx.xxx.xxx.0/255.255.255.0 >> insecure=port,invite >> >> >> Yes, he's really claiming to originate from any of the IP in theblock>> >> When I leave the host blank, we reject calls with a 404. >> >> shouldn't I be able to put in a kind of "wildcard" for his IP blockor>> am I just being silly? If not, what am I doing wrong? > > I think you've got your syntax wrong there... "permit" and "deny" > statements are used to create Access Control Lists and to limit the IP > address ranges. The "allow" and "disallow" statements are to allow or > disallow various codecs. They way you've specified it above, you're > allowing a codec called xxx.xxx.xxx.0/255.255.255.0, which probably > isn't what you want. > >I have the codec permissions in the columns allow and disallow. Those seem to work ok. it's permit/deny/mask I seem to be having a problem with. Like I say, I don't think I understand their use or perhaps they don't work in realtime _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- AstriCon 2009 - October 13 - 15 Phoenix, Arizona Register Now: http://www.astricon.net asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users