Hi guys, I recently faced an issue regarding SIP registration: I have a 2-NIC Linux PC, with eth0 set to address 192.168.1.1 (NATted over public network, with address 89.X.Y.Z) and eth1 set to address 1.1.1.1. In [sip.conf] I set general option bindaddr=0.0.0.0 ; IP address to bind to (0.0.0.0 binds to all) Then I have configured an account as following: [999] type=friend username=999 host=dynamic port=5080 context=sipfrom nat=no canreinvite=no call-limit=8 videosupport=no disallow=all allow=alaw qualify=15000 So far, so good. Now, I have an internal process (onto Linux PC) which is a SIP endpoint and should register to Asterisk as 1.1.1.1:5080, but an external entity (i.e. a SIP endpoint over public Internet) is trying to register to Asterisk as 999 at 89.X.Y.Z<mailto:999 at 89.X.Y.Z>:5060 and the registration SUCCEEDS! When I launch the CLI command sip show peers, I see a row like this: 999/999 1.1.1.1 5060 OK (3 ms) Can someone explain me this kind of behaviour? Is it normal? Can I restrict registration of 999 peer only to SIP UA from network 1.1.1.X? Thanks for your help! Regards, Alberto Aggio -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20100112/023c0f20/attachment.htm
Instead of host=dynamic, use host=1.1.1.1, or host=1.1.1.0/255.255.255.0. Thanks, --Warren Selby On Jan 12, 2010, at 11:16 AM, Aggio Alberto <alberto.aggio at loquendo.com> wrote:> Hi guys, > > I recently faced an issue regarding SIP registration: I have a 2-NIC > Linux PC, with eth0 set to address 192.168.1.1 (NATted over public > network, with address 89.X.Y.Z) and eth1 set to address 1.1.1.1. In > [sip.conf] I set general option > > bindaddr=0.0.0.0 ; IP address to bind to (0.0.0.0 > binds to all) > > Then I have configured an account as following: > > > > [999] > > type=friend > > username=999 > > host=dynamic > > port=5080 > > context=sipfrom > > nat=no > > canreinvite=no > > call-limit=8 > > videosupport=no > > disallow=all > > allow=alaw > > qualify=15000 > > > > So far, so good. > > Now, I have an internal process (onto Linux PC) which is a SIP > endpoint and should register to Asterisk as 1.1.1.1:5080, but an > external entity (i.e. a SIP endpoint over public Internet) is trying > to register to Asterisk as 999 at 89.X.Y.Z:5060 and the registration > SUCCEEDS! When I launch the CLI command sip show peers, I see a row > like this: > > > > 999/999 1.1.1.1 5060 OK > (3 ms) > > > > Can someone explain me this kind of behaviour? Is it normal? Can I > restrict registration of 999 peer only to SIP UA from network 1.1.1.X? > > > > Thanks for your help! Regards, > > > > Alberto Aggio > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users-------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20100112/7a9e53b5/attachment-0001.htm
On Tue, 2010-01-12 at 18:16 +0100, Aggio Alberto wrote:> Then I have configured an account as following:> [999] > > type=friend > > username=999You don't appear to have a secret= line in there with a password option... or did you snip it?> Can someone explain me this kind of behaviour? Is it normal? Can I > restrict registration of 999 peer only to SIP UA from network 1.1.1.X?There is an ACL option for the SIP peer which you can add, http://www.voip-info.org/wiki/index.php?page=Asterisk+sip +permit-deny-mask (although there were some issues with this in earlier versions of asterisk.. it should work properly in recent versions.) Rob