Labari na ba cikakken bayanin samfurin ba ne, amma kaɗan ne kawai don inganta ingantaccen littafin "FusionPBX, ko kuma-mai girma, FreeSWITCH". Da alama a gare ni cewa ba a bayyana batun ACL a cikin FusionPBX sosai a ciki ba. Zan yi ƙoƙarin cike wannan rata bisa ga gogewa ta da FreeSWITCH/FusionPBX.
Sabili da haka, muna da FusionPBX da aka shigar tare da lambar ciki mai rijista 1010 a cikin yankin domain.local da kuma hanyar da aka tsara don kiran waje zuwa birni. Muna amfani da ACL don kare tsarin wayar mu daga kira mara izini wanda zai kwashe kuɗin mu. Wadancan. kawai daga cibiyoyin sadarwar da aka kwatanta a cikin ACL suna ba da izinin kira mai fita. Kuma a nan kuna buƙatar cikakkiyar fahimtar yadda ACL ke aiki a cikin FusionPBX, fasalinsa, dabaru da ma'anar anka.
Kamar marubucin da ake girmamawa na labarin da ke sama, na kuma taka duk rake da suka shafi ACL.
Zan fara da SipProfiles.
Duk bayanan martaba (zan kira su da cewa), na ciki da na waje, suna cikin mahallin Jama'a, kuma wannan ba haɗari bane. Rijistar lambobi yana faruwa a cikin bayanin martaba na ciki, kuma za mu kula da shi. A cikin bayanin martaba na ciki, an ɗaure yankunan ACL azaman apply-inbound-acl. Wannan layin ne ke da alhakin aikin ACL a matakin bayanin martaba. Ya zuwa yanzu, wannan ke nan tare da bayanan martaba.
mahallin
Ana amfani da yanayi, a tsakanin wasu abubuwa, a cikin hanyar kiran waya. Duk hanyoyin da ke shigowa suna daure da mahallin Jama'a.
Hanyoyin fita (zuwa birni, zuwa wayar salula, nesa mai nisa, ƙasa da ƙasa, da kowane irin) hanyoyin (ta hanyar tsohuwa) a cikin mahallin sunan yanki (bari mu kira shi domain.local).
ACL
Yanzu bari mu magance ACLs. Ta hanyar tsoho, sabon shigar FusionPBX yana da ACL guda biyu:
aikin tsohowar yanki: ƙaryatãwa - wannan takardar tana ɗaure zuwa bayanin martaba na ciki
lan tsoho mataki: izini
A cikin jerin wuraren ACL, muna tsara hanyar sadarwa (da kyau, misali, 192.168.0.0/24), muna ba da izinin izinin wannan cibiyar sadarwa, muna amfani da reloadacl.
Na gaba, muna yin rajistar waya daga wannan hanyar sadarwa, kuma komai yana da kyau kuma bisa ga umarnin kuma a hankali.
Mun fara gwaji, yin kira zuwa lambar waje kuma ... muna samun donut, ko kuma wajen rami donut. Nan da nan!
Mun fara nazarin log ɗin a cikin na'ura wasan bidiyo ko ta hanyar Mai duba Log FusioPBX.
Muna ganin kalubalenmu:
switch_channel.c:1104 New Channel sofia/internal/[email protected]Mun ga ACL wanda yayi aiki:
sofia.c:10208 IP 192.168.0.150 Approved by acl "domains[]". Access Granted.Sannan kuma:
mod_dialplan_xml.c:637 Processing 1010 <1010>->98343379xxxx in context public
switch_core_state_machine.c:311 No Route, Aborting
switch_core_state_machine.c:312 Hangup sofia/internal/[email protected] [CS_ROUTING] [NO_ROUTE_DESTINATION] Babu hanya! Kodayake hanyar da muka yi rajista da gaskiya.
Amsar tana da sauƙi.
Kiran ya zo. ACL ya rasa shi. Kuma tun da ACL yana daure a cikin bayanan cikin gida, kuma wannan bayanin martaba yana cikin mahallin jama'a, FreeSWITCH yana kallon hanyar tafiya a cikin mahallin jama'a. Amma a cikin mahallin jama'a, hanya mai shigowa kawai, kuma tsarin yana gaya mana cewa babu hanyoyin da za a bi zuwa birni a can.
Akwai aƙalla hanyoyi biyu daga cikin wannan yanayin.
- Haɗa wannan ACL ba zuwa bayanin martaba ba, amma zuwa lambar ciki kanta. Wannan na iya zama hanya mafi dacewa don warwarewa, saboda. Zai fi kyau a ɗaure ACL kusa da yuwuwa zuwa Tsawaita don ingantaccen daidaitawa. Wadancan. za ka iya rubuta takamaiman adireshin / adireshin cibiyar sadarwa na wayar wanda za ta iya yin kira mai fita daga gare ta. Rashin amfanin wannan zaɓin shine kowane Extension zai yi wannan.
- Gyara ACL domin yayi aiki daidai a matakin bayanin martaba. Na zaɓi wannan zaɓi, saboda ya zama mini sauƙi don ƙara hanyar sadarwa zuwa ACL sau ɗaya fiye da rubuta shi a cikin kowane Tsari. Amma wannan na musamman don aikina ne. Don wasu ayyuka, ƙila ka buƙaci dabaru na yanke shawara daban.
Don haka. Bari mu gyara wuraren ACL kamar haka:
aikin tsohowar yanki: izini
A cikin jerin yankunan ACL, muna yin rajistar hanyar sadarwar:
musun 192.168.0.0/24
Aiwatar, sake lodaacl.
Muna gwadawa: muna sake buga lambar 98343379xxxx kuma ... wurin binciken yana tafe ... HELLO. Komai yana aiki.
Bari mu ga abin da ya faru a cikin FreeSWITCH:
kira ya fara:
switch_channel.c:1104 New Channel sofia/internal/[email protected]ACL ba ya rasa:
[DEBUG] sofia.c:10263 IP 192.168.0.150 Rejected by acl "domains". Falling back to Digest auth.sannan kuma:
mod_dialplan_xml.c:637 Processing 1010 <1010>->98343379xxxx in context domain.local
sofia/internal/[email protected] Regex (PASS) [Sity] destination_number(98343379xxxx) =~ /^9(8343[23]d{6})$/ break=on-false Hanyar hanya ta wuce, sannan sai an zo kafa haɗin gwiwa, wanda ya wuce iyakar batun.
Idan muka canza adireshin cibiyar sadarwa a cikin ACL, amma samun hoton daga gwajin farko, watau. ACL za ta tsallake kiran kuma hanyar za ta ce NO_ROUTE_DESTINATION.
Wataƙila wannan shine abin da nake so in ƙara akan ACL FusionPBX.
Ina fatan zai zama da amfani ga wani.
source: www.habr.com