ProHoster > Pūnaewele > Nā Administration > FusionPBX a me ACL

FusionPBX a me ACL

ʻO kaʻu ʻatikala ʻaʻole ia he wehewehe piha o ka huahana, akā he hoʻomaʻemaʻe liʻiliʻi wale nō o ka paʻi maikaʻi "FusionPBX, a i ʻole hou-nui, FreeSWITCH". Me he mea lā ʻaʻole i hōʻike maikaʻi ʻia ke kumuhana o ACL ma FusionPBX. E ho'āʻo wau e hoʻopiha i kēia āpau ma muli o koʻu ʻike ponoʻī me FreeSWITCH/FusionPBX.

A no laila, ua hoʻokomo mākou i FusionPBX me kahi helu kūloko i hoʻopaʻa ʻia ma ka domain.local domain a me kahi ala i hoʻonohonoho ʻia no nā kelepona waho i ke kūlanakauhale. Hoʻohana mākou i ka ACL no ka hoʻopaʻa ʻana i kā mākou ʻōnaehana kelepona mai nā kelepona ʻae ʻole e lawe i kā mākou kālā. ʻO kēlā mau mea. mai nā pūnaewele i wehewehe ʻia ma ka ACL e ʻae i nā kelepona puka. A eia ʻoe e pono ai i kahi ʻike maopopo loa i ka hana ʻana o ACL ma FusionPBX, kona mau hiʻohiʻona, ka loiloi a me kāna wahi heleuma.

E like me ka mea kākau i mahalo ʻia o ka ʻatikala ma luna, ua hehi wau i nā rake āpau e pili ana i ka ACL.

E hoʻomaka wau me SipProfiles.
ʻO nā ʻaoʻao ʻelua (e kapa wau iā lākou), ʻo loko a me waho, aia i loko o ka pōʻaiapili lehulehu, ʻaʻole ia he pōʻino. Hoʻopaʻa inoa ʻia nā helu ma ka ʻaoʻao kūloko, a e hoʻolohe mākou iā ia. Ma ka ʻaoʻao kūloko, hoʻopaʻa ʻia nā kāʻei kapu ACL ma ke ʻano he noi-inbound-acl. ʻO kēia laina ke kuleana no ka hana ʻana o ka ACL ma ka pae profile. A hiki i kēia manawa, ʻo ia me nā profiles.

Kuhi

Hoʻohana ʻia ka ʻatikala, ma waena o nā mea ʻē aʻe, ma ke ala kelepona. Hoʻopili ʻia nā ala komo a pau i ka pōʻaiapili lehulehu.

ʻO nā ala hele (i ke kūlanakauhale, i ke kelepona, ka lōʻihi, ka honua, a me nā ala ʻē aʻe) (ma ka paʻamau) i loko o ka pōʻaiapili o kahi inoa domain (e kapa iā ia domain.local).

ACL

I kēia manawa, e kamaʻilio mākou me nā ACL. Ma ka paʻamau, ʻelua mau ACL i hoʻokomo hou ʻia i ka FusionPBX:

hana paʻamau: hōʻole - ua paʻa kēia pepa i ka ʻaoʻao kūloko
lan hana paʻamau: ʻae

Ma nā papa inoa ACL, kuhikuhi mākou i ka pūnaewele (maikaʻi, no ka laʻana, 192.168.0.0/24), hana mākou i ka ʻae no kēia pūnaewele, hoʻohana mākou i ka reloadacl.

Ma hope aʻe, hoʻopaʻa inoa mākou i kahi kelepona mai kēia pūnaewele, a ua maikaʻi nā mea āpau a e like me nā kuhikuhi a me ke kūpono.
Hoʻomaka mākou e hoʻāʻo, kelepona i kahi helu waho a ... loaʻa iā mākou kahi donut, a i ʻole he lua donut. Hikiwawe!

Hoʻomaka mākou e nānā i ka log i loko o ka console a ma o ka Log Viewer FusioPBX.

ʻIke mākou i kā mākou pilikia:

switch_channel.c:1104 New Channel sofia/internal/[email protected]

ʻIke mākou i ka ACL i hana:

sofia.c:10208 IP 192.168.0.150 Approved by acl "domains[]". Access Granted.

Eia hou:

mod_dialplan_xml.c:637 Processing 1010 <1010>->98343379xxxx in context public
switch_core_state_machine.c:311 No Route, Aborting 
switch_core_state_machine.c:312 Hangup sofia/internal/[email protected] [CS_ROUTING] [NO_ROUTE_DESTINATION]

ʻAʻohe ala! ʻOiai ke ala a mākou i hoʻopaʻa inoa pono ai.

He mea maʻalahi ka pane.

Ua hiki mai ke kelepona. Ua hala ʻo ACL. A ma muli o ka paʻa ʻana o ka ACL i ka ʻaoʻao kūloko, a aia kēia ʻaoʻao i ka pōʻaiapili lehulehu, nānā pono ʻo FreeSWITCH i ke ala ala i ka pōʻaiapili lehulehu. Akā i ka pōʻaiapili lehulehu, ʻo ke ala hele wale nō, a haʻi maoli ka ʻōnaehana iā mākou ʻaʻohe ala i ke kūlanakauhale ma laila.

ʻElua mau ala i waho o kēia kūlana.

  1. E hoʻopili i kēia ACL ʻaʻole i ka ʻaoʻao, akā i ka helu kūloko ponoʻī. ʻO kēia paha ke ala pololei loa e hoʻoponopono ai, no ka mea. ʻOi aku ka maikaʻi o ka hoʻopaʻa ʻana i ka ACL i kahi kokoke loa i ka Extension no ka hoʻokani maikaʻi ʻana. ʻO kēlā mau mea. hiki iā ʻoe ke kuhikuhi i kahi helu kikoʻī / helu pūnaewele o ke kelepona kahi e hiki ai ke kāhea i waho. ʻO ka hemahema o kēia koho, ʻo kēlā me kēia Extension e hana i kēia.
  2. E hoʻoponopono i ka ACL i mea e hana pono ai ma ka pae kiʻekiʻe. Ua koho wau i kēia koho, no ka mea, ua maʻalahi iaʻu e hoʻohui i ka pūnaewele i ka ACL i hoʻokahi manawa ma mua o ke kuhikuhi ʻana i kēlā me kēia Extension. Akā, pili kēia i kaʻu hana. No nā hana ʻē aʻe, pono paha ʻoe i kahi loiloi hoʻoholo ʻokoʻa.

No laila. E hoʻoponopono i nā kāʻei kapu ACL penei:

nā kāʻei kapu hana paʻamau: ʻae

Ma ka papa inoa ACL, hoʻopaʻa inoa mākou i ka pūnaewele:

hoole 192.168.0.0/24

E noi, reloadacl.
Ke hoʻāʻo nei mākou: kelepona hou mākou i ka helu 98343379xxxx a ... ke hele mai nei ka mākaʻikaʻi ... HELLO. Ke hana nei nā mea a pau.
E ʻike kākou i ka mea i hana ʻia ma FreeSWITCH:
hoʻomaka ke kelepona:

switch_channel.c:1104 New Channel sofia/internal/[email protected]

ʻAʻole i hala ka ACL:

[DEBUG] sofia.c:10263 IP 192.168.0.150 Rejected by acl "domains". Falling back to Digest auth.

a ʻoi aku:

mod_dialplan_xml.c:637 Processing 1010 <1010>->98343379xxxx in context domain.local
sofia/internal/[email protected] Regex (PASS) [Sity] destination_number(98343379xxxx) =~ /^9(8343[23]d{6})$/ break=on-false

Ua hala ke alahele, a laila hiki mai ka hoʻokumu ʻana i ka pilina, aia ma waho o ke ʻano o ke kumuhana.

Inā mākou e hoʻololi i ka helu pūnaewele ma ka ACL, akā e kiʻi i ke kiʻi mai ka ho'āʻo mua, i.e. E hoʻokuʻu ka ACL i ke kelepona a ʻōlelo ʻia ke ala ala NO_ROUTE_DESTINATION.

ʻO ia wale nō kaʻu makemake e hoʻohui ma ACL FusionPBX.

Manaʻo wau e pono ia i kekahi.

Source: www.habr.com

Pākuʻi i ka manaʻo hoʻopuka