Hi there, I'm trying to do some special things with FileIPAuth but I can't manage to make it work. Basically I want to prevent anyone from registering using a prefix already in use, allow only some prefixes for some internal IP addresses, and prevent all IP address not on our local network from registering with our gatekeeper (but of course ALL external IP addresses should be able to place or receive calls managed by our gatekeeper, through their own gatekeepers defined in our neighbors) No matter what I do, I'm always in a situation where some RRQs are rejected with RRJ securityDenial First, my ISDN gateway defines ten prefixes, from 70 to 79. Second, my MCU defines a bunch of aliases (not prefixes) beginning either by 6, 8 or 9. Third, for all other IP addresses from the local network, I want to only allow them to register aliases beginning with 1 or 2. So I've done this : [Gatekeeper::Auth] FileIPAuth:required;RRQ ... default=allow [FileIPAuth] ; Gateway IP address : we want to allow prefixes 70 to 79 only. 192.168.1.100=allow;7 ; MCU IP address : we want to allow all aliases it wants ; to register, because it's easier... 192.168.1.101=allow ; All other IP addresses : we want to only allow aliases ; which begin with 1 or 2 192.168.1.0/24=allow;1,2 ; finally all external IP addresses can't register to our gatekeeper any=reject And this doesn't work, for example if 192.168.1.200 tries to register alias 144 or 287, which begin with 1 or 2, it is rejected. Now if I remove all prefix numbers and just put 'allow' on all lines my endpoints can register again, but of course with any alias number. Any idea what I do wrong ? Thanks in advance Jerome Alet ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________________ Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549 Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users Homepage: http://www.gnugk.org/
