Hi Petr, take a look at SQLAuth. I'm pretty sure it will do all you need. RadAuth should work, too. Regards, Jan -- Jan Willamowius, Founder of the GNU Gatekeeper Project EMail : jan@xxxxxxxxxxxxxx Website: http://www.gnugk.org Support: http://www.willamowius.com/gnugk-support.html Petr Holub wrote: > Hi Jan, > > > the first issue is probably a misunderstanding what the prefixes in > > the FileIPAuth rules mean and I have clarified that in the CVS manual a > > minute ago: > > > > The prefixes specify the destination numbers an endpoint with that IP > > may call and are only checked in Setup messages. The prefixes _do_not_ > > restrict the aliases the endpoint can register with. > > OK, got the point. However, is there some way to limit registrations > then? I don't want the endpoints to register with arbitrary numbers. > I have this capability for aliases in [RasSrv::RRQAuth] section, > but is there any way to use this for the numbers? > > > Your 2nd issue is caused by the fact that GnuGk can only see the IP of > > the immediate next endpoint/neighbor sending the call. There is no way > > to check if that call really originates at that endpoint. > > If you neighbor may call that destination, then anybody who may route > > calls through your neighbor may also call that destination. > > I've temporarily solved the problem by removing the most painful > numbers from the AcceptedPrefixes list in the [Neighbor::...] > configuration. But this solution is very coarse and doesn't suit > my needs completely. Even if originating IP addresses are not > available (I've already found that from packet sniffing), I'd > like to filter at least based on source numbers - those seem to > be present in RasMessage->admissionRequest->srcInfo->dialedDigits > (semantics based on Wireshark). We have this capability for aliases > in the [PrefixAuth], but would it be possible to make it work also > for numbers? > > Thanks a lot! > Petr ------------------------------------------------------------------------------ 10 Tips for Better Web Security Learn 10 ways to better secure your business today. Topics covered include: Web security, SSL, hacker attacks & Denial of Service (DoS), private keys, security Microsoft Exchange, secure Instant Messaging, and much more. http://www.accelacomm.com/jaw/sfnl/114/51426210/ _______________________________________________________ Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users Homepage: http://www.gnugk.org/
