Hello Hakan, I have attached my openser.cfg file if you can see any error: DB entry is: select * from trusted where src_ip = '82.113.11.12'; +--------------+-------+--------------+------+ | src_ip | proto | from_pattern | tag | +--------------+-------+--------------+------+ | 82.113.11.12 | udp | ^sip:00*@* | NULL | +--------------+-------+--------------+------+ ===== # ------------------ module loading ---------------------------------- loadmodule "/usr/local/lib/openser/modules/mysql.so" loadmodule "/usr/local/lib/openser/modules/sl.so" loadmodule "/usr/local/lib/openser/modules/tm.so" loadmodule "/usr/local/lib/openser/modules/rr.so" loadmodule "/usr/local/lib/openser/modules/maxfwd.so" loadmodule "/usr/local/lib/openser/modules/usrloc.so" loadmodule "/usr/local/lib/openser/modules/registrar.so" loadmodule "/usr/local/lib/openser/modules/textops.so" loadmodule "/usr/local/lib/openser/modules/permissions.so" loadmodule "/usr/local/lib/openser/modules/auth.so" loadmodule "/usr/local/lib/openser/modules/auth_db.so" loadmodule "/usr/local/lib/openser/modules/nathelper.so" loadmodule "/usr/local/lib/openser/modules/uri_db.so" loadmodule "/usr/local/lib/openser/modules/uri.so" loadmodule "/usr/local/lib/openser/modules/dispatcher.so" # ----------------- setting module-specific parameters --------------- #---- Permissions_Module_Parameters ----- modparam("permissions", "db_mode", 0) modparam("permissions", "trusted_table", "trusted") modparam("permissions", "source_col", "src_ip") modparam("permissions", "proto_col", "proto") modparam("permissions", "from_col", "from_pattern") modparam("permissions", "db_url", "mysql://openser:openserrw@localhost/openser") # -- usrloc params -- modparam("usrloc", "db_mode", 0) # Uncomment this if you want to use SQL database modparam("auth_db|uri_db|usrloc", "db_url", "mysql://openser:openserrw@localhost/openser") modparam("auth_db", "use_domain", 1) modparam("auth_db", "calculate_ha1", 1) modparam("auth_db", "password_column", "password") modparam("nathelper", "natping_interval", 30) modparam("nathelper", "ping_nated_only", 1) modparam("nathelper", "rtpproxy_sock", "unix:/var/run/rtpproxy.sock") modparam( "registrar", "append_branches", 1 ) modparam( "registrar", "desc_time_order", 1 ) modparam( "registrar", "nat_flag", 6 ) modparam("usrloc", "db_mode", 2) ##modparam("rr", "enable_full_lr", 1) ####### end old ser # -- auth params -- # Uncomment if you are using auth module # #modparam("auth_db", "calculate_ha1", yes) # # If you set "calculate_ha1" parameter to yes (which true in this config), # uncomment also the following parameter) # #modparam("auth_db", "password_column", "password") # -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1) # ------------------------- request routing logic ------------------- # main routing logic route { ########### if (!mf_process_maxfwd_header("10")) { sl_send_reply("483", "Too Many Hops"); return; }; if (msg:len > max_len) { sl_send_reply("513", "Message Overflow"); return; }; ############### if ( method != "REGISTER" ) { record_route(); }; if ( nat_uac_test( "3" ) ) { setflag( 6 ); force_rport(); fix_nated_contact(); }; if ( method=="INVITE" ) { force_rtp_proxy(); }; if ( loose_route() ) { route( 1 ); return; }; if ( uri == myself ) { if ( method == "REGISTER" ) { if ( ! www_authorize( "", "subscriber" ) ) { www_challenge( "", "0" ); return; }; if ( ! check_to() ) { sl_send_reply( "403", "Authentication user must match username" ); return; }; save( "location" ); return; }; if (allow_trusted()) { if ( uri =~ "sip:00[1-9]+@.*" ) { if ( src_ip == 82.113.11.12){ prefix("2333"); }; prefix("11"); ds_select_dst( "1", "0" ); route( 1 ); return; } }; } else { if ( method == "INVITE" ) { sl_send_reply( "403", "Host part forbidden" ); return; }; }; route( 1 ); } route[1] { t_on_reply( "1" ); if ( ! t_relay() ) { sl_reply_error(); }; } onreply_route[1] { if ( status =~ "(180)|(183)|2[0-9][0-9]" ) { if ( ! search( "^Content-Length:\ +0" ) ) { force_rtp_proxy(); }; }; if ( nat_uac_test( "3" ) ) { force_rport(); fix_nated_contact(); }; } ##================= -----Original Message----- From: hakanyasti(a)gmail.com To: ronn100200(a)aim.com; users(a)openser.org Sent: Mon, 14 Aug 2006 8:10 AM Subject: Re: [Users] Module for Config files You can use permissions module. http://www.openser.org/docs/modules/1.1.x/permissions.html this is an example of with trusted_table..... loadmodule "/usr/local/lib/openser/modules/permissions.so" modparam("permissions", "db_url", "postgres or mysql://username:password@localhost/dbname") #---- Permissions_Module_Parameters ----- modparam("permissions", "db_mode", 0) modparam("permissions", "trusted_table", "trusted") modparam("permissions", "source_col", "src_ip") modparam("permissions", "proto_col", "proto") modparam("permissions", "from_col", "from_pattern") route[3] { # ----------------------------------------------------------------- # INVITE Message Handler # ----------------------------------------------------------------- if (allow_trusted()) { route(4); # NAT Traversal Section route(5); # PSTN Handler return; }; Welcome to psql 7.4.13, the PostgreSQL interactive terminal. Type: \copyright for distribution terms \h for help with SQL commands \? for help on internal slash commands \g or terminate with semicolon to execute query \q to quit dbname=> select * from trusted; src_ip | proto | from_pattern -----------------+-------+------------------------------- 10.1.1.5 | udp | ^sip:120*@* Regards, Hakan. ----- Original Message ----- From: ronn100200(a)aim.com To: users(a)openser.org Sent: Monday, August 14, 2006 5:39 PM Subject: [Users] Module for Config files Hi All, I am using the following if statement to allow certain calls from pre authorized IPs. if ( method == "INVITE" && src_ip != 195.xxx.xxx.xx && src_ip != 195.xxx.xxx.xx && src_ip != 195.xxx.xxx.xx && src_ip != 195.xxx.xxx.xx) { My issues is the number of IPs that need to be authorized this way is getting large and was wondering if there's a module that can be used to read config date from a config file ? regards, Ron Check Out the new free AIM(R) Mail -- 2 GB of storage and industry-leading spam and email virus protection. _______________________________________________ Users mailing list Users(a)openser.org http://openser.org/cgi-bin/mailman/listinfo/users ________________________________________________________________________ Check Out the new free AIM(R) Mail -- 2 GB of storage and industry-leading spam and email virus protection.

If you cannot apply a mask to match the IP, you can use database to store the list of IP addresses and the via avpops module check if the source IP address is there. See avp_db_query(): http://www.openser.org/docs/modules/1.1.x/avpops.html#AEN268 IP/mask can be used with openser as well. Cheers, Daniel On 08/14/06 18:22, Weiter Leiter wrote:

Hello, On 08/15/06 15:29, ronn100200(a)aim.com wrote: the 407 is generated by proxy_challenge() function from auth module. It is not related to permissions module. http://www.openser.org/docs/modules/1.1.x/auth.html#AEN148 Cheers, Daniel

Check the values from the sip message coming to your proxy with the values at trusted table. May be you mismatch something there. Hakan. ----- Original Message ----- From: ronn100200(a)aim.com To: bp4mls(a)googlemail.com Cc: users(a)openser.org Sent: Tuesday, August 15, 2006 3:29 PM Subject: Re: [Users] Module for Config files Hi Hakan, I have followed your example but openser is still doing SIP/2.0 407 Proxy Authentication Required. When I start openser I'm seeing these messages: 0(0) WARNING: File not found: /usr/local/etc/openser/permissions.allow 0(0) Default allow file (/usr/local/etc/openser/permissions.allow) not found => empty rule set 0(0) WARNING: File not found: /usr/local/etc/openser/permissions.deny 0(0) Default deny file (/usr/local/etc/openser/permissions.deny) not found => empty rule set Do I need to specify the default permission files for this to work? thanks, Ron -----Original Message----- From: bp4mls(a)googlemail.com To: ronn100200(a)aim.com Cc: users(a)openser.org Sent: Mon, 14 Aug 2006 8:22 AM Subject: Re: [Users] Module for Config files Ser can something like ...src_ip != 195.xxx.xxx.128/25... (which is quite cheap). Probably OpenSer can do this, too. On 8/14/06, ronn100200(a)aim.com <ronn100200(a)aim.com> wrote: Hi All, I am using the following if statement to allow certain calls from pre authorized IPs. if ( method == "INVITE" && src_ip != 195.xxx.xxx.xx && src_ip != 195.xxx.xxx.xx && src_ip != 195.xxx.xxx.xx && src_ip != 195.xxx.xxx.xx) { My issues is the number of IPs that need to be authorized this way is getting large and was wondering if there's a module that can be used to read config date from a config file ? regards, Ron ---------------------------------------------------------------------------- Check Out the new free AIM(R) Mail -- 2 GB of storage and industry-leading spam and email virus protection. _______________________________________________ Users mailing list Users(a)openser.org http://openser.org/cgi-bin/mailman/listinfo/users ------------------------------------------------------------------------------ Check Out the new free AIM(R) Mail -- 2 GB of storage and industry-leading spam and email virus protection. ------------------------------------------------------------------------------ _______________________________________________ Users mailing list Users(a)openser.org http://openser.org/cgi-bin/mailman/listinfo/users