| < Previous by Date | Date Index | Next by Date > |
| < Previous in Thread | Thread Index | Next in Thread > |
I had never tried that, it was only a theory. : ) You could try changing the code to allow 0 and see if that works, or just hardcod to stamp all requests as trusted - not sure what else you could try without code modifications.ScottOn Tue, Oct 8, 2013 at 4:22 PM, Simon Quigley <squigley@xxxxxxxxxxxxx> wrote:
Hi Scott,I suspect this is from line 221 in http://svn.resiprocate.org/dox/repro/_acl_store_8cxx_source.html
Thanks for the quick reply. I tried adding 0.0.0.0/0 first, but when I try to add it, I get "Error parsing: 0.0.0.0/0".
219 if (ipv4)So I can't specify a netmask of 0, and that's why I was specifying 8, but of course (now) I see how that wouldn't match.
Any suggestions?On Tue, Oct 8, 2013 at 4:08 PM, Scott Godin <sgodin@xxxxxxxxxxxxxxx> wrote:
The slash in the ACL's is how many bits of the IP address should be matched - so 0.0.0.0/0 should be what you want. (see Tuple::isEqualWithMask)You are correct about the restart - it will close all TCP connections.ScottOn Tue, Oct 8, 2013 at 3:48 PM, Simon Quigley <squigley@xxxxxxxxxxxxx> wrote:
Thanks,Can you provide some more information on the catch all acl?For the alternate option, of adding domains, I'm worried about having to do a restart to pickup the changes, even though it shows the registrations don't drop. The reason for my worry is that because we're not using it to do registrations, just to translate TCP to UDP in a passthrough mode, that the restart will close all the TCP connections, and then devices registered via the passthrough will either not realise, and be offline until they reregister, or will all try to reregister at the same time.I looked through the source of the file, http://svn.resiprocate.org/dox/repro/_acl_store_8cxx_source.html but I don't see how to create wildcard addresses or a catch all record.However, I can't seem to work out the format of the ACL to act as a catch all. I've adding things like 0.0.0.0/8, but it's still failing with a 403.I do see your point on adding an ACL, and scripting the updates, which I should be able to get working.I figured since I'm using it in a fairly unusual way, with authentication and registrar disabled, it might not cover what I'm trying to do.Hi Scott,Thanks for the reply. I had started reading the PDF, but only made it to page 10 :-)
It seems that ACL isn't correct for matching the IP, as I tried specifying that with the exact port number the request comes in from, but I still see it saying " AclStore.cxx:532 | AclStore - source address NOT trusted".
SimonOn Tue, Oct 8, 2013 at 9:02 AM, Scott Godin <sgodin@xxxxxxxxxxxxxxx> wrote:
Hi Simon,You could try adding a catch all ACL via the web interface to basically treat all addresses as "trusted" this should allow relaying to/from unknown domains and avoid the 403's.Also you can use the webinterface or modify the config file to add domains, then use an HTTP command (or reprocmd) to restart the proxy leaving registrations in tact. See "Repro Command Interface" and "Scripting Database Updates" sections in https://www.resiprocate.org/images/f/f0/Repro_1.8_Overview.pdf for more info.ScottOn Mon, Oct 7, 2013 at 6:05 PM, Simon Quigley <squigley@xxxxxxxxxxxxx> wrote:
_______________________________________________Hello,I'm using reSIProcate as a TCP to UDP relay, in front of a switch which has a single DNS hostname, but accepts registration for many domains.
Auth and registration are disabled in the config file for resipro, but it still requires the domain to be specified.
Is it possible to have reSIProcate accept/route requests for any/all domains, rather than having to specify them in the domain list/config file?(I've tried obvious things like omitting the domain list, and also attempting to specify wildcards, but that results in it returning 403s for every registration attempt).
Alternatively, if it isn't possible to allow all domains, is it possible to have the running repro process reread the domain list/config file, without having to do a full restart? (in which case I could have some sort of wrapper script which would append the additional domains to the list, and then cause it to be reread).
I've searched through the site, and the list archives, but I couldn't find these subjects being discussed, I apologise if they have been, and I failed to find the posts, and am repeating questions.
Thanks,Simon
--
Simon Quigley, Systems Engineer
Versature Corp. | 877-498-3772 x128
Follow us on Twitter - http://twitter.com/Versature
Check out the Versature Blog - http://inside.versature.com
resiprocate-users mailing list
resiprocate-users@xxxxxxxxxxxxxxx
List Archive: http://list.resiprocate.org/archive/resiprocate-users/
--
Simon Quigley, Systems Engineer
Versature Corp. | 877-498-3772 x128
Follow us on Twitter - http://twitter.com/Versature
Check out the Versature Blog - http://inside.versature.com
_______________________________________________
resiprocate-users mailing list
resiprocate-users@xxxxxxxxxxxxxxx
List Archive: http://list.resiprocate.org/archive/resiprocate-users/
--
Simon Quigley, Systems Engineer
Versature Corp. | 877-498-3772 x128
Follow us on Twitter - http://twitter.com/Versature
Check out the Versature Blog - http://inside.versature.com
_______________________________________________
resiprocate-users mailing list
resiprocate-users@xxxxxxxxxxxxxxx
List Archive: http://list.resiprocate.org/archive/resiprocate-users/