SIP IP screening based on IP address


#1

Bom Dia!

Does anyone have a way to simply screen on the incoming Ip address of the SIP INVITE? I’ve been trying different configurations of the commands host= and permit= and using peer,user, and friends as the device type but I can not get it to properly screen simply on the IP.

The config that I thought would work the best would be (in sip.conf) :

[XYZ]
type=user
context=6279
accountcode=XYZ
host=14.137.164.197
permit=14.137.164.197

I continue to get in the sip debug :

Using INVITE request as basis request - 281475@14.137.164.197
Sending to 14.317.164.197 : 5060 (NAT)
Found no matching peer or user for ‘14.137.164.197:5060’

INVITE :
INVITE sip:5518804XXXX@26.49.16.28;user=phone SIP/2.0
Via: SIP/2.0/UDP 14.137.164.197
From: sip:55193707XXXX@14.137.164.197;user=phone;tag=10000000-0-895965382
To: sip:5518804XXXX@26.49.16.28;user=phone
CSeq: 1 INVITE
Contact: sip:55193707XXXX@14.137.164.197
Call-ID: 281473@14.137.164.197
Remote-Party-ID: sip:55193707XXXX@14.137.164.197;user=phone;party=calling;id-type=subscriber;privacy=off;screen=yes
Max-Forwards: 70
Content-Type: application/sdp
Content-Length: 183

It appears that if the from header or contact header doesn’t include XYZ it won’t process/match the call in the hosts field.

so for example if I use the following:

[anonymous]
type=user
context=6279
accountcode=XYZ
host=14.137.164.197
permit=14.137.164.197

INVITE sip:5518804XXX@26.49.16.28;user=phone SIP/2.0
Via: SIP/2.0/UDP 14.317.164.197
From: "Anonymous"sip:anonymous@14.137.164.197;user=phone;tag=10000000-0-495010863
To: sip:5518804XXX@26.49.16.28;user=phone
CSeq: 1 INVITE
Contact: sip:anonymous@14.137.164.197
Call-ID: 282227@14.137.164.197
Remote-Party-ID: ;party=calling;id-type=subscriber;privacy=off;screen=no
Max-Forwards: 70
Content-Type: application/sdp
Content-Length: 183

Is there any work around to this? I’d like to be able to select a route context an account code/CDR generation by IP address.

Thanks in advance,

T…S


#2

Bom dia!

At a quick glance (i haven’t got much time this morning), i’d say you want to do your IP address screening with your firewall, not Asterisk!


#3

Not exactly what I was thinking mate… Need a way to isolate by IP address when it comes in as to which routing context we assign and which routes we take. It will have multiple phone numbers and multiple possible usernames per IP address which will be too costly to manage by hand etc…hence the need to look soley at the orgination IP. Also need to use the accounting feautre to bill based of these IPs.

Let me know what you think. All I kno is that in 1.2.0beta 1 I would have hoped that something as simple as this example from the sip.conf file would have worked properly.

;[sip_proxy]
; For incoming calls only. Example: FWD (Free World Dialup)
; We match on IP address of the proxy for incoming calls
; since we can not match on username (caller id)
;type=peer
;context=from-fwd
;host=fwd.pulver.com

Cheers,

T…S


#4

I assume by lack of response that there is no way then to look at just the IP address to determine the context that it hits? Am I correct?

At this point in the SIP.conf it apears that anything otehr than default will look at the username field in the SIP header to determine which context it should take.

Hasn’t there been any need for this in the market?


#5

I also want to know the answer. The only difference of my question is I do not want to use any peer or user configuration.

For peer, I think the context name is the income ip address.