# # /etc/siproxd.conf - siproxd configuration file # # !! This is a sample file, adapt it to your needs before using it # # !! Strings MUST NOT contain spaces in between !! # ###################################################################### # The interafce names of INBOUND and OUTBOUND interface. # if_inbound = eth1 if_outbound = eth0 ###################################################################### # Port to listen for incoming SIP messages. # Access lists in the form: IP/mask (ex. 10.0.0.1/24) # multiple entries may be separated by commas NO SPACES ARE ALLOWED!! # Empty list means 'does not apply' - no filtering is done then. # For *allow* lists this means: always allow, for *deny* lists that # this means never deny. # # hosts_allow_reg: defines nets where we accept registrations from # hosts_allow_sip: defines nets where we accept SIP traffic from # hosts_deny_sip: defines nets where we deny SIP traffic from # # - The deny list takes precedence over the allow lists. # - The allow_reg list imples also allowance for sip. # # Example for usage: # local private net -> allow_reg list # external nets (where we accept incoming calls from) -> allow_sip # hosts_allow_reg = 192.168.100.0/24 hosts_allow_sip = 123.45.0.0/16,123.46.0.0/16 hosts_deny_sip = 10.0.0.0/8,11.0.0.0/8 ###################################################################### # Access control. # 5060 is usually the correct choise - don't change is unless you # know what you're doing # sip_listen_port = 5060 ###################################################################### # Shall we daemonize? # daemonize = 1 ###################################################################### # What shall I log to syslog? # 0 - DEBUGs, INFOs, WARNINGs and ERRORs (this is the default) # 1 - INFOs, WARNINGs and ERRORs # 2 - WARNINGs and ERRORs # 3 - only ERRORs # 4 - absolutely nothing (be careful - you will have no way to # see what siproxd is doing - or NOT doing) silence_log = 0 ###################################################################### # Secure Enviroment settings: # user: uid/gid to switch to after startup # chrootjail: path to chroot to (chroot jail) user = siproxd chrootjail = /var/lib/siproxd/ ###################################################################### # global switch to enable (1) or disable (0) the RTP proxy feature # rtp_proxy_enable = 1 ###################################################################### # Port range where to allocate listen ports for incoming RTP traffic # this should be a range that is not blocked by the firewall # rtp_port_low = 7070 rtp_port_high = 7080 ###################################################################### # Timeout for RTP streams # after this number of seconds, an RTP stream is considered dead # and proxying it will be stopped. # rtp_timeout = 120 ###################################################################### # Proxy authentication # If proxy_auth_realm is defined (a string), clients will be forced # to authenticate themselfes at the proxy (for registration only). # To disable Authentication, simply comment out this line. # #proxy_auth_realm = Authentication_Realm # # the password to use (right now, only one global password for # registration is supported -> same for all local clients) # #proxy_auth_passwd = password # # or use individual per user passwords stored ia file # #proxy_auth_pwfile = doc/siproxd_passwd.cfg # # 'proxy_auth_pwfile' has precedence over 'proxy_auth_passwd' ###################################################################### # Debug level... (setting to -1 will enable everything) # # DBCLASS_BABBLE 0x00000001 // babble (like entering/leaving func) # DBCLASS_NET 0x00000002 // network # DBCLASS_SIP 0x00000004 // SIP manipulations # DBCLASS_REG 0x00000008 // Client registration # DBCLASS_NOSPEC 0x00000010 // non specified class # DBCLASS_PROXY 0x00000020 // proxy # DBCLASS_DNS 0x00000040 // DNS stuff # DBCLASS_NETTRAF 0x00000080 // network traffic # DBCLASS_CONFIG 0x00000100 // configuration # DBCLASS_RTP 0x00000200 // RTP proxy # DBCLASS_ACCESS 0x00000400 // Access list evaluation # DBCLASS_AUTH 0x00000800 // Authentication # debug_level = 0x00000000 ###################################################################### # Mask feature (experimental) # # Some UAs will always use the host/ip they register to as # host part in the registration record (which will be the inbound # ip address / hostname of the proxy) and can not be told to register a # different host (public IP address). This Mask feature allows to force # such a UA to be masqueraded to a different host. # -> Siemens SIP Phones seem to need this feature. # # mask_host=<inbound_ip/hostname> # masked_host=<hostname_to_be_masqueraded_as> # # mask_host=<10.0.1.1> -- inbound IP address of proxy # masked_host=<my.public.host> -- outbound hostname proxy