Kamis, 08 Mei 2014

Membangun DNS Server IPv6 di Linux

DNS IPv6 yaitu DNS yang menyediakan servis untuk memetakan alamat heksadesimal IPv6 ke huruf abjad selain memetakan alamat IPv4.

1. Langkah pertama (seperti biasa)install dulu aplikasi DNSnya:

    user@desktop#sudo apt-get install bind9

2. Selesai install, kita langsung menuju file /etc/bind/named.conf.local (untuk file named.conf tidak usah diubah-ubah)

    user@desktop# sudo vi /etc/bind/named.conf.local

3. Edit, masukkan zone file yang nantinya akan dibaca sebagai referensi pemetaan alamat IPnya…

    #contoh zone file
    zone “sembarangdomain.com” {
    type master;
    file “/etc/bind/db.sembarang”;
    };

4. kemudian kita buat file referensinya, BIND akan membaca pemetaan alamat IPv4 dar record “A” dan untuk alamat IPv6 melalui record “AAAA”.

    user@desktop#sudo vi /etc/bind/db.sembarang
    ;
    ; BIND data file for local loopback interface
    ;
    $TTL 604800
    @ IN SOA ns1.sembarangdomain.com. admin.sembarangdomain.com. (
    1 ; Serial
    604800 ; Refresh
    86400 ; Retry
    2419200 ; Expire
    604800 ; Negative Cache TTL
    IN NS ns1.sembarangdomain.com.
    IN MX 10 sembarangdomain.com.
    www IN A 192.168.1.1
    www IN AAAA 2002:c0a8:102::1

simpan…
5. Lalu edit lagi file “/etc/bind/named.conf.options” dan tambahkan baris dibawah:

    options {
    directory “/var/cache/bind”;
    listen-on {any; };
    listen-on-v6 {any; };
    auth-nxdomain no; # conform to RFC1035
    };

tambahan baris diatas dimaksudkan agar DNS server nantinya dapat mendengar permintaan pemetaan IPv6 dari protokol IPv6 karena secara default aplikasi BIND hanya mendengar permintaan pemetaan IP dari IPv4.
6. Sebelum kita coba check, kita perlu untuk mengkonfigurasi alamat IPv6 disamping alamat IPv4 pada DNS server dgn perintah vi pada file /etc/network/interfaces, kemudian tambahkan baris di bawah:

    iface eth0 inet6 static
    address 2002:c0a8:102::1
    netmask 96

kemudian jalankan perintah “/etc/init.d/network restart” untuk membaca ulang konfigurasi yang baru.
7. Lalu pada sisi klien…kita juga harus mengkonfigurasi alamat IPv6 nya dengan cara mengedit file pada /etc/network/interfaces, kemudian tambahkan baris di bawah:

    iface eth0 inet6 static
    address 2002:c0a8:102::100
    netmask 96

kemudian jalankan perintah “/etc/init.d/network restart” untuk membaca ulang konfigurasi yang baru.
8. Terakhir kita arahkan klien untuk meminta resolve alamat IP ke DNS server yang akan dipakai di /etc/resolv.conf

    #alamat server dns yang akan dipakai dari klien IPv6
    nameserver 2002:c0a8:102::1

simpan…
9. untuk mengeceknya konektivitas dns klien dengan server kita gunakan perintah “ping6“, yaitu (hasil dibawah akan muncul jika konektivitas antara klien-server telah sukses):

    root@desktop#ping6 2002:c0a8:102::1
    PING 2002:c0a8:102::1(2002:c0a8:102::1) 56 data bytes
    64 bytes from 2002:c0a8:102::1: icmp_seq=1 ttl=64 time=0.042 ms
    64 bytes from 2002:c0a8:102::1: icmp_seq=2 ttl=64 time=0.048 ms
    64 bytes from 2002:c0a8:102::1: icmp_seq=3 ttl=64 time=0.049 ms
    — 2002:c0a8:102::1 ping statistics —
    3 packets transmitted, 3 received, 0% packet loss, time 1999ms
    rtt min/avg/max/mdev = 0.042/0.046/0.049/0.006 ms

setelah sukes terkoneksi…kita bisa mencoba query alamat www.sembarangdomain.com ke alamat IP dari klien dengan perintah:

    root@desktop#host -6 www.sembarangdomain.com

atau lewat browser dengan mengetik www.sembarangdomain.com (asalkan kompi www.sembarangdomain telah terinstall web server)

Rabu, 07 Mei 2014

Installasi Billing Pada Server Voip

#Step1 : Install Trixbox Pada Linux

#Step2 : Download a2billing

#cd /usr/src
#mkdir a2billing
#cd a2billing
#wget www.asterisk2billing.org/downloads/A2Billing_1.6.0.tar.gz
#tar -xzf A2Billing_1.6.0.tar.gz
#chown -R root:root /usr/src/a2billing

#Step3 : Membuat Database

# cd /usr/src/a2billing/DataBase/mysql/Mysql-3.x_4.x
# mysql -u root -ppassw0rd < a2billing-MYSQL-createdb-user.sql  
# mysql -u root -ppassw0rd mya2billing < a2billing-mysql-schema-MYSQL.3.X-4.X_v1.2.3.sql

#Step4 : Install Web Interface A2billing

#cp -rf /usr/src/a2billing/customer /var/www/html/a2customer
#chmod 777 /var/www/html/a2customer/templates_c
#cp -rf /usr/src/a2billing/agent /var/www/html
#chmod 777 /var/www/html/agent/templates_c
#cp -rf /usr/src/a2billing/admin /var/www/html/a2billing
#chmod 777 /var/www/html/a2billing/templates_c
#cp -Rf /usr/src/a2billing/common /var/www/html

#cp /usr/src/a2billing/AGI/a2billing.php /var/lib/asterisk/agi-bin/
#cp -rf /usr/src/a2billing/common/lib /var/lib/asterisk/agi-bin/
#chmod +x /var/lib/asterisk/agi-bin/a2billing.php
#chown -R asterisk:asterisk /var/lib/asterisk/agi-bin

#Step5 : Konfigurasi File A2billing

#cp /usr/src/a2billing/a2billing.conf /etc/asterisk
#chown asterisk:asterisk /etc/asterisk/a2billing.conf
#ln -sf /etc/asterisk/a2billing.conf /etc/a2billing.conf

#sed -i "s/\(port *= *\)\(.*\)/\13306/" /etc/asterisk/a2billing.conf
#sed -i "s/\(user *= *\)\(.*\)/\1a2billinguser/" /etc/asterisk/a2billing.conf
#sed -i "s/\(password *= *\)\(.*\)/\1a2billing/" /etc/asterisk/a2billing.conf
#sed -i "s/\(dbname *= *\)\(.*\)/\1mya2billing/" /etc/asterisk/a2billing.conf

#A2billing Extra sounds

#cd /usr/src/a2billing/addons/sounds
#./install_a2b_sounds.sh

# Step6 : Asterisk files


#cd /etc/asterisk/
#touch additional_a2billing_iax.conf
#touch additional_a2billing_sip.conf
#touch extensions_a2billing.conf

#echo "#include additional_a2billing_sip.conf" >> /etc/asterisk/sip_custom.conf
#echo "#include additional_a2billing_iax.conf" >> /etc/asterisk/iax_custom.conf
#echo -e >> /etc/asterisk/extensions_custom.conf
#echo "#include extensions_a2billing.conf" >> /etc/asterisk/extensions_custom.conf

# Step7 : A2billing file permissions

#chmod 666 /etc/asterisk/additional_a2billing_iax.conf
#chmod 666 /etc/asterisk/additional_a2billing_sip.conf
#chmod 666 /etc/asterisk/extensions_a2billing.conf
#chown -R asterisk:asterisk /etc/asterisk/
#chown -R asterisk:asterisk /var/www/html/common
#chown -R asterisk:asterisk /var/www/html/a2billing
#chown -R asterisk:asterisk /var/www/html/a2customer
#chown -R asterisk:asterisk /var/www/html/agent
#chown -R asterisk:asterisk /var/lib/asterisk/

#Step8 : Agar asterisk berkomunikasi dengan a2billing, ada yang di perhatikan di file extensions_a2billing.conf

[a2billing]
exten => _X.,1,Answer
exten => _X.,n,Wait(1)
exten => _X.,n,DeadAGI(a2billing.php,1)
exten => _X.,n,Hangup

[custom-a2billing]
exten => _X.,1,Answer
exten => _X.,n,Wait(1)
exten => _X.,n,DeadAGI(a2billing.php,1,did)
exten => _X.,n,Hangup


Selesai, tinggal kita buka lewat browser http://localhost/a2billing

User : root

Password : changepassword

Selasa, 06 Mei 2014

Cara Mudah Seting Hotspot dengan Mikrotik

Saya pengen berbagi pengalaman dalam hal seting hotspot di mikrotik. OK dah, langsung aja kita mulai yah….. Yang perlu disiapkan adalah :

1. Mikrotik box, dengan minimal paketnya adalah :
* System
* DHCP
* Wireless
* Hotspot
* Proxy
* User Manager (optional)
* Security (optional - recomended)
* Advanced Tools (optional)

2. Dua buah eth dan satu wlan card (kalo misal ga ada wlan card, bisa diganti dgn eth); Untuk memudahkan kita, kita kasih nama masing-masing eth dgn nama sebagai berikut : UpLink, Lokal, HotSpot.

3. Kemudian beri IP masing-masing eth tersebut :
* [admin@Mikrotik] > ip address add address=192.168.0.2/30 interface=UpLink
[admin@Mikrotik] > ip address add address=192.168.1.1/24 interface=Lokal [admin@Mikrotik] > ip address add address=192.168.2.1/24 interface=HotSpot

4. Masukkan default routenya :
* [admin@MikroTik] > ip route add gateway 192.168.0.1

5. Kemudian Seting untuk HotSpotnya :
* [admin@MikroTik] > ip hotspot setup
hotspot interface: HotSpot
local address of network: 192.168.2.1/24
masquerade network: yes
address pool of network: 192.168.2.2-192.168.2.99
select certificate: none
ip address of smtp server: 0.0.0.0
dns servers: 192.168.2.1
dns name: hotspot.mydomain.net
name of local hotspot user: user
password for the user: password
* Untuk user & password terserah mau di isi dgn apa.

Dengan setingan itu saja, kita dapat menggunakan fasilitas HotSpot, untuk lebih nyaman lagi, kita dapat menambahkan fasilitas User Manager.

Sebelum seting User Manager, periksa user hotspot yang ada, dan hapus semua jika ada

[admin@MikroTik] > ip hotspot user print
Flags: X - disabled, D - dynamic
# SERVER NAME ADDRESS PROFILE UPTIME
0 fred default 0s

[admin@MikroTik] > ip hotspot user remove 0

Agar User Manager dapat bekerja, pertama kita harus meng-add customer login dulu, ini digunakan untuk login ke User Manager Web Administration. (Ubahlah dengan keinginan anda untuk font yang italic)

[admin@MikroTik] > tool user-manager customer add login=hs_admin password=password

Sekarang kita seting HotSpot kita sebagai RADIUS client, jika User Manager kita dalam satu mesin dengan HotSpot, gunakan 127.0.0.1 untuk IP Addressnya :

[admin@MikroTik] > tool user-manager router add ip-address=hotspot-ip shared-secret=12345 subscriber=hs_admin

Sekarang kita seting untuk RADIUS-nya :

[admin@MikroTik] > radius add service=hotspot address=ip-address secret=12345

Sekarang kita seting profile HotSpotnya agar menggunakan RADIUS :

[admin@MikroTik] > ip hotspot profile print

Cari profile HotSpot yang digunakan, contoh :

[admin@MikroTik] > ip hotspot profile set 1 use-radius=yes

Done.

Untuk menggunakan fasilitas User Manager, gunakan jalur dari eth Lokal, gunakan Browser apapun, kemudian ketik : http://192.168.1.1/userman

Selasa, 06 Desember 2011

Connecting Two Asterisk Boxes Together via SIP

Connecting Two Asterisk Boxes Together via SIP

There may come a time when you have a pair of Asterisk boxes, and you’d like to pass calls between them. Luckily this isn’t very difficult, although it does have some oddities that we need to deal with, but from the configuration viewpoint it isn’t really all that difficult.
Our topology will consist of a SIP phone (Alice) registered to Asterisk A (Toronto), and a separate SIP phone (Bob) registered to Asterisk B (Osaka). At the end of this section, you will be able to set up a call from Alice to Bob (and vice versa) through your pair of Asterisk boxes (see Figure 4.5, “SIP trunking topology”). This is a common scenario when you have two physical locations, such as a company with multiple offices that wants a single logical extension topology.
Figure 4.5. SIP trunking topology
SIP trunking topology
First, let’s configure our Asterisk boxes.

Configuring Our Asterisk Boxes

We have a pair of Asterisk boxes that we’re going to call Toronto and Osaka and that we’re going to have register to each other. We’re going to use the most basic sip.conf file that will work in this scenario. Just like the SIP phone configuration earlier in this chapter, it’s not necessarily the best way to do it, but it’ll work.
Here is the configuration for the Toronto box:
[general]
register => toronto:welcome@192.168.1.101/osaka

[osaka]
type=friend
secret=welcome
context=osaka_incoming
host=dynamic
disallow=all
allow=ulaw
And the configuration for the Osaka box:
[general]
register => osaka:welcome@192.168.2.202/toronto

[toronto]
type=friend
secret=welcome
context=toronto_incoming
host=dynamic
disallow=all
allow=ulaw
Many of the previous options may be familiar to you by now, but let’s take a look at them further just in case they are not.
The second line of the file tells our Asterisk box to register to the other box, with the purpose of telling the remote Asterisk box where to send calls when it wishes to send a call to our local Asterisk box. Remember how we mentioned a little oddity in the configuration? Notice that at the end of the registration line we tag on a forward slash and the username of the remote Asterisk box? What this does is tell the remote Asterisk box what digest name to use when it wants to set up a call. If you forget to add this, then when the far end tries to send you a call, you’ll see the following at your Asterisk CLI:
[Apr 22 18:52:32] WARNING[23631]: chan_sip.c:8117 check_auth: username mismatch, 
                                  have <toronto>, digest has <s>
So by adding the forward slash and username, we tell the other end what to place in the Digest username of the Proxy Authorization field in the SIP INVITE message.
The rest of the file is the authorization block we use to control the incoming and outgoing calls from the other Asterisk box. On the Toronto box, we have the [osaka] authorization block, and on the Osaka box, we have the [toronto] block. We define the type as a friend, which allows us to both receive and place calls from the other Asterisk box. The secret is the password the other system should use when authenticating. The context is where incoming calls are processed in the dialplan (extensions.conf). We set the host parameter to dynamic, which tells our Asterisk box that the other endpoint will register to us, thereby telling us what IP address to set up calls when we want to send a call to the other end. Finally, the disallow and allow parameters control the codecs we wish to use with the other end.
If you save the file and reload the SIP channel on both Asterisk boxes (sip reload from the Asterisk console), you should see something like the following, which will tell you the remote box successfully registered:

*CLI>     -- Saved useragent "Asterisk PBX" for peer toronto

You should see the status of the Host change from (Unspecified) to the IP address of the remote box when you run sip show peers:
*CLI> sip show peers
Name/username        Host            Dyn Nat ACL Port     Status               
toronto/osaka        192.168.2.202    D          5060     Unmonitored
You can verify that your own registration was successful by running sip showregistry from the Asterisk console:
*CLI> sip show registry
Host                   Username    Refresh State      Reg.Time                 
192.168.1.101:5060     osaka       105 Registered     Sun, 22 Apr 2007 19:13:20
Now that our Asterisk boxes are happy with each other, let’s configure a couple of SIP phones so we can call between the boxes.

SIP Phone Configuration

See the the section called “Configuring an FXS Channel for an Analog Telephone”” section of this chapter for more information about configuring SIP phones with Asterisk. Below is the configuration for two SIP phones in the sip.conf file for each server, which we’ll be referencing from the dialplan in the next section, thereby giving us two endpoints to call between. Append this configuration to the end of the sip.conf file on each respective server.
Toronto sip.conf:
[1000]
type=friend
host=dynamic
context=phones
Osaka sip.conf:
[1001]
type=friend
host=dynamic
context=phones
You should now have extension 1000 registered to Toronto, and extension 1001 registered to Osaka. You can verify this with the sip show peers command from the Asterisk console. Next, we’re going to configure the dialplan logic that will allow us to call between the extensions.

Configuring the Dialplan

Now we can configure a simple dialplan for each server allowing us to call between the two phones we have registered: one to Toronto, the other to Osaka. In the the section called “Working with Interface Configuration Files”” section of this chapter, we asked you to create a simple extensions.conf file. We are going to build up a dialplan based on this simple configuration. The dialplan for each server will be very similar to the other one, but for clarity we will show both. The new lines we’re adding to the file will be italicized.
Toronto extensions.conf:
[globals]

[general]
autofallthrough=yes

[default]

[incoming_calls]

[phones]
include => internal
include => remote

[internal]
exten => _2XXX,1,NoOp()
exten => _2XXX,n,Dial(SIP/${EXTEN},30)
exten => _2XXX,n,Playback(the-party-you-are-calling&is-curntly-unavail)
exten => _2XXX,n,Hangup()

[remote]
exten => _1XXX,1,NoOp()
exten => _1XXX,n,Dial(SIP/osaka/${EXTEN})
exten => _1XXX,n,Hangup()

[osaka_incoming]
include => internal
Osaka extensions.conf:
[globals]

[general]
autofallthrough=yes

[default]

[incoming_calls]

[phones]
include => internal
include => remote

[internal]
exten => _1XXX,1,NoOp()
exten => _1XXX,n,Dial(SIP/${EXTEN},30)
exten => _1XXX,n,Playback(the-party-you-are-calling&is-curntly-unavail)
exten => _1XXX,n,Hangup()

[remote]
exten => _2XXX,1,NoOp()
exten => _2XXX,n,Dial(SIP/toronto/${EXTEN})
exten => _2XXX,n,Hangup()

[toronto_incoming]
include => internal
Once you’ve configured your extensions.conf file, you can reload it from the Asterisk console with the dialplan reload command. Verify your dialplan loaded with the dialplan show command.
And that’s it! You should be able to place calls between your two Asterisk servers now.

Connecting FreeSWITCH and Asterisk using SIP

Connecting FreeSWITCH and Asterisk using SIP

With ACLs

These are the steps and how I did to connect FreeSWITCH and Asterisk.
I first tried to use auth gateways to do the job, but was VERY tedious to resolve some issues, so I decided to do it using ACLs in both ways.
Lets assume you have asterisk box using IP 2.2.2.2 and FS using IP 1.1.1.1.
You need to add a acl list to ${FREESWITCH_HOME}/conf/autoload_configs/acl.conf.xml

<list name="asterisk_box" default="deny">
  <node type="allow" cidr="2.2.2.2/32"/>
</list>

In the [settings] section of ${FREESWITCH_HOME}/conf/sip_profiles/external.xml

<param name="apply-inbound-acl" value="asterisk_box"/>

Create the exten in ${FREESWITCH_HOME}/conf/dialplan/default.xml with the pattern to call asterisk extensions

<extension name="ast_extens">
  <condition field="destination_number" expression="^(2\d{3})$">
    <action application="set" data="hangup_after_bridge=true"/>
    <action application="bridge" data="sofia/external/$1@2.2.2.2"/>
    <action application="hangup"/>
  </condition>
</extension>
In the Asterisk box on /etc/asterisk/sip.conf
[general]

...

allowguest=no

[freeswitch_1]
type=peer
host=1.1.1.1
port=5080
disallow=all
allow=ulaw
trustrpid=yes
sendrpid=yes
; if using elastix you need the following or all phones will ring when a sip call comes in
context=from-internal
In /etc/asterisk/extensions.conf
exten => _1XXX,1,Dial(SIP/freeswitch_1/${EXTEN})
exten => _1XXX,n,Hangup

exten => _2XXX,1,Dial(SIP/${EXTEN})
exten => _2XXX,n,Hangup

Using Authentication

This howto is based on FreeSWITCH Version 1.0.trunk (10906) with default configuration. We assume that booth servers have static IPs and don't need to register. To set up the trunk we are going to utilize the use case predefined in default configuration for default gateway.

FreeSWITCH Side

In vars.xml you will find 6 variables which define your default gateway:

  <X-PRE-PROCESS cmd="set" data="default_provider=HOSTNAME.DOMAIN.COM"/>
  <X-PRE-PROCESS cmd="set" data="default_provider_username=USER_NAME"/>
  <X-PRE-PROCESS cmd="set" data="default_provider_password=BOOTH_WAY_PASSWORD"/>
  <X-PRE-PROCESS cmd="set" data="default_provider_from_domain=HOSTNAME.DOMAIN.COM"/>
  <X-PRE-PROCESS cmd="set" data="default_provider_register=false"/>
  <X-PRE-PROCESS cmd="set" data="default_provider_contact=5000"/>

Note: default_provider_password is used to authenticate calls from and to Asterisk and HOSTNAME.DOMAIN.COM is the DNS name of Asterisk server.

Those variables are used in two configuration files:
  1. directory/default/example.com.xml which describes:
    • the user for authentication of calls coming from Asterisk to FreeSWITCH. The ID on this user will be the same as value of variable default_provider.
    • the gateway for authentication of calls outgoing from FreeSWITCH to Asterisk. The ID of this gateway will be the same as ID of the user.
  2. dialplan/default//01_example.com.xml which contains routes utilizing the gateway. Probably you should customize expression parameter of <condition field="destination_number" ... > to your needs. Only calls to destination number matching expression will go through the gateway.
Before going further, you should look into dialplan/public.xml, this is the file where you'll need to create a rule to route incoming calls in public to default. If the call reach FS console but it doesn't go further, look again at this file, you might have an error. I've include an example to route incoming calls to extension 6969 to default dialplan!

    <extension name="public_extensions">
      <condition field="destination_number" expression="^(6969)$">
        <action application="transfer" data="$1 XML default"/>
      </condition>
    </extension>

After setting variables and tuning routes(see above) type on FS console sofia profile restart all reloadxml to activate changes.

Asterisk Side

You have to define sip peer and dialplan extension.
In sip.conf add:

[freeswitch]
type=peer
host=IP_ADDRESS_OF_FREESWITCH_SERVER
username=HOSTNAME.DOMAIN.COM
port=5080
fromdomain=IP_ADDRESS_OF_FREESWITCH_SERVER
secret=BOOTH_WAY_PASSWORD

In extensions.conf, probably in your internal context, add:

exten => _1XXX,1,Dial(SIP/${EXTEN}@freeswitch)

So you will be able to call to default phones (1000-1019) configured on FS.

One Asterisk console type: sip reload and extensions reload to activate changes.

The Easy Way

Assume 10.1.1.1 is FreeSWITCH with extensions of 1000-1019 and 10.1.1.2 is Asterisk with extensions in the range 2000-2019.

FreeSWITCH Side

We need to route calls made on freeswitch to the 2000-2019 extensions to the asterisk box, we'll use our external sip profile for this but internal should work, as well.
Create $FREESWITCH_HOME/conf/dialplan/default/00_asterisk_extensions.xml:

<extension name="to_asterisk">
  <condition field="destination_number" expression="^(20[01]\d)$">
    <action application="set" data="hangup_after_bridge=true"/>
    <action application="bridge" data="sofia/external/$1@10.1.1.2"/>
  </condition>
</extension>

Now we have to handle calls coming from asterisk, which by default hit the 'public' dialplan. 

Create $FREESWITCH_HOME/conf/dialplan/public/00_from_asterisk.xml:
<extension name="from_asterisk">
  <condition field="network_addr" expression="10.1.1.2" />
  <condition field="destination_number" expression="^(10[01]\d)$">
    <action application="transfer" data="$1 XML default" />
  </condition>
</extension>

Asterisk Side

We'll make freeswitch a peer in asterisk Add an entry in /etc/asterisk/sip.conf:

[freeswitch_1]
type=peer
host=10.1.1.1
port=5080
deny=0.0.0.0/0.0.0.0
permit=10.1.1.1/255.255.255.255
jbenable=no
disallow=all
allow=ulaw   
trustrpid=yes
sendrpid=yes
; if using elastix you need the following or all phones will ring when a sip call comes in, in general set this a context where your internal extensions are included
context=from-internal
And route calls to the appropriate place based on the extension In /etc/asterisk/extensions.conf:
exten => _10XX,1,Dial(SIP/freeswitch_1/${EXTEN})
exten => _10XX,n,Hangup

exten => _20XX,1,Dial(SIP/${EXTEN})
exten => _20XX,n,Hangup

You should now be able to make calls from the 1000s on FreeSWITCH to 
the 2000s on asterisk, and vice-versa.  If that's all you wanted/needed 
to do between them, you're Done!

A little more advanced

Instead of routing the calls to freeswitch's public dialplan from asterisk and having to create an appropriate transfer to the default XML dialplan, you could instead allow asterisk calls to directly hit the default XML dialplan on freeswitch. There are a few ways to do this, in this case we're just going to make the internal sip profile on freeswitch use the default context instead of the public context, then set an acl to allow asterisk to use that internal sip profile without authenticating.
First the ACL,
Edit $FREESWITCH_HOME/conf/autoload_configs/acl.conf.xml, adding:

<list name="asterisks" default="deny">
  <node type="allow" cidr="10.1.1.2/32"/>
</list>

Now, to apply it, In the [settings] section of $FREESWITCH_HOME/conf/sip_profiles/internal.xml, add:
 
<param name="apply-inbound-acl" value="asterisks"/>

Also in $FREESWITCH_HOME/conf/sip_profiles/internal.xml, edit the context to make it default:

<param name="context" value="default"/>

Now you can remove the public/00_from_asterisk.xml file and change 
the port from 5080 to 5060 in asterisk's sip.conf and you should be able
 to call any freeswitch extension that you set a route for in asterisk.

Kamis, 01 Desember 2011

INSTALLASI VYATTA ROUTER OPENSOURCE

Vyatta Quick Setup

This is a quick guide setup guide for the Vyatta open source router. This article assumes that you have already installed Vyatta either on physical hardware or in a virtual machine. For more information on creating a private network in ESXi Server see this article.

Vyatta can be downloaded from http://www.vyatta.org

Version 6.3 has a new LiveCD installer so there is a little work to get it going.

I used the VI Client to create a new VM. Select File, then New Virtual Machine.

Choose the following Settings:

    Configuration: Custom
    Name: "MyVyatta" Note: This name is whatever you want it to be.
    Datastore: Choose the datsstore you wish Vyatta to install on.
    Virtual Machine Version: 7
    Guest OS: Linux/Other 2.6x Linux
    CPU: "1"
    Memory: "512"
    Network: "2" / vmxnet3
    SCSI Controller: keep the defaults
    Select a Disk: keep the default
    Create a Disk: "4"GB then select thin provisioning

 Select the box to customize the configuration prior to completing the VM creation and do the following:

    Click CD/DVD Drive 1
    Select "Connect at power on"
    Select Device Type: "Datastore ISO File"
    Click "Browse..." and choose the LiveCD ISO file that you got from Vyatta.org


Start the new VM.
When it boots to the login prompt, login with a user and a password of "vyatta"
Now its time to install. Do this type


    #install-image

Choose all of the defaults and when the install is complete type


    #shutdown

Once it's shutdown, go back to the VI Client and select the Vyatta VM. Go to Edit Setting and do the following.

    Click CD/DVD Drive 1
    Unselect "Connect at power on"
    Select Device Type: "Client Device"

Start the Vyatta VM and once it powers up, log back in. 

Once you are logged into the Vyatta console you need to enter configuration mode, this is done by typing “configure” in the console.

    #configure



 Next use the show interfaces command to see the network configuration of your Vyatta router.

By using the MAC address of your network card you should be able to match your network card to the correct Vyatta ethernet interface.

You must set the IP address range for the Private Network in Vyatta. Because my private network is on eth1 I will use the following command to give it a static IP address.

    #set interfaces ethernet eth1 address 192.168.1.1/24

Then commit the IP address by using the commit command

    #commit

If you have a PC with a statically assigned IP address on the private network, you can test if the IP address took by pinging the IP address of your router inside of a virtual machine on the private network, if not, just continue.

Give the router a hostname and domain name by entering the following commands

    #set system host-name <your-router-name>
    #set system domain-name <your.domain.name>

 Set up the Timzone by typing

    #set system time-zone <your-time-zone>


Hit the tab key for timezone options.

    #commit

Now we setup external interface to gets its address from a DHCP server. Please note, if you need PPPOE for your internet provider you will need to take other steps. My internet provider uses DHCP so I don't have the ability to test any other configuration

    #set interfaces ethernet eth0 address dhcp

Now that the hostname, domain name, and IP information is set, its time to configure the private network to have a DHCP server.
The process below enables the DHCP server for the 192.168.1.0/24 network. It will distribute IP addresses at 50 and stop at 100. I also setup the outside DNS server and the default router for the DHCP server to give to clients.

This command names the network PRIVATE and sets the DHCP address range to start at 192.168.1.50

    #set service dhcp-server shared-network-name PRIVATE subnet 192.168.1.0/24 start 192.168.1.50

Now we tell the DHCP server to stop handing out addresses at 100

    #set service dhcp-server shared-network-name Home subnet 192.168.10.0/24 start 192.168.1.50 stop 192.168.1.100

Now setup the DNS and Default gateway. I use OpenDNS for my all of my DNS needs, it's free and allows for content filtering.

    #set service dhcp-server shared-network-name PRIVATE subnet 192.168.1.0/24 dns-server 208.67.222.222
    #set service dhcp-server shared-network-name PRIVATE subnet 192.168.1.0/24 dns-server 208.67.222.222
    #set service dhcp-server shared-network-name PRIVATE subnet 192.168.1.0/24 default-router 192.168.1.1

The last step to setup connectivity for the private network is to setup NAT. NAT will allow you to connect to the internet from any device on the private network.

    #Set service nat rule 10 type masquerade
    #Set service nat rule 10 source address 192.168.1.0/24
    #Set service nat rule 10 outbound-interface eth0
    #commit
    #save
    #exit

Once you have added NAT, check to see if your private network PC can access the internet. At this point, there should be full access from the private network to anywhere on your network.

INSTALLASI VSFTPD PADA CENTOS SERVER 5.3

Ya udahlah tanpa basa-basi dan banyak cincong ,nih berikut settingan konfigurasi pada saat saya menginstall ftp server pada server saya , cekidot :
1. Langkah pertama Instalasi Paket vsftpd nya terlebih dahulu dengan menggunakan perintah yum
[root@my-centos]# yum install vsftpd
2. Lalu Konfigurasi file vsftpd.conf nya
[root@my-centos]# vim /etc/vsftpd/vsftpd.conf
Yang perlu dirubah adalah:
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
ascii_upload_enable=YES
ascii_download_enable=YES
ftpd_banner=Welcome to FTP Server K-Place.
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES

3. Kemudian buat user lokal dengan nama ozotmacho
[root@my-centos]# adduser rivkhi
[root@my-centos]# passwd rivkhi
Changing password for user rivkhi.
New UNIX password:
BAD PASSWORD: it is too simplistic/systematic
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
4. Membuat file chroot_list
File ini berisi daftar user yang bisa mengakses FTP server.
[root@my-centos]# vim /etc/vsftpd/chroot_list
Isinya adalah :
rivkhi
5. Restart Service FTP
[root@my-centos]# service vsftpd restart
[root@my-centos]# chkconfig vsftpd on
6. Cek konfigurasi FTP
[root@my-centos]# getsebool -a | grep ftp
nah dibagian ini saya mendapatkan status : getsebool: SELinux is disabled
maka untuk mengatasi hal tersebut saya edit file :
[root@my-centos]# vi /etc/selinux/config
dimana sebelumnya filenya :
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing – SELinux security policy is enforced.
# permissive – SELinux prints warnings instead of enforcing.
# disabled – SELinux is fully disabled.
SELINUX=disable
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted – Only targeted network daemons are protected.
# strict – Full SELinux protection.
SELINUXTYPE=targeted
saya edit menjadi :
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing – SELinux security policy is enforced.
# permissive – SELinux prints warnings instead of enforcing.
# disabled – SELinux is fully disabled.
SELINUX=permisive
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted – Only targeted network daemons are protected.
# strict – Full SELinux protection.
SELINUXTYPE=targeted

lalu aku reboot komputernya. Setelah komputer di reboot aku jalan kembali command :
[root@my-centos]# getsebool -a | grep ftp
allow_ftpd_anon_write –> off
allow_ftpd_full_access –> off
allow_ftpd_use_cifs –> off
allow_ftpd_use_nfs –> off
allow_tftp_anon_write –> off
ftp_home_dir –> on
ftpd_disable_trans –> off
ftpd_is_daemon –> on
httpd_enable_ftp_server –> off
tftpd_disable_trans –> off

apabila ftp_home_dir masih berstatus off, maka jalankan perintah :
[root@lmy-centos]# setsebool -P ftp_home_dir on
[root@my-centos]# iptables –F
 [root@bluebox ~]# setsebool -P allow_ftpd_full_access on
Sekian dulu dah postingan dari saya, soalnya mata udah berat banget mau di shutdown dulu