DNS IPv6 yaitu DNS yang menyediakan servis untuk memetakan alamat heksadesimal IPv6 ke huruf abjad selain memetakan alamat IPv4.
1. Langkah pertama (seperti biasa)install dulu aplikasi DNSnya:
user@desktop#sudo apt-get install bind9
2. Selesai install, kita langsung menuju file /etc/bind/named.conf.local (untuk file named.conf tidak usah diubah-ubah)
user@desktop# sudo vi /etc/bind/named.conf.local
3. Edit, masukkan zone file yang nantinya akan dibaca sebagai referensi pemetaan alamat IPnya…
#contoh zone file
zone “sembarangdomain.com” {
type master;
file “/etc/bind/db.sembarang”;
};
4. kemudian kita buat file referensinya, BIND akan membaca pemetaan alamat IPv4 dar record “A” dan untuk alamat IPv6 melalui record “AAAA”.
user@desktop#sudo vi /etc/bind/db.sembarang
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA ns1.sembarangdomain.com. admin.sembarangdomain.com. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ; Negative Cache TTL
IN NS ns1.sembarangdomain.com.
IN MX 10 sembarangdomain.com.
www IN A 192.168.1.1
www IN AAAA 2002:c0a8:102::1
simpan…
5. Lalu edit lagi file “/etc/bind/named.conf.options” dan tambahkan baris dibawah:
options {
directory “/var/cache/bind”;
listen-on {any; };
listen-on-v6 {any; };
auth-nxdomain no; # conform to RFC1035
};
tambahan baris diatas dimaksudkan agar DNS server nantinya dapat mendengar permintaan pemetaan IPv6 dari protokol IPv6 karena secara default aplikasi BIND hanya mendengar permintaan pemetaan IP dari IPv4.
6. Sebelum kita coba check, kita perlu untuk mengkonfigurasi alamat IPv6 disamping alamat IPv4 pada DNS server dgn perintah vi pada file /etc/network/interfaces, kemudian tambahkan baris di bawah:
iface eth0 inet6 static
address 2002:c0a8:102::1
netmask 96
kemudian jalankan perintah “/etc/init.d/network restart” untuk membaca ulang konfigurasi yang baru.
7. Lalu pada sisi klien…kita juga harus mengkonfigurasi alamat IPv6 nya dengan cara mengedit file pada /etc/network/interfaces, kemudian tambahkan baris di bawah:
iface eth0 inet6 static
address 2002:c0a8:102::100
netmask 96
kemudian jalankan perintah “/etc/init.d/network restart” untuk membaca ulang konfigurasi yang baru.
8. Terakhir kita arahkan klien untuk meminta resolve alamat IP ke DNS server yang akan dipakai di /etc/resolv.conf
#alamat server dns yang akan dipakai dari klien IPv6
nameserver 2002:c0a8:102::1
simpan…
9. untuk mengeceknya konektivitas dns klien dengan server kita gunakan perintah “ping6“, yaitu (hasil dibawah akan muncul jika konektivitas antara klien-server telah sukses):
root@desktop#ping6 2002:c0a8:102::1
PING 2002:c0a8:102::1(2002:c0a8:102::1) 56 data bytes
64 bytes from 2002:c0a8:102::1: icmp_seq=1 ttl=64 time=0.042 ms
64 bytes from 2002:c0a8:102::1: icmp_seq=2 ttl=64 time=0.048 ms
64 bytes from 2002:c0a8:102::1: icmp_seq=3 ttl=64 time=0.049 ms
— 2002:c0a8:102::1 ping statistics —
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.042/0.046/0.049/0.006 ms
setelah sukes terkoneksi…kita bisa mencoba query alamat www.sembarangdomain.com ke alamat IP dari klien dengan perintah:
root@desktop#host -6 www.sembarangdomain.com
atau lewat browser dengan mengetik www.sembarangdomain.com (asalkan kompi www.sembarangdomain telah terinstall web server)
Kamis, 08 Mei 2014
Rabu, 07 Mei 2014
Installasi Billing Pada Server Voip
#Step1 : Install Trixbox Pada Linux
#Step2 : Download a2billing
#cd /usr/src
#mkdir a2billing
#cd a2billing
#wget www.asterisk2billing.org/downloads/A2Billing_1.6.0.tar.gz
#tar -xzf A2Billing_1.6.0.tar.gz
#chown -R root:root /usr/src/a2billing
#Step3 : Membuat Database
# cd /usr/src/a2billing/DataBase/mysql/Mysql-3.x_4.x
# mysql -u root -ppassw0rd < a2billing-MYSQL-createdb-user.sql
# mysql -u root -ppassw0rd mya2billing < a2billing-mysql-schema-MYSQL.3.X-4.X_v1.2.3.sql
#Step4 : Install Web Interface A2billing
#cp -rf /usr/src/a2billing/customer /var/www/html/a2customer
#chmod 777 /var/www/html/a2customer/templates_c
#cp -rf /usr/src/a2billing/agent /var/www/html
#chmod 777 /var/www/html/agent/templates_c
#cp -rf /usr/src/a2billing/admin /var/www/html/a2billing
#chmod 777 /var/www/html/a2billing/templates_c
#cp -Rf /usr/src/a2billing/common /var/www/html
#cp /usr/src/a2billing/AGI/a2billing.php /var/lib/asterisk/agi-bin/
#cp -rf /usr/src/a2billing/common/lib /var/lib/asterisk/agi-bin/
#chmod +x /var/lib/asterisk/agi-bin/a2billing.php
#chown -R asterisk:asterisk /var/lib/asterisk/agi-bin
#Step5 : Konfigurasi File A2billing
#cp /usr/src/a2billing/a2billing.conf /etc/asterisk
#chown asterisk:asterisk /etc/asterisk/a2billing.conf
#ln -sf /etc/asterisk/a2billing.conf /etc/a2billing.conf
#sed -i "s/\(port *= *\)\(.*\)/\13306/" /etc/asterisk/a2billing.conf
#sed -i "s/\(user *= *\)\(.*\)/\1a2billinguser/" /etc/asterisk/a2billing.conf
#sed -i "s/\(password *= *\)\(.*\)/\1a2billing/" /etc/asterisk/a2billing.conf
#sed -i "s/\(dbname *= *\)\(.*\)/\1mya2billing/" /etc/asterisk/a2billing.conf
#A2billing Extra sounds
#cd /usr/src/a2billing/addons/sounds
#./install_a2b_sounds.sh
# Step6 : Asterisk files
#cd /etc/asterisk/
#touch additional_a2billing_iax.conf
#touch additional_a2billing_sip.conf
#touch extensions_a2billing.conf
#echo "#include additional_a2billing_sip.conf" >> /etc/asterisk/sip_custom.conf
#echo "#include additional_a2billing_iax.conf" >> /etc/asterisk/iax_custom.conf
#echo -e >> /etc/asterisk/extensions_custom.conf
#echo "#include extensions_a2billing.conf" >> /etc/asterisk/extensions_custom.conf
# Step7 : A2billing file permissions
#chmod 666 /etc/asterisk/additional_a2billing_iax.conf
#chmod 666 /etc/asterisk/additional_a2billing_sip.conf
#chmod 666 /etc/asterisk/extensions_a2billing.conf
#chown -R asterisk:asterisk /etc/asterisk/
#chown -R asterisk:asterisk /var/www/html/common
#chown -R asterisk:asterisk /var/www/html/a2billing
#chown -R asterisk:asterisk /var/www/html/a2customer
#chown -R asterisk:asterisk /var/www/html/agent
#chown -R asterisk:asterisk /var/lib/asterisk/
#Step8 : Agar asterisk berkomunikasi dengan a2billing, ada yang di perhatikan di file extensions_a2billing.conf
[a2billing]
exten => _X.,1,Answer
exten => _X.,n,Wait(1)
exten => _X.,n,DeadAGI(a2billing.php,1)
exten => _X.,n,Hangup
[custom-a2billing]
exten => _X.,1,Answer
exten => _X.,n,Wait(1)
exten => _X.,n,DeadAGI(a2billing.php,1,did)
exten => _X.,n,Hangup
Selesai, tinggal kita buka lewat browser http://localhost/a2billing
User : root
Password : changepassword
#Step2 : Download a2billing
#cd /usr/src
#mkdir a2billing
#cd a2billing
#wget www.asterisk2billing.org/downloads/A2Billing_1.6.0.tar.gz
#tar -xzf A2Billing_1.6.0.tar.gz
#chown -R root:root /usr/src/a2billing
#Step3 : Membuat Database
# cd /usr/src/a2billing/DataBase/mysql/Mysql-3.x_4.x
# mysql -u root -ppassw0rd < a2billing-MYSQL-createdb-user.sql
# mysql -u root -ppassw0rd mya2billing < a2billing-mysql-schema-MYSQL.3.X-4.X_v1.2.3.sql
#Step4 : Install Web Interface A2billing
#cp -rf /usr/src/a2billing/customer /var/www/html/a2customer
#chmod 777 /var/www/html/a2customer/templates_c
#cp -rf /usr/src/a2billing/agent /var/www/html
#chmod 777 /var/www/html/agent/templates_c
#cp -rf /usr/src/a2billing/admin /var/www/html/a2billing
#chmod 777 /var/www/html/a2billing/templates_c
#cp -Rf /usr/src/a2billing/common /var/www/html
#cp /usr/src/a2billing/AGI/a2billing.php /var/lib/asterisk/agi-bin/
#cp -rf /usr/src/a2billing/common/lib /var/lib/asterisk/agi-bin/
#chmod +x /var/lib/asterisk/agi-bin/a2billing.php
#chown -R asterisk:asterisk /var/lib/asterisk/agi-bin
#Step5 : Konfigurasi File A2billing
#cp /usr/src/a2billing/a2billing.conf /etc/asterisk
#chown asterisk:asterisk /etc/asterisk/a2billing.conf
#ln -sf /etc/asterisk/a2billing.conf /etc/a2billing.conf
#sed -i "s/\(port *= *\)\(.*\)/\13306/" /etc/asterisk/a2billing.conf
#sed -i "s/\(user *= *\)\(.*\)/\1a2billinguser/" /etc/asterisk/a2billing.conf
#sed -i "s/\(password *= *\)\(.*\)/\1a2billing/" /etc/asterisk/a2billing.conf
#sed -i "s/\(dbname *= *\)\(.*\)/\1mya2billing/" /etc/asterisk/a2billing.conf
#A2billing Extra sounds
#cd /usr/src/a2billing/addons/sounds
#./install_a2b_sounds.sh
# Step6 : Asterisk files
#cd /etc/asterisk/
#touch additional_a2billing_iax.conf
#touch additional_a2billing_sip.conf
#touch extensions_a2billing.conf
#echo "#include additional_a2billing_sip.conf" >> /etc/asterisk/sip_custom.conf
#echo "#include additional_a2billing_iax.conf" >> /etc/asterisk/iax_custom.conf
#echo -e >> /etc/asterisk/extensions_custom.conf
#echo "#include extensions_a2billing.conf" >> /etc/asterisk/extensions_custom.conf
# Step7 : A2billing file permissions
#chmod 666 /etc/asterisk/additional_a2billing_iax.conf
#chmod 666 /etc/asterisk/additional_a2billing_sip.conf
#chmod 666 /etc/asterisk/extensions_a2billing.conf
#chown -R asterisk:asterisk /etc/asterisk/
#chown -R asterisk:asterisk /var/www/html/common
#chown -R asterisk:asterisk /var/www/html/a2billing
#chown -R asterisk:asterisk /var/www/html/a2customer
#chown -R asterisk:asterisk /var/www/html/agent
#chown -R asterisk:asterisk /var/lib/asterisk/
#Step8 : Agar asterisk berkomunikasi dengan a2billing, ada yang di perhatikan di file extensions_a2billing.conf
[a2billing]
exten => _X.,1,Answer
exten => _X.,n,Wait(1)
exten => _X.,n,DeadAGI(a2billing.php,1)
exten => _X.,n,Hangup
[custom-a2billing]
exten => _X.,1,Answer
exten => _X.,n,Wait(1)
exten => _X.,n,DeadAGI(a2billing.php,1,did)
exten => _X.,n,Hangup
Selesai, tinggal kita buka lewat browser http://localhost/a2billing
User : root
Password : changepassword
Selasa, 06 Mei 2014
Cara Mudah Seting Hotspot dengan Mikrotik
Saya pengen berbagi pengalaman dalam hal seting hotspot di mikrotik. OK dah, langsung aja kita mulai yah….. Yang perlu disiapkan adalah :
1. Mikrotik box, dengan minimal paketnya adalah :
* System
* DHCP
* Wireless
* Hotspot
* Proxy
* User Manager (optional)
* Security (optional - recomended)
* Advanced Tools (optional)
2. Dua buah eth dan satu wlan card (kalo misal ga ada wlan card, bisa diganti dgn eth); Untuk memudahkan kita, kita kasih nama masing-masing eth dgn nama sebagai berikut : UpLink, Lokal, HotSpot.
3. Kemudian beri IP masing-masing eth tersebut :
* [admin@Mikrotik] > ip address add address=192.168.0.2/30 interface=UpLink
[admin@Mikrotik] > ip address add address=192.168.1.1/24 interface=Lokal [admin@Mikrotik] > ip address add address=192.168.2.1/24 interface=HotSpot
4. Masukkan default routenya :
* [admin@MikroTik] > ip route add gateway 192.168.0.1
5. Kemudian Seting untuk HotSpotnya :
* [admin@MikroTik] > ip hotspot setup
hotspot interface: HotSpot
local address of network: 192.168.2.1/24
masquerade network: yes
address pool of network: 192.168.2.2-192.168.2.99
select certificate: none
ip address of smtp server: 0.0.0.0
dns servers: 192.168.2.1
dns name: hotspot.mydomain.net
name of local hotspot user: user
password for the user: password
* Untuk user & password terserah mau di isi dgn apa.
Dengan setingan itu saja, kita dapat menggunakan fasilitas HotSpot, untuk lebih nyaman lagi, kita dapat menambahkan fasilitas User Manager.
Sebelum seting User Manager, periksa user hotspot yang ada, dan hapus semua jika ada
[admin@MikroTik] > ip hotspot user print
Flags: X - disabled, D - dynamic
# SERVER NAME ADDRESS PROFILE UPTIME
0 fred default 0s
[admin@MikroTik] > ip hotspot user remove 0
Agar User Manager dapat bekerja, pertama kita harus meng-add customer login dulu, ini digunakan untuk login ke User Manager Web Administration. (Ubahlah dengan keinginan anda untuk font yang italic)
[admin@MikroTik] > tool user-manager customer add login=hs_admin password=password
Sekarang kita seting HotSpot kita sebagai RADIUS client, jika User Manager kita dalam satu mesin dengan HotSpot, gunakan 127.0.0.1 untuk IP Addressnya :
[admin@MikroTik] > tool user-manager router add ip-address=hotspot-ip shared-secret=12345 subscriber=hs_admin
Sekarang kita seting untuk RADIUS-nya :
[admin@MikroTik] > radius add service=hotspot address=ip-address secret=12345
Sekarang kita seting profile HotSpotnya agar menggunakan RADIUS :
[admin@MikroTik] > ip hotspot profile print
Cari profile HotSpot yang digunakan, contoh :
[admin@MikroTik] > ip hotspot profile set 1 use-radius=yes
Done.
Untuk menggunakan fasilitas User Manager, gunakan jalur dari eth Lokal, gunakan Browser apapun, kemudian ketik : http://192.168.1.1/userman
1. Mikrotik box, dengan minimal paketnya adalah :
* System
* DHCP
* Wireless
* Hotspot
* Proxy
* User Manager (optional)
* Security (optional - recomended)
* Advanced Tools (optional)
2. Dua buah eth dan satu wlan card (kalo misal ga ada wlan card, bisa diganti dgn eth); Untuk memudahkan kita, kita kasih nama masing-masing eth dgn nama sebagai berikut : UpLink, Lokal, HotSpot.
3. Kemudian beri IP masing-masing eth tersebut :
* [admin@Mikrotik] > ip address add address=192.168.0.2/30 interface=UpLink
[admin@Mikrotik] > ip address add address=192.168.1.1/24 interface=Lokal [admin@Mikrotik] > ip address add address=192.168.2.1/24 interface=HotSpot
4. Masukkan default routenya :
* [admin@MikroTik] > ip route add gateway 192.168.0.1
5. Kemudian Seting untuk HotSpotnya :
* [admin@MikroTik] > ip hotspot setup
hotspot interface: HotSpot
local address of network: 192.168.2.1/24
masquerade network: yes
address pool of network: 192.168.2.2-192.168.2.99
select certificate: none
ip address of smtp server: 0.0.0.0
dns servers: 192.168.2.1
dns name: hotspot.mydomain.net
name of local hotspot user: user
password for the user: password
* Untuk user & password terserah mau di isi dgn apa.
Dengan setingan itu saja, kita dapat menggunakan fasilitas HotSpot, untuk lebih nyaman lagi, kita dapat menambahkan fasilitas User Manager.
Sebelum seting User Manager, periksa user hotspot yang ada, dan hapus semua jika ada
[admin@MikroTik] > ip hotspot user print
Flags: X - disabled, D - dynamic
# SERVER NAME ADDRESS PROFILE UPTIME
0 fred default 0s
[admin@MikroTik] > ip hotspot user remove 0
Agar User Manager dapat bekerja, pertama kita harus meng-add customer login dulu, ini digunakan untuk login ke User Manager Web Administration. (Ubahlah dengan keinginan anda untuk font yang italic)
[admin@MikroTik] > tool user-manager customer add login=hs_admin password=password
Sekarang kita seting HotSpot kita sebagai RADIUS client, jika User Manager kita dalam satu mesin dengan HotSpot, gunakan 127.0.0.1 untuk IP Addressnya :
[admin@MikroTik] > tool user-manager router add ip-address=hotspot-ip shared-secret=12345 subscriber=hs_admin
Sekarang kita seting untuk RADIUS-nya :
[admin@MikroTik] > radius add service=hotspot address=ip-address secret=12345
Sekarang kita seting profile HotSpotnya agar menggunakan RADIUS :
[admin@MikroTik] > ip hotspot profile print
Cari profile HotSpot yang digunakan, contoh :
[admin@MikroTik] > ip hotspot profile set 1 use-radius=yes
Done.
Untuk menggunakan fasilitas User Manager, gunakan jalur dari eth Lokal, gunakan Browser apapun, kemudian ketik : http://192.168.1.1/userman
Selasa, 06 Desember 2011
Connecting Two Asterisk Boxes Together via SIP
Connecting Two Asterisk Boxes Together via SIP
There may come a time when you have a pair of Asterisk boxes, and you’d like to pass calls between them. Luckily this isn’t very difficult, although it does have some oddities that we need to deal with, but from the configuration viewpoint it isn’t really all that difficult.
Configuring a Local Firewall
If you’re running iptables on the same machine as the Asterisk box, then you
can run the following commands to open port 5060 for SIP signaling, and
ports 10,000 through 20,000 for the RTP traffic. You can also narrow the
range of RTP ports in the rtp.conf file
located in /etc/asterisk. An excellent book on
iptables firewalls is Linux Firewalls by Steve Suehring
and Robert Ziegler (Novell Press):#Be aware that this will allow all UDP traffic from any source access to ports 5060 and 10,000 through 20,000.iptables -I RH-Firewall-1-INPUT -p udp --dport 5060 -j ACCEPT
#iptables -I RH-Firewall-1-INPUT -p udp --dport 10000:20000 -j ACCEPT
#service iptables save
Figure 4.5. SIP trunking topology
Configuring Our Asterisk Boxes
Here is the configuration for the Toronto box:
[general] register => toronto:welcome@192.168.1.101/osaka [osaka] type=friend secret=welcome context=osaka_incoming host=dynamic disallow=all allow=ulawAnd the configuration for the Osaka box:
[general] register => osaka:welcome@192.168.2.202/toronto [toronto] type=friend secret=welcome context=toronto_incoming host=dynamic disallow=all allow=ulawMany of the previous options may be familiar to you by now, but let’s take a look at them further just in case they are not.
The second line of the file tells our Asterisk box to register to the other box, with the purpose of telling the remote Asterisk box where to send calls when it wishes to send a call to our local Asterisk box. Remember how we mentioned a little oddity in the configuration? Notice that at the end of the registration line we tag on a forward slash and the username of the remote Asterisk box? What this does is tell the remote Asterisk box what digest name to use when it wants to set up a call. If you forget to add this, then when the far end tries to send you a call, you’ll see the following at your Asterisk CLI:
[Apr 22 18:52:32] WARNING[23631]: chan_sip.c:8117 check_auth: username mismatch, have <toronto>, digest has <s>So by adding the forward slash and username, we tell the other end what to place in the Digest username of the Proxy Authorization field in the SIP INVITE message.
The rest of the file is the authorization block we use to control the incoming and outgoing calls from the other Asterisk box. On the Toronto box, we have the
[osaka]
authorization block,
and on the Osaka box, we have the [toronto]
block. We
define the type as a friend
, which allows us to both
receive and place calls from the other Asterisk box. The
secret
is the password the other system should use
when authenticating. The context
is where incoming
calls are processed in the dialplan
(extensions.conf). We set the
host
parameter to dynamic
, which
tells our Asterisk box that the other endpoint will register to us,
thereby telling us what IP address to set up calls when we want to send
a call to the other end. Finally, the disallow
and
allow
parameters control the codecs we wish to use
with the other end.If you save the file and reload the SIP channel on both Asterisk boxes (
sip reload
from the
Asterisk console), you should see something like the following, which
will tell you the remote box successfully registered:*CLI> -- Saved useragent "Asterisk PBX" for peer toronto
You should see the status of the Host change from (
Unspecified
) to the IP address of the remote box
when you run sip show peers
:*CLI> sip show peers
Name/username Host Dyn Nat ACL Port Status
toronto/osaka 192.168.2.202 D 5060 Unmonitored
You
can verify that your own registration was successful by running
sip show
registry
from the Asterisk
console:*CLI> sip show registry
Host Username Refresh State Reg.Time
192.168.1.101:5060 osaka 105 Registered Sun, 22 Apr 2007 19:13:20
Now
that our Asterisk boxes are happy with each other, let’s configure a
couple of SIP phones so we can call between the boxes.SIP Phone Configuration
Toronto sip.conf:
[1000] type=friend host=dynamic context=phonesOsaka sip.conf:
[1001] type=friend host=dynamic context=phonesYou should now have extension 1000 registered to Toronto, and extension 1001 registered to Osaka. You can verify this with the
sip show peers
command from the Asterisk
console. Next, we’re going to configure the dialplan logic that will
allow us to call between the extensions.Configuring the Dialplan
extensions.conf
file. We are going to build
up a dialplan based on this simple configuration. The dialplan for each
server will be very similar to the other one, but for clarity we will
show both. The new lines we’re adding to the file will be
italicized.Toronto
extensions.conf
:[globals] [general] autofallthrough=yes [default] [incoming_calls] [phones] include => internal include => remote [internal] exten => _2XXX,1,NoOp() exten => _2XXX,n,Dial(SIP/${EXTEN},30) exten => _2XXX,n,Playback(the-party-you-are-calling&is-curntly-unavail) exten => _2XXX,n,Hangup() [remote] exten => _1XXX,1,NoOp() exten => _1XXX,n,Dial(SIP/osaka/${EXTEN}) exten => _1XXX,n,Hangup() [osaka_incoming] include => internalOsaka
extensions.conf
:[globals] [general] autofallthrough=yes [default] [incoming_calls] [phones] include => internal include => remote [internal] exten => _1XXX,1,NoOp() exten => _1XXX,n,Dial(SIP/${EXTEN},30) exten => _1XXX,n,Playback(the-party-you-are-calling&is-curntly-unavail) exten => _1XXX,n,Hangup() [remote] exten => _2XXX,1,NoOp() exten => _2XXX,n,Dial(SIP/toronto/${EXTEN}) exten => _2XXX,n,Hangup() [toronto_incoming] include => internalOnce you’ve configured your
extensions.conf
file, you can reload it from
the Asterisk console with the dialplan reload
command. Verify your dialplan loaded with the dialplan
show
command.And that’s it! You should be able to place calls between your two Asterisk servers now.
Connecting FreeSWITCH and Asterisk using SIP
Connecting FreeSWITCH and Asterisk using SIP
With ACLs
These are the steps and how I did to connect FreeSWITCH and Asterisk.I first tried to use auth gateways to do the job, but was VERY tedious to resolve some issues, so I decided to do it using ACLs in both ways.
Lets assume you have asterisk box using IP 2.2.2.2 and FS using IP 1.1.1.1.
You need to add a acl list to ${FREESWITCH_HOME}/conf/autoload_configs/acl.conf.xml
<list name="asterisk_box" default="deny"> <node type="allow" cidr="2.2.2.2/32"/> </list>In the [settings] section of ${FREESWITCH_HOME}/conf/sip_profiles/external.xml
<param name="apply-inbound-acl" value="asterisk_box"/>Create the exten in ${FREESWITCH_HOME}/conf/dialplan/default.xml with the pattern to call asterisk extensions
<extension name="ast_extens"> <condition field="destination_number" expression="^(2\d{3})$"> <action application="set" data="hangup_after_bridge=true"/> <action application="bridge" data="sofia/external/$1@2.2.2.2"/> <action application="hangup"/> </condition> </extension>In the Asterisk box on /etc/asterisk/sip.conf
[general] ... allowguest=no [freeswitch_1] type=peer host=1.1.1.1 port=5080 disallow=all allow=ulaw trustrpid=yes sendrpid=yes ; if using elastix you need the following or all phones will ring when a sip call comes in context=from-internalIn /etc/asterisk/extensions.conf
exten => _1XXX,1,Dial(SIP/freeswitch_1/${EXTEN}) exten => _1XXX,n,Hangup exten => _2XXX,1,Dial(SIP/${EXTEN}) exten => _2XXX,n,Hangup
Using Authentication
This howto is based on FreeSWITCH Version 1.0.trunk (10906) with default configuration. We assume that booth servers have static IPs and don't need to register. To set up the trunk we are going to utilize the use case predefined in default configuration for default gateway.FreeSWITCH Side
In vars.xml you will find 6 variables which define your default gateway:<X-PRE-PROCESS cmd="set" data="default_provider=HOSTNAME.DOMAIN.COM"/> <X-PRE-PROCESS cmd="set" data="default_provider_username=USER_NAME"/> <X-PRE-PROCESS cmd="set" data="default_provider_password=BOOTH_WAY_PASSWORD"/> <X-PRE-PROCESS cmd="set" data="default_provider_from_domain=HOSTNAME.DOMAIN.COM"/> <X-PRE-PROCESS cmd="set" data="default_provider_register=false"/> <X-PRE-PROCESS cmd="set" data="default_provider_contact=5000"/>Note: default_provider_password is used to authenticate calls from and to Asterisk and HOSTNAME.DOMAIN.COM is the DNS name of Asterisk server.
Those variables are used in two configuration files:
- directory/default/example.com.xml which describes:
- the user for authentication of calls coming from Asterisk to FreeSWITCH. The ID on this user will be the same as value of variable default_provider.
- the gateway for authentication of calls outgoing from FreeSWITCH to Asterisk. The ID of this gateway will be the same as ID of the user.
- dialplan/default//01_example.com.xml which contains routes utilizing the gateway. Probably you should customize expression parameter of <condition field="destination_number" ... > to your needs. Only calls to destination number matching expression will go through the gateway.
<extension name="public_extensions"> <condition field="destination_number" expression="^(6969)$"> <action application="transfer" data="$1 XML default"/> </condition> </extension>After setting variables and tuning routes(see above) type on FS console sofia profile restart all reloadxml to activate changes.
Asterisk Side
You have to define sip peer and dialplan extension.In sip.conf add:
[freeswitch] type=peer host=IP_ADDRESS_OF_FREESWITCH_SERVER username=HOSTNAME.DOMAIN.COM port=5080 fromdomain=IP_ADDRESS_OF_FREESWITCH_SERVER secret=BOOTH_WAY_PASSWORDIn extensions.conf, probably in your internal context, add:
exten => _1XXX,1,Dial(SIP/${EXTEN}@freeswitch)So you will be able to call to default phones (1000-1019) configured on FS.
One Asterisk console type: sip reload and extensions reload to activate changes.
The Easy Way
Assume 10.1.1.1 is FreeSWITCH with extensions of 1000-1019 and 10.1.1.2 is Asterisk with extensions in the range 2000-2019.FreeSWITCH Side
We need to route calls made on freeswitch to the 2000-2019 extensions to the asterisk box, we'll use our external sip profile for this but internal should work, as well.Create $FREESWITCH_HOME/conf/dialplan/default/00_asterisk_extensions.xml:
<extension name="to_asterisk"> <condition field="destination_number" expression="^(20[01]\d)$"> <action application="set" data="hangup_after_bridge=true"/> <action application="bridge" data="sofia/external/$1@10.1.1.2"/> </condition> </extension>Now we have to handle calls coming from asterisk, which by default hit the 'public' dialplan.
Create $FREESWITCH_HOME/conf/dialplan/public/00_from_asterisk.xml:
<extension name="from_asterisk">
<condition field="network_addr" expression="10.1.1.2" /> <condition field="destination_number" expression="^(10[01]\d)$"> <action application="transfer" data="$1 XML default" /> </condition> </extension>
Asterisk Side
We'll make freeswitch a peer in asterisk Add an entry in /etc/asterisk/sip.conf:[freeswitch_1] type=peer host=10.1.1.1 port=5080 deny=0.0.0.0/0.0.0.0 permit=10.1.1.1/255.255.255.255 jbenable=no disallow=all allow=ulaw trustrpid=yes sendrpid=yes ; if using elastix you need the following or all phones will ring when a sip call comes in, in general set this a context where your internal extensions are included context=from-internalAnd route calls to the appropriate place based on the extension In /etc/asterisk/extensions.conf:
exten => _10XX,1,Dial(SIP/freeswitch_1/${EXTEN}) exten => _10XX,n,Hangup exten => _20XX,1,Dial(SIP/${EXTEN}) exten => _20XX,n,HangupYou should now be able to make calls from the 1000s on FreeSWITCH to the 2000s on asterisk, and vice-versa. If that's all you wanted/needed to do between them, you're Done!
A little more advanced
Instead of routing the calls to freeswitch's public dialplan from asterisk and having to create an appropriate transfer to the default XML dialplan, you could instead allow asterisk calls to directly hit the default XML dialplan on freeswitch. There are a few ways to do this, in this case we're just going to make the internal sip profile on freeswitch use the default context instead of the public context, then set an acl to allow asterisk to use that internal sip profile without authenticating.First the ACL,
Edit $FREESWITCH_HOME/conf/autoload_configs/acl.conf.xml, adding:
<list name="asterisks" default="deny"> <node type="allow" cidr="10.1.1.2/32"/> </list>Now, to apply it, In the [settings] section of $FREESWITCH_HOME/conf/sip_profiles/internal.xml, add:
<param name="apply-inbound-acl" value="asterisks"/>Also in $FREESWITCH_HOME/conf/sip_profiles/internal.xml, edit the context to make it default:
<param name="context" value="default"/>Now you can remove the public/00_from_asterisk.xml file and change the port from 5080 to 5060 in asterisk's sip.conf and you should be able to call any freeswitch extension that you set a route for in asterisk.
Kamis, 01 Desember 2011
INSTALLASI VYATTA ROUTER OPENSOURCE
Vyatta Quick Setup
This is a quick guide setup guide for the Vyatta open source router. This article assumes that you have already installed Vyatta either on physical hardware or in a virtual machine. For more information on creating a private network in ESXi Server see this article.
Vyatta can be downloaded from http://www.vyatta.org
Version 6.3 has a new LiveCD installer so there is a little work to get it going.
I used the VI Client to create a new VM. Select File, then New Virtual Machine.
Choose the following Settings:
Configuration: Custom
Name: "MyVyatta" Note: This name is whatever you want it to be.
Datastore: Choose the datsstore you wish Vyatta to install on.
Virtual Machine Version: 7
Guest OS: Linux/Other 2.6x Linux
CPU: "1"
Memory: "512"
Network: "2" / vmxnet3
SCSI Controller: keep the defaults
Select a Disk: keep the default
Create a Disk: "4"GB then select thin provisioning
Select the box to customize the configuration prior to completing the VM creation and do the following:
Click CD/DVD Drive 1
Select "Connect at power on"
Select Device Type: "Datastore ISO File"
Click "Browse..." and choose the LiveCD ISO file that you got from Vyatta.org
Start the new VM.
When it boots to the login prompt, login with a user and a password of "vyatta"
Now its time to install. Do this type
#install-image
Choose all of the defaults and when the install is complete type
#shutdown
Once it's shutdown, go back to the VI Client and select the Vyatta VM. Go to Edit Setting and do the following.
Click CD/DVD Drive 1
Unselect "Connect at power on"
Select Device Type: "Client Device"
Start the Vyatta VM and once it powers up, log back in.
Once you are logged into the Vyatta console you need to enter configuration mode, this is done by typing “configure” in the console.
#configure
Next use the show interfaces command to see the network configuration of your Vyatta router.
By using the MAC address of your network card you should be able to match your network card to the correct Vyatta ethernet interface.
You must set the IP address range for the Private Network in Vyatta. Because my private network is on eth1 I will use the following command to give it a static IP address.
#set interfaces ethernet eth1 address 192.168.1.1/24
Then commit the IP address by using the commit command
#commit
If you have a PC with a statically assigned IP address on the private network, you can test if the IP address took by pinging the IP address of your router inside of a virtual machine on the private network, if not, just continue.
Give the router a hostname and domain name by entering the following commands
#set system host-name <your-router-name>
#set system domain-name <your.domain.name>
Set up the Timzone by typing
#set system time-zone <your-time-zone>
Hit the tab key for timezone options.
#commit
Now we setup external interface to gets its address from a DHCP server. Please note, if you need PPPOE for your internet provider you will need to take other steps. My internet provider uses DHCP so I don't have the ability to test any other configuration
#set interfaces ethernet eth0 address dhcp
Now that the hostname, domain name, and IP information is set, its time to configure the private network to have a DHCP server.
The process below enables the DHCP server for the 192.168.1.0/24 network. It will distribute IP addresses at 50 and stop at 100. I also setup the outside DNS server and the default router for the DHCP server to give to clients.
This command names the network PRIVATE and sets the DHCP address range to start at 192.168.1.50
#set service dhcp-server shared-network-name PRIVATE subnet 192.168.1.0/24 start 192.168.1.50
Now we tell the DHCP server to stop handing out addresses at 100
#set service dhcp-server shared-network-name Home subnet 192.168.10.0/24 start 192.168.1.50 stop 192.168.1.100
Now setup the DNS and Default gateway. I use OpenDNS for my all of my DNS needs, it's free and allows for content filtering.
#set service dhcp-server shared-network-name PRIVATE subnet 192.168.1.0/24 dns-server 208.67.222.222
#set service dhcp-server shared-network-name PRIVATE subnet 192.168.1.0/24 dns-server 208.67.222.222
#set service dhcp-server shared-network-name PRIVATE subnet 192.168.1.0/24 default-router 192.168.1.1
The last step to setup connectivity for the private network is to setup NAT. NAT will allow you to connect to the internet from any device on the private network.
#Set service nat rule 10 type masquerade
#Set service nat rule 10 source address 192.168.1.0/24
#Set service nat rule 10 outbound-interface eth0
#commit
#save
#exit
Once you have added NAT, check to see if your private network PC can access the internet. At this point, there should be full access from the private network to anywhere on your network.
This is a quick guide setup guide for the Vyatta open source router. This article assumes that you have already installed Vyatta either on physical hardware or in a virtual machine. For more information on creating a private network in ESXi Server see this article.
Vyatta can be downloaded from http://www.vyatta.org
Version 6.3 has a new LiveCD installer so there is a little work to get it going.
I used the VI Client to create a new VM. Select File, then New Virtual Machine.
Choose the following Settings:
Configuration: Custom
Name: "MyVyatta" Note: This name is whatever you want it to be.
Datastore: Choose the datsstore you wish Vyatta to install on.
Virtual Machine Version: 7
Guest OS: Linux/Other 2.6x Linux
CPU: "1"
Memory: "512"
Network: "2" / vmxnet3
SCSI Controller: keep the defaults
Select a Disk: keep the default
Create a Disk: "4"GB then select thin provisioning
Select the box to customize the configuration prior to completing the VM creation and do the following:
Click CD/DVD Drive 1
Select "Connect at power on"
Select Device Type: "Datastore ISO File"
Click "Browse..." and choose the LiveCD ISO file that you got from Vyatta.org
Start the new VM.
When it boots to the login prompt, login with a user and a password of "vyatta"
Now its time to install. Do this type
#install-image
Choose all of the defaults and when the install is complete type
#shutdown
Once it's shutdown, go back to the VI Client and select the Vyatta VM. Go to Edit Setting and do the following.
Click CD/DVD Drive 1
Unselect "Connect at power on"
Select Device Type: "Client Device"
Start the Vyatta VM and once it powers up, log back in.
Once you are logged into the Vyatta console you need to enter configuration mode, this is done by typing “configure” in the console.
#configure
Next use the show interfaces command to see the network configuration of your Vyatta router.
By using the MAC address of your network card you should be able to match your network card to the correct Vyatta ethernet interface.
You must set the IP address range for the Private Network in Vyatta. Because my private network is on eth1 I will use the following command to give it a static IP address.
#set interfaces ethernet eth1 address 192.168.1.1/24
Then commit the IP address by using the commit command
#commit
If you have a PC with a statically assigned IP address on the private network, you can test if the IP address took by pinging the IP address of your router inside of a virtual machine on the private network, if not, just continue.
Give the router a hostname and domain name by entering the following commands
#set system host-name <your-router-name>
#set system domain-name <your.domain.name>
Set up the Timzone by typing
#set system time-zone <your-time-zone>
Hit the tab key for timezone options.
#commit
Now we setup external interface to gets its address from a DHCP server. Please note, if you need PPPOE for your internet provider you will need to take other steps. My internet provider uses DHCP so I don't have the ability to test any other configuration
#set interfaces ethernet eth0 address dhcp
Now that the hostname, domain name, and IP information is set, its time to configure the private network to have a DHCP server.
The process below enables the DHCP server for the 192.168.1.0/24 network. It will distribute IP addresses at 50 and stop at 100. I also setup the outside DNS server and the default router for the DHCP server to give to clients.
This command names the network PRIVATE and sets the DHCP address range to start at 192.168.1.50
#set service dhcp-server shared-network-name PRIVATE subnet 192.168.1.0/24 start 192.168.1.50
Now we tell the DHCP server to stop handing out addresses at 100
#set service dhcp-server shared-network-name Home subnet 192.168.10.0/24 start 192.168.1.50 stop 192.168.1.100
Now setup the DNS and Default gateway. I use OpenDNS for my all of my DNS needs, it's free and allows for content filtering.
#set service dhcp-server shared-network-name PRIVATE subnet 192.168.1.0/24 dns-server 208.67.222.222
#set service dhcp-server shared-network-name PRIVATE subnet 192.168.1.0/24 dns-server 208.67.222.222
#set service dhcp-server shared-network-name PRIVATE subnet 192.168.1.0/24 default-router 192.168.1.1
The last step to setup connectivity for the private network is to setup NAT. NAT will allow you to connect to the internet from any device on the private network.
#Set service nat rule 10 type masquerade
#Set service nat rule 10 source address 192.168.1.0/24
#Set service nat rule 10 outbound-interface eth0
#commit
#save
#exit
Once you have added NAT, check to see if your private network PC can access the internet. At this point, there should be full access from the private network to anywhere on your network.
INSTALLASI VSFTPD PADA CENTOS SERVER 5.3
Ya udahlah tanpa basa-basi dan banyak cincong ,nih berikut settingan konfigurasi pada saat saya menginstall ftp server pada server saya , cekidot :
1. Langkah pertama Instalasi Paket vsftpd nya terlebih dahulu dengan menggunakan perintah yum
[root@my-centos]# yum install vsftpd
2. Lalu Konfigurasi file vsftpd.conf nya
[root@my-centos]# vim /etc/vsftpd/vsftpd.conf
Yang perlu dirubah adalah:
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
ascii_upload_enable=YES
ascii_download_enable=YES
ftpd_banner=Welcome to FTP Server K-Place.
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
3. Kemudian buat user lokal dengan nama ozotmacho
[root@my-centos]# adduser rivkhi
[root@my-centos]# passwd rivkhi
Changing password for user rivkhi.
New UNIX password:
BAD PASSWORD: it is too simplistic/systematic
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
4. Membuat file chroot_list
File ini berisi daftar user yang bisa mengakses FTP server.
[root@my-centos]# vim /etc/vsftpd/chroot_list
Isinya adalah :
rivkhi
5. Restart Service FTP
[root@my-centos]# service vsftpd restart
[root@my-centos]# chkconfig vsftpd on
6. Cek konfigurasi FTP
[root@my-centos]# getsebool -a | grep ftp
nah dibagian ini saya mendapatkan status : getsebool: SELinux is disabled
maka untuk mengatasi hal tersebut saya edit file :
[root@my-centos]# vi /etc/selinux/config
dimana sebelumnya filenya :
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing – SELinux security policy is enforced.
# permissive – SELinux prints warnings instead of enforcing.
# disabled – SELinux is fully disabled.
SELINUX=disable
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted – Only targeted network daemons are protected.
# strict – Full SELinux protection.
SELINUXTYPE=targeted
saya edit menjadi :
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing – SELinux security policy is enforced.
# permissive – SELinux prints warnings instead of enforcing.
# disabled – SELinux is fully disabled.
SELINUX=permisive
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted – Only targeted network daemons are protected.
# strict – Full SELinux protection.
SELINUXTYPE=targeted
lalu aku reboot komputernya. Setelah komputer di reboot aku jalan kembali command :
[root@my-centos]# getsebool -a | grep ftp
allow_ftpd_anon_write –> off
allow_ftpd_full_access –> off
allow_ftpd_use_cifs –> off
allow_ftpd_use_nfs –> off
allow_tftp_anon_write –> off
ftp_home_dir –> on
ftpd_disable_trans –> off
ftpd_is_daemon –> on
httpd_enable_ftp_server –> off
tftpd_disable_trans –> off
apabila ftp_home_dir masih berstatus off, maka jalankan perintah :
[root@lmy-centos]# setsebool -P ftp_home_dir on
[root@my-centos]# iptables –F
[root@bluebox ~]# setsebool -P allow_ftpd_full_access on
Sekian dulu dah postingan dari saya, soalnya mata udah berat banget mau di shutdown dulu
1. Langkah pertama Instalasi Paket vsftpd nya terlebih dahulu dengan menggunakan perintah yum
[root@my-centos]# yum install vsftpd
2. Lalu Konfigurasi file vsftpd.conf nya
[root@my-centos]# vim /etc/vsftpd/vsftpd.conf
Yang perlu dirubah adalah:
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
ascii_upload_enable=YES
ascii_download_enable=YES
ftpd_banner=Welcome to FTP Server K-Place.
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
3. Kemudian buat user lokal dengan nama ozotmacho
[root@my-centos]# adduser rivkhi
[root@my-centos]# passwd rivkhi
Changing password for user rivkhi.
New UNIX password:
BAD PASSWORD: it is too simplistic/systematic
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
4. Membuat file chroot_list
File ini berisi daftar user yang bisa mengakses FTP server.
[root@my-centos]# vim /etc/vsftpd/chroot_list
Isinya adalah :
rivkhi
5. Restart Service FTP
[root@my-centos]# service vsftpd restart
[root@my-centos]# chkconfig vsftpd on
6. Cek konfigurasi FTP
[root@my-centos]# getsebool -a | grep ftp
nah dibagian ini saya mendapatkan status : getsebool: SELinux is disabled
maka untuk mengatasi hal tersebut saya edit file :
[root@my-centos]# vi /etc/selinux/config
dimana sebelumnya filenya :
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing – SELinux security policy is enforced.
# permissive – SELinux prints warnings instead of enforcing.
# disabled – SELinux is fully disabled.
SELINUX=disable
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted – Only targeted network daemons are protected.
# strict – Full SELinux protection.
SELINUXTYPE=targeted
saya edit menjadi :
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing – SELinux security policy is enforced.
# permissive – SELinux prints warnings instead of enforcing.
# disabled – SELinux is fully disabled.
SELINUX=permisive
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted – Only targeted network daemons are protected.
# strict – Full SELinux protection.
SELINUXTYPE=targeted
lalu aku reboot komputernya. Setelah komputer di reboot aku jalan kembali command :
[root@my-centos]# getsebool -a | grep ftp
allow_ftpd_anon_write –> off
allow_ftpd_full_access –> off
allow_ftpd_use_cifs –> off
allow_ftpd_use_nfs –> off
allow_tftp_anon_write –> off
ftp_home_dir –> on
ftpd_disable_trans –> off
ftpd_is_daemon –> on
httpd_enable_ftp_server –> off
tftpd_disable_trans –> off
apabila ftp_home_dir masih berstatus off, maka jalankan perintah :
[root@lmy-centos]# setsebool -P ftp_home_dir on
[root@my-centos]# iptables –F
[root@bluebox ~]# setsebool -P allow_ftpd_full_access on
Sekian dulu dah postingan dari saya, soalnya mata udah berat banget mau di shutdown dulu
Langganan:
Postingan (Atom)