Linux and Unix technical recipes

To set up ACL’s based on MAC address:

Open squid.conf:

# vi /etc/squid/squid.conf

Local acl, section and append ACL as follows:

acl macf1 arp mac-address
acl macf2 arp 00:11:22:33:44:55
http_access allow macf1
http_access allow macf2
http_access deny all

Save and close the file. Restart squid server:

# /etc/init.d/squid restart

In Fedora Core and RedHat Enterprise or CentOS, edit /etc/selinux/config and change the SELINUX line to SELINUX=disabled

That’s all.

You can create tar.gz file with the following command.DO NOT ENTER / after the directory name.

tar -cvzf  test.tar.gz test

From the root prompt on your server, invoke the CPAN shell:

# perl -MCPAN -e shell

Once the Perl interpreter has loaded (and been configured), you can install modules with: install MODULENAME.

The first thing you should do is upgrade your CPAN:

cpan> install Bundle::CPAN

Once it is completed, type:

cpan> reload cpan

Now, enter the following command to retrieve all of the required modules:
cpan> install DateTime


Note

Be aware that after freshly installing make / gcc, your perl installation will not necessarily detect it. This means module installation will still fail during the 'make' stage. You may need to invoke the CPAN shell and run the setup routine again, to point to the location of make:
# perl -MCPAN -e shell CPAN
 
cpan> o conf make /usr/bin/make
cpan> o conf commit

Here is the link:

http://www.research.att.com/~ttsweb/tts/demo.php

The following link contains list of TCP and UDP ports:

http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

The rlm_acct_unique module creates a unique accounting session Id.

Many NAS vendors have their equipment supply an Acct-Session-Id attribute which is not unique over reboots. This makes accounting difficult, as there will be many independent sessions with the same Acct-Session-Id attribute. This module uses the Acct-Session-Id attribute, along with other attributes in the request, to create a more unique session ID, called Acct-Unique-Session-Id.

The main configuration items to be aware of are:

keyA list of the attributes used in calculating an MD5 hash which is used as the value for the unique session id.

Configuration

modules { …
acct_unique {

key = “User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Port”

}
…
}
…
preacct { …
acct_unique …
}After generating the MD5 hash, the module adds it to the accounting request packet received from the client. It will look something like this in your detail file:

Acct-Unique-Session-Id = “c66ef57e480b9d26″

NOTE: Any attribute you specify that is not found in the ‘dictionary’ file will cause the server to fail and exit with an error.NOTE: If you want the Acct-Unique-Session-Id of the Start and the Stop packet of a particular session to match, you must use values for the key that will stay the same for the Start and Stop. The above example is a good start. Adding ‘Acct-Session-Time’, for example, would cause a mismatch because that value is not the same on the Start and Stop accounting packets.

Opensips is one of the best solution that are present in opensource, it provide you ITSP level services on good hardware box, Single box configure with opensips can supports 5000-10000 calls at time, which it make any teleco to operate with more then 5-10 billion mins per year. Anyone can use it to support their bussiness which is incuring lot of cost due high hardware cost such as iSoftSwitch.

REQUIRMENTS:

1. gcc / suncc / icc : gcc >= 2.9x; 4.[012] recommended (it will work with older version but it might require some options tweaking for best performance)
2. bison or yacc (Berkley yacc)
3. flex
4. GNU make (on Linux this is the standard “make”, on FreeBSD and Solaris is called “gmake”) version >= 3.79.
5. sed and tr (used in the makefiles)
6. GNU tar (”gtar” on Solaris) and gzip if you want “make tar” to work
7. GNU install or BSD install (on Solaris “ginstall”) if you want “make install”, “make bin”, “make sunpkg” to work
8. openssl if you want to compile the TLS support
9. libsctp if you want to compile the SCTP support
10. libmysqlclient & libz (zlib) -libs and devel headers- if you want mysql DB support (the db_mysql module)
11. libpq / postgresql -libs and devel headers- if you want postgres DB support (the db_postgres module)
12. unixodbc -libs and devel headers- if you want unixodbc DB support (the db_unixodbc module)
13. libexpat if you want the jabber gateway support (the jabber module) or the XMPP gateway support
14. libxml2 if you want to use the cpl-c (Call Processing Language) or the presence modules (presence and pua*)
15. libradius-ng -libs and devel headers- if you want to use functionalities with radius support – authentication, accounting, group support, etc
16. unixodbc – libs and devel headers – if you want UNIXODBC support as DB underlayer
17. libxmlrpc-c3 – libs and devel headers – if you want to have XML-RPC support for the Management interface (MI)
18. libperl – libs and devel headers – if you want PERL connector to support perl scripting from you config file (perl module)
19. libsnmp9 – libs and devel headers – if you want SNMP client functionality (SNMP AgentX subagent) for opensips
20. libldap libs and devel headers v2.1 or greater – if you want LDAP support
21. libconfuse and devel headers – if you want to compile the carrierroute module

INSTALLATION

1. cd /usr/src/
2. Download opensips (Opensips 1.5 wget http://opensips.org/pub/opensips/1.5.0/src/opensips-1.5.0-tls_src.tar.gz)
3. tar -xzf  opensips-1.5.0-tls_src.tar.gz
4. make all
5. make install

Introduction

The field of application of a NAT Gateway is in example a private LAN consisting of several PC with an Internet connection with one public IP address.

• The goal is to share the Internet connection among the LAN PCs.
• The problem is that there is only one public IP for outbound traffic.
• The solution is “Network Address Translation” (or NAT for short).

The Gateway (GW) is equipped with two network interfaces. One gets assigned the public IP, the second a private IP (i.e. 192.168.0.1). Every other LAN PCs has it’s own private IP (i.e. 192.168.0.2). If an outbound connection is requested the LAN PC talks to the gateway which masquerades the outbound traffic using the public IP. So every external connection looks like if it is coming from only one PC.

The basic firewalling will prevent all connections from outside with the exception of SSH (port 22) which we leave open for service purposes (i.e.).

System preparation

The following assumes that the gateway has two network interfaces:

• eth0 will be the external and
• eth1 the internal interface.

To use iptables you need to have at least the following kernel components compiled in or as modules

• ip_tables
• ip_conntrack and ip_conntrack_ftp

IP forwarding needs to be active (echo 1 > /proc/sys/net/ipv4/ip_forward</userdefined).

Setup the external interface using the necessary data from your provider (IP and standard gateway). The internal interface (eth1) needs to get a private IP address, like 10.174.254.197. The routing table of the gateway will be set up automatically during network initialization.

Every LAN PC will use the NAT-Gateways internal IP (192.168.0.1 in our example) as standard gateway in its networking setup.

Firewall script

#!/bin/sh ipt=/sbin/iptables extip=192.168.2.243 # replace with your EXTERNAL IP lan=10.174.254.197/27 # your LAN< # start firewall start_firwall { echo “Enabling IP forwarding.” echo 1 > /proc/sys/net/ipv4/ip_forward echo “Enabling iptables firewall.” # default policies $ipt -P INPUT DROP $ipt -P FORWARD DROP # NAT $ipt -t nat -A POSTROUTING -o eth0 -j SNAT –to-source $extip # INPUT chain $ipt -A INPUT -i lo -j ACCEPT $ipt -A INPUT -i eth1 -s $lan -j ACCEPT $ipt -A INPUT -i eth0 -m state –state ESTABLISHED,RELATED -j ACCEPT $ipt -A INPUT -p tcp –destination-port 22 -j ACCEPT # FORWARD chain $ipt -A FORWARD -i eth1 -s $lan -j ACCEPT $ipt -A FORWARD -i eth0 -m state –state ESTABLISHED,RELATED -j ACCEPT } # stop firewall stop_firwall { $ipt -P INPUT DROP $ipt -P OUTPUT DROP $ipt -P FORWARD DROP # allow internal traffic $ipt -A INPUT -i eth1 -j ACCEPT $ipt -A OUTPUT -o eth1 -j ACCEPT } # flushing, removing and zeroing tables
reset_firwall { chains=`cat /proc/net/ip_tables_names` for i in $chains; do $debug $ipt -t $i -F $debug $ipt -t $i -X $debug $ipt -t $i -Z done } case “$1″ in start|restart|reload) reset_firewall start_firewall  ;; stop) reset_firewall stop_firewall  ;; *) echo “Usage: $0 {start|stop|restart|reload}” exit 1  ;; esac exit 0

#!/bin/bash
# get ip
/sbin/ifconfig $1 | grep inet | awk ‘{print $2}’ | sed ‘s/^addr://g’

To get your Internet address if you are behind a NAT:

## The -n option retrieves the Internet IP address

## if you are behind a NAT

if [ "$1" = "-n" ]

then ip=$(lynx -dump http://cfaj.freeshell.org/ipaddr.cgi)

else if=$1 ## specify which interface, e.g. eth0, fxp0

system=$(uname)

case $system in FreeBSD)

sep=”inet “ ;;

Linux) sep=”addr:” ;;

esac temp=$(ifconfig $if)

temp=${temp#*”$sep”}

 ip=${temp%% *}

fi

printf “%s\n” “$ip”

### CFAJ ###