Setup Asterisk@Home As a Firewall, Router, DHCP Server and Gateway

Setup Asterisk@Home As a Firewall, Router, DHCP Server and Gateway

Minimum Requirements
- Two Ethernet cards
- Ethernet Switch or Hub
Based On
- WAN (Internet connection)
  - Interface = eth0
  - Dynamic IP (DHCP)
- LAN
  - Interface = eth1
  - Firewall (Asterisk Box) IP = 192.168.1.254
  - DHCP Server
  - DHCP Clients Range = From 192.168.1.100 To 192.168.1.199
- NAT
  - One to Many

Legend

		Command
		Add / Delete
		Edit / Modify
RED TEXT		Your Information Must Go There

Asterisk@Home
- Install Asterisk@Home
- Setup Asterisk@Home (Default User = root, Default Password = password)
  - system-config-date
  - passwd-maint
  - passwd admin
  - passwd
- Network Setup
  - netconfig --device=eth0 --bootproto=dhcp
  - netconfig --device=eth1 --ip=192.168.1.254 --netmask=255.255.255.0
  - reboot
- From this point you can use PuTTY and WinSCP
Update Centos
- yum -y update
- reboot
Fix ZAP
- Fix UDEV
  - cd /usr/src/zaptel
  - make install-udev
- Rebuild zaptel
  - rebuild_zaptel
Shorewall
- Download and Install Shorewall
  - cd /tmp
  - wget http://www1.shorewall.net/pub/shorewall/3.0/shorewall-3.0.4/shorewall-3.0.4-1.noarch.rpm
  - rpm -ivh shorewall-3.0.4-1.noarch.rpm
- Move Sample Configuration
  - mv -fv /usr/share/doc/packages/shorewall/Samples/two-interfaces/* /etc/shorewall
- Modify Configuration Files (/etc/shorewall):
  - policy
    - Remove the comment from
      - #$FW net ACCEPT
    - Add the following Before the last line
      - # Allow All Traffic From Local To Firewall
      - loc $FW ACCEPT
      - # Allow All Traffic From Firewall To Local
      - $FW loc ACCEPT ULOG
    - Replace info with ULOG
  - rules
    - Add the following Before the last line
      - # Allow IAX2, SIP and RTP To Firewall
      - ACCEPT:ULOG net $FW udp 4569,5060,10000:20000
      - # Accept SSH connections from the Internet for administration
      - SSH/ACCEPT:ULOG net $FW
    - Add ULOG as desired
  - shorewall.conf
    - Replace STARTUP_ENABLED=No with STARTUP_ENABLED=Yes
    - Replace LOGFILE=/var/log/messages with LOGFILE=/var/log/ulog/ulogd.log
    - Replace =info with =ULOG (Several Times)
  - start
    - Add ulogd –d Before the last line
ulogd
- Download and Install ulogd
  - cd /usr/src
  - wget http://ftp.netfilter.org/pub/ulogd/ulogd-1.23.tar.bz2
  - bzip2 -dc ulogd-1.23.tar.bz2| tar xvf -
  - cd /usr/src/ulogd-1.23
  - ./configure --with-mysql
  - make install
- Create Logrotate
  - touch /etc/logrotate.d/ulogd
- Add to /etc/logrotate.d/ulogd
  - /var/log/ulog/ulogd.log /var/log/ulog/ulogd.syslogemu /var/log/ulog/ulogd.pktlog /var/log/ulog/ulogd.pcap {
  - missingok
  - sharedscripts
  - postrotate
  - /bin/killall -HUP ulogd 2> /dev/null || true
  - /usr/local/sbin/ulogd -d
  - endscript
  - daily
  - }
- Modify /usr/local/etc/ulogd.conf
  - Replace loglevel=5 with loglevel=3
  - Replace /var/log/ with /var/log/ulog/ (Several Times)
- Create Log Files
  - mkdir /var/log/ulog
  - touch /var/log/ulog/ulogd.log
  - touch /var/log/ulog/ulogd.syslogemu
DHCP Server
- Primary Setup
  - setup-dhcp
- Modify Configuration Files
  - /etc/dhcpd
    - Add this in First Line
      - option routers 192.168.1.254;
    - Modify
      - option routers 192.168.1.254;
      - option domain-name-servers Your.ISP.Primary.DNS,Your.ISP.Secondary.DNS;
      - range dynamic-bootp 192.168.1.100 192.168.1.199;
    - Mark with #
      - option time-offset -18000; # Eastern Standard Time
      - option ntp-servers xxx.xxx.xxx.xxx;
      - option tftp-server-name "xxx.xxx.xxx.xxx";
  - /etc/sysconfig/dhcpd
    - DHCPDARGS=eth1
Reboot and DONE