|
Asterisk@Home Modified to Act as a Firewall, Router, Gateway, DHCP Server and
DNS Server
-
General Information
-
Minimum Requirements
-
Two Ethernet cards
-
Ethernet Switch or Hub
-
Based On
-
WAN (Internet connection)
-
Interface = eth0
-
Dynamic IP (DHCP)
-
LAN
-
Interface = eth1
-
Firewall (Asterisk Box) IP = 192.168.1.254
-
DHCP Server
-
DHCP Clients Range = From 192.168.1.100 To 192.168.1.199
-
NAT
-
One to Many
-
Legend
-
Code
/ Command
-
File
-
rpm
Package
-
RED TEXT User
specific
-
Packages Added to the Original Distribution
-
DNS Server - bind
(bind-9.2.4-2.i386.rpm )
-
Changes to conf files
-
/etc/named.conf
-
Added
-
zone "asterisk.local" {
-
type master;
-
file "/var/named/asterisk.local.hosts";
-
};
-
Added file /var/named/asterisk.local.hosts
-
Firewall (iptables add-on) - Shorewall
(shorewall-3.0.6-1.noarch.rpm)
-
Changes to conf files (/etc/shorewall)
-
policy
-
Change to ACCEPT and remove info
-
loc $FW REJECT info
-
loc all REJECT info
-
$FW net REJECT info
-
$FW loc REJECT info
-
$FW all REJECT info
-
rules
-
Added
-
# Asterisk
-
# Allow IAX2, SIP and RTP To Firewall
-
ACCEPT:info net $FW
udp 4569,5060:5061,10000:20000
-
shorewall.conf
-
Change STARTUP_ENABLED=No to STARTUP_ENABLED=Yes
-
tcdevices
-
Added
-
eth0 5500kbit 550kbit
-
tcclasses
-
Added
-
eth0 1 full
full 1 tos-minimize-delay
-
eth0 2 full
full 2
-
eth0 3 9*full/10 9*full/10
3 default
-
eth0 4 8*full/10 8*full/10 4
-
eth0 5 4kbit
4kbit 5
-
tcrules
-
Added
-
1:P 0.0.0.0/0 0.0.0.0/0 icmp echo-request
-
1:P 0.0.0.0/0 0.0.0.0/0 icmp echo-reply
-
# VOIP Ports
-
1:P 0.0.0.0/0 0.0.0.0/0 udp 4569,5060:5061,10000:20000
-
# Low priority Destination Ports
-
4 0.0.0.0/0 0.0.0.0/0 tcp
25,22,110,143,943
-
4 0.0.0.0/0 0.0.0.0/0 udp
25,22,110,143,943
-
# Low priority Source Ports
-
4 0.0.0.0/0 0.0.0.0/0 tcp
- 25,22,110,143,943
-
4 0.0.0.0/0 0.0.0.0/0 udp
- 25,22,110,143,943
-
syslog Enhancemet -
syslog-ng (syslog-ng-1.6.9-1.el4.kb.i386.rpm)
-
Changes to etc/syslog-ng/syslog-ng.conf
-
create_dirs (yes)
-
Added to filter f_filter2
-
and not (program("syslog-ng") and match("STATS: dropped 0"))
-
and not program("php")
-
and not program("named")
-
and not program("ntpd")
-
and not program("dhcpd")
-
and not program("dhclient")
-
and not program("shorewall")
-
and not program("S-1shorewall")
-
and not match("kernel: Shorewall")
-
and not program("sshd")
-
Added
-
# Asterisk
-
# PHP
-
destination d_php { file("/var/log/php/$YEAR/$MONTH/$YEAR-$MONTH-$DAY"); };
-
filter f_filter9 { program("php"); };
-
log { source(s_sys); filter(f_filter9); destination(d_php); };
-
# DHCP
-
destination d_dhcp { file("/var/log/dhcp/$YEAR/$MONTH/$YEAR-$MONTH-$DAY"); };
-
filter f_filter10 { program("dhcpd") or program("dhclient"); };
-
log { source(s_sys); filter(f_filter10); destination(d_dhcp); };
-
# Shorewall
-
destination d_swapp {
file("/var/log/shorewall/shorewall/$YEAR/$MONTH/$YEAR-$MONTH-$DAY"); };
-
destination d_swtrfc {
file("/var/log/shorewall/traffic/$YEAR/$MONTH/$YEAR-$MONTH-$DAY"); };
-
filter f_filter11 { program("shorewall") and program("S-1shorewall"); };
-
filter f_filter12 { match("kernel: Shorewall"); };
-
log { source(s_sys); filter(f_filter11); destination(d_swapp); };
-
log { source(s_sys); filter(f_filter12); destination(d_swtrfc); };
-
# SSH
-
destination d_ssh { file("/var/log/ssh/$YEAR/$MONTH/$YEAR-$MONTH-$DAY"); };
-
filter f_filter13 { program("sshd"); };
-
log { source(s_sys); filter(f_filter13); destination(d_ssh); };
-
# ntpd
-
destination d_ntpd { file("/var/log/ntpd/$YEAR/$MONTH/$YEAR-$MONTH-$DAY"); };
-
filter f_filter14 { program("ntpd"); };
-
log { source(s_sys); filter(f_filter14); destination(d_ntpd); };
-
# Named
-
destination d_named { file("/var/log/named/$YEAR/$MONTH/$YEAR-$MONTH-$DAY"); };
-
filter f_filter15 { program("named"); };
-
log { source(s_sys); filter(f_filter15); destination(d_named); };
-
Packages installed from the original distribution
-
DHCP Server (installed via setup-dhcp)
-
Changes to /etc/dhcpd.conf
-
option routers 192.168.1.254;
-
option domain-name-servers 192.168.1.254;
-
range dynamic-bootp 192.168.1.100 192.168.1.199;
-
option time-offset -28800; # Pacific Standard
Time
-
option ntp-servers 192.168.1.254;
-
option tftp-server-name "192.168.1.254";
-
Original Package Modifications (asteriskathome.tar.gz)
-
install_parts.sh and install_parts_sme.sh
-
Added Befor Post Install Section
-
echo "*******************************************"
-
echo "** Install Gateway ************************"
-
echo "*******************************************"
-
GWFiles=/var/aah_load/gw
-
echo "-------------------------------------------"
-
echo "Setup Network Cards"
-
echo "-------------------------------------------"
-
netconfig --device=eth0 --bootproto=dhcp
-
netconfig --device=eth1 --ip=192.168.1.254 --netmask=255.255.255.0
-
echo "-------------------------------------------"
-
echo "Installing DNS Server (bind - named)"
-
echo "-------------------------------------------"
-
cd $GWFiles/bind
-
rpm -vih bind-9.2.4-2.i386.rpm
-
mv -vf asterisk.local.hosts /var/named
-
mv -vf named.conf /etc
-
chkconfig named on
-
echo "-------------------------------------------"
-
echo "Installing Shorewall"
-
echo "-------------------------------------------"
-
cd $GWFiles/shorewall
-
rpm -vih shorewall-3.0.6-1.noarch.rpm
-
mv -vf /usr/share/doc/packages/shorewall/Samples/two-interfaces/*
/etc/shorewall
-
rm -vf shorewall-3.0.6-1.noarch.rpm
-
mv -vf * /etc/shorewall
-
echo "-------------------------------------------"
-
echo "Installing syslog-ng"
-
echo "-------------------------------------------"
-
cd $GWFiles/syslog-ng
-
rpm -vih syslog-ng-1.6.9-1.el4.kb.i386.rpm
-
chkconfig syslog off
-
chkconfig syslog-ng on
-
mv -vf syslog-ng.conf /etc/syslog-ng
-
echo "-------------------------------------------"
-
echo "Installing DHCP Server"
-
echo "-------------------------------------------"
-
cd $GWFiles/dhcp
-
setup-dhcp
-
mv -vf dhcpd.conf /etc
-
echo "*******************************************"
-
echo "** Finish Gateway Installation ************"
-
echo "*******************************************"
-
User Modification
|