Monday, December 01, 2008

iptables command for port forwarding config in dd-wrt

i'v installed DD-WRT v24 SP1 in Linksys WRT350N, but the port forwarding from webpage doesn't work,so i had to login the console to set the rule:

Port Forwarding to a specific LAN IP


Port Forwarding can be accomplished from within the web interface here.
However, the very same thing can be done a bit differently (tested and
working), via command line. --u3gyxap: Example with port 443 and IP
192.168.1.2

iptables -t nat -I PREROUTING -p tcp -d $(nvram get wan_ipaddr) --dport 443 -j DNAT --to 192.168.1.2:443

iptables -I FORWARD -p tcp -d 192.168.1.2 --dport 443 -j ACCEPT

http://www.dd-wrt.com/wiki/index.php/Iptables

Monday, September 15, 2008

Multiple NICs for ur Windows

If your PC does not have multiple NICs, you can use MS Loopback
adapters. (If you do have multiple nics, this part is not necessary.)
  • Go to Start > Control Panel
  • Click ‘Add Hardware’
  • Click ‘Next’
  • Select ‘Yes, I already have a connection’
  • Select ‘Add a new hardware device’
  • Select ‘Install from a list’
  • Click ‘Network Adapters’
  • Select Microsoft Loopback
  • Click ‘Next’
  • Click ‘Next’
  • Click ‘Finish’
  • Double-Click ‘Network Connections’
  • Rename the loopback interface to something descriptive.
then run "ipconig /all" to check the new NIC's mac address

Ethernet adapter Local Connection 2:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Microsoft Loopback Adapter
        Physical Address. . . . . . . . . : 02-00-4C-4F-4F-50
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        Autoconfiguration IP Address. . . : 169.254.25.129
        Subnet Mask . . . . . . . . . . . : 255.255.0.0
        Default Gateway . . . . . . . . . :

Monday, August 25, 2008

SIP Express Router (SER) 安装备忘录三(原创)

数据库建好了,剩下的就是建立程序与数据库之间的联系了,同样的,还是通过编辑ser.cfg来实现,具体内容参考官方文档:
http://siprouter.teigre.com/doc/gettingstarted/ch07.html

#
# $Id: ser.cfg,v 1.25.2.1 2005/02/18 14:30:44 andrei Exp $
#
# simple quick-start config script
#

# ----------- global configuration parameters ------------------------

debug=3 # debug level (cmd line: -dddddddddd)
fork=no
log_stderror=yes # (cmd line: -E)

listen=10.74.121.71

check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
port=5060
children=4
fifo="/tmp/ser_fifo"
fifo_db_url="mysql://ser:heslo@localhost/ser"

# ------------------ module loading ----------------------------------

# Uncomment this if you want to use SQL database
loadmodule "/usr/local/lib/ser/modules/mysql.so"

loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
loadmodule "/usr/local/lib/ser/modules/textops.so"

# Uncomment this if you want digest authentication
# mysql.so must be loaded !
loadmodule "/usr/local/lib/ser/modules/auth.so"
loadmodule "/usr/local/lib/ser/modules/auth_db.so"
loadmodule "/usr/local/lib/ser/modules/uri_db.so"

# ----------------- setting module-specific parameters ---------------

# -- usrloc params --

#modparam("usrloc", "db_mode", 0)

# Uncomment this if you want to use SQL database
# for persistent storage and comment the previous line
#modparam("usrloc", "db_mode", 2)

# -- auth params --
# Uncomment if you are using auth module
#
#modparam("auth_db", "calculate_ha1", yes)
#
# If you set "calculate_ha1" parameter to yes (which true in this config),
# uncomment also the following parameter)
#
#modparam("auth_db", "password_column", "password")

# -- rr params --
# add value to ;lr param to make some broken UAs happy
#modparam("rr", "enable_full_lr", 1)

modparam("auth_db|uri_db|usrloc", "db_url", "mysql://ser:heslo@localhost/ser")
modparam("auth_db", "calculate_ha1", 1)
modparam("auth_db", "password_column", "password")
modparam("usrloc", "db_mode", 2)
modparam("rr", "enable_full_lr", 1)

# ------------------------- request routing logic -------------------

# main routing logic
route {

# -----------------------------------------------------------------
# Sanity Check Section
# -----------------------------------------------------------------
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483", "Too Many Hops");
break;
};

if (msg:len > max_len) {
sl_send_reply("513", "Message Overflow");
break;
};

# -----------------------------------------------------------------
# Record Route Section
# -----------------------------------------------------------------
if (method!="REGISTER") {
record_route();
};

# -----------------------------------------------------------------
# Loose Route Section
# -----------------------------------------------------------------
if (loose_route()) {
route(1);
break;
};

# -----------------------------------------------------------------
# Call Type Processing Section
# -----------------------------------------------------------------
if (uri!=myself) {
route(1);
break;
};

if (method=="ACK") {
route(1);
break;
} if (method=="INVITE") {
route(3);
break;
} else if (method=="REGISTER") {
route(2);
break;
};

lookup("aliases");
if (uri!=myself) {
route(1);
break;
};

if (!lookup("location")) {
sl_send_reply("404", "User Not Found");
break;
};

route(1);
}

route[1] {

# -----------------------------------------------------------------
# Default Message Handler
# -----------------------------------------------------------------
if (!t_relay()) {
sl_reply_error();
};
}

route[2] {

# -----------------------------------------------------------------
# REGISTER Message Handler
# ----------------------------------------------------------------
sl_send_reply("100", "Trying");

if (!www_authorize("","subscriber")) {
www_challenge("","0");
break;
};

if (!check_to()) {
sl_send_reply("401", "Unauthorized");
break;
};

consume_credentials();

if (!save("location")) {
sl_reply_error();
};
}

route[3] {
# -----------------------------------------------------------------
# INVITE Message Handler
# -----------------------------------------------------------------
if (!proxy_authorize("","subscriber")) {
proxy_challenge("","0");
break;
} else if (!check_from()) {
sl_send_reply("403", "Use From=ID");
break;
};

consume_credentials();

lookup("aliases");
if (uri!=myself) {
route(1);
break;
};

if (!lookup("location")) {
sl_send_reply("404", "User Not Found");
break;
};

route(1);
}

呵呵,是不是变化很大~,try it using different username and mismatch password, then you will got the 401 and 403 message

SIP Express Router (SER) 安装备忘录二(原创)

多数情况下,用户不会使用一个没有认证系统的服务器,所以引入Mysql数据库来做用户信息管理很必要,这也就是我们安装第二个包的目的,这个包包含了一个创建ser数据库的mysql脚本,调用即可:

root:~ # ser_mysql.sh
usage: ser_mysql.sh create
ser_mysql.sh drop (!!entirely deletes tables)
ser_mysql.sh reinit (!!entirely deletes and than re-creates tables
ser_mysql.sh backup (dumps current database to stdout)
ser_mysql.sh restore (restores tables from a file)
ser_mysql.sh copy (creates a new db from an existing one)
ser_mysql.sh reinstall (updates to a new SER database)

if you want to manipulate database as other MySql user than
root, want to change database name from default value "ser",
or want to use other values for users and password, edit the
"config vars" section of the command ser_mysql.sh

root:~ # ser_mysql.sh create
MySql password for root:cisco123
Domain (realm) for the default user 'admin' : admin

creating database ser ...

好啦,进去看看吧:

root:~ # mysql -u root -p
Enter password:cisco123
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 24 to server version: 5.0.26

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| cyask |
| cyask0119 |
| mysql |
| ser |
| test |
| tmp |
| wikidb |
+--------------------+
8 rows in set (0.00 sec)

mysql> use ser;
Database changed
mysql> show tables;
+-----------------------+
| Tables_in_ser |
+-----------------------+
| acc |
| active_sessions |
| admin_privileges |
| aliases |
| calls_forwarding |
| config |
| domain |
| event |
| grp |
| location |
| missed_calls |
| pending |
| phonebook |
| preferences_types |
| reserved |
| server_monitoring |
| server_monitoring_agg |
| silo |
| speed_dial |
| subscriber |
| trusted |
| uri |
| usr_preferences |
| version |
+-----------------------+
24 rows in set (0.00 sec)

再看看用户的列表:

mysql> select * from subscriber;
+----------------------------------+----------+--------+----------+------------+-----------+-------+----------------+---------------------+---------------------+------------------------------------------+------+------------------+----------+----------------------------------+----------------------------------+------------+----------+------+------+------+
| phplib_id | username | domain | password | first_name | last_name | phone | email_address | datetime_created | datetime_modified | confirmation | flag | sendnotification | greeting | ha1 | ha1b | allow_find | timezone | rpid | domn | uuid |
+----------------------------------+----------+--------+----------+------------+-----------+-------+----------------+---------------------+---------------------+------------------------------------------+------+------------------+----------+----------------------------------+----------------------------------+------------+----------+------+------+------+
| bfbd785b1447989599493a0c4ff0ed12 | admin | admin | heslo | Initial | Admin | 123 | root@localhost | 2002-09-04 19:37:45 | 0000-00-00 00:00:00 | 57DaSIPuCm52UNe54LF545750cfdL48OMZfroM53 | o | | | 381c06175d479f35e14ef1ab571006a9 | f11387e2a4644ebd23dcddc8296aff07 | 0 | NULL | NULL | NULL | NULL |
+----------------------------------+----------+--------+----------+------------+-----------+-------+----------------+---------------------+---------------------+------------------------------------------+------+------------------+----------+----------------------------------+----------------------------------+------------+----------+------+------+------+
1 row in set (0.00 sec)

呵呵,貌似只有一条吭,退出来再加俩用户:

root:~ #serctl add
eg: serctl add 1111 1111 1111@sipurash.com
domain unknown: use usernames with domain or set default domain in SIP_DOMAIN
报错!!!

这是个奇怪的BUG,解决办法是先设置好系统环境变量:
root:~ #export SIP_DOMAIN="sipurash.com"
root:~ #serctl add 1111 1111 1111@sipurash.com
Mysql password: heslo (记住喽,不是Mysql的root密码,是刚才数据库里看到的那个admin密码)
new user added
new user into uri table added

行了,再进Mysql里check一下,看是不是多出俩用户:

mysql> select * from subscriber;
+----------------------------------+----------+--------------+----------+------------+-----------+-------+-------------------+---------------------+---------------------+------------------------------------------+------+------------------+----------+----------------------------------+----------------------------------+------------+----------+------+------+------+
| phplib_id | username | domain | password | first_name | last_name | phone | email_address | datetime_created | datetime_modified | confirmation | flag | sendnotification | greeting | ha1 | ha1b | allow_find | timezone | rpid | domn | uuid |
+----------------------------------+----------+--------------+----------+------------+-----------+-------+-------------------+---------------------+---------------------+------------------------------------------+------+------------------+----------+----------------------------------+----------------------------------+------------+----------+------+------+------+
| 69c0a7786ca204e08df9574aa9a08b65 | admin | sipurash.com | heslo | Initial | Admin | 123 | root@localhost | 2002-09-04 19:37:45 | 0000-00-00 00:00:00 | 57DaSIPuCm52UNe54LF545750cfdL48OMZfroM53 | o | | | a04b52602361fc804ab28d279c47425e | 7ffcf5a0fe10951340094c14b5b37ee1 | 0 | NULL | NULL | NULL | NULL |
| 56e0357f4a1dc787ff1ffe02c35ee230 | 1111 | sipurash.com | 1111 | | | | 1111@sipurash.com | 2007-04-10 14:45:22 | 0000-00-00 00:00:00 | | o | | | 56e0357f4a1dc787ff1ffe02c35ee230 | 8cf011a6d9251fcada7dae0bfb12ba12 | 0 | NULL | NULL | NULL | NULL |
| 93235e3655d178cff742f09e47079bbf | 2222 | sipurash.com | 2222 | | | | 2222@sipurash.com | 2007-04-10 14:45:40 | 0000-00-00 00:00:00 | | o | | | 93235e3655d178cff742f09e47079bbf | 798f1476edd5f5ab1243fc184396fb9a | 0 | NULL | NULL | NULL | NULL |
| edbde0b2da045fce98ee3cbde5fa488b | 3333 | sipurash.com | 3333 | | | | 3333@sipurash.com | 2007-07-13 10:31:05 | 0000-00-00 00:00:00 | | o | | | edbde0b2da045fce98ee3cbde5fa488b | 70072d6c05b1c6b973ae3fed36e66ae4 | 0 | NULL | NULL | NULL | NULL |
+----------------------------------+----------+--------------+----------+------------+-----------+-------+-------------------+---------------------+---------------------+------------------------------------------+------+------------------+----------+----------------------------------+----------------------------------+------------+----------+------+------+------+
4 rows in set (0.00 sec)

SIP Express Router (SER) 安装备忘录一(原创)

老早以前玩过的一个Sip Server,今天翻出来,备忘~
http://www.iptel.org/ser

安装平台是Opensuse10.2,所以呢,为了省事,有意找了rpm包来装:
ser-0.9.6-6.fc5.i386.rpm
http://rpm.pbone.net/index.php3/stat/3/srodzaj/1/search/ser
ser-mysql-0.9.6-6.fc5.i386.rpm
http://rpm.pbone.net/index.php3?stat=3&search=ser-mysql&srodzaj=3

root:~ #rpm -ivh ......

和大多数linux程序一样,配置都源于.cfg文件,所以装完了rpm包,就直接找ser.cfg,找不到的话就找程序根目录:

root:~ # locate ser.cfg
root:~ # whereis ser
ser: /usr/sbin/ser /etc/ser /usr/lib/ser /usr/share/man/man8/ser.8.gz

一看就知道应该在/etc/ser/下,简单编辑一下吧:

root:~ #vi /etc/ser/ser.cfg

#
# $Id: ser.cfg,v 1.25.2.1 2005/02/18 14:30:44 andrei Exp $
#
# simple quick-start config script
#

# ----------- global configuration parameters ------------------------

debug=3 # debug level (cmd line: -dddddddddd)
fork=no
log_stderror=yes # (cmd line: -E)

/* Uncomment these lines to enter debugging mode
fork=no
log_stderror=yes
*/

listen=10.74.121.71


check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
#port=5060
#children=4
fifo="/tmp/ser_fifo"

# ------------------ module loading ----------------------------------

# Uncomment this if you want to use SQL database
#loadmodule "/usr/lib/ser/modules/mysql.so"

loadmodule "/usr/lib/ser/modules/sl.so"
loadmodule "/usr/lib/ser/modules/tm.so"
loadmodule "/usr/lib/ser/modules/rr.so"
loadmodule "/usr/lib/ser/modules/maxfwd.so"
loadmodule "/usr/lib/ser/modules/usrloc.so"
loadmodule "/usr/lib/ser/modules/registrar.so"
loadmodule "/usr/lib/ser/modules/textops.so"

# Uncomment this if you want digest authentication
# mysql.so must be loaded !
#loadmodule "/usr/lib/ser/modules/auth.so"
#loadmodule "/usr/lib/ser/modules/auth_db.so"

# ----------------- setting module-specific parameters ---------------

# -- usrloc params --

modparam("usrloc", "db_mode", 0)

# Uncomment this if you want to use SQL database
# for persistent storage and comment the previous line
#modparam("usrloc", "db_mode", 2)

# -- auth params --
# Uncomment if you are using auth module
#
#modparam("auth_db", "calculate_ha1", yes)
#
# If you set "calculate_ha1" parameter to yes (which true in this config),
# uncomment also the following parameter)
#
#modparam("auth_db", "password_column", "password")

# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)


# ------------------------- request routing logic -------------------

# main routing logic

route{

# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
break;
};
if (msg:len >= 2048 ) {
sl_send_reply("513", "Message too big");
break;
};


# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol
if (!method=="REGISTER") record_route();

# subsequent messages withing a dialog should take the
# path determined by record-routing
if (loose_route()) {
# mark routing logic in request
append_hf("P-hint: rr-enforced\r\n");
route(1);
break;
};

if (!uri==myself) {
# mark routing logic in request
append_hf("P-hint: outbound\r\n");
route(1);
break;
};
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
if (uri==myself) {

if (method=="REGISTER") {

# Uncomment this if you want to use digest authentication
# if (!www_authorize("iptel.org", "subscriber")) {
# www_challenge("iptel.org", "0");
# break;
# };

save("location");
break;
};

lookup("aliases");
if (!uri==myself) {
append_hf("P-hint: outbound alias\r\n");
route(1);
break;
};

# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
break;
};
};
append_hf("P-hint: usrloc applied\r\n");
route(1);
}

route[1]
{
# send it out now; use stateful forwarding as it works reliably
# even for UDP2TCP
if (!t_relay()) {
sl_reply_error();
};
}

几乎默认即可,主要是记住将 listen=x.x.x.x 打开

好了,程序可以跑起来了:

root:~ # ser -dddE
0(6820) read 3572621625 from /dev/urandom
0(6820) seeding PRNG with 497332213
0(6820) test random number 1132821449
Listening on
udp: 10.74.121.71 [10.74.121.71]:5060
tcp: 10.74.121.71 [10.74.121.71]:5060
Aliases:
tcp: pppoeserver:5060
tcp: pppoeserver.sipurash.com:5060
udp: pppoeserver:5060
udp: pppoeserver.sipurash.com:5060

WARNING: no fork mode
stateless - initializing
0(0) Maxfwd module- initializing
textops - initializing
0(0) INFO: udp_init: SO_RCVBUF is initially 109568
0(0) INFO: udp_init: SO_RCVBUF is finally 219136
2(0) INFO: fifo process starting: 6822
2(0) SER: open_uac_fifo: fifo server up at /tmp/ser_fifo...

找俩电话,注册上去打打看吧,没认证的,同时你可以用monitor来监控一下:

root:~ # serctl moni
[cycle #: 23; if constant make sure server lives and fifo is on]
Server: Sip EXpress router (0.9.6 (i386/linux))
Now: Mon Aug 25 21:34:07 2008
Up Since: Mon Aug 25 21:33:13 2008
Up time: 54 [sec]

Transaction Statistics
Current: 0 (0 waiting) Total: 0 (0 local)
Replied localy: 0
Completion status 6xx: 0, 5xx: 0, 4xx: 0, 3xx: 0,2xx: 0

Stateless Server Statistics
200: 2 202: 0 2xx: 0
300: 0 301: 0 302: 0 3xx: 0
400: 0 401: 0 403: 0 404: 0 407: 0 408: 0 483: 0 4xx: 0
500: 0 5xx: 0
6xx: 0
xxx: 0
failures: 0

UsrLoc Stats
Domain Registered Expired
'aliases' 0 0
'location' 2 0