- On the command prompt type: asterisk -r
- In the asterisk command line interface type: core set verbose 128
- Additionally, you can also type: core set debug 128
http://www.voip-info.org/wiki/view/Asterisk+firewall+rules
# SIP on UDP port 5060. Other SIP servers may need TCP port 5060 as well iptables -A INPUT -p udp -m udp --dport 5060 -j ACCEPT # IAX2- the IAX protocol iptables -A INPUT -p udp -m udp --dport 4569 -j ACCEPT # IAX - most have switched to IAX v2, or ought to iptables -A INPUT -p udp -m udp --dport 5036 -j ACCEPT # RTP - the media stream iptables -A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT # MGCP - if you use media gateway control protocol in your configuration iptables -A INPUT -p udp -m udp --dport 2727 -j ACCEPT |
Mobile to Lan szabályt a következők szerint kell beállítani
Paraméter |
Érték |
|---|---|
CID |
* |
URL |
Mellék@Asterisk IP |
Egyéb beállítási segédletek
http://www.powermediasrl.it/fsn/portech-mv-372-con-asterisktrixboxelastix.html
Az eszköz trixbox rendszerhez történő illesztését az itt található leírás alapján végezhetjük el egyszerűen
First we are going to install the rpmforge repository and use the fail2ban package from there -
rpm -Uhv http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el5.rf.i386.rpm sed -i 's/enabled = 0/enabled = 1/' /etc/yum.repos.d/rpmforge.repo yum install -y fail2ban jwhois |
Now disable the rpmforge repo do that it doesn't interfere with any of the CentOS/Asterisk packages -
sed -i 's/enabled = 1/enabled = 0/' /etc/yum.repos.d/rpmforge.repo |
Next we are going to create the fail2ban configuration file for Asterisk. This tells fail2ban what text to monitor the logs for -
cat >> /etc/fail2ban/filter.d/asterisk.conf <<-EOF
# Fail2Ban configuration file
#
#
# $Revision: 250 $
#
[INCLUDES]
# Read common prefixes. If any customizations available -- read them from
# common.local
#before = common.conf
[Definition]
#_daemon = asterisk
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>\S+)
# Values: TEXT
#
failregex = NOTICE.* .*: Registration from '.*' failed for '<HOST>' - Wrong password
NOTICE.* .*: Registration from '.*' failed for '<HOST>' - No matching peer found
NOTICE.* .*: Registration from '.*' failed for '<HOST>' - Username/auth name mismatch
NOTICE.* .*: Registration from '.*' failed for '<HOST>' - Device does not match ACL
NOTICE.* .*: Registration from '.*' failed for '<HOST>' - Peer is not supposed to register
NOTICE.* <HOST> failed to authenticate as '.*'$
NOTICE.* .*: No registration for peer '.*' \(from <HOST>\)
NOTICE.* .*: Host <HOST> failed MD5 authentication for '.*' (.*)
NOTICE.* .*: Failed to authenticate user .*@<HOST>.*
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
EOF |
Next we are going to add some lines to the jail.conf file that tells fail2ban what log files to monitor and what action to take when the required text is detected. This includes sending an alert e-mail so you may want to change 'root' to your e-mail address. It also includes the length of time the IP address is blocked for in seconds. Here we have it set to 3 days, you may want to modify this -
cat >> /etc/fail2ban/jail.conf <<-EOF
[asterisk-iptables]
enabled = true
filter = asterisk
action = iptables-allports[name=ASTERISK, protocol=all]
sendmail-whois[name=ASTERISK, dest=root, sender=fail2ban@example.org]
logpath = /var/log/asterisk/full
maxretry = 5
bantime = 259200
EOF |
Fail2ban needs the date in the Asterisk log files written in a specific format. To do this we can add a line to the 'General' section of the Asterisk logger configuration file. If you already have a 'General' section in there you will just want to add the line manually rather than running the command below -
cat >> /etc/asterisk/logger.conf <<-EOF [general] dateformat=%F %T EOF asterisk -rx "logger reload" |
Finally we want to fire up fail2ban and set it to start at boot time -
service fail2ban start chkconfig fail2ban on |
One final thing you may want to do is 'whitelist' your own IP address/s. You can do this by adding them to the ignoreip line in the jail.conf file. Here's a couple of lines to do it automatically, just change the IP address here for your own IP address -
sed -i 's/ignoreip = /ignoreip = 123.123.123.123 /' /etc/fail2ban/jail.conf service fail2ban restart |
rpm -e --nodeps c-ares
rpm -e --nodeps sipsak
yum install sipsak
yum install c-ares
http://sysadminman.net/blog/2009/hacking-and-securing-your-asterisk-server-592
http://blogs.digium.com/2009/03/28/sip-security/
http://particio.com/~kovzol/kotta/doku.php?id=tegyuek_biztonsagossa_az_asterisket
A különböző VOIP szolgáltatók ajánlatainak öszehasonlítását itt olvashatjuk.
Trixbox hangolása Hyper-V környezetben
/etc/asterisk/sip_general_additional.conf
...
session-timers=refuse
https://gist.github.com/justincampbell/1461697
http://forums.whirlpool.net.au/archive/1953138
http://www.smartvox.co.uk/astfaq_configbehindnat.htm
http://www.freepbx.org/support/documentation/howtos/how-to-use-callgroups-and-pickgroups
http://forums.digium.com/viewtopic.php?p=152714
Segít abban, hogy ha nincs vonalbontás, akkor automatikusan befejeződhessen a hangposta:
voicemail.conf
maxsilence=10
silencethreshold=256