How To Install Iptables Firewall In CentOS 7 Linux

Are you used to the classic iptables firewall and want to kill firewalld? Well there’s still hope for you yet! Here we will show you how to stop and disable the default firewalld firewall and instead install and configure iptables in CentOS 7 Linux.

It’s worth noting that iptables and firewalld are mutually exclusive, only one should be running at any one time. Therefore, if we wish to use either firewalld or iptables we should ensure that the opposite service is completely stopped, disabled, and masked so that it will not interfere.

Disable Firewalld

By default in CentOS 7 Linux, the firewalld firewall will be configured to start up automatically during boot. As we can only run either firewalld or iptables at any one time, we will first disable firewalld.

[root@centos7 ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.

This disables firewalld from starting automatically on system boot, however it does not stop the current running instance of firewalld from running, so we do that next.

[root@centos7 ~]# systemctl stop firewalld

While firewalld will no longer start automatically at boot and is not currently running, it can still be started manually by command line. To prevent this, we mask the service as shown below.

[root@centos7 ~]# systemctl mask firewalld
Created symlink from /etc/systemd/system/firewalld.service to /dev/null.

We are now ready to install and configure iptables.

Enable Iptables

In my default installation of CentOS 7 I already have the iptables package installed which can be used to run the iptables command, however we also need to install iptables-services in order to have iptables start automatically on system boot.

[root@centos7 ~]# yum install iptables-services -y

We will now check the status of iptables, as shown below after a clean install it will not be currently running and will be set to disabled, that is it will not start automatically on system boot.

[root@centos7 ~]# systemctl status iptables
iptables.service - IPv4 firewall with iptables
   Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled; vendor preset: disabled)
   Active: inactive (dead)

After the installation is complete, we will configure iptables to start automatically on system boot.

[root@centos7 ~]# systemctl enable iptables
Created symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service.

Next we will start iptables, activating the firewall.

[root@centos7 ~]# systemctl start iptables

Now if we check the status of iptables, we should see that it is both actively running, and enabled to start on system boot.

[root@centos7 ~]# systemctl status iptables
iptables.service - IPv4 firewall with iptables
   Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor preset: disabled)
   Active: active (exited) since Tue 2016-12-27 02:54:27 PST; 1min 52s ago
  Process: 44351 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS)
 Main PID: 44351 (code=exited, status=0/SUCCESS)

Dec 27 02:54:27 localhost.localdomain systemd[1]: Starting IPv4 firewall with iptables...
Dec 27 02:54:27 localhost.localdomain iptables.init[44351]: iptables: Applying firewall rules: [  OK  ]
Dec 27 02:54:27 localhost.localdomain systemd[1]: Started IPv4 firewall with iptables.

You can now configure the iptables firewall as usual by modifying the /etc/sysconfig/iptables file. We can confirm this is the correct file to use by using the rpm -qc command against the iptables-services package that we installed earlier, as this will list all default configuration files associated with the package.

[root@centos7 ~]# rpm -qc iptables-services
/etc/sysconfig/ip6tables
/etc/sysconfig/iptables

Note that you will also need to start and enable ip6tables for IPv6, as iptables only supports IPv4. Likewise IPv6 specific firewall configuration should be set within the /etc/sysconfig/ip6tables file.
Each of these files contains default configuration to allow TCP port 22 in from any source IP address, so you don’t have to worry about locking yourself out of SSH access during the configuration.
If you make any changes to either of these files, be sure to restart iptables to apply the changes.

[root@centos7 ~]# systemctl restart iptables

Summary

We have shown you how to easily disable firewalld in CentOS 7 Linux and instead install and configure the classic iptables firewall. Note that iptables is considered deprecated in CentOS 7, so going forward it’s probably worth taking the time to learn how to use firewalld.

Read more »

Hướng dẫn cài đặt nhanh gateway DAG1000-4S

Dinstar gateway DAG1000-4S là sản phẩm cho phép chuyển tiếp giữa mạng PSTN với mạng VoIP, đồng thời hỗ trợ tín hiệu fax tốt và thưởng sử dụng cho giải pháp kết nối 2 tổng đài Panasonic hoặc tổng đài Analog khác. Do đó, Chúng tôi hướng dẫn cài đặt nhanh gateway DAG1000-4S tới quý khách hàng.

Ở bài viết này để quý khách hàng cài đặt gateway DAG1000-4S, giới thiệu tổng quan về sản phẩm.
Dòng gateway DAG1000-4FXS là dòng sản phẩm phù hợp cho các doanh nghiệp vừa và nhỏ.
- Giao tiếp mạng: 10/ 100 BASE-TX.
- 1 cổng WAN, 3 cổng LAN.
- Chức năng: Cho phép 2 cuộc gọi đồng thời, gọi điện giữa hai văn phòng thông qua đường truyền ADSL miễn phí.
- Gọi điện thoại quốc tế bằng thẻ Internet Phone.
- Hoạt động theo chuẩn VoIP tiên tiến nhất sử dụng giao thức SIP.
- Giao diện: 4 FXS, T.38 FAX, RJ-11.
- Hỗ trợ: 2 RJ-45 10/ 100Mbps.
- Hỗ trợ chuẩn: G.711A/ U; G723.1; G.729A/ B; G.168.
- Nguồn điện: 220V AC.
- Công suất tiêu thụ: 15W.
- Kích thước: 242 x 152 x 40 mm.
- Trọng lượng: 1.1 kg.
1.Tổng quan về sản phẩm
1.1    Mặt trước của sản phẩm:

Thiết bị gateway hiển thị đèn LED khác nhau:
- PWR: tình trạng nguồn điện
- RUN: Tình trạng chạy
- 3-0: Chỉ trạng thái của các cổng FXS (S)
- LAN: Tình trạng kết nối với cổng LAN
- WAN: Tình trạng kết nối với cổng WAN
1.2.Mặt sau:

- DC12V: Jack cắm DC
- WAN: dùng để kết nối với mạng IP thông qua modem DSL hoặc cổng LAN
- LAN: kết nối mạng nội bộ qua cổng mạng LAN hoặc PC
- 0-3: Cổng FXS(S) kết nối với điện thoại đạt tiêu chuẩn hoặc máy FAX, một PBX.
- RST: nhấn nút reset để cài lại máy, bấm 7S để khôi phục cài đặt gốc(cài đặt cũ).
2. Phần cứng
2.1 Kết nối bộ chuyển đổi 12DVC thông qua jack 'DC 12V'

2.2 Kết nối cáp RJ-45 vào cổng WAN và đầu còn lại vào một router hoặc cổng LAN 

2.3 Thiết bị này vẫn chạy bình thường trong khi đèn LED nhấp nháy chậm
3. Nguyên tắc hoạt động cơ bản
Các cổng hỗ trợ hoạt động cơ bản thông qua bộ tiêu chuẩn điện thoại analog. Với một bộ điện thoại analog, người dùng có thể quay các mã tính năng để duy trì cửa ngõ của họ. Các mã tính năng liệt kê như sau:

	mã hoạt động
*158#	Kiểm tra địa chỉ IP cổng LAN
*159#	Kiểm tra địa chỉ IP cổng WAN
*114#	Kiểm tra cổng tài khoản
*115#	Kiểm tra nhóm tài khoản
*160*1 #	Kích hoạt tính năng truy cập Web thông qua cổng WAN
*165*000000 #	Khôi phục các giá trị mặc định của Web đăng nhập Username / Password và địa chỉ IP cổng WAN / LAN * 111 # Khởi động lại thiết bị
*166*00000 #	Khôi phục cài đặt mặc định

3. cấu hình gateway DAG1000-4S
- Đăng nhập vào gateway:
Mở trình duyệt trên máy tính và nhập địa chỉ IP mặc định của các cổng LAN: 192.168.11.1. Mặc định đầu vào Username và Password: "admin / admin"

- Cài đặt mạng
Click vào "Network -> Local Network", nhập vào địa chỉ IP cổng và máy chủ DNS địa chỉ WAN, nhấn "Save" để hoàn tất việc cấu hình.

- Cấu hình máy chủ SIP
Click vào "SIP Server", địa chỉ IP máy chủ SIP đầu vào hoặc tên miền, cổng SIP. sau đó bấm vào nút "Save" để hoàn tất việc cấu hình.

- Cấu hình cổng tài khoản
Click vào "Port -> Add", chi tiết tài khoản SIP đầu vào như tên hiển thị, Primary SIP User ID,Primary Authenticate ID and Primary Authenticate Password

Nhấn vào nút "Save" để hoàn tất việc cấu hình.

- Khởi động lại gateway
Khởi động lại gateway để thay đổi cấu hình có hiệu lực

Read more »

Hướng dẫn bấm hạt mạng âm tường

Read more »

Default passwords Elastix

GIT – Một số default passwords Elastix sau khi các bạn cài Elastix
Interface : Username / Password
Web Elastix : admin / palosanto ( admin / admin)
Tool freePBX : admin / admin
Tool FOP : admin / eLaStIx.2oo7
Tool A2Billing : admin / mypassword
MySQL : root / eLaStIx.2oo7
SugarCRM : admin / password
Avantfax : admin / password
asterisk admin / elastix456
vTiger admin / admin
Openfire : admin / ( password của bạn )
ARI : admin / password
Reset Elastix Password
Sử dụng command line :
Password reset : palosanto

sqlite3 /var/www/db/acl.db “update acl_user set md5_password=’7a5210c173ea40c03205a5de7dcd4cb0′ where id=1″​

Password reset : gocit

/usr/bin/sqlite3 /var/www/db/acl.db “UPDATE acl_user SET md5_password = ‘`echo -n gocit|md5sum|cut -d ‘ ‘ -f 1`’ WHERE name = ‘admin’”​

Read more »

ODBC Adaptive CDR is not working

1. nano /etc/asterisk/cdr_adaptive_odbc.conf
   [adaptive_connection]
   connection=asteriskcdrdb
   table=cdr
   alias start => calldate
2. Modified the /etc/odbc.ini to reflect
   [MySQL-asteriskcdrdb]
   Description=MySQL connection to 'asterisk' database
   driver=MySQL
   server=localhost
   database=asteriskcdrdb
   username=freepbx (user name and password from /etc/freepbx.conf)
   password=fpbx
   Port=3306
   Socket=/var/lib/mysql/mysql.sock
   option=3
3. module reload res_odbc.so
4. module reload cdr_adaptive_odbc.so
5. restart Asterisk

You can run below commands to confirm CDR, MySQL and ODBC connections:
cdr show status
module show cdr
module show mysql
odbc show

Read more »

Troubleshooting ODBC Module in Asterisk

Introduction

This article is to introduce troubleshooting steps for ODBC malfunction for Asterisk.

Description

We are resolving following error for ODBC Connection.

$ echo "select 1" | isql -v asterisk-connector [01000][unixODBC][Driver Manager]Can't open lib '/usr/lib64/libmyodbc5.so' : file not found [ISQL]ERROR: Could not SQLConnect

Methodology

Step # 1

Create a separate directory odbc/ in /usr/lib or /usr/lib64/ (as available):

$ mkdir /usr/lib64/odbc/

Step # 2

Download and Install latest MySQL Connector for ODBC with suitable for your OS:

$ wget http://mysql.mirrors.crysys.hit.bme.hu/Downloads/Connector-ODBC/5.3/mysql-connector-odbc-5.3.6-linux-el6-x86-64bit.tar.gz $ tar -zxvf mysql-connector-odbc-5.3.4-linux-el6-x86-64bit.tar.gz $ cd mysql-connector-odbc-5.3.4-linux-el6-x86-64bit $ ls lib/ libmyodbc5a.so  libmyodbc5S.so  libmyodbc5w.so $ cp lib/* /usr/lib64/odbc/

Step # 3

Create or Edit file /etc/odbcinst.ini to add following contents:

[MySQL] Description = ODBC Driver for MySQL Driver = /usr/lib64/odbc/libmyodbc5w.so Setup = /usr/lib64/odbc/libmyodbc5S.so FileUsage = 1

Step # 4

Create or Edit file /etc/odbc.ini with following contents:

[asterisk-connector] Description           = MySQL connection to 'asterisk' database Driver                = MySQL Database              = <database> Server                = localhost User                  = <user> Password              = <password> Port                  = 3306 Socket                = /var/lib/mysql/mysql.sock

Step # 5

Add following contents in /etc/asterisk/res_odbc.conf:

[asterisk] enabled => yes dsn => asterisk-connector username => <user> password => <password> pooling => no pre-connect => yes

Step # 6

Add your desired function in /etc/asterisk/func_odbc.conf file:

[FULLNAME] dsn=asterisk readsql=SELECT fullname FROM users WHERE extension=${ARG1}

Step # 7

Reload func_odbc.so module or restart asterisk:

Step # 8

Verifying OBDC Connection:

Terminal

To check odbc Connection in terimal

$ echo "select 1" | isql -v asterisk-connector +---------------------------------------+ | Connected!                            | |                                       | | sql-statement                         | | help [tablename]                      | | quit                                  | |                                       | +---------------------------------------+ SQL> select 1 +---------------------+ | 1                   | +---------------------+ | 1                   | +---------------------+ SQLRowCount returns 1 1 rows fetched

Asterisk CLI

To check ODBC Connection in Asterisk CLI:

CLI> odbc show   ODBC DSN Settings -----------------     Name:   asterisk   DSN:    asterisk-connector     Last connection attempt: 1970-01-01 05:00:00   Pooled: No   Connected: Yes   CLI> odbc read ODBC_FULLNAME "XXXX" exec fullname               ABC Returned 1 row.  Query executed on handle 0 [asterisk]

Share this on

Read more »

Install Elastix from USB Step by Step

Elastix is one of the best Open Source Unified Communications Servers available today, it is very easy to install but the installer is designed to be run from CDROM and we can make the installation in several devices that don´t have an optical drive.  This document will guide you to modify the installer so you can install entirely from an USB Flash drive.

Warning: The Server Security is a very important and serious aspect in a VoIP server, this guide will not cover that but there is plenty of information on that topic in the Internet. If you are looking for a professional installation contact me and I'll be glad to help you for a very reasonable price.

This guide was created using a PC with an unpartitioned hard disk, if your hard disk is already partitioned, formatted or has data you need to keep, you may need to adjust the settings for your configuration.  You may also lose the data in the disk. I assume no responsibility for data loss or hardware damage, if you decide to follow this guide, you do so at your own risk.

What you need:

Computer with hard drive
2GB or larger USB
Elastix ISO
UNetbootin (to create the bootable USB)

Let's start ...

1. Go to the Elastix Web Site and download the ISO, the stable version right now is 2.4.0, but this guide should work with the beta and alpha versions too (I hope). 

http://www.elastix.org/index.php/en/downloads/main-distro.html

2. Then get UNetbootin to make the USB bootable.

http://unetbootin.sourceforge.net/

3. Format the USB in FAT32.

4. Open UNetbootin,
        1. Select ImageDisc
        2. Click on the ... button and select the elastix iso you downloaded earlier
        3. Select your usb drive
        4 Click OK

UNetbootin will make the USB bootable and will extract the ISO files to the USB.

When UNetbootin finishes extracting just click on Exit, we don't need to reboot.

5. Now let's copy the Elastix ISO to the USB, even though UNetbootin extracted the ISO in the USB we also need the ISO in the USB.  When Anaconda (the linux installer) installs from hard drive it looks for the ISO.

6. We need to modify two files in the USB

Here we need to understand how Linux identifies the different drives we have in the computer, usually the first hard drive is SDA, the second is SDB and so on.  So if you are going to install Elastix to the first hard drive (and the only one) that would be SDA.  For Linux the USB will be another hard drive so it will identify it as SDB if there are no other hard drives in the PC.  If you have 2 hard drives, then the USB would be SDC.

Now that we understand the Linux hard drive naming, let's open the first file we need to modify:

I recommend you to use Notepad++ to modify the files, sometimes windows notepad does not handle Linux files very good. You can get it here: http://notepad-plus-plus.org/ 

Open the file syslinux.cfg with Notepad++, the file is in the root of the USB.

Look for this line, in my file is line 9, but it may change:

append initrd=/ubninit ks=cdrom:/ks_default.cfg ramdisk_size=8192

and change it to:

append initrd=/ubninit ks=hd:sdb1:/ks_default.cfg ramdisk_size=8192

The original line instructs the Linux installer to look for the configuration file in the CDROM, we changed that to make it look for the file in a hard drive (SDB1), the 1 at the end is the partition, sdb1 is the second hard drive's first partition. If you have more than one hard drive you would have to modify the line. As we only have one hard drive (sda) the usb is the second hard drive (sdb),  if you have 2 hard drives then the USB would be the third hard drive (sdc).

That is all for the first file, save it and close it.

Now let's look for the file ks_default.cfg in the USB root and open it with Notepad++

Look for this lines:

#Use CDROM installation media
cdrom

and change it to:

#Use CDROM installation media
#cdrom

we comment the cdrom line because we are not going to install from cdrom.

Now append this line after the CDROM section

ignoredisk --drives=sdb

This line tells the Linux Installer to ignore the USB as a target for installation, we won't install to the USB we are going to install to the hard drive.

Now look for this line, is right below:

#System bootloader configuration
bootloader --location=mbr 

and change it to:

#System bootloader configuration
bootloader --location=mbr --driveorder=sda,sdb

This change is very important, it tells the Linux installer that the computer boots first from sda (the hard drive), so it installs the bootloader there. If you miss this change, the linux installer will install the bootloader in the USB, so you would only be able to boot Elastix if the USB is connected.

That's it for the second file, save it and close it.

7. We are ready to start the installation.  Plug in the USB drive in the computer and turn it on. As we only have one unpartitioned hard drive, the PC should boot directly from the USB.  If it doesn't, load the computer boot menu and select the USB to boot.

8. You should see the screen below, just hit Enter to continue.

9. Select your installation language and hit enter to continue. 

10. Select the keyboard layout and hit enter to continue.

11. In the next screen select Hard Drive and enter to continue.

12. Now, if you are using the same configuration as me (one unpartitioned hard drive), you should get only one choice here /dev/sdb1 (arrow 1) which is the USB, if your hard drive already have partitions or you have more than one hard drive you will probably get a list here.  You should select the USB, usually it is the last one in the list.

If you copied the Elastix ISO to the USB root just leave the directory blank (arrow 2), if you copied it to a directory, specify it there and the click OK to continue.

13. If your hard disk was unpartitioned you will get a warning that the installer will overwrite all the data, just select yes to continue.

14. Now in the partition type screen, select the first option and make sure the hard drive in which you plan to install Elastix is selected, then select OK to continue.

15. You are going to see another warning about losing all your data in the hard drive, this is the last on, so make sure the data in the hard drive (if any) can be deleted. select Yes to continue.

16. If you want to modify the installer suggested disk layout you can do so in this screen, usually we would not need to change it, so click no to continue.

17.  In the 4 following screens, configure the NIC parameters according to your current network, select YES to continue.

The data in the previous screens is just an example, fill the data with your own network info.


18. Select a Hostname, and fill it in this screen.

19. Now select you current time zone, leave the option "System clock uses UTC" unchecked as some versions of FreePbx don't handle UTC very well.

20.  Select a strong root password and write it down or memorize it, it is not easy to recover it if you lose it.

21. The installer will now format the hard drive and copy all the files needed, this step could take 10 minutes or more depending on the hardware you have.

22.  After the file copy is complete, the computer will reboot, make sure you have the hard drive as the first boot device in the bios.  Elastix should boot from the hard drive and you should see a screen like this.

23. In the first boot Elastix will ask for 2 passwords, first Mysql password, as a regular user, this password is not used very often, but if you are going to need access to the databases to make special applications you will need it, so better write it down.

Then the admin password, this is a very important password, it is the one you will use to enter to the web interface to configure your server, make sure it is a complex password and to write it down.

24. And that's it,  you now have Elastix installed without the need of a CDROM drive !!!.

I hope this guide is useful for you.

Thanks for reading, and leave comments !!!.

Henry.

Read more »