Re: [asterisk-users] Asterisk/Realtime and MySQL
Hi thanks for your answer, i put that don't work, but it's a error, that work. But Asterisk crash when i use my second extensions table, i don't know why (limitation of number of line ?) I don't have the answer actually ;=) bye Jerome Le 01/10/2010 11:07, Захаров Антон a écrit : [ivr_holiday] switch = Realtime/ivr_holid...@extensions where 'ivr_holidays' is context and 'extensions' is table On 01.10.2010 12:52, Phibee Network Operation Center wrote: Hi i am not a expert on Asterisk and search a lot of small information : I use Asterisk 1.6.1.4 with MySQL. That's work and in my extension.conf, i have: [as5300-incoming] switch = Realtime and in extconfig.conf extensions = mysql,general,VOIP_Extensions A lot of Extension are into the table VOIP_Extensions. I am search to know if i can add a : [beta-incoming] switch = Realtime but not use the table VOIP_Extensions but VOIP_Extensions_Beta Anyone know if it's possible ? (use two table for extension) Thanks Jerome SCHEVINGT -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] RE : Re: differential billing
Stop advertising. Le 26 sept. 2010 09:46, Faisal Hanif fai...@vopium.com a écrit : Hi Abdul-Basit, If you need only different intervals of billing you can easily do it using any AGI as we are doing it in Perl AGIs using post call billing. But if you need realtime billing then the most stable and flexible option is to use FastAGI+ AMI. I have tested it in JAVA and it worked for me up to a load 100 calls. It may work more but I haven't tested it. Asterisk and Billing-Server was running on separate machines. For further help you can call me (as you know my number :P). Regards, Faisal Hanif -- _ -- Bandwidth and Colocation Pr... -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] debian/dahdi/zaphfc - Unable to receive TEI fromnetwork!
Tzafrir Cohen wrote: On Fri, Oct 01, 2010 at 01:49:48PM +0100, Andrew Thomas wrote: What happens if you change to: signalling=bri_cpe_ptp It's bri_cp , not bri_cpe_ptp . yes, bri_cpe, for p2p mode, that's what my last failure report was using (the bri_cpe vs bri_cpe_ptmp inconsistency hurts a little, but lets keep that for later). Note that I disconnected the phone that's sharing the S0-bus with the HFC while doing this, for good measure. Anyway, I understand this was just a test to help diagnose the problem rather than a hint at a potential misconfiguration, as I'm pretty sure my line is in p2mp mode; the ISDN phone happily shared the S0 with the asterisk box for years. To narrow down the source, I then put a new hdd (w/ squeeze on it) in the original machine and put the HFC back in, in the slot it used to be. Everything behaves exactly as reported in my initial mail, including the warn_slowpath_common warning (I still don't know what to think of it); this should discard machine/HFC incompatibility as the cause. The interrupt is shared in this machine, but my etch/bristuff/ast1.2 was happy about that, so that's not the point, unless this newer driver has enhanced requirements. However, the card is fine. To confirm this, I removed all dahdi stuff, loaded debian stock hfcpci module and mISDN_dsp, built mISDNuser from git and I can see incoming and outgoing call setups (from/to the phone on the shared S0 bus) with misdn_log: # tools/misdn_log mISDN kernel version 1.01.21 found mISDN user version 1.01.21 found 1 controller found id: 0 Dprotocols: 0006 Bprotocols: 006e protocol: 0 channelmap: 0006 nrbchan:2 name: hfc-pci.1 log bind ch(1) return -1 log bind error Invalid argument log bind ch(0) return 0 0 [censored packets flow...] # dmesg | grep --relevant [7.517932] hfcpci :01:02.0: enabling device ( - 0003) [7.517960] hfcpci :01:02.0: PCI INT A - Link[LNKB] - GSI 9 (level, low) - IRQ 9 [7.517972] mISDN_hfcpci: found adapter CCD/Billion/Asuscom 2BD0 at :01:02.0 [7.517981] mISDN: HFC-PCI driver 2.0 [7.518131] HFC-PCI: defined at mem 0xd8d66800 fifo 0xd73d8000(0x173d8000) IRQ 9 HZ 250 [7.558468] HFC 1 cards installed ... [ 59.173173] DSP modul 2.0 [ 59.173190] mISDN_dsp: DSP clocks every 64 samples. This equals 2 jiffies. [ 81.010222] base_sock_release(d748e340) sk=d6b9b600 [ 106.181034] base_sock_release(d748e340) sk=d6b9b600 [ 106.181093] connect_layer1: ret -22 (dev 0) [ 106.181192] init_card: entered [ 106.181222] reset_hfcpci: entered [ 106.181229] HFC_PCI: resetting HFC ChipId(30) [ 106.181241] HFC-PCI status(4) before reset [ 106.184031] HFC-PCI status(2) after reset [ 106.184031] HFC-PCI status(4) after 5us [ 106.184031] inithfcpci: entered [ 106.268053] HFC PCI: IRQ 9 count 33 [ 106.268067] connect_layer1: ret 0 (dev 0) subsequent launches of misdn_log will log this: [ 1047.287483] base_sock_release(d7421a00) sk=d6b9ba00 [ 1047.287542] connect_layer1: ret -22 (dev 0) [ 1047.287642] connect_layer1: ret 0 (dev 0) I haven't yet configured misdn properly, but I can issue calls with misdntestlayer3, so the card seems to behave well enough with misdn to get a TEI and make a call. I'm not that much thrilled by ISDN these days, I mostly want to get back to a working setup. But since I've battled with this for a few days, if a few more days are needed to help debug what appears to be a problem with vzaphfc (?), I can spend some time. That is, if you care to provide test scenarios and/or test/instrumented code. Tell me if this needs to be moved off (this) list... jabber would be fine, if you say so. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] minimum card for dahdi timing source ?
Hi All, for a vicidial server which uses only voip, which is the minimum telephony card which would provide the required clock timing source for conferences to work properly ? Maybe the Digium TDM410PLF card without any daughter card would do the job ? Thank you very much for supporting. Have a nice week-end, Mike -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] minimum card for dahdi timing source ?
On 10/2/10 11:24 AM, mancyb...@gmail.com wrote: for a vicidial server which uses only voip, which is the minimum telephony card which would provide the required clock timing source for conferences to work properly ? My recommendation would be to use DAHDI 2.4.0 Just having DAHDI loaded is enough to provide timing / mix conferences without any other configuration (i.e., no need to load dahdi_dummy). If your server can keep accurate wall time, then it will be able to provide adequate timing / mixing for VOIP. -- Shaun Ruffell Digium, Inc. | Linux Kernel Developer 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA Check us out at: www.digium.com www.asterisk.org -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] minimum card for dahdi timing source ?
On Sat, Oct 02, 2010 at 06:24:24PM +0200, mancyb...@gmail.com wrote: for a vicidial server which uses only voip, which is the minimum telephony card which would provide the required clock timing source for conferences to work properly ? Can't speak for vicidial, but MeetMe() works fine for me with asterisk 1.4 and ztdummy. I would assume 1.6 with dahdi works similarly... R -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] minimum card for dahdi timing source ?
Good news, very well. Thank you very much and have a nice day, Mike On Sat, 02 Oct 2010 11:38:49 -0500 Shaun Ruffell sruff...@digium.com wrote: On 10/2/10 11:24 AM, mancyb...@gmail.com wrote: for a vicidial server which uses only voip, which is the minimum telephony card which would provide the required clock timing source for conferences to work properly ? My recommendation would be to use DAHDI 2.4.0 Just having DAHDI loaded is enough to provide timing / mix conferences without any other configuration (i.e., no need to load dahdi_dummy). If your server can keep accurate wall time, then it will be able to provide adequate timing / mixing for VOIP. -- Shaun Ruffell Digium, Inc. | Linux Kernel Developer 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA Check us out at: www.digium.com www.asterisk.org -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Security - Using Linksys PAP2T from outside with a dynamic IP is there anyway to block all other traffic but those of the PAP2T?
Hi Everyone I think PAP2T supports DynDNS and other Dynamic DNS providers. I have a box that needs to be secured at all times. Currently it's not connected to the internet. If it were connected, I would have iptables block any and all traffic from outside but I want a single device - Linksys PAP2T - to be able to connect back to the server. That is a stand alone device and doesn't support VPN and I don't have the luxury of putting a VPN client on the PAP2T side to connect back to the server. Is there any way I can DynDNS on the PAP2T to somehow notify the Asterisk Server that it's a safe device coming in? I do use fail2ban but that is not what I am looking for at this moment. And since the IP is dynamic on the PAP2T, I can't just use the iptables to let it in as it might change all a sudden. Thanks -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Security - Using Linksys PAP2T from outside with a dynamic IP is there anyway to block all other traffic but those of the PAP2T?
On 10/02/2010 02:56 PM, bruce bruce wrote: Hi Everyone I think PAP2T supports DynDNS and other Dynamic DNS providers. I have a box that needs to be secured at all times. Currently it's not connected to the internet. If it were connected, I would have iptables block any and all traffic from outside but I want a single device - Linksys PAP2T - to be able to connect back to the server. That is a stand alone device and doesn't support VPN and I don't have the luxury of putting a VPN client on the PAP2T side to connect back to the server. Is there any way I can DynDNS on the PAP2T to somehow notify the Asterisk Server that it's a safe device coming in? I do use fail2ban but that is not what I am looking for at this moment. And since the IP is dynamic on the PAP2T, I can't just use the iptables to let it in as it might change all a sudden. Thanks do the dyndns on whatever router is in front of the pap2t or get some other box that supports it. other than that you are looking for some sort of magic bullet -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Attempts to hack Asterisk - What do these lines means
Hi Everyone, Like always, here are IPs from China that try to hack an Asterisk server. Can someone please explain what is happening or what the hacker is trying to reach: 02/10/2010 11:10 SIP/113.105.152.51-00fb sip sip sip s ANSWERED 13 02/10/2010 11:10 SIP/113.105.152.51-00fe sip sip sip s ANSWERED 13 02/10/2010 11:10 SIP/113.105.152.51-00fc sip sip sip s ANSWERED 13 02/10/2010 11:10 SIP/113.105.152.51-00fd sip sip sip s ANSWERED 13 02/10/2010 11:10 SIP/113.105.152.51-00ff sip sip sip s ANSWERED 13 02/10/2010 11:10 SIP/113.105.152.51-0100 sip sip sip s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-0101 sip sip sip s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-0102 sip sip sip s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-0103 sip sip sip s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-0104 sip sip sip s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-0105 sip sip sip s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-0106 sip sip sip s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-0107 sip sip sip s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-0108 sip sip sip s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-0109 sip sip sip s ANSWERED 13 Thanks -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] debian/dahdi/zaphfc - Unable to receive TEI from network!
Hello, I have exactly the same problem. I also tried: - Linux Kernel 2.6.32, 2.6.34, 2.6.35 - A fresh Debian Squeeze installation - Other Hardware I also get the slowpath warning as soon as I load the zaphfc kernel module. Here some more information (immediately after starting Asterisk): r...@debian:/# asterisk -rv Asterisk 1.6.2.9-2, Copyright (C) 1999 - 2010 Digium, Inc. and others. Created by Mark Spencer marks...@digium.com Asterisk comes with ABSOLUTELY NO WARRANTY; type 'core show warranty' for details. This is free software, with components licensed under the GNU General Public License version 2 and other licenses; you are welcome to redistribute it under certain conditions. Type 'core show license' for details. = == Parsing '/etc/asterisk/asterisk.conf': == Found == Parsing '/etc/asterisk/extconfig.conf': == Found Connected to Asterisk 1.6.2.9-2 currently running on debian (pid = 10833) Verbosity was 0 and is now 9 debian*CLI pri set debug 2 span 1 Enabled debugging on span 1 1 Sending TEI management message 1, TEI=127 1 TEI: 0 State 2 1 V(S) 0 V(A) 0 V(R) 0 1 K 1, RC 0, l3initiated 0, reject_except 0 ack_pend 0 1 T200 0, N200 3, T203 0 1 1 [ fc ff 03 0f 07 c5 01 ff ] 1 1 Unnumbered frame: 1 SAPI: 63 C/R: 0 EA: 0 1 TEI: 127EA: 1 1M3: 0 P/F: 0 M2: 0 11: 3 [ UI (unnumbered information) ] 1 5 bytes of data 1 MDL Message: TEI Identity Request (1) 1 RI: 1989 1 Ai: 127 E:1 1 Sending TEI management message 1, TEI=127 1 TEI: 0 State 2 1 V(S) 0 V(A) 0 V(R) 0 1 K 1, RC 0, l3initiated 0, reject_except 0 ack_pend 0 1 T200 0, N200 3, T203 0 1 1 [ fc ff 03 0f 21 6d 01 ff ] 1 1 Unnumbered frame: 1 SAPI: 63 C/R: 0 EA: 0 1 TEI: 127EA: 1 1M3: 0 P/F: 0 M2: 0 11: 3 [ UI (unnumbered information) ] 1 5 bytes of data 1 MDL Message: TEI Identity Request (1) 1 RI: 8557 1 Ai: 127 E:1 [Oct 2 17:17:36] ERROR[10870]: chan_dahdi.c:12393 dahdi_pri_error: 1 Unable to receive TEI from network! debian*CLI -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Attempts to hack Asterisk - What do these lines means
Seems like anonymous SIP calls which end up in from-sip-external context with a dead end. This is usually how hackers start their hack attempts. Zeeshan A Zakaria -- www.ilovetovoip.com On 2010-10-02 3:05 PM, bruce bruce bruceb...@gmail.com wrote: Hi Everyone, Like always, here are IPs from China that try to hack an Asterisk server. Can someone please explain what is happening or what the hacker is trying to reach: 02/10/2010 11:10 SIP/113.105.152.51-00fb sip sip sip s ANSWERED 13 02/10/2010 11:10 SIP/113.105.152.51-00fe sip sip sip s ANSWERED 13 02/10/2010 11:10 SIP/113.105.152.51-00fc sip sip sip s ANSWERED 13 02/10/2010 11:10 SIP/113.105.152.51-00fd sip sip sip s ANSWERED 13 02/10/2010 11:10 SIP/113.105.152.51-00ff sip sip sip s ANSWERED 13 02/10/2010 11:10 SIP/113.105.152.51-0100 sip sip sip s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-0101 sip sip sip s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-0102 sip sip sip s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-0103 sip sip sip s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-0104 sip sip sip s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-0105 sip sip sip s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-0106 sip sip sip s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-0107 sip sip sip s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-0108 sip sip sip s ANSWERED 13 02/10/2010 11:17 SIP/222.73.204.198-0109 sip sip sip s ANSWERED 13 Thanks -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Security - Using Linksys PAP2T from outside with a dynamic IP is there anyway to block all other traffic but those of the PAP2T?
Hi, Can you please explain the DynDNS part. How would I put that in my Asterisk server as an identified party? Usually it comes to me with IP address (dynamic). Or do add something like this in sip_nat.conf: externip=mybox.dyndns.org localnet=192.168.0.0/255.255.255.0 ??? Thansk again, On Sat, Oct 2, 2010 at 2:59 PM, jon pounder j...@inline.net wrote: On 10/02/2010 02:56 PM, bruce bruce wrote: Hi Everyone I think PAP2T supports DynDNS and other Dynamic DNS providers. I have a box that needs to be secured at all times. Currently it's not connected to the internet. If it were connected, I would have iptables block any and all traffic from outside but I want a single device - Linksys PAP2T - to be able to connect back to the server. That is a stand alone device and doesn't support VPN and I don't have the luxury of putting a VPN client on the PAP2T side to connect back to the server. Is there any way I can DynDNS on the PAP2T to somehow notify the Asterisk Server that it's a safe device coming in? I do use fail2ban but that is not what I am looking for at this moment. And since the IP is dynamic on the PAP2T, I can't just use the iptables to let it in as it might change all a sudden. Thanks do the dyndns on whatever router is in front of the pap2t or get some other box that supports it. other than that you are looking for some sort of magic bullet -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Security - Using Linksys PAP2T from outside with a dynamic IP is there anyway to block all other traffic but those of the PAP2T?
On 10/02/2010 03:31 PM, bruce bruce wrote: Hi, Can you please explain the DynDNS part. How would I put that in my Asterisk server as an identified party? Usually it comes to me with IP address (dynamic). Or do add something like this in sip_nat.conf: externip=mybox.dyndns.org http://mybox.dyndns.org localnet=192.168.0.0/255.255.255.0 http://192.168.0.0/255.255.255.0 every time the address changes you have to have some script to make the change in your firewall. ??? Thansk again, On Sat, Oct 2, 2010 at 2:59 PM, jon pounder j...@inline.net mailto:j...@inline.net wrote: On 10/02/2010 02:56 PM, bruce bruce wrote: Hi Everyone I think PAP2T supports DynDNS and other Dynamic DNS providers. I have a box that needs to be secured at all times. Currently it's not connected to the internet. If it were connected, I would have iptables block any and all traffic from outside but I want a single device - Linksys PAP2T - to be able to connect back to the server. That is a stand alone device and doesn't support VPN and I don't have the luxury of putting a VPN client on the PAP2T side to connect back to the server. Is there any way I can DynDNS on the PAP2T to somehow notify the Asterisk Server that it's a safe device coming in? I do use fail2ban but that is not what I am looking for at this moment. And since the IP is dynamic on the PAP2T, I can't just use the iptables to let it in as it might change all a sudden. Thanks do the dyndns on whatever router is in front of the pap2t or get some other box that supports it. other than that you are looking for some sort of magic bullet -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Security - Using Linksys PAP2T from outside with a dynamic IP is there anyway to block all other traffic but those of the PAP2T?
I was confusing the asterisk server side of sip_nat with the PAP2T. So, PAP2T can only register to DynDNS and that's all. What sort of a script would I be looking for? something to query DynDNS for the new IP of the device to add to firewall? This might however bring down time if inquiry is not successful. Or can I setup my own Dyndns server on the Asterisk server and have those PAP2T units registered to it and then work it from there when their IPs change? Thanks On Sat, Oct 2, 2010 at 3:32 PM, jon pounder j...@inline.net wrote: On 10/02/2010 03:31 PM, bruce bruce wrote: Hi, Can you please explain the DynDNS part. How would I put that in my Asterisk server as an identified party? Usually it comes to me with IP address (dynamic). Or do add something like this in sip_nat.conf: externip=mybox.dyndns.org localnet=192.168.0.0/255.255.255.0 every time the address changes you have to have some script to make the change in your firewall. ??? Thansk again, On Sat, Oct 2, 2010 at 2:59 PM, jon pounder j...@inline.net wrote: On 10/02/2010 02:56 PM, bruce bruce wrote: Hi Everyone I think PAP2T supports DynDNS and other Dynamic DNS providers. I have a box that needs to be secured at all times. Currently it's not connected to the internet. If it were connected, I would have iptables block any and all traffic from outside but I want a single device - Linksys PAP2T - to be able to connect back to the server. That is a stand alone device and doesn't support VPN and I don't have the luxury of putting a VPN client on the PAP2T side to connect back to the server. Is there any way I can DynDNS on the PAP2T to somehow notify the Asterisk Server that it's a safe device coming in? I do use fail2ban but that is not what I am looking for at this moment. And since the IP is dynamic on the PAP2T, I can't just use the iptables to let it in as it might change all a sudden. Thanks do the dyndns on whatever router is in front of the pap2t or get some other box that supports it. other than that you are looking for some sort of magic bullet -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Security - Using Linksys PAP2T from outside with a dynamic IP is there anyway to block all other traffic but those of the PAP2T?
Can't I in my ip tables just accept the pap2t.dyndns.org if that is bind to the PAP2T? do you think the devices comes in with it's external IP rather than the dyndns domain? Thanks On Sat, Oct 2, 2010 at 3:43 PM, bruce bruce bruceb...@gmail.com wrote: I was confusing the asterisk server side of sip_nat with the PAP2T. So, PAP2T can only register to DynDNS and that's all. What sort of a script would I be looking for? something to query DynDNS for the new IP of the device to add to firewall? This might however bring down time if inquiry is not successful. Or can I setup my own Dyndns server on the Asterisk server and have those PAP2T units registered to it and then work it from there when their IPs change? Thanks On Sat, Oct 2, 2010 at 3:32 PM, jon pounder j...@inline.net wrote: On 10/02/2010 03:31 PM, bruce bruce wrote: Hi, Can you please explain the DynDNS part. How would I put that in my Asterisk server as an identified party? Usually it comes to me with IP address (dynamic). Or do add something like this in sip_nat.conf: externip=mybox.dyndns.org localnet=192.168.0.0/255.255.255.0 every time the address changes you have to have some script to make the change in your firewall. ??? Thansk again, On Sat, Oct 2, 2010 at 2:59 PM, jon pounder j...@inline.net wrote: On 10/02/2010 02:56 PM, bruce bruce wrote: Hi Everyone I think PAP2T supports DynDNS and other Dynamic DNS providers. I have a box that needs to be secured at all times. Currently it's not connected to the internet. If it were connected, I would have iptables block any and all traffic from outside but I want a single device - Linksys PAP2T - to be able to connect back to the server. That is a stand alone device and doesn't support VPN and I don't have the luxury of putting a VPN client on the PAP2T side to connect back to the server. Is there any way I can DynDNS on the PAP2T to somehow notify the Asterisk Server that it's a safe device coming in? I do use fail2ban but that is not what I am looking for at this moment. And since the IP is dynamic on the PAP2T, I can't just use the iptables to let it in as it might change all a sudden. Thanks do the dyndns on whatever router is in front of the pap2t or get some other box that supports it. other than that you are looking for some sort of magic bullet -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Security - Using Linksys PAP2T from outside with a dynamic IP is there anyway to block all other traffic but those of the PAP2T?
On Sat, Oct 02, 2010 at 04:09:33PM -0400, bruce bruce wrote: Can't I in my ip tables just accept the pap2t.dyndns.org if that is bind to the PAP2T? do you think the devices comes in with it's external IP rather than the dyndns domain? Yes. An IP datagram carries only the source and destination IP addresses, not the DNS names associated with them. Your firewall _may_ be able to accept a DNS name to block or allow rather than an IP address, but most don't, and doing so makes you vulnerable to DNS spoofing attacks. To go further would be thoroughly off-topic for this list. Roger -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Security - Using Linksys PAP2T from outside with a dynamic IP is there anyway to block all other traffic but those of the PAP2T?
On 10/02/2010 04:09 PM, bruce bruce wrote: Can't I in my ip tables just accept the pap2t.dyndns.org http://pap2t.dyndns.org if that is bind to the PAP2T? do you think the devices comes in with it's external IP rather than the dyndns domain? Thanks On Sat, Oct 2, 2010 at 3:43 PM, bruce bruce bruceb...@gmail.com mailto:bruceb...@gmail.com wrote: I was confusing the asterisk server side of sip_nat with the PAP2T. So, PAP2T can only register to DynDNS and that's all. What sort of a script would I be looking for? something to query DynDNS for the new IP of the device to add to firewall? This might however bring down time if inquiry is not successful. Or can I setup my own Dyndns server on the Asterisk server and have those PAP2T units registered to it and then work it from there when their IPs change? Thanks On Sat, Oct 2, 2010 at 3:32 PM, jon pounder j...@inline.net mailto:j...@inline.net wrote: On 10/02/2010 03:31 PM, bruce bruce wrote: Hi, Can you please explain the DynDNS part. How would I put that in my Asterisk server as an identified party? Usually it comes to me with IP address (dynamic). Or do add something like this in sip_nat.conf: externip=mybox.dyndns.org http://mybox.dyndns.org localnet=192.168.0.0/255.255.255.0 http://192.168.0.0/255.255.255.0 every time the address changes you have to have some script to make the change in your firewall. ??? Thansk again, On Sat, Oct 2, 2010 at 2:59 PM, jon pounder j...@inline.net mailto:j...@inline.net wrote: On 10/02/2010 02:56 PM, bruce bruce wrote: Hi Everyone I think PAP2T supports DynDNS and other Dynamic DNS providers. I have a box that needs to be secured at all times. Currently it's not connected to the internet. If it were connected, I would have iptables block any and all traffic from outside but I want a single device - Linksys PAP2T - to be able to connect back to the server. That is a stand alone device and doesn't support VPN and I don't have the luxury of putting a VPN client on the PAP2T side to connect back to the server. Is there any way I can DynDNS on the PAP2T to somehow notify the Asterisk Server that it's a safe device coming in? I do use fail2ban but that is not what I am looking for at this moment. And since the IP is dynamic on the PAP2T, I can't just use the iptables to let it in as it might change all a sudden. Thanks do the dyndns on whatever router is in front of the pap2t or get some other box that supports it. other than that you are looking for some sort of magic bullet -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users I'm puzzled. Do you want the pap2t to connect directly to the internet? If so, then what does this have to do with asterisk or your box? If you want the pap2t to be connected to asterisk on your box, then the box has two interfaces. One is internal and open to a static address on pap2t, the other on the internet and subject to iptables. You can port forward to the pap2t. Or am I missing something? sean -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Security - Using Linksys PAP2T from outside with a dynamic IP is there anyway to block all other traffic but those of the PAP2T?
Yeah, you are missing all :-) Sorry, read the thread again. On Sat, Oct 2, 2010 at 5:05 PM, sean darcy seandar...@gmail.com wrote: On 10/02/2010 04:09 PM, bruce bruce wrote: Can't I in my ip tables just accept the pap2t.dyndns.org http://pap2t.dyndns.org if that is bind to the PAP2T? do you think the devices comes in with it's external IP rather than the dyndns domain? Thanks On Sat, Oct 2, 2010 at 3:43 PM, bruce bruce bruceb...@gmail.com mailto:bruceb...@gmail.com wrote: I was confusing the asterisk server side of sip_nat with the PAP2T. So, PAP2T can only register to DynDNS and that's all. What sort of a script would I be looking for? something to query DynDNS for the new IP of the device to add to firewall? This might however bring down time if inquiry is not successful. Or can I setup my own Dyndns server on the Asterisk server and have those PAP2T units registered to it and then work it from there when their IPs change? Thanks On Sat, Oct 2, 2010 at 3:32 PM, jon pounder j...@inline.net mailto:j...@inline.net wrote: On 10/02/2010 03:31 PM, bruce bruce wrote: Hi, Can you please explain the DynDNS part. How would I put that in my Asterisk server as an identified party? Usually it comes to me with IP address (dynamic). Or do add something like this in sip_nat.conf: externip=mybox.dyndns.org http://mybox.dyndns.org localnet=192.168.0.0/255.255.255.0 http://192.168.0.0/255.255.255.0 every time the address changes you have to have some script to make the change in your firewall. ??? Thansk again, On Sat, Oct 2, 2010 at 2:59 PM, jon pounder j...@inline.net mailto:j...@inline.net wrote: On 10/02/2010 02:56 PM, bruce bruce wrote: Hi Everyone I think PAP2T supports DynDNS and other Dynamic DNS providers. I have a box that needs to be secured at all times. Currently it's not connected to the internet. If it were connected, I would have iptables block any and all traffic from outside but I want a single device - Linksys PAP2T - to be able to connect back to the server. That is a stand alone device and doesn't support VPN and I don't have the luxury of putting a VPN client on the PAP2T side to connect back to the server. Is there any way I can DynDNS on the PAP2T to somehow notify the Asterisk Server that it's a safe device coming in? I do use fail2ban but that is not what I am looking for at this moment. And since the IP is dynamic on the PAP2T, I can't just use the iptables to let it in as it might change all a sudden. Thanks do the dyndns on whatever router is in front of the pap2t or get some other box that supports it. other than that you are looking for some sort of magic bullet -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users I'm puzzled. Do you want the pap2t to connect directly to the internet? If so, then what does this have to do with asterisk or your box? If you want the pap2t to be connected to asterisk on your box, then the box has two interfaces. One is internal and open to a static address on pap2t, the other on the internet and subject to iptables. You can port forward to the pap2t. Or am I missing something? sean -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs:
Re: [asterisk-users] Security - Using Linksys PAP2T from outside with a dynamic IP is there anyway to block all other traffic but those of the PAP2T?
Thanks Roger. I will be trying this box to see what I can do. Otherwise, I'd probably have to find a list of all of the Rogers (The ISP providing internet to these boxes) IPs to at least limit the attacks to Rogers ISP. hmmm Or maybe secure is using DNS like this: sdlfjds...@$523k4j98sd7fkjh324#@$832.dyndns.org isn't that a security feature in itself? Thanks On Sat, Oct 2, 2010 at 4:32 PM, Roger Burton West ro...@firedrake.orgwrote: On Sat, Oct 02, 2010 at 04:09:33PM -0400, bruce bruce wrote: Can't I in my ip tables just accept the pap2t.dyndns.org if that is bind to the PAP2T? do you think the devices comes in with it's external IP rather than the dyndns domain? Yes. An IP datagram carries only the source and destination IP addresses, not the DNS names associated with them. Your firewall _may_ be able to accept a DNS name to block or allow rather than an IP address, but most don't, and doing so makes you vulnerable to DNS spoofing attacks. To go further would be thoroughly off-topic for this list. Roger -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Security - Using Linksys PAP2T from outside with a dynamic IP is there anyway to block all other traffic but those of the PAP2T?
On Sat, Oct 2, 2010 at 4:37 PM, bruce bruce bruceb...@gmail.com wrote: Thanks Roger. I will be trying this box to see what I can do. Otherwise, I'd probably have to find a list of all of the Rogers (The ISP providing internet to these boxes) IPs to at least limit the attacks to Rogers ISP. hmmm Or maybe secure is using DNS like this: sdlfjds...@$523k4j98sd7fkjh324#@$832.dyndns.org isn't that a security feature in itself? Thanks On Sat, Oct 2, 2010 at 4:32 PM, Roger Burton West ro...@firedrake.orgwrote: On Sat, Oct 02, 2010 at 04:09:33PM -0400, bruce bruce wrote: Can't I in my ip tables just accept the pap2t.dyndns.org if that is bind to the PAP2T? do you think the devices comes in with it's external IP rather than the dyndns domain? Yes. An IP datagram carries only the source and destination IP addresses, not the DNS names associated with them. Your firewall _may_ be able to accept a DNS name to block or allow rather than an IP address, but most don't, and doing so makes you vulnerable to DNS spoofing attacks. To go further would be thoroughly off-topic for this list. Roger -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users You're not going to be able to put a dns hostname in the iptables, but you could have a script that runs at times and gets the ip address for your dynamic hostname and allows that. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Security - Using Linksys PAP2T from outside with a dynamic IP is there anyway to block all other traffic but those of the PAP2T?
On Sat, 2 Oct 2010 14:56:11 -0400, bruce bruce wrote Hi Everyone I think PAP2T supports DynDNS and other Dynamic DNS providers. I have a box that needs to be secured at all times. Currently it's not connected to the internet. If it were connected, I would have iptables block any and all traffic from outside but I want a single device - Linksys PAP2T - to be able to connect back to the server. That is a stand alone device and doesn't support VPN and I don't have the luxury of putting a VPN client on the PAP2T side to connect back to the server. Is there any way I can DynDNS on the PAP2T to somehow notify the Asterisk Server that it's a safe device coming in? I do use fail2ban but that is not what I am looking for at this moment. And since the IP is dynamic on the PAP2T, I can't just use the iptables to let it in as it might change all a sudden. The PAP2T does not include DynDns (or any other dynamic DNS client) support. Mostly because it really does not need to. Asterisk gets the IP address of the PAP2T when it registers so it does not need anything else to find it. If you are unwilling or unable to open/expose the necessary ports to the Internet then there is no way for the PAP2T to communicate with your Asterisk server. Maybe you could have a SIP proxy on the outside on a static IP and then allow that Proxy to relay the PAP2T into your network? -- Carlos Chavez Director de Tecnología Telecomunicaciones Abiertas de México S.A. de C.V. Tel: +52-55-91169161 Ext 2001 -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
