Tutorial to install centos (32bits) and asterisk (暫時沒有中文版)

ckleea

Since some members are unable to have a good installation, I would like to demonstrate how to install the centos base server, tools, and various libraries for the setup of asterisk 1.8.7

I use AsteriskNOW and VM for demonstration

AsteriskNOW can be obtained from here
http://www.asterisk.org/asterisknow/

AsteriskNOW is based on Centos 5.5

Asterisk source codes can be obtained from here
http://www.asterisk.org/downloads

However, if you wish to use centos 5.7, you can get it from http://www.centos.org

I do not recommend to use rpm packages of asterisk as it may not be flexible enough for the installation. Source code compilation allows most customizations.

ckleea

Using VMplayer to install a virtual machine for Centos is very easy and fast

下載 (49.23 KB)

2011-9-18 15:31

Just answer a few question on DVD location and default user name and password. No need for disk partitioning and concern on the grub boot loader installation location

下載 (243.38 KB)

2011-9-18 15:32

However, you can see I have installed just a few libraries that are not enough for asterisk

下載 (7.74 KB)

2011-9-18 15:32

I then upgrade to Centos 5.7 by typing "yum update"

After reboot, you are in Centos 5.7

Next command is

yum groupinstall "Administration Tools" "Development Tools"  "MySQL Database" "Server Configuration Tools" "Web Server"

ckleea

1. cd /usr/src
   
2. mkdir asterisk
   
3. mkdir asterisk/libpri
   
4. mkdir asterisk/dahdi
   
5. mkdir asterisk/asterisk
   
6. touch asterisk.setup
   
7. chmod a+x asterisk.setup
   
8. sh asterisk.setup

複製代碼

content of asterisk.setup is those from thread 2 of

http://www.telecom-cafe.com/foru ... &extra=page%3D1

ckleea

my asterisk.setup is attached
asterisk.zip (1.79 KB)

下載次數: 816

2011-9-18 16:09

The asterisk menuconfig has the followings

下載 (149.92 KB)

2011-9-18 16:20

下載 (6.74 KB)

2011-9-18 16:20

下載 (156.37 KB)

2011-9-18 16:20

下載 (8.22 KB)

2011-9-18 16:20

下載 (151.39 KB)

2011-9-18 16:20

下載 (7.17 KB)

2011-9-18 16:20

下載 (154.22 KB)

2011-9-18 16:20

下載 (7.61 KB)

2011-9-18 16:20

Once finished, asterisk is already running.

ckleea

下載 (10.72 KB)

2011-9-18 16:24

下載 (4.71 KB)

2011-9-18 17:53

Next is add iLBC and allows GUI login

下載 (72.32 KB)

2011-9-18 18:27

Also need a proper iptables for internal firewall and configure mysql to support the server operation.

ckleea

My iptables for sharing:

It contains more than enough for just asterisk server

1. # Generated by iptables-save v1.3.5 on Mon Jun  1 14:41:23 2009
   
2. *nat
   
3. :PREROUTING ACCEPT [29034:9190017]
   
4. :POSTROUTING ACCEPT [921:114583]
   
5. :OUTPUT ACCEPT [961:123933]
   
6. -A PREROUTING -p tcp -m tcp --sport 1025 --dport 25 -j ACCEPT
   
7. -A PREROUTING -p tcp -m tcp --sport 2025 --dport 25 -j ACCEPT
   
8. -A POSTROUTING -s 192.168.122.0/255.255.255.0 -j MASQUERADE
   
9. COMMIT
   
10. # Completed on Mon Jun  1 14:41:23 2009
    
11. # Generated by iptables-save v1.3.5 on Mon Jun  1 14:41:23 2009
    
12. *mangle
    
13. :PREROUTING ACCEPT [33130:10337712]
    
14. :INPUT ACCEPT [4470:1128718]
    
15. :FORWARD ACCEPT [0:0]
    
16. :OUTPUT ACCEPT [6253:1042386]
    
17. :POSTROUTING ACCEPT [6488:1091750]
    
18. COMMIT
    
19. # Completed on Mon Jun  1 14:41:23 2009
    
20. # Generated by iptables-save v1.3.5 on Mon Jun  1 14:41:23 2009
    
21. *filter
    
22. :FORWARD ACCEPT [0:0]
    
23. :INPUT ACCEPT [0:0]
    
24. :RH-Firewall-1-INPUT - [0:0]
    
25. :OUTPUT ACCEPT [0:0]
    
26. -A INPUT -p udp -m udp -i virbr0 --dport 53 -j ACCEPT
    
27. -A INPUT -p tcp -m tcp -i virbr0 --dport 53 -j ACCEPT
    
28. -A INPUT -p udp -m udp -i virbr0 --dport 67 -j ACCEPT
    
29. -A INPUT -p tcp -m tcp -i virbr0 --dport 67 -j ACCEPT
    
30. -A INPUT -j RH-Firewall-1-INPUT
    
31. -A FORWARD -m state -d 192.168.122.0/255.255.255.0 -o virbr0 --state RELATED,ESTABLISHED -j ACCEPT
    
32. -A FORWARD -s 192.168.122.0/255.255.255.0 -i virbr0 -j ACCEPT
    
33. -A FORWARD -i virbr0 -o virbr0 -j ACCEPT
    
34. -A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
    
35. -A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
    
36. -A FORWARD -j RH-Firewall-1-INPUT
    
37. -A RH-Firewall-1-INPUT -i lo -j ACCEPT
    
38. -A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
    
39. -A RH-Firewall-1-INPUT -p esp -j ACCEPT
    
40. -A RH-Firewall-1-INPUT -p ah -j ACCEPT
    
41. -A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    
42. -A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 143 --state NEW -j ACCEPT
    
43. -A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 25 --state NEW -j ACCEPT
    
44. -A RH-Firewall-1-INPUT -p tcp -m tcp -m state -m recent --dport 25 --state NEW  --set --name DEFAULT --rsource
    
45. -A RH-Firewall-1-INPUT -p tcp -m tcp -m state -m recent --dport 25 --state NEW -j DROP  --update --seconds 60 --hitcount 10 --name DEFAULT --rsource
    
46. -A RH-Firewall-1-INPUT -p tcp -m state -m tcp --dport 80 --state NEW -j ACCEPT
    
47. -A RH-Firewall-1-INPUT -p tcp -m state -m tcp --dport 21 --state NEW -j ACCEPT
    
48. -A RH-Firewall-1-INPUT -p tcp -m tcp -m state -s 192.168.118.0/255.255.255.0 --dport 22 --state NEW -j ACCEPT
    
49. -A RH-Firewall-1-INPUT -p tcp -m tcp -m state -s 192.168.115.0/255.255.255.0 --dport 22 --state NEW -j ACCEPT
    
50. -A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 389 --state NEW -j ACCEPT
    
51. -A RH-Firewall-1-INPUT -p udp -m udp -m state --dport 389 --state NEW -j ACCEPT
    
52. -A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 110 --state NEW -j ACCEPT
    
53. -A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 587 --state NEW -j ACCEPT
    
54. -A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 443:465 --state NEW -j ACCEPT
    
55. -A RH-Firewall-1-INPUT -p udp -m udp -m state --dport 631 --state NEW -j ACCEPT
    
56. -A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 631 --state NEW -j ACCEPT
    
57. -A RH-Firewall-1-INPUT -p udp -m udp -m state --dport 137:138 --state NEW -j ACCEPT
    
58. -A RH-Firewall-1-INPUT -p udp -m udp -m state --dport 783 --state NEW -j ACCEPT
    
59. -A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 783 --state NEW -j ACCEPT
    
60. -A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 139 --state NEW -j ACCEPT
    
61. -A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 993:995 --state NEW -j ACCEPT
    
62. -A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 7 --state NEW -j ACCEPT
    
63. -A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 53 --state NEW -j ACCEPT
    
64. -A RH-Firewall-1-INPUT -p udp -m udp -m state --dport 53 --state NEW -j ACCEPT
    
65. -A RH-Firewall-1-INPUT -p udp -m udp -m state --dport 123 --state NEW -j ACCEPT
    
66. -A RH-Firewall-1-INPUT -p udp -m udp -m state --dport 161 --state NEW -j ACCEPT
    
67. -A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 3310 --state NEW -j ACCEPT
    
68. -A RH-Firewall-1-INPUT -p udp -m udp -m state --dport 67:69 --state NEW -j ACCEPT
    
69. -A RH-Firewall-1-INPUT -p udp -m udp -m state --dport 177 --state NEW -j ACCEPT
    
70. -A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 1900 --state NEW -j ACCEPT
    
71. -A RH-Firewall-1-INPUT -p udp -m udp -m state --dport 1900 --state NEW -j ACCEPT
    
72. -A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 2812 --state NEW -j ACCEPT
    
73. -A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 3306 --state NEW -j ACCEPT
    
74. -A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 3389 --state NEW -j ACCEPT
    
75. -A RH-Firewall-1-INPUT -p udp -m udp -m state --dport 5432 --state NEW -j ACCEPT
    
76. -A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 5222 --state NEW -j ACCEPT
    
77. -A RH-Firewall-1-INPUT -p udp -m udp -m state --dport 4569 --state NEW -j ACCEPT
    
78. -A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 5800:5910 --state NEW -j ACCEPT
    
79. -A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 8000:8189 --state NEW -j ACCEPT
    
80. -A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 10000:10031 --state NEW -j ACCEPT
    
81. -A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 30000:31999 --state NEW -j ACCEPT
    
82. -A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 49200:49200 --state NEW -j ACCEPT
    
83. -A RH-Firewall-1-INPUT -p udp -m udp -m state --dport 49200:49200 --state NEW -j ACCEPT
    
84. -A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 1220 --state NEW -j ACCEPT
    
85. -A RH-Firewall-1-INPUT -p udp -m udp -m state --dport 1220 --state NEW -j ACCEPT
    
86. -A RH-Firewall-1-INPUT -p udp -m udp -m state --dport 1900 --state NEW -j ACCEPT
    
87. -A RH-Firewall-1-INPUT -p udp -m udp -m state --dport 2727 --state NEW -j ACCEPT
    
88. -A RH-Firewall-1-INPUT -p udp -m udp -m state --dport 5036:5096 --state NEW -j ACCEPT
    
89. -A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 5038 --state NEW -j ACCEPT
    
90. -A RH-Firewall-1-INPUT -p udp -m udp -m state --dport 10000:20000 --state NEW -j ACCEPT
    
91. -A RH-Firewall-1-INPUT -p udp -m udp -m state --dport 25060 --state NEW -j ACCEPT
    
92. -A RH-Firewall-1-INPUT -p udp -m udp -m state --dport 35060 --state NEW -j ACCEPT
    
93. -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
    
94. COMMIT
    
95. # Completed on Mon Jun  1 14:41:23 2009

複製代碼

Also a table for the router ban addresses from hackers IP

下載 (44.71 KB)

2011-9-18 17:53

ckleea

install webmin from http://www.webmin.com

service webmin start
chkconfig webmin on

Go into the webmin to disable some of the unnecessary services

下載 (38.2 KB)

2011-9-18 18:14

then fail2ban

1. wget http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
   
2. rpm -Uvh epel-release-5-4.noarch.rpm
   
3. yum install fail2ban
   
4. chkconfig fail2ban on
   
5. service fail2ban start

複製代碼

Please note that this fail2ban package is linked to shorewall. Shorewall is a software firewall in linux, similar to iptables. It can conflicts with iptables. For better compatibility, please refer to http://www.fail2ban.org/wiki/index.php/Main_Page for installation and setup.

At this point, the basic asterisk server is now completed. Just edit the /etc/asterisk/sip.conf; extensions.conf; iax.conf; etc to get your ippbx running

ckleea

reserved ###7

ckleea

reserved ###8

ckleea

reserved ###9

ckleea

reserved ###10

Qnewbie

Thanks, Ckleea C-hing!

Another concern is the security threats. Maybe some simple defence mechanics should be involved in the tutorial or a new post.

ckleea

回復 12# Qnewbie


    I will add iptables and fail2ban for the basics. Router firewall setup can be post up but depends on your router capability to have this

ckleea

Let me to do some more tutorials for installation of x windows desktop, vnc, ssh, vnc over ssh, plus other like wine later.

角色

Many thanks.

It would be much helpful for those have few experience of X Windows.


YH