fast sftp 
Friday, September 5, 2008, 12:15 - Network, Security
Posted by Administrator
sftp -o Ciphers=blowfish-cbc USER@HOST

[ view entry ] ( 759 views )   |  print article
find PCs in a network 
Thursday, June 5, 2008, 10:51 - Network, Programming
Posted by Administrator
for i in $(seq 2 254); do ping -c 1 192.168.0.$i | grep -q rtt && echo "found 192.168.0.$i"; done

[ view entry ] ( 814 views )   |  print article
isdn dialin syncppp 
Thursday, April 10, 2008, 10:07 - Network
Posted by Administrator
apt-get install isdnutils-base

because ippp0 sets a default route we change to ippp1:

mv /etc/isdn/device.ippp0 /etc/isdn/device.ippp1
mv /etc/isdn/ipppd.ippp0 /etc/isdn/ipppd.ippp1

/etc/isdn/device.ippp1 (remove '# REMOVE'):
LOCALMSN='XXXXX'
REMOTEMSN=
isdnctrl ihup ${device} on
isdnctrl secure ${device} off

/etc/isdn/ipppd.ippp1 (remove '# REMOVE'):
debug
name YYYYY

/etc/ppp/chap-secrets:
# client server secret IP addresses
YYYYY HOSTNAME PASSWORD ""


[ view entry ] ( 750 views )   |  print article
Linksys SPA-3102 call throu PSTN / Call Forward no answer (CFNA) 
Thursday, March 13, 2008, 15:05 - Network
Posted by Administrator
I will make calls from my phone to PSTN and with dial extension "#9" to my voip account.

This is done with following dialplan "(xx.<:@gw0>|<#9,:>xx.)"

If a call from PSTN is not answered within 20 sec the call should be redirected via voip (see CFNA Solution).

Because my SPA-3102 is behind a firewall i use it as a bridge.

Firewall



modprobe ip_conntrack_sip ports=9060; modprobe ip_nat_sip
iptables -A FORWARD -p udp --dport 9060 -m state --state NEW,ESTABLISHED -j ACCEPT

With this settings i don't need "NAT Keep Alive" and Register every 3600 sec (1 hour) is ok.

Usually udp connectiontracking has a timeout of 180 sec, but ip_conntrack_sip reads the sip content and set the timeout (3600).

My Settings



WAN

Connection Type: DHCP
Enable WAN Web Server: yes

Lan Setup

Networking Service: Bridge
Enable DHCP Server: no

SIP

RFC 2543 Call Hold: no
RTP Port Min: 9000
RTP Port Max: 9059

Provisioning

Provision Enable: no
Upgrade Enable: no

Regional

Ring1 Cadence: 60(1/4)
Ring Waveform: Sinusoid
Ring Frequency: 50
Ring Voltage: 60
CWT Frequency: 420@-20
FXS Port Impedance: 270 + (750 || 150nF)
Caller ID Method: ETSI FSK
Caller ID FSK Standard: v.23

Line 1

Make Call Without Reg: Yes (if no network connected)
Proxy: 1.2.3.4:9060
User ID: sipuid
Password: xxxx
Preferred Codec: G729a
G7* Enable: no
Dial Plan: (xx.<:@gw0>|<#9,:>xx.)

PSTN Line

Make Call Without Reg: Yes
User ID: sipuid
Password: xxxx
Preferred Codec: G729a
G7* Enable: no
PSTN CID For VoIP CID: Yes
medium Min CPC Duration: 0.25
Disconnect Tone: 440@-30,440@-30;2(0.4/0.4/1+2)
FXO Port Impedance: 270 + (750 || 150nF)
On-Hook Speed: 3ms
Line-In-Use Voltage: 25
Current Limiting Enable: Yes
Ring Validation Time: 150 ms
Ring Indication Delay: 0
Ring Timeout: 650 ms

Without this "Ring Timings" after "PSTN Ring Timeout" the call to Line 1 got CANCELED also immediately the following call to VOIP (don't know why - saw it in traces to syslog).
With "PSTN Ring Timeout: 20" i also saw no cancel but that's a dirty workaround for me (better are a correct "Ring Timings").

Enable Traces



System

Syslog Server: 1.2.3.4
Debug Server: 1.2.3.4
Debug Level: 3

Line 1 / PSTN Line

SIP Debug Option: full

CFNA Solution 1:



User 1

Cfwd No Ans Dest: 12345678
Cfwd No Ans Delay: 20

PSTN Line

PSTN Answer Delay: 40 (20 sec Line 1 and 20 sec voip => after that forced hangup)

disable via phone with *93
enable via phone with *92[Number as dialed via dialplan(use #9 for voip)]

Drawback:
* after disabling with *93 the number is deleted
* enable with *92#9NUMBER (without #9 PSTN is used according to Dialplan (xx.<:@gw0>|<#9,:>xx.) it would be NUMBER@gw0)
* only G711 Codec supported (because PSTN calls Line 1 and then only G711 seams to be supported)


CFNA Solution 2:



PSTN Line

Dial Plan 8: (S0<:12345678@1.2.3.4:9060>)
PSTN Caller Default DP: 8
PSTN Answer Delay: 20


Drawback: you cannot dis/en-able via phone

CFNA Solution 3:



Use a local asterisk where you can connect sip clients rinnging at the same time when a call arrives on the SPA-3102

[ view entry ] ( 1185 views )   |  print article
secure rsync 
Sunday, November 25, 2007, 16:48 - Network, Security
Posted by Administrator
I want to rsync on my local-host via ssh from a remote host without a ssh enabled root account but full access to the whole filesystem.

local-host:
ssh-keygen -t rsa
copy ~/.ssh/id_dsa.pub to remote-host:/home/rsyncuser/.ssh/authorized_keys

rsync files with ssh:
rsync -vaHxr --numeric-ids --delete --rsync-path=rsync_wrapper.sh \
      -e "ssh -c arcfour -o Compression=no -x" \
      rsyncuser@remote-host:REMOTEDIR LOCALDIR

remote-host (source of files to rsync):
groupadd -g 3001 rsyncuser
useradd -u 3001 -g rsyncuser -s /bin/bash -m rsyncuser
/home/rsyncuser/.ssh/authorized_keys:
from="192.168.0.2,",command="/home/rsyncuser/validate-rsync.sh"
 ssh-dss 012345678...
limit access with from (optional).
On sucessfully ssh login command is executed.

/home/rsyncuser/validate-rsync.sh:
#!/bin/sh
case "$SSH_ORIGINAL_COMMAND" in
    *\&*)
        echo “Rejected”
        ;;
    *\;*)
        echo “Rejected”
        ;;
    *\(*)
        echo “Rejected”
        ;;
    *\{*)
        echo “Rejected”
        ;;
    *\<*)
        echo “Rejected”
        ;;
    *\`*)
        echo “Rejected”
        ;;
    rsync\ --server*)
        $SSH_ORIGINAL_COMMAND
        ;;
    *)
        echo "Rejected"
        ;;
esac
/usr/bin/rsync_wrapper.sh:
#!/bin/sh
/usr/bin/sudo /usr/bin/rsync "$@";
/etc/sudoers:
rsyncuser ALL = NOPASSWD: /usr/bin/rsync


[ view entry ] ( 831 views )   |  print article

<<First <Back | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | Next> Last>>