Moderators: gerski, enjay, williamconley, Op3r, Staydog, gardo, mflorell, MJCoate, mcargile, Kumba, Michael_N
williamconley wrote:Step By Step!
http://www.viciwiki.com/index.php/DGG
If your name is "Kumba" or "The Vicidial Group" you are free to copy and incorporate this without any residuals or "mention" of PoundTeam. Anyone else: Attribution-ShareAlike 3.0 Unported License: http://creativecommons.org/licenses/by-sa/3.0/us/
covarrubiasgg wrote:Answering my own question. Those instructions doesn't completely work with Vicibox 7, but pretty much you can google the errors and work it around. Main issue i have encounter right now is the different configuration between apache 2.2 and apache 2.4
I will let you know if i get it running with vicibox 7
covarrubiasgg wrote:port 113 is no longer blocked by default
...
This is the patch file
http://pastebin.com/5sDjyuUA
...
BTW, i used the DomeDan approach with curl to a multiple server setup, is there a better solution for this?
DomeDan wrote:Was helping ruben23 out with how to use DGG in a multiserver setup where you need to access several external ip-addresses and came up with a solution I would like to share.
With this change you need to login once on one server only
You will need to install DGG on the other servers the master server will access phpmysqlezedit/goodguys.php page on the other servers
on the "master"-server you add a few lines to the secret file on port 81
just above the line "header("Location: http://$locationbase/agc/vicidial.php?r ... phone_pass");"
- Code: Select all
$url = 'http://NEXT_SERVER_IN_CLUSTER.LOCAL/phpmysqlezedit/goodguys.php?access=SECRET-STRING-TO-ACCESS-DGG-ADMIN&action=savenew';
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, "name=$VD_login&ip=$add&temporary=Y");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
curl_close($ch);
Change
NEXT_SERVER_IN_CLUSTER.LOCAL
to the IP or domain-name to the next server in the cluster,
if you got more servers just add all the rows a second time with the other server IP or domain-name
and change
SECRET-STRING-TO-ACCESS-DGG-ADMIN
to the secret access string to DGG admin you get when you install DGG
Custom Rules (Back in yast firewall)
For adding CLIENT IP addresses and ranges ONLY those you intend to modify with ssh in the future. Leave this blank if you want to modify all allowed IPs via Dynamic Good Guys.
Dynamic Good Guys is ONLY for single IP addresses. This custom rules method can add IP ranges with appropriate subnet mask notation (such as "182.55.12.0/24")
ls: cannot access /proc/net/xt_recent/GOOD: No such file or directory
iptables-save | grep GOOD
-A input_ext -m recent --rcheck --name GOOD --mask 255.255.255.255 --rsource -j ACCEPT
cd /usr/src/poundteam/dgg
svn up
ln -s /srv/www/htdocs/agc/bp.pl /srv/www/lockdown/bp.pl
ll /srv/www/lockdown/*.php
cp /usr/src/poundteam/dgg/lockdown.php /srv/www/lockdown/XXXXXXXXXXXXXXXXXXXXXXXXXXXX.php
ichigo wrote:Good day everyone..
I followed all the steps in DGG, when am here in this part
ls /proc/net/xt_recent/GOOD -l
i've got this error
ls: cannot access /proc/net/xt_recent/GOOD: No such file or directory
did i miss something.
dspaan wrote:Thanks found it and got it working
So if i want do this on a cluster i'll have to buy the pound team addon?
Will adding an IP also open up port 4569 for IAX2?
natewerks wrote:Hi all. Did this question about "Will adding an IP also open up port 4569 for IAX2?" get answered? If not how do we ensure each agents ip and IAX2 port can be added with DGG?dspaan wrote:Thanks found it and got it working
So if i want do this on a cluster i'll have to buy the pound team addon?
Will adding an IP also open up port 4569 for IAX2?
alo wrote:my only concern is sometimes we ping the server from out of the office to see if we are having internet issues. is it crucial to turn off ping?
alo wrote:Not sure what the other two are port 113 and ICMP sourcequench, but are they safe to turn off without losing any features like voicemail emailing and etc?
alo wrote:And lastly, we often are instructed to keep ports 10000-20000 UDP open for our Carriers media since some carriers just handle the sip signaling and the media could be coming from anywhere! could we use a rule like ESTABLISHED to allow this traffic instead of keeping the ports open or does that already happen by itself and we can close them too and just open port 81 tcp?
Allow Apache to add "Good Guys"
echo "options ipt_recent ip_list_perms=0777" > /etc/modprobe.d/90-ipt_recent.conf
this will create a new file (/etc/modprobe.d/90-ipt_recent.conf) with the line "options ipt_recent ip_list_perms=0777" in it.
OpenSuSE: Used to make /proc/net/xt_recent/GOOD modifiable by all users instead of just root
iptables-save
ls /proc/net/xt_recent/GOOD -l
If apache does not restart, check here for two or more entries at the bottom. (There should only be one instance of each entry, no dupes!)
nano /etc/apache2/listen.conf
Users browsing this forum: Google [Bot] and 105 guests