Sunday, October 21, 2007
Polaroid Life - Pinhole shots PART 2
the 2nd pinhole shot:
weather: sunny and 25 C
veiw: 20 seconds
dev.:120 seconds
scanner: Umax 1220p
the 3rd pinhole shot:
weather: sunny and 25 C
veiw: 18 seconds
dev.:120 seconds
scanner: Umax 1220p
PS: I tried to use my old scanner to transfer these two films to digital format. But the colour of digital files are obversely different to the original films. They become a bit over expose ( or light than original ones) . Perhaps, I need to buy a new photo scanner to do the better job.
Saturday, October 20, 2007
Polaroid Life - my first pinhole shot
This is my first try to use a pinhole camera with a Polaroid film back. fortunately, the image is quite good and the whole process is not so difficult as I thought before I took it. According to introductions for both Fujifilm FP-100c and pinhole 100, this shot spent about 20 seconds to take the view and 120 seconds to develop the photo.
more information about the pinhole camera:
http://www.doctor-and.com/
Sunday, September 30, 2007
FreeBSD - Installation of NanaBSD
1. Transcend industrial 1GB CF
2. CF to IDE card
3. A HDD
Installation:
1. install a new Freebsd 6.2 on the HDD
2. install needed software from ports
3. cd /usr/src/tools/tools/nanobsd
4. mkdir Pkg
5. build packages from installed software
pkg_create -Rb package_name.tgz
6. vi localfile
add following codes
==========================================================
#!/bin/sh -e
# save pointer to packages, there should be $src/Pkg directory
# with packages ready to install
src=$(dirname `realpath $0`)
pkgs="$src/Pkg"
# go to Nano world
cd "$NANO_WORLDDIR"
# start from the beginning
dirs="usr/local tmp/Pkg var/db/pkg"
rm -rf $dirs
mkdir $dirs
trap "umount $pkgs" SIGHUP SIGINT SIGTERM
mount_nullfs -o ro "$pkgs" tmp/Pkg
chroot "$NANO_WORLDDIR" sh -c "cd /tmp/Pkg && pkg_add -vF *"
umount "$pkgs"
rmdir tmp/Pkg
===========================================================
7. edit nanobsd.sh
add customized function
cust_JwW(){
sh /usr/src/tools/tools/nanobsd/localfile
}
8. add config file
vi mynano.conf
transcend 1g
customize_cmd cust_JwW
customize_cmd cust_nobeastie
9. edit FlashDevice.sub
# fdisk da0
******* Working on device /dev/da0 *******
parameters extracted from in-core disklabel are:
cylinders=1985 heads=16 sectors/track=63 (1008 blks/cyl)
ps: 1985x16x63x512 = 1024450560
add above codes in the end of transcend section
transcend 1g|1024m|1024mb)
case $a2 in
122|122mb)
NANO_MEDIASIZE=`expr 1024450560 / 512`
NANO_HEADS=16
NANO_SECTS=63
;;
10. build nanobsd
sh nanobsd.sh -c mynano.conf
11. install nanobsd to CF card
cd /usr/obj/nanobsd.full
dd if=_.disk.full of=/dev/ad0 bs=64k
12. finish. insert the CF to IDE card to the 1st IDE slot and set the CF to master
PS. be careful the device name, da0 or ad0 ad2....
Wednesday, August 08, 2007
Polaroid Life - New bags for Polaroid SLR680 & Sx70 Sonar
Bags for Polaroid SLR 680 and Sx70 Sonar. Unlike Sx70, it's quite hard to find a original leather bag/case for SLR680 or Sonar nowadays. It is a problem when I wanna carry a camera out to take photos. Searching the Internet, I found that there is a Japanese company, Porter, which sells some nice and special bags for 680 and sonar, however, I don't think it is worth to spend so much money on a bag. It is even expensive than buying a camera. Sometimes, there are some cameras sale with cases on Ebay. They might salved the problem but I don't need another camera. I used to use wrapping cloths, which are for camera lens, to protect and carry my SLR680 and sonar before buying these bags. Wrapping cloths are easy to use, but they are too small to wrap the entire camera, especially SLR680. In addition, I also need to spend time on pack and unpack the camera each time I wanna take a shoot or finish a shoot. I became lazier to take cameras out of bags. In last week, I found a seller who makes bags for customers on Yahoo's auction. I ordered two bags with gray and black in 25x10.5x3cm for both 680 and sonar. Have a look the photos, these two bags are perfectly matched with cameras. They are also have better look than original leather cases.
黑色與灰色
Friday, August 03, 2007
Polaroid Life - a new way to use 600 film on Sx70
I will try to translate my post into English from now. Just want to practise my English writing before I forget how to do it. If there is any mistake, please let me know.
Searching the Internet, you can find that there are two ways to use 600 film on the old Polaroid sx70. The first method is to use a "card"under cartridge. When you insert a 600 film into Sx70, putting a card under the cartridge. Then, before the cartridge is completely inserted, taking out the card and pushing the cartridge into the camera. The second way is to remove two bulges on the bottom of cartridge(see Photo1). Before you put a film into the camera, using a pincer or knife to cut off the bulges. These two methods are quite easy to use 600 films on Sx70. However, for a lazy man like me, both of them make shooting becoming inconvenient when I need to change cartridges. Therefore, I find a easier way to use 600 film. Unlike SLR680/690(see Photo3), there is a piece of steel to prevent using unmatched film on Sx70(see Photo2). It causes 600 films cannot be inserted into Sx70. At the beginning, I tried to cut off it, but I thought it might be used as a function. ( I don't know what kind of function it could be. to push up the cartridge?) So, I used a pincer to scrunch the steel to flat it(see Photo4). It is hard to explain it in English for me. Please have a look the picture below. Now, 6oo film can be easily and smoothly inserted into Sx70 without any problem.
Photo1:
Photo2:
Photo3:
Photo4:
Sunday, July 29, 2007
Polaroid Life - Test shoots by SLR 680 & SLR 680 SE
2. Using SLR 680 SE -1: 轉動中的電扇
3. Using SLR 680 SE -2: 吊娃娃(把國家搞爛了還一堆歪理,不吊著你逞罰一下怎麼可以)
3. Using SLR 680: 小壁虎
照片都是用GRD翻拍的,都是在P模式下不加閃光拍攝。顏色上看來最後一張好像是偏綠了,但是依照Polaroid的Q&A所寫:"If the film is too cold at the time of exposure, the image may have a blue tint. If the film is too hot, it may have a yellow tint. Fluorescent lighting can cause images to have a green tint."因此在室內日光燈下,這樣的表現應該算是正常的。第2,3張則是在下午時刻、室內未開燈的情況下拍攝,所拍的來的效果就有點偏暗,看起來也就比較黃一點。奇怪的是第一張,拍攝的時間就在第2,3張前幾分鐘,沒開閃光卻有著像是夜晚拍照開閃光燈的效果(被拍攝物過白,背景漆黑),也許是腳掌就直接曝曬在太陽光下所造成的現象。
New members of my Polaroid instant camera
Saturday, July 14, 2007
Polaroid Life - New skin for Model 3
這次的實驗機是大家都不喜歡的Polaroid sx-70 Model 3,也是我原本想賣卻賣不掉的機子,既然賣不掉就留著用囉,反正這也是唯一使用測距對焦的sx-70啊。新的外皮用的是上"Yahoo拍賣"買的汽機車裝 飾用的碳纖維(Carbon)貼紙,一般分為仿的貼紙(這種便宜,但是仔細看來是很假),另一種就是所謂的"正卡夢"貼紙了(我選的,這種比較厚也可以拿 來強化Model3 的塑膠外殼,但是一張黑色的50x30cm要價900新台幣)。
更新步驟: 很簡單就照網路上的去做就好,要注意的是網路上提供的外皮是依照一般機型去量的,也就是說Model 3還要自己再修正,不過差異不大。這次的剪裁上還有很多沒裁好的地方,就等下次再修正囉。下次要換的就是"跛腳的Polaroid 680"(一邊的轉軸斷了)。
PS: 忘了先拍下換皮前的樣子,也懶的拍過程,就看看換完後的樣子就好,順便留作紀念。
1. 閃光燈下的樣子,反光的樣子還不賴吧!
2. 未開閃光的正面,這樣比較清楚
3. 反面
4.開啟後
5.另一角度
Sunday, July 01, 2007
Polaroid Life - Modify my SX70 Land Camera & Model 3
以下便是改機後的測試照,在大太陽下似乎還是有點過曝,不過這是還沒有調整Ev值
的結果,往後再加上減光鏡或調整Ev值,應該能有不錯的表現。
PS: 感謝 Jackie 和 Joe 的幫忙!
Monday, June 11, 2007
Old Photo - Melton Hall@Jubilee Campus
對我來說,一切都很好。不僅用餐時能欣賞外面人工湖上的鳥類戲水,偶而還能看到躲在遠處張望的狐狸,很能享受沒課的空閒時。唯一的缺點就是被分配到了"印度區",週遭有一半以上的印度同學,對於他們的生活習慣我只能搖頭....實在是太髒了,並不是用手抓東西吃的原因,而是不太洗碗盤,只沖沖水就直接用了,又常常把東西放到發霉不丟,總之就是生活習慣很差,還好英國很少有蟑螂螞蟻的,不然就慘了。
Sunday, June 10, 2007
Old Photo - Library@Jubilee Campus
Saturday, June 09, 2007
GR Digital - Moai
Friday, June 08, 2007
GR Digital - 飛天豬 與 鱷魚蠋台
Thursday, June 07, 2007
GR Digital - Mr. Coffee VS. Starbucks coffee
Wednesday, June 06, 2007
GR Digital - 西班牙海鮮燴飯??
Tuesday, June 05, 2007
GR Digital - 街燈
Friday, June 01, 2007
GR Digital - Sherlock Holmes
Monday, May 21, 2007
Polaroid Life - Tower Bridge
Polaroid Life - Portobello Road Market
波特貝羅市集(Portobello Road Market),據說是目前世界上最大的市集,位於著名的Notting Hill,只有周六日才有攤販聚集, 其他時候因為攤販不多因此人潮也不如假日多.
這裡的建築物不知道是為了觀光還是啥原因,每棟的顏色都不同,同一段的顏色也不會重複.跟英國其他地方的建築比起來,雖然樣式上較樸素,但整體上卻活潑了不少.
說它是世界上最大的市集,到底有多大呢?我從早上10點到達後一直逛到下午2:30左右才離開, 其中後面1/5的市集因為人較少,我也沒去. 逛到後面很多店都是走馬看花,有很多重複的,但是仔細看也能發現不少每家攤販獨特的物品,喜歡逛這種混合著老舊與新穎物品市集的人,絕對不能錯過.
Sunday, May 20, 2007
Polaroid Life - Double-Decker bus
Polaroid Life - English Breakfast
Polaroid Life - Big Ben
Asterisk + Openser + Freeradius + Mysql (3)
14. Firewall
vi /etc/sysconfig/iptables
add:
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 5070 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 7890 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 35000:65000 -j ACCEPT
# restart firewall
/etc/init.d/iptables restart
15. Automatically start on boot time
vi /etc/rc.d/rc.local
add:
/usr/local/bin/rtpproxy -l x.x.x.x -s udp:localhost:7890
/usr/local/sbin/radiusd
/usr/local/sbin/openser start
PS: Asterisk was set to start as demand by "make config"
16. Add users
/usr/local/sbin/openserctl add
add group
/usr/local/sbin/openserctl acl grant
ps users should be in "voicemail" group if they wanna the voicemail function
then add user data into /usr/local/etc/radda/users
restart Freeradius
17. Storage
voicemail will be saved in database ( asterisk -> voicemessages )
and /var/spool/asterisk/voicemail/default/XXXX < account no. also in root's mail ( /var/mail/root ) *reference: http://www.frontios.com/freeradius.html http://www.openser.org/docs/openser-radius-1.0.x.html http://www.voip-info.org/wiki/view/Realtime+Integration+Of+Asterisk+With+OpenSER http://www.openser.org/dokuwiki/doku.php/asterisk:realtime-integration
Asterisk + Openser + Freeradius + Mysql (2)
10. Radiusclient-ng configuration
vi clients.conf
add:
x.x.x.x testing123
localhost testing123
vi radiusclient.conf
edit:
authserver localhost <--- recommended! using x.x.x.x is slower and easy to fail
acctserver localhost <--- recommended! using 5x.x.x.x is slower and easy to fail
vi dictionary add: $INCLUDE /usr/local/etc/radiusclient-ng/dictionary.openser cp /usr/local/etc/openser/dictionary.radius /usr/local/etc/radiusclient-ng/dictionary.openser 11. Openser configuration dictionary.radius mv /usr/local/etc/openser/dictionary.radius /usr/local/etc/openser/dictionary.radius.bak vi /usr/local/etc/openser/dictionary.radius add: #### Attributes ### #ATTRIBUTE User-Name 1 string # RFC2865 #ATTRIBUTE Service-Type 6 integer # RFC2865 #ATTRIBUTE Called-Station-Id 30 string # RFC2865, acc #ATTRIBUTE Calling-Station-Id 31 string # RFC2865, acc #ATTRIBUTE Acct-Status-Type 40 integer # RFC2865, acc #ATTRIBUTE Acct-Session-Id 44 string # RFC2865, acc ATTRIBUTE Password 2 string ATTRIBUTE Sip-Method 101 integer # Schulzrinne, acc ATTRIBUTE Sip-Response-Code 102 integer # Schulzrinne, acc ATTRIBUTE Sip-Cseq 103 string # Schulzrinne, acc ATTRIBUTE Sip-To-Tag 104 string # Schulzrinne, acc ATTRIBUTE Sip-From-Tag 105 string # Schulzrinne, acc ATTRIBUTE Sip-Translated-Request-URI 107 string # Proprietary, acc ATTRIBUTE Sip-Src-IP 108 string # Proprietary, acc ATTRIBUTE Sip-Src-Port 109 string # Proprietary, acc ATTRIBUTE Digest-Response 206 string # Sterman, auth_radius ATTRIBUTE Sip-Uri-User 208 string # Proprietary, auth_radius ATTRIBUTE Sip-Group 211 string # Proprietary, group_radius ATTRIBUTE Sip-Rpid 213 string # Proprietary, auth_radius ATTRIBUTE SIP-AVP 225 string # Proprietary, avp_radius ATTRIBUTE Digest-Realm 1063 string # Sterman, auth_radius ATTRIBUTE Digest-Nonce 1064 string # Sterman, auth_radius ATTRIBUTE Digest-Method 1065 string # Sterman, auth_radius ATTRIBUTE Digest-URI 1066 string # Sterman, auth_radius ATTRIBUTE Digest-QOP 1067 string # Sterman, auth_radius ATTRIBUTE Digest-Algorithm 1068 string # Sterman, auth_radius ATTRIBUTE Digest-Body-Digest 1069 string # Sterman, auth_radius ATTRIBUTE Digest-CNonce 1070 string # Sterman, auth_radius ATTRIBUTE Digest-Nonce-Count 1071 string # Sterman, auth_radius ATTRIBUTE Digest-User-Name 1072 string # Sterman, auth_radius ATTRIBUTE Digest-User-Password 1073 string # by jww ### CISCO Vendor Specific Attributes ### #VENDOR Cisco 9 #ATTRIBUTE Cisco-AVPair 1 string Cisco # VSA, auth_radius ### Acct-Status-Type Values ### VALUE Acct-Status-Type Start 1 # RFC2866, acc VALUE Acct-Status-Type Stop 2 # RFC2866, acc VALUE Acct-Status-Type Failed 15 # RFC2866, acc ### Service-Type Values ### VALUE Service-Type Call-Check 10 # RFC2865, uri_radius VALUE Service-Type Group-Check 12 # Proprietary, group_radius VALUE Service-Type Sip-Session 15 # Schulzrinne, acc, auth_radius VALUE Service-Type SIP-Caller-AVPs 30 # Proprietary, avp_radius VALUE Service-Type SIP-Callee-AVPs 31 # Proprietary, avp_radius VALUE Sip-Method INVITE 1 # Proprietary, acc VALUE Sip-Method CANCEL 2 # Proprietary, acc VALUE Sip-Method ACK 4 # Proprietary, acc VALUE Sip-Method BYE 8 # Proprietary, acc VALUE Auth-Type DIGEST 1050 mv /usr/local/etc/openser/openser.conf /usr/local/etc/openser/openser.conf.bak vi /usr/local/etc/openser/openser.conf add: # ----------- global configuration parameters ------------------------ debug=7 # debug level (cmd line: -dddddddddd) fork=yes log_stderror=no # (cmd line: -E) check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) port=5060 children=4 listen=59.125.160.36 fifo="/tmp/openser_fifo" #fifo_db_url="mysql://openser:openserrw@localhost/openser" # ------------------ module loading ---------------------------------- mpath="/usr/local/lib/openser/modules" loadmodule "mysql.so" loadmodule "sl.so" loadmodule "tm.so" loadmodule "rr.so" loadmodule "maxfwd.so" loadmodule "avpops.so" loadmodule "usrloc.so" loadmodule "registrar.so" loadmodule "textops.so" loadmodule "xlog.so" loadmodule "uri.so" loadmodule "acc.so" loadmodule "auth.so" loadmodule "auth_radius.so" loadmodule "group_radius.so" loadmodule "avp_radius.so" loadmodule "nathelper.so" loadmodule "group.so" # ------------DB auth ---------------------- #loadmodule "auth_db.so" #modparam("auth_db", "password_column","password") # -------------Voicemail -------------------- #tm timeout for voicemail params modparam("tm", "fr_timer", 25) modparam("tm", "fr_inv_timer", 25) modparam("tm", "noisy_ctimer", 1) # ----------------- setting module-specific parameters --------------- # -- usrloc params -- #modparam("usrloc","db_url","mysql://openser:openserrw@localhost/openser") modparam("usrloc", "db_mode", 2) # -- acc params -- modparam("acc", "radius_flag", 1) modparam("acc", "radius_missed_flag", 2) modparam("acc", "log_flag", 1) modparam("acc", "log_missed_flag", 1) modparam("acc", "service_type", 15) modparam("acc", "radius_extra", "Sip-Src-IP=$si;Sip-Src-Port=$sp") modparam("acc|auth_radius|group_radius|avp_radius", "radius_config", "/usr/local/etc/radiusclient-ng/radiusclient.conf") modparam("registrar", "default_expires", 60) modparam("registrar", "min_expires", 30) modparam("registrar", "nat_flag", 6) modparam("registrar", "sip_natping_flag", 7) # -------Nat Helper --------------------- modparam("nathelper", "natping_interval", 30) modparam("nathelper", "ping_nated_only", 1) modparam("nathelper", "rtpproxy_sock", "udp:127.0.0.1:7890") #modparam("nathelper", "rtpproxy_sock", "unix:/var/run/rtpproxy.sock") modparam("nathelper", "sipping_method", "INFO") # -- group_radius params -- modparam("group_radius", "use_domain", 1) # -- avpops params -- modparam("avpops", "avp_aliases", "day=i:101;time=i:102") modparam("avpops", "avp_table", "usr_preferences") # -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1) # ------------------------- request routing logic ------------------- # main routing logic route{ # initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); exit; }; if (msg:len >= 2048 ) {
sl_send_reply("513", "Message too big");
exit;
};
# NAT detection
route(2);
# check if user is suspended
if(is_method("REGISTER|INVITE|MESSAGE|OPTIONS|SUBSCRIBE"))
{
if (radius_is_user_in("From", "suspended")) {
sl_send_reply("403", "Forbidden - suspended");
exit;
};
};
# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol
if (!method=="REGISTER"){
record_route();
}
# subsequent messages withing a dialog should take the
# path determined by record-routing
if (loose_route()) {
# mark routing logic in request
append_hf("P-hint: rr-enforced\r\n");
if(method == "BYE" || method == "CANCEL" )
{
# log it all the time
acc_rad_request("200 ok");
acc_log_request("200 ok");
}
route(1);
};
if (!uri==myself) {
# check if user is allowed to do voip calls to other domains
if(method == "INVITE" || method == "MESSAGE") {
if (!radius_is_user_in("From", "voip")) {
sl_send_reply("403", "Forbidden VoIP");
exit;
};
};
# mark routing logic in request
append_hf("P-hint: outbound\r\n");
route(1);
};
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
if (uri==myself) {
# authenticate registers
if (method=="REGISTER") {
if (!radius_www_authorize("x.x.x.x")) {
www_challenge("x.x.x.x", "0");
exit;
};
# check the src ip address
#if(!avp_check("$avp(i:2)", "eq/$src_ip/ig")) {
# sl_send_reply("403", "Forbidden IP");
# exit;
#};
if (isflagset(5)) {
setflag(6);
# if you want OPTIONS natpings uncomment next
# setflag(7);
};
save("location");
exit;
};
# calls to pstn
#if(uri=~"sip:00[1-9][0-9]+@") {
# if(is_method("INVITE") && !has_totag()) {
# if (!radius_is_user_in("From", "pstn")) {
# sl_send_reply("403", "Forbidden PSTN");
# exit;
# };
# };
# #set gateway address
# rewritehostport("x.x.x.x:5090");
# route(1);
#};
# requests for Media server
if(is_method("INVITE") && !has_totag() && uri=~"sip:\*9") {
route(3);
exit;
}
# mark transaction if user is in voicemail group
if(is_method("INVITE") && !has_totag()
&& is_user_in("Request-URI","voicemail"))
{
xdbg("user [$ru] has voicemail redirection enabled\n");
# backup R-URI
avp_write("$ruri", "$avp(i:10)");
setflag(2);
};
# load callee's avps
if(avp_load_radius("callee")){
# check if user has time filter enabled
if(avp_check("$avp(i:3)", "eq/i:1")){
# print time in an avp
avp_printf("$avp(i:100)", "$Tf");
# extract day
avp_subst("$avp(i:100)/$avp(i:101)", "/(.{3}) .+/*\1*/");
if(!avp_check("$avp(i:6)", "fm/$day")) {
sl_send_reply("403", "Forbidden - day");
exit;
};
# extract 'hours:minutes'
avp_subst("$avp(i:100)/$avp(i:102)", "/(.{10}) (.{5}):.+/\2/");
if((is_avp_set("$avp(i:4)") && avp_check("$avp(i:4)", "gt/$time"))
|| (is_avp_set("$avp(i:5)") && avp_check("$avp(i:5)", "lt/$time"))) {
sl_send_reply("403", "Forbidden - time");
exit;
};
};
};
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
if(isflagset(2)) {
# route to Asterisk Media Server
prefix("1");
rewritehostport("127.0.0.1:5070");
route(1);
} else {
# log to acc as missed call
acc_rad_request("404 Not Found");
acc_log_request("404 Not Found");
sl_send_reply("404", "Not Found");
exit;
}
};
append_hf("P-hint: usrloc applied\r\n");
};
route(1);
}
# generic forward
route[1] {
# send it out now; use stateful forwarding as it works reliably
# even for UDP2TCP
if(isflagset(2)){
t_on_failure("1");
};
if (subst_uri('/(sip:.*);nat=yes/\1/')){
setflag(6);
};
if (isflagset(5)||isflagset(6)) {
route(4);
}
if (!t_relay()) {
sl_reply_error();
};
exit;
}
route[2]{
force_rport();
if (nat_uac_test("19")) {
if (method=="REGISTER") {
fix_nated_register();
} else {
fix_nated_contact();
};
setflag(5);
};
}
# voicemail access
# - *98 - listen caller's voice messages, being prompted for pin
# - *981 - listen voice messages, being promted for mailbox and pin
# - *98XXXX - leave voice message to XXXX
#
route[3] {
# direct voicemail
if (uri =~ "sip:\*98@" ) {
rewriteuser("1");
xdbg("voicemail access\n");
} else if (uri =~ "sip:\*981@" ) {
strip(4);
rewriteuser("11");
} else if (uri =~ "sip:\*98.+@" ) {
strip(3);
prefix("1");
} else {
xlog("unknown media extension $rU\n");
sl_send_reply("404", "Unknown media service");
exit;
}
# route to Asterisk Media Server
rewritehostport("127.0.0.1:5070");
route(1);
}
route[4] {
if (is_method("BYE|CANCEL")) {
unforce_rtp_proxy();
} else if (is_method("INVITE")){
force_rtp_proxy();
t_on_failure("2");
};
if (isflagset(5))
search_append('Contact:.*sip:[^>[:cntrl:]]*', ';nat=yes');
t_on_reply("1");
}
onreply_route[1] {
if ((isflagset(5) || isflagset(6)) && status=~"(183)|(2[0-9][0-9])") {
force_rtp_proxy();
}
search_append('Contact:.*sip:[^>[:cntrl:]]*', ';nat=yes');
if (isflagset(6)) {
fix_nated_contact();
}
exit;
}
failure_route[1]{
if (t_was_cancelled()) {
xdbg("transaction was cancelled by UAC\n");
return;
}
# restore initial uri
avp_pushto("$ruri", "$avp(i:10)");
prefix("1");
# route to Asterisk Media Server
rewritehostport("127.0.0.1:5070");
resetflag(2);
route(1);
}
failure_route[2] {
if (isflagset(6) || isflagset(5)) {
unforce_rtp_proxy();
}
}
#
mv /usr/local/etc/openser/openserctlrc /usr/local/etc/openser/openserctlrc.bak
vi /usr/local/etc/openser/openserctlrc
add:
# $Id: openserctlrc,v 1.2 2006/07/05 19:37:20 miconda Exp $
#
# openser control tool resource file
#
# here you can set variables used in the openserctl
## your SIP domain
SIP_DOMAIN=x.x.x.x
## database type: MYSQL or PGSQL, by defaulte none is loaded
DBENGINE=MYSQL
## database host
DBHOST=localhost
## database name
DBNAME=openser
## database read/write user
DBRWUSER=openser
## database read only user
DBROUSER=openserro
## password for database read only user
DBROPW=openserro
## database super user
DBROOTUSER="root"
## type of aliases used: DB - database aliases; UL - usrloc aliases
## - default: none
ALIASES_TYPE="DB"
## control engine: FIFO or UNIXSOCK
## - default FIFO
CTLENGINE="FIFO"
## path to FIFO file
# OSER_FIFO="FIFO"
## check ACL names; default on (1); off (0)
VERIFY_ACL=1
## ACL names - if VERIFY_ACL is set, only the ACL names from below list
## are accepted
ACL_GROUPS="local ld int voicemail free-pstn"
## verbose - debug purposes - default '0'
VERBOSE=1
12. Freeradius configuration
cp /usr/local/etc/raddb/radiusd.conf /usr/local/etc/raddb/radiusd.conf.bak
vi /usr/local/etc/raddb/radiusd.conf
add:
modules {
...
#
# The 'digest' module currently has no configuration.
#
# "Digest" authentication against a Cisco SIP server.
# See 'doc/rfc/draft-sterman-aaa-sip-00.txt' for details
# on performing digest authentication for Cisco SIP servers.
#
digest {
}
...
}
authorize {
...
#
# If you have a Cisco SIP server authenticating against
# FreeRADIUS, uncomment the following line, and the 'digest'
# line in the 'authenticate' section.
digest
...
}
...
authenticate {
...
#
# If you have a Cisco SIP server authenticating against
# FreeRADIUS, uncomment the following line, and the 'digest'
# line in the 'authorize' section.
digest
...
}
cp /usr/local/etc/raddb/directionary /usr/local/etc/raddb/directionary.bak
vi directionary
add
$INCLUDE /usr/local/etc/radiusclient-ng/dictionary.openser
cp /usr/local/etc/raddb/clients.conf /usr/local/etc/raddb/clients.conf
vi clients.conf
add:
client x.x.x.x {
secret = testing123
shortname = x.x.x.x
nastype = other
}
cp /usr/local/etc/raddb/users /usr/local/etc/raddb/users
vi uesrs
edit:
#DEFAULT Auth-Type = System
# Fall-Through = 1
add: (example)
### --- avps ---
0003@x.x.x.x Auth-Type := Accept, Service-Type == "SIP-Callee-AVPs"
Sip-Avp += "#3#0",
Sip-Avp += "#4:08:00",
Sip-Avp += "#5:16:00",
Sip-Avp += "#6:Mon,Wed,Thu,Fri"
0005@x.x.x.x Auth-Type := Accept, Service-Type == "SIP-Callee-AVPs"
Sip-Avp += "#3#0",
Sip-Avp += "#4:08:00",
Sip-Avp += "#5:16:00",
Sip-Avp += "#6:Mon,Wed,Thu,Free"
# #3#1= enable the time-base checking
### --- group checking ---
0003@x.x.x.x Auth-Type := Accept, Sip-Group == "voip", Service-Type == "Group-Check"
Reply-Message = "Authorized"
0003@x.x.x.x Auth-Type := Accept, Sip-Group == "pstn", Service-Type == "Group-Check"
Reply-Message = "Authorized"
0005@x.x.x.x Auth-Type := Accept, Sip-Group == "voip", Service-Type == "Group-Check"
Reply-Message = "Authorized"
0005@x.x.x.x Auth-Type := Accept, Sip-Group == "pstn", Service-Type == "Group-Check"
Reply-Message = "Authorized"
DEFAULT Auth-Type := Reject, Service-Type == "Group-Check"
### --- user authentication ---
0003@x.x.x.x Auth-Type := Digest, User-Password == "0003"
Sip-Avp += "rpid:0003",
Sip-Avp += "#2:x.x.x.x",
Reply-Message = "Authenticated"
0005@x.x.x.x Auth-Type := Digest, User-Password == "0005"
Sip-Avp += "rpid:0005",
Sip-Avp += "#2:x.x.x.x",
Reply-Message = "Authenticated"
13. Asterisk configuration
edit /etc/asterisk/sip.conf
bindport=5070 ; UDP Port to bind to (SIP standard port is 5060)
bindaddr=x.x.x.x
checkmwi=10
[openser]
type=friend
context=default
host=localhost
insecure=very
edit /etc/asterisk/extconfig.conf
;for Mysql driver (asterisk add-on needed)
;sipusers => mysql,asterisk,sipusers
;sippeers => mysql,asterisk,sipusers
;voicemail => mysql,asterisk,vmusers
;for odbc driver (unixODBC needed )
sipusers => odbc,asterisk,sipusers
sippeers => odbc,asterisk,sipusers
voicemail => odbc,asterisk,vmusers
PS cannot use both two drivers as the same time!
for storing voicemail into database, ODBC is required.
;edit /etc/asterisk/res_mysql.conf insert:
;[general]
;dbhost = localhost
;dbname = asterisk
;dbuser = asterisk (or root)
;dbpass = asterisk (or root-password if user is root)
;dbport = 3306
edit /etc/asterisk/res_odbc.conf:
[asterisk]
enabled => yes
dsn => MySQL-asterisk
username => asterisk
password => asterisk
pre-connect => yes
vi /etc/odbc.ini
[MySQL-asterisk]
Description = MySQL Asterisk database
Trace = Off
TraceFile = stderr
Driver = MySQL
SERVER = localhost
USER = asterisk
PASSWORD = asterisk
PORT = 3306
DATABASE = asterisk
vi /etc/odbcinst.ini
[MySQL]
Description = MySQL driver
Driver = /usr/lib/libmyodbc3.so
Setup = /usr/lib/libodbcmyS.so
CPTimeout =
CPReuse =
UsageCount = 1
edit /etc/asterisk/extensions.conf
exten => 1,1,Ringing
exten => 1,2,VoicemailMain(${CALLERID(num)})
exten => 1,3,Hangup
exten => 11,1,Ringing
exten => 11,2,VoicemailMain()
exten => 11,3,Hangup
exten => _1XXXX,1,Ringing
;exten => _1XXXX,2,MailboxExists(${EXTEN:1})
;exten => _1XXXX,3,Playback(invalid)
;exten => _1XXXX,4,Hangup
;exten => _1XXXX,103,Voicemail(u${EXTEN:1})
;exten => _1XXXX,104,Hangup
exten => _1XXXX,2,Voicemail(u${EXTEN:1})
exten => _1XXXX,3,Hangup
Friday, April 06, 2007
FreeBSD - Portupgrade
FreeBSD 用 portupgrade 升級 ports
摘自 O’Reilly ONLamp.com 的 BSD DevCenter FreeBSD Basics 系列文章。
- 先更新 ports:
cvsup -g -L 2 ports-supfile
- 再更新 ports 資料庫:
/usr/local/sbin/portsdb -Uu
- 然後列出需升級的 port:
/usr/local/sbin/portversion -l "<"
- 最後升級有裝的 port:
/usr/local/sbin/portupgrade -arR
- 如果有提示就執行:
/usr/local/sbin/pkgdb -F
- 如果天塌下來了就:
/usr/local/sbin/pkgdb -fu
其他關於 portupgrade 的小筆記:
- 每次 cvsup 更新 ports 之後就要跑一次
portsdb -Uu
- 跑
pkgdb -fu
時無論如何都不要中斷動作 - 可以用 pkg_which 查詢各檔案所屬 ports:
pkg_which filename
- 查某個 port 來源目錄:
pkg_which -o kdemultimedia-3.1.3
- 只上網抓回所需檔案但尚不升級:
portupgrade -aFrR
- 模擬而不實際升級:
portupgrade -anrR
- 指定記錄檔:
portupgrade -rR portname -l logfile
http://moonfire.twbbs.org/15
Wednesday, March 14, 2007
Asterisk + Openser + Freeradius + Mysql (1)
1. Binding one new IP address on eth0 (for SIP server only)
2. your system has following packages check
gcc or icc, bison or yacc, flex, zlib, zlib-devel, MySQL and MySQL-devel.
command: rpm -qa |grep xxxx
3. unixODBC installation
install unixODBC-dev and libmyodbc
4. FreeRadius installation
download freeradius-1.1.4.tar.gz
cd /usr/src
tar zxvf freeradius-1.1.4.tar.gz
cd freeradius-1.1.4
./configure
make
make install
5. Radiusclient-ng installation
download radiusclient-ng-0.5.2.tar.gz
cd /usr/src
tar zxvf radiusclient-ng-0.5.2.tar.gz
cd radiusclient-ng-0.5.2
./configure
make
make install
6. OPENSER installation
cd /usr/src
wget http://www.openser.org/pub/openser/1.1.1/src/openser-1.1.1-tls_src.tar.gz
tar zxvf openser-1.1.1-tls_src.tar.gz
cd openser-1.1.1-tls
cd modules/acc
vi Makefiles
uncomment acc.........
To enable Radius accounting, edit the “modules/acc/Makefile” and uncomment
the part related to Radius accounting. You can comment the part related to
SQL (database) accounting.
Next, edit “Makefile” and remove from “exclude_modules” all modules that
have “_radius” in their name. You can remove from “exclude_modules” the
“mysql” module as well -- the configuration file for OpenSER presented in
this document uses it.
make all
make install
7. RtpProxy installation
cd /usr/src
wget http://ftp.iptel.org/pub/rtpproxy/rtpproxy-0.3.tar.gz
tar zxvf rtpproxy-0.3.tar.gz
cd rtpproxy
./configure
make
make install
run /usr/local/bin/rtpproxy -l 59.125.160.36 -s udp:localhost:7890
8. Asterisk Installation
cd /usr/src
wget http://ftp.digium.com/pub/asterisk/asterisk-1.4.1.tar.gz
tar zxvf asterisk-1.4.1.tar.gz
cd asterisk-1.4.1
Edit 'apps/app_voicemail.c' and change the size of memeber 'uniqueid' in 'struct ast_vm_user' to 128
/* Structure for linked list of users */
struct ast_vm_user {
char context[AST_MAX_CONTEXT]; /* Voicemail context */
char mailbox[AST_MAX_EXTENSION];/* Mailbox id, unique within vm context
char password[80]; /* Secret pin code, numbers only */
char fullname[80]; /* Full name, for directory app */
char email[80]; /* E-mail address */
char pager[80]; /* E-mail address to pager (no attachme
char serveremail[80]; /* From: Mail address */
char mailcmd[160]; /* Configurable mail command */
char language[MAX_LANGUAGE]; /* Config: Language setting */
char zonetag[80]; /* Time zone */
char callback[80];
char dialout[80];
char uniqueid[128]; /* Unique integer identifier */ <<<<<========== here!!! char exit[80]; unsigned int flags; /* VM_ flags */ int saydurationm; int maxmsg; /* Maximum number of msgs per folder fo struct ast_vm_user *next; }; ./configure --with-odbc make menuselect enable "ODBC for voicemail" make make install # boot start make config 9. Database Create OpenSER Database /usr/local/sbin/openser_mysql.sh create Create FreeRadius Database mysql -uroot -p radius <>
use asterisk;
CREATE TABLE `voicemessages` (
`id` int(11) NOT NULL auto_increment,
`msgnum` int(11) NOT NULL default '0',
`dir` varchar(80) default '',
`context` varchar(80) default '',
`macrocontext` varchar(80) default '',
`callerid` varchar(40) default '',
`origtime` varchar(40) default '',
`duration` varchar(20) default '',
`mailboxuser` varchar(80) default '',
`mailboxcontext` varchar(80) default '',
`recording` longblob,
PRIMARY KEY (`id`),
KEY `dir` (`dir`)
) ENGINE=MyISAM;
CREATE VIEW vmusers AS
SELECT phplib_id as uniqueid,
username as customer_id,
'default' as context,
username as mailbox,
vmail_password as password,
CONCAT(first_name,' ',last_name) as fullname,
email_address as email,
NULL as pager,
datetime_created as stamp
FROM openser.subscriber;
CREATE VIEW sipusers AS
SELECT username as name,
username,
'friend' as type,
NULL as secret,
domain as host,
CONCAT(rpid, ' ','<',username,'>') as callerid,
'default' as context,
username as mailbox,
'yes' as nat,
'no' as qualify,
username as fromuser,
NULL as authuser,
domain as fromdomain,
NULL as insecure,
'no' as canreinvite,
NULL as disallow,
NULL as allow,
NULL as restrictcid,
domain as defaultip,
domain as ipaddr,
'5060' as port,
NULL as regseconds
FROM openser.subscriber;
# if you wanna use another account not root
GRANT ALL ON asterisk.* to asterisk@localhost IDENTIFIED BY 'some_password';
Tuesday, January 09, 2007
LINUX - Nocat
1.
apt-get install iptables perl libdbi-perl libdbd-mysql-perl libdigest-md5-perl libnet-netmask-perl pgp apache-ssl
2.
tar xvzf NoCatAuth-0.82.tar.gz
cd NoCatAuth-0.82
mkdir /usr/local/nocat
make PREFIX=/usr/local/nocat/gateway gateway (使用iptables要先修改bin/detect-fw.sh 讓程式可以跑在kernel 2.16以上的OS,預設是2.4)
3.
make PREFIX=/usr/local/nocat/authserv authserv
make PREFIX=/usr/local/nocat/authserv pgpkey <-- 在passphrase時不要輸入任何資料
cp /usr/local/nocat/authserv/trustedkeys.gpg /usr/local/nocat/gateway/pgp/
chown -R www-data:www-data /usr/local/nocat/authserv/pgp/
chown -R www-data:www-data /usr/local/nocat/authserv/etc/
chown -R www-data:www-data /usr/local/nocat/authserv/cgi-bin/
4.
/usr/local/nocat/gateway/nocat.conf :
AuthServiceAddr 192.168.4.51
ExternalDevice eth0
InternalDevice eth1
LocalNetwork 192.168.4.0/24
DNSAddr 111.222.333.444
IncludePorts 22 80 443
LogFacility internal
5.
/usr/local/nocat/authserv/nocat.conf :
LocalNetwork 192.168.4.0/24
設定認證方式
DataSource Passwd
UserFile /usr/local/nocat/authserv/etc/passwd
GroupUserFile /usr/local/nocat/authserv/etc/group
GroupAdminFile /usr/local/nocat/authserv/etc/groupadm
6. cert
cd /etc/ssl/certs openssl req -new > nocat.cert.csr
openssl rsa -in privkey.pem -out new.cert.key
openssl x509 -in nocat.cert.csr -out nocat.cert.cert -req -signkey new.cert.key -days 365
7.
/etc/apache-ssl/httpd.conf :
因為images已經有被使用過Alias所以
將 alias /images/ /usr/share/images/ 改成 alias /images/ /usr/local/nocat/authserv/htdocs/images/
LoadModule env_module /usr/lib/apache/1.3/mod_env.so
(virtualhost 192.168.4.51) <-()要改成<>
ServerName 192.168.4.51 SSLCertificateFile /etc/ssl/certs/nocat.cert.cert SSLCertificateKeyFile /etc/ssl/certs/new.cert.key DocumentRoot /usr/local/nocat/authserv/htdocs Include /usr/local/nocat/authserv/httpd.conf
(/virtualHost)
8.
start apache-ssl:
/etc/init.d/apache-ssl restart
9.
Add users
/usr/local/nocat/authserv/bin/admintool -c username password
10.
start gateway
/usr/local/nocat/gateway/bin/gateway
Reference:
http://ginfo.egim-mrs.fr/wiki/doku.php?id=howtos:nocat
http://www.wi-fiplanet.com/tutorials/article.php/3286631