Using CSF/LFD and IPTABLES to block specific traffic

You can easily block unwanted traffic using IPTABLES.  However, if your using csf/lfd from configserver you can easily block specific traffic.

Continue reading

Top Gear USA WTF?

My family and I have been a long standing Top Gear UK fan since day 1. My wife and two daughters (7 and 17) watch it religiously. We were quite excited to try the USA version of the show. What a drag and complete waste of time that was. Let me explain.
Continue reading

Help Find Kyron

Please take a look at this and call the number (503) 261 2847 with any information.

Kaltura CE install on CentOS 5.4


I wanted to share this info on how to install the KalturaCE media server on CentOS. I saw that a lot of people were having issues getting it to work. Follow along, it is pretty easy to do. This should be a cut and paste article. I did this install in Xen with 32bit. I have not tried this in a 64bit environment yet. It should work the same, except the part where you have to get some php rpms below.

Ensure that your system is currently up to date.

I like always do my installing from /home/install/ Feel free to choose any directory you want to store your software in.

mkdir -p /home/install/rpms/
cd /home/install/rpms/

We need to install the EPEL and rem repos.

rpm -Uvh *.rpm

Now we need to install some needed software, we also enable the remi repo.

yum install memcached httpd mysql mysql-server gmp libedit t1lib sqlite2 libXpm libXmu libXaw --enablerepo=remi

We need to grab the older php-5.2.10 rpms from remi with wget. These are the i386 rpms. The path for x86_64 is going to be different. This path might work if you are wanting 64bit.


Now we need to install the rpms we just grabbed. Don’t install the php-pecl-memcache* ones yet. These will be done at a later step.

rpm -ivh php-5.2.10-1.el5.remi.i386.rpm php-cli-5.2.10-1.el5.remi.i386.rpm php-common-5.2.10-1.el5.remi.i386.rpm php-gd-5.2.10-1.el5.remi.i386.rpm php-mysql-5.2.10-1.el5.remi.i386.rpm php-pdo-5.2.10-1.el5.remi.i386.rpm

We need to install some more pre-reqs for memcache stuff.

yum install php-pear libmemcached --enablerepo=remi

Now we get to install the last 2 rpms for php-pecl-memcache

rpm -ivh php-pecl-memcache*

Need to double check that short_open_tag is enabled for PHP. This is done in the /etc/php.ini

short_open_tag = On

Edit /etc/httpd/con/httpd.conf

Find AllowOverride for the directory /var/www/html/
Change it from
AllowOverride None
AllowOverride All

Now lets start up the services.

service memcached start
service mysqld start
service httpd start

Now comes the MySQL stuff. We need to setup the database we want to use for kaltura. You can change the following two lines to match what you want to use. I use kaltura as the database and the name, and katura123 as the password. Again, these can be set to whatever you want to use. These will need to be known when you go into the kalturaCE installer.

echo "create database kaltura;" | mysql

It is recommended that you create a user for the kaltura database. Below is a simple create, please adjust to your liking.

echo "grant all privileges on kaltura.* to [email protected]"localhost" identified by 'kaltura123';" | mysql

Now we need to get the current kalturaCE code. The URL below will more than likely change, so make sure to goto the kaltura download site and copy the most current download URL.


Now we need to uncompress it and put it in the /var/www/html/ folder. The -C tells tar to uncompress into that folder.

tar -zxvf kalturaCE_v1.5_linux386.tgz -C /var/www/html/

Now open a browser and point it to

Where IP_OF_YOUR_SERVER is the actual IP address of your kalturaCE server.

Click begin installation

Should be all green check boxes.

Click on Continue

Database connections.
You will need to have the database, database user, and password. You should know this from a previous step.

Click Save and Continue.

Set the server url, if it is not already done so.

Set the Administrator Account with the info it asks for as well as email…

You should be done.

You can then goto

You can get to the management interface using,

Start adding your own media. 🙂

If there is enough interest in this, I can put up a Xen image on I would also be willing to create a distribution that would install everything, again if enough interest is shown.

****update to libmemcached issue*****
If you get this
error: Failed dependencies: is needed by php-pecl-memcached-0.2.0-1.el5.remi.x86_64 is needed by php-pecl-memcached-0.2.0-1.el5.remi.x86_64

or this
error: Failed dependencies: is needed by php-pecl-memcached-0.2.0-1.el5.remi.i386 is needed by php-pecl-memcached-0.2.0-1.el5.remi.i386

For those of you having issues finding the libmemcached rpm, I think I found them. Damn remi removing rpms!! Try this link to a mirror of his rpms.
file location

file location

Hopefully this helps!!
Thank you,
Engineer Tim

Oyster Run 2009

What a blast!!
Official Site

Teliax billing issues strike again!!

I got wind of a billing issue with Teliax and Canvas Dreams on twitter. They had their phones shut off for a $.08 billing error. This interrupted their phones for 12 minutes and potentially cost them customers. How does something like this happen these days. Come on Teliax!! I dropped you for the same reason. Teliax has had the same billing problems for years. Learn from your mistakes and keep your customers going. I could understand if a customer was behind on their bill, but to shut them off for $.08 is appalling.

I would like to know if there is a top 10 or top 20 SIP providers list out there with reviews. Does anyone have links to something like that. I would like to see where Teliax stacks up on such a list.

Engineer Tim

Rainforest Run (Forks Wa.)


Just got back from the Rainforest Run. What a ride. I also wanted to thank Bob and his crew at Cycle Camp for allowing the “New Canadians” or “Canoregons” to stay. If you are ever in the area and on a bike, you have to stop in at Cycle Camp. The atmosphere is friendly, we truly felt at home. You also have to check out the Hoh Rain Forest and hit some of the trails. We took the Hall of Moss trail and it was amazing to see all the colors and shapes hanging from the trees. A trip up there would not be complete without a stop in to Forks, home of the Twilight books, so I am told by my 15 year old daughter who planned the trip. You will see signs everywhere for Twilight in the town as well as vampire boundaries and treaty lines.

Here are some pics for your pleasure.

Engineer Tim

asterisk bfd (brute force detection) rules for sip and iax


Edit: I have uploaded a .tar file of the rules that can be downloaded.

Thank you to a couple users who pointed out that my bfd rules were a little less than perfect. They worked great for me on a older version of bfd, but I believe a update to the bfd application caused them to stop working. Either way, new rules have been created.

This one is for SIP wrong passwords. Save this as asterisksip

# failed logins from a single address before ban
# uncomment to override conf.bfd trig value

# file must exist for rule to be active

if [ -f "$REQ" ]

## ASTERISK: SIP wrong password
ARG_VAL=`$TLOG_PATH $LP $TLOG_TF | grep -i "wrong password" | grep chan_sip | awk '{NF=NF-3} {print $NF}'| tr -d '\'\' `

This rule is for wrong or non existent extension. Save this as asterisksip2

# failed logins from a single address before ban
# uncomment to override conf.bfd trig value

# file must exist for rule to be active

if [ -f "$REQ" ]

## ASTERISK: SIP no extension
ARG_VAL=`$TLOG_PATH $LP $TLOG_TF | grep -i "No matching peer found" | grep chan_sip | awk '{NF=NF-5} {print $NF}'| tr -d '\'\' `

This rule is for IAX. Save this as asteriskiax.

# failed logins from a single address before ban
# uncomment to override conf.bfd trig value

# file must exist for rule to be active

if [ -f "$REQ" ]

## ASTERISK: IAX2 auth failed

ARG_VAL=`$TLOG_PATH $LP $TLOG_TF | grep -i "failed MD5 authentication" | grep chan_iax2 | awk '{NF=NF-8} {print $NF}'`

Special thanks goes to Ioan Indreias and Gonzalo Gonzalez.
If it looks like the code is missing, try to highlight it all and copy/paste it into a text document. Hopefully this will show the entire rule without issue.
Make sure these rules are stored in /usr/local/bfd/rules/ Then rerun bfd with bfd -q and see if the new rules are in place by checking for the files in /usr/local/bfd/tmp/ .

Thank you,
Engineer Tim

trixbox 2.8 Xen fix/install


For this to work, you need to have the install media for CentOS, I use the CentOS 5.3 i386 DVD. You should also have a read the trixbox-xen.pdf on this site.

CentOS specific stuff we need to do.
mount -oloop CentOS-5.3-i386-bin-DVD.iso /var/www/html/centos

make sure this is browsable in a web browser. You will need to be able to serve the installer these files.

We need to copy off the vmliuz and initrd.img from the images/xen folder for our use during the install. I like to serve all of my xen specific stuff from a nfs mount so that I can access these files from different xen servers without issues. How you do it is up to you. These files MUST be accessible by the computer that is going to boot the Xen DomU for trixbox28. For ease of following this doc, I will user /srv/xen/trixbox28 as my directory for these files.

mkdir /srv/xen/trixbox28
cd /var/www/html/centos/images/xen
cp initrd.img vmlinuz /srv/xen/trixbox28/

Trixbox Specific Repo Setup.
mkdir /var/www/html/trixbox
We have to create a trixbox folder to serve the rpms from for the installer.

mkdir /mnt/iso
mount -oloop trixbox-2.8.0.iso /mnt/iso

We need to mount the trixbox-2.8.0 iso so we can get the rpms and the comps.xml file off.

cd /mnt/iso/trixbox
cp *.rpm /var/www/html/trixbox/

Now we need to grab the comps.xml file for making the trixbox repo on our web server.
cd /mnt/iso/repodata
cp comps.xml /var/www/html/trixbox/
cd /var/www/html/trixbox/

We need to add a couple of rpms to our new trixbox repo for xen. This will ensure the xen kernel and dahdi kmod files will work right out of the box. Make sure you are in /var/www/html/trixbox when doing the wget. Please also make sure to use your closest mirror by going to

We also need the kmod-dahdi from the trixbox repo.

Now lets create our repo for our installer.
createrepo -g ./comps.xml ./
if the createrepo is not found, install it with yum and try again.
yum -y createrepo

Now we create our install file. I call mine trixbox28.install, the contents are listed below. Yours may differ. Of particular note is the kernel, ramdisk, and ks= lines. The file trixbox.ks is our kickstart file, which we will have to make changes to from my original one in my xen guide.

kernel = “/srv/xen/trixbox28/vmlinuz”
ramdisk = “/srv/xen/trixbox28/initrd.img”
extra = “text ks=”
name = “trixbox”
memory = “512”
disk = [ ‘tap:aio:/srv/xen/trixbox.img,xvda,w’, ]
vif = [ ‘bridge=xenbr0’, ]
on_reboot = ‘destroy’
on_crash = ‘destroy’

Save this file in /etc/xen/

Now we need to edit the trixbox.ks file or ks.cfg from my trixbox-xen guide. We need to change the first line for the url to now point to our centos install media.
url –url
please make sure to use the ip address for your web server that is serving the centos install media.

We also need to add one additional repo (trixbox) to the trixbox.ks file. This is done with the repo line. Add this just before the %packages statement in the trixbox.ks file. Be sure to change the IP address and path to reflect the trixbox repo we created from above. We also need to add the kmod-dahdi-linux-xen so it gets installed and not install the kmod-dahdi-linux package.

#Add the repo information
repo –name=trixbox –baseurl=
#add kmod-dahdi-linux-xen
#remove the one for the other kernel so they don’t conflict possibly

Now save your trixbox.ks or ks.cfg file with these changes.

Now start the install process for trixbox28.
xm create -c trixbox28.install

Your installer should start and ask you for your local as well as a password for root.

You may, more than likely, see a few error messages fly by when the installer starts going. These are ok to ignore.

Once the install has finished it will shutdown and you will need to start it with your actual trixbox28 xen config. Mine is listed below, again yours might differ.

name = “trixbox28”
memory = “512”
disk = [ ‘tap:aio:/srv/xen/trixbox.img,xvda,w’, ]
vif = [ ‘bridge=xenbr0’, ]
on_reboot = ‘restart’
on_crash = ‘restart’

You should see no errors with dhadi,
Starting dahdi: Loading DAHDI hardware modules:
wct4xxp: [ OK ]
wcte12xp: [ OK ]
wct1xxp: [ OK ]
wcte11xp: [ OK ]
wctdm24xxp: [ OK ]
opvxa1200: [ OK ]
wcfxo: [ OK ]
wctdm: [ OK ]
wcb4xxp: [ OK ]
wctc4xxp: [ OK ]
xpp_usb: [ OK ]

No hardware timing source found in /proc/dahdi, loading dahdi_dummy
Running dahdi_cfg: [ OK ]

Firstboot scripts will run and you should be good to go.
Let me know any issues, questions or concerns either by email by posting a comment.

Jungledisk S3 backup


Installing Jungledisk and getting it to work can be a royal pain. Here are the steps I used to get it to work on CentOS 4 and 5.

I first installed Junglediskworkgroup on my Mac. This allowed me to use the junglediskworkgroup-settings.xml file for my Linux setup.
You can use the Windows version as well to get the needed *-settings.xml file for use in the Linux environment.
Ensure that you copy this file to your Linux server for use. I will not cover how this is done in this post.

I like to make build-“project” folders for stuff I am working on. This keeps things clean and I have a master build directory for everything I work on.

mkdir build-jungledisk
cd build-jungledisk

Now you need to grab the .tar.gz file for jungledisk.
Grab it from here
I used wget and copied the url of the file I needed by right clicking and choosing “copy link”
Be sure to user your own url from the site as this url may or may not work.

Uncompress junglediskworkgroup64-261a.tar.gz .
tar -zxvf junglediskworkgroup64-261a.tar.gz

You should now have a junglediskworkgroup folder with the jungledisk command line application.
cd junglediskworkgroup

Now copy the junglediskworkgroup-settings.xml into this folder.
cp /path/to/junglediskworkgroup-settings.xml build-jungledisk/junglediskworkgroup/

Now you need to install dkms dkms-fuse and fuse from

Again, I used wget to get the rpm files. I put them in build-jungledisk and then installed them with.
rpm -ivh *.rpm

Once the rpms are installed you need to
modprobe fuse
and verify it is installed with
lsmod | grep fuse

Before I could start jungledisk, I had to edit the cacheDirectory path in the junglediskworkgroup-settings.xml. I created a new path in /opt/
mkdir -p /opt/jungledisk/cache/

Then I edited the junglediskworkgroup-settings.xml and replaced the cacheDirectory with this, which reflected the new path.

If things are right, you can now start jungledisk
cd junglediskworkgroup
./jungledisk /media/jungledisk -o config=/path/to/junglediskworkgroup-settings.xml

Make sure to use the proper and full path to junglediskworkgroup-settings.xml

You should now see the new mount on the system with
df -h
jungledisk#jungledisk 382G 0 382G 0% /media/jungledisk

If you have issues check /var/log/junglediskwg.log

Thank you,
Engineer Tim