tunkz tutorial

Computer networks devided into two types :
    Voice networks : based on circuit swithcing. Communication
                    is always made by             the same path. Example: Public Switched
                    Telephone Network (PSTN).
    Data Netwoks : based on packet swithcing. information data is devided into                 packets,     and the packets can travel accros different route/path. Example :         internet.

Main problem about circuit swithcing is it need a lot of bandwidth for each communication. Why ?? because same channel is used when during a call (communication) and most of the phone calls have a lot of silence moments.
Data networks only transmit information when it is necessary, so it using bandwidth more efficiently. Delay and loss packets should not be a disadvantage, due the system has a capability to recover the information. However, voice and video streaming are  sensitive with those parameters (Delay and loss). So,  networks  and protocols with high degree of QoS are required.

Voice over IP (VoIP) defines the necessary  routing systems and protocols for transmit voice conversations over Internet. Internet is a packet swithcing networks based on TCP/IP protocols.

So, what is SIP and H.323??? VoIP has two architecture for the voice transmission :
    SIP (Session Initiation Protocols) : SIP is a signalling protocol to establish and             conferences in IP networks. Beginning of the sessions, change or term of the             sessions, is independent of the type of application
                    that it is being used in the         call.     (a sessions including several data types : voice, video, or many other             formats.)
    H.323 : standard of communications
                    multimedia, that facilitated the                         convergence  of voice, video
                    and data. nitially it was thought for packet circuit         networks.

SIP
        SIP is used for initiating, modifying, and terminating user sessions that involves multimedia communication elements, ex : voice, video , instant messaging, etc.  Main objective of SIP is the communicating between multimedia devices.  SIP using two main protocols, RTP and SDP (you can read the RFC or manual about RTP and SDP). RTP is used to transport  voice data in real time; SDP is used to negotiate the participant capabilities,
                  codification type, etc. SIP is end-to-end oriented protocols. it means that  all the logic is stored  in end devices. State is also  stored in end-device only.  SIP is an application-layer protocols, a signalling protocol for internet-telephony.
    SIP has ability to establish and end multimedia sessions (ex : location, availability, resource use, etc). In order to implement these functions, SIP has different components. main components are User Agent (UA) and SIP servers.

1. User Agent (UA): User Agent has two different parts,  User Agent Client (UAC) and User Agent Server (UAS).  UAC is used for sending SIP request and receive the answers for those request. UAS used to send answer to the SIP request.  Both entities are in every user agent, to allow the communication
                       between different user agents in a client-server communication.
2. SIP servers,  devided into 3 types :

• Proxy servers : This server has a similar functionality
                      to an HTTP Proxy. Proxy servers devided into 2 types, statefull proxy and stateless proxy. Statefull proxy keep the state of the transaction during
                      the request processing. Stateless proxy do not keep the state of the transaction during the  requests processing, They only resend messages.
• Registrar Servers : a server which accepts register request from the users and keep the information about this request t provides a location and address translation
                    service.
• Redirect Servers : server which generates
                    redirection answers to the received requests. This server routes
                    again the requests to the next server.

All of thoose parts are conceptual, can be placed in the same machine, or may be in different machine

    One of the SIP server function is user location and name resolution. Normally, user agents doesnt know the IP address of the called persons. SIP entities identify a user by SIP URI (Uniform Resource Identification)see RFC 2396. SIP URI has a format similiar with email address  consists of a user and a domain delimited by
                    one @.  examples :   
   
                  user@domain
    user@machine
                    user@ip_address
                    telephone_number@gateway

and, how about H.323????……….. next article. i promise it!!! ^_^

    FreeBSD platform is a great platform for firewalls. As far as i know, FreeBSD has 3 firewall apllication for building a great firewall : IPFW, PF and IPF. hmmmm, i only will explain the IPFW and PF firewall. IPF and PF is almost same.

• IPFW :  FreeBSD’s primary firewall is called IPFW (Internet Protocol Firewall). IPFW is
  composed of two parts: a kernel-level packet filter engine and a userland
  utility for controlling firewall functionality. IPFW has been part of FreeBSD
  since FreeBSD 2.0. IPFW went through a major
  overhaul as part of FreeBSD 5 development. This "new" IPFW became known as
  IPFW2. However, for the sake of sanity, we will refer to IPFW2 simply as IPFW.

• PF : OpenBSD utilizes a firewall mechanism called PF (packet filter). Like FreeBSD’s
  IPFW, PF is made up of a kernel-level packet filter and a userland utility for
  control of the firewall functionality. Unlike FreeBSD, PF is exposed via a
  device node, /dev/pf. PF is a newcomer to the OpenBSD world. Before using PF, OpenBSD utilized a
  firewall called IPFilter. I dont know why IPFilter removed from OpenBSD. maybe a licensce trouble. The end result was that
  IPFilter was removed from OpenBSD.
  PF was created to fill the void left by IPFilter. PF has been designed from day
  one to integrate cleanly into OpenBSD, and as such, is very usable and flexible.

The Differences
    There are big differences between IPFW and PF. If you had ever using both IPFW and PF, you will find the differences. IPFW is list-based while PF is much more object oriented. PF configuration is broken into many parts, but IPFW generally a shell scripts with rules processed in order. but, both firewall supports statefull and stateless processing of connection.
    In IPFW, the first rule in a ruleset that matches a packet "wins." That means,
if a ruleset has a rule to allow traffic to port 80 before a rule that denies
all traffic, the packet destined to port 80 will be allowed. In PF, the exact
opposite is true; the last rule that matches "wins." In the same example, the
packet to port 80 would be denied by the firewall.  If you really need to have a packet match a rule and then be
processed in PF, you can use the quick keyword to force the issue. (you can read my blog about PF)
    In IPFW, denied packets are logged through the syslog facility. In PF, denied
packets are logged to a special interface called pflog0. This interface
is actually a BPF (Berkeley Packet Filter) interface that allows utilities like
tcpdump to sniff logged packets directly. This feature can be used
by IDS engines and monitoring tools to analyze the firewall’s activity without
having to interact or affect the firewall processing.
    PF implements Network Address Translation (NAT) and Quality of Service (QoS)
directly into the firewall. In IPFW, these features are provided by other
programs. In general, there is no
functional difference. The integration in PF makes administration a bit easier
as all configuration is done in one file.
    PF performs more aggressive optimization than IPFW. In PF, large
lists of rules are compressed into a table (of course you must read the PF manual first). So while the configuration file for
PF may still have list-like properties, the core processing engine of PF treats
the rules more efficient. This ultimately results in a tree
data-structure for the rules making even huge rulesets rapidly searchable.
    PF also has the capability to reassembly and normalizing fragmented packets before sending them through the firewall. This prevents
fragmentation attacks behind the firewall. This is a great feature of PF, as
it prevents other applications on the firewall (like an IDS sensor) from
having to deal with fragments.
    Seems that PF is a weapon weapon for building a
firewall. If you need the flexibility and scalability, use PF. However, for smaller-scale deployments, such as a
small or home office, IFPW’s simple interface and simple  administration
may be your choice.
    Back to you again, just choose PF or IPFW as your firewall in a FreeBSD machine or in your networks.    
    And how about IPTABLES??? hmmmmmmmmm, long time not using iptables as firewall. look likes i must read the iptables manual again….. ^_^

hihihihihihi……. back again with me,…….. :D :D :D. i’ve got experience again. i have 4 DVD iso images ubuntu packets.. hmmmm, i wanna build an ubuntu mirror. but, the problem, how i can mount it in freeBSD???? freeBSD again :D :D :D

hehehhehe…….. it’s so simple… very simple, using my freeBSD 6.1. just 2 line command. but, how??????

hehehe, here there are :
  # mdconfig -a -t vnode -f ubuntu-1.iso -u 0
  # mount -t cd9660 /dev/md0 /mnt/ubuntu-packets/

so simple huh?????

after we mount it, how to unmount it??? againn… just 2 command……
  # umount /mnt/ubuntu-packets
  # mdconfig -d -u 0

it’s so simple……. hope this can help you too ^_^

happy ‘ngoprek’ ^_^

hohohoho…………………….. i finally found how to solve error in GD + php.Useally, when we try to install php + gd enabled, we will get some error, not error when we complie php or gd, but error in your web. like your image won’t display properly in your web.. why i wrote this article, because i’ve got experience. when i migrate my system from linux to freebsd, because the HD error T_T, i install php with gd. i think, it will same from the old system. but, when i finished installing php+ gd, iv got the problem. jpeg or jpg image wont display properly. my expericence is, when i try to upload a jpeg or jpg image, i ve got some error, altough the web is normal, work properly. jpeg or jpg image thumbnail view  wont displayed. damn!!!!!!! i’ve install gd from the freebsd ports and compile php from source manually. hooooooooooo, then my partner check the php info. shit!!!! jpeg not enabled in php……waaaaaaaaaaaaaaaa.. what happen????

my friend told me, gd in freebsd still got some error. beuuuuuu….. ive try many times with different options in php, but still got same problem, jpeg/jpg image wont display properly. T_T…………. i finally realize i must install libpng + libjpeg manually, not from the bsd ports….. ckckcckkcckckk, just waste my time (almost 2 monhts, ive got this problem T_T). hmmmm. i must solve it!!!!! then, i remember, my students mirror still up ^_^. i try to install libjpeg and libpng manualy and gd from ports. first still error, those packets got error when i compile it. and the second. hoohohoho it works (my friend said that)….. almost 8 hours with my daemon ^_^ just to enabling GD in php in freebsd. but how i solve it??????

hmmmm……………… frist you should fetch it manually thoose packets (i install thoose packets in freebsd fresh install ^_^).
libxml2-2.6.22.tar.gz
zlib-1.2.3.tar.gz
libpng-1.2.9.tar.gz
jpegsrc.v6b.tar.gz

after you fetched it follow this steps :
1. you should install mysql first, if you plan your web using databases
    cd /usr/ports/databases/mysql-server/
    make WITH_LINUXTHREADS=yes install clean (and so on….. i wont explain in         here)
2.install httpd. im using httpd-2.x.x…….. just up to you (using httpd-2.x.x                 versions). i think you know how to install httpd apache server from source. i’ve         explained it before
3. install your libxml2 first
    tar xzvf libxml2-2.6.22.tar.gz
    cd libxml2-2.6.22
    ./configure
    make
    make install
4. install your zlib.
    tar xzvf zlib-1.2.3.tar.gz
    cd zlib-1.2.3
    ./configure
    make
    make install
    make clean
5. libpng
    tar xzvf libpng-1.2.9.tar.gz
    cd libpng-1.2.9
    cp scripts/makefile.std makefile
    edit your makefile, find "prefix= ……….." (i dont remember it), change it to
    prefix=/usr/local/libpng2
    make
    mkdir /usr/local/libpng2
    make install
    make clean
6. install your jpeg library.
     tar -zxvf jpegsrc.v6b.tar.gz
     cd jpeg-6b
    ./configure –prefix=/usr/local/jpeg6 –enable-shared
     make
     mkdir /usr/local/jpeg6
     mkdir /usr/local/jpeg6/include
     mkdir /usr/local/jpeg6/lib
     mkdir /usr/local/jpeg6/bin
     mkdir /usr/local/jpeg6/man
     mkdir /usr/local/jpeg6/man/man1
     make install-lib
     make install
     make clean   
7.    install GD
    cd /usr/ports/graphics/gd
    make install clean
   
huhhhhh……… finished installing library GD support.. then, finally install your php.
just follow this steps..
    tar xzvf php-5.x.x.tar.gz
    cd php-5.x.x
    ./configure –prefix=/usr/local/httpd/php –with-gd –with-apxs2=/usr/local/httpd/bin/apxs –with-xml –with-mysql –with-zlib –with-jpeg-dir=/usr/local/jpeg6 –with-png-dir=/usr/local/libpng2 –disable-debug –enable-trans-sid –enable-sockets –enable-memory-limit (one line of course, i assume that you install your httpd apache server in /usr/local/httpd, and php in /usr/local/httpd/php)
    make
    make install
    then copy your php.ini in /usr/local/httpd/php/lib/

next step just adding "AddType application/x-httpd-php .php" in your httpd.conf….

just wait and see the difference……….. i check my web, hmmmm looks fine. then i asked my partner (web programer), "did the GD still error????" my partner told me "hoho, thats worksss"………….huaaahhhhhahahaha finally finish it !!!!!!!

hmmmmm……… just share my experience with the daemon ^_^ thanks to allDelta for the team works ^_^. solved one problem, another problem still wait. like Indonesian peole said, "derita tiada akhir" hahahahahhaahha.. just kidding. hope it will help you too…………

thanks

tunk