Installing g.729 Codec

Installing g.729 Codec.

Move to the Asterisk modules directory. By default, it’s the following:
cd /usr/lib/asterisk/modules
Now the tricky part, find out which binary you need to get the right module for the right processor of your server. This almost always stumps me, and I always end up downloading roughly two or three codecs before I get the right one. Here’s something to help you out, so you don’t have to make these mistakes:
uname -a
This let’s you know what type of server you got… But it’s reallllly complicated if you don’t know what you’re looking for!
Linux 2.boom.boom.pow.server 2.6.18-348.1.1.el5xen #1 SMP Tue Jan 22 17:00:37 EST 2013 x86_64 x86_64 x86_64 GNU/Linux
Ok, so this will help you out ALOT MORE than the above. I don’t know what half of that stuff even means!!
cat /proc/cpuinfo
The above command will give you something like this:
[root@myserver ~]# cat /proc/cpuinfo
 processor : 0
 vendor_id : GenuineIntel
 cpu family : 6
 model : 23
 model name : Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz
 stepping : 10
 cpu MHz : 1596.000
 cache size : 3072 KB
 physical id : 0
 siblings : 2
 core id : 0
 cpu cores : 2
 apicid : 0
 fdiv_bug : no
 hlt_bug : no
 f00f_bug : no
 coma_bug : no
 fpu : yes
 fpu_exception : yes
 cpuid level : 13
 wp : yes
 flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc pni monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr sse4_1 lahf_lm
 bogomips : 5866.85
processor : 1
 vendor_id : GenuineIntel
 cpu family : 6
 model : 23
 model name : Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz
 stepping : 10
 cpu MHz : 1596.000
 cache size : 3072 KB
 physical id : 0
 siblings : 2
 core id : 1
 cpu cores : 2
 apicid : 1
 fdiv_bug : no
 hlt_bug : no
 f00f_bug : no
 coma_bug : no
 fpu : yes
 fpu_exception : yes
 cpuid level : 13
 wp : yes
 flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc pni monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr sse4_1 lahf_lm
Look at the section that tells you the model name, in my case it is:
model name : Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz
Next, visit http://asterisk.hosting.lv/#bin, and from the right  hand side, select the Asterisk version that you need PLUS THE version that matches your processor. For me it was:
However, these are the more popular selections (odd, none of my servers run any of the below, but whatever)
Ok, so next, you want to download them and install them in the Asterisk modules directory
cd /usr/lib/asterisk/modules

wget http://asterisk.hosting.lv/bin/codec_g729-ast14-gcc4-glibc-pentium.so

So that installs (read downloads) the codec into the modules directory of your Asterisk install. Now to activate it! Simply rename it to codec_g729 and you should be good to go!!
mv codec_g729-ast14-gcc4-glibc-pentium4.so codec_g729.so
Next, to ensure that your codec took, and is now working fully with Asterisk, restart Asterisk then login to if it is show up:
service asterisk restart
asterisk -vr
core show translation
The above command will vary from each version of Asterisk. The above works for 1.10 and 1.11
You should see something akin to this:
g729Notice that g729 is now showing. There are no numbers next to it, as transcoding hasn’t taken place yet, but when you start sending calls via g729, you will see that numbers come and go (mostly come).

Hardware Requirements For VICIDIAL/GoAutoDial

Minimum Hardware requirements for VICIDIAL

"There may be a suggestion, but not a requirement."


VICIDIAL/GoAutoDial runs on a Pendtium 4 machine and also on a Xeon Quad Processor based System.

Depending on the size of your ViciDial Setup you need a different amount of servers with different setups.


Typical setups would be:

10-15 Seat Inbound or Outbound

Dialing up to 30 concurrent Calls at a time.
1 All-in-One Server [Intel Core 2 Duo/AMD  Processor, 4GB RAM, 320GB HDD]
1 PRI or VoIP Trunk
Codec : G729
Internet Bandwidth : 1 Mbps 1:1 or 4 Mbps Broadband
Total initial cost under $500

15-30 Seat Outbound or Inbound

Dialing up to 150 channels/lines at a time.
1 All-in-One Server [Xeon Dual Core  Processor, 8GB RAM, 500GB HDD]
1 PRI or VoIP Trunk
Codec : G729
Internet Bandwidth : 4 Mbps 1:1 or 25 Mbps Broadband 
Total initial cost under $1000

30-50 Seat outbound good pickup ratio

Dialing up to 300 concurrent Calls at a time
1 All-in-One Server [Xeon Quadl Core  Processor, 8GB RAM, 1TB HDD+128GB SSD]
1 Database Server
Codec : G729
Internet Bandwidth : 16 Mbps 1:1 or 100 Mbps Broadband 
Total initial cost under $3000

100+ Seat outbound good pickup ratio

Dialing up to 500 concurrent Calls at a time
1 Asterisk Server
1 Database Server
2 Application Servers
1 Archive Server
Codec : G729
Internet Bandwidth : 32 Mbps 1:1 
Total initial cost under $6000





Frequently Asked Questions

How many agents can I put on a single (All-In-One) server?

Even so some people will try to sell you single server systems that allow you to put 50 or more agents on them, we seriously can not recommend this.You usually will experience a number of problems, starting with audio problems, slow connections, lost calls, all the way to full system crashes. Due to the high requirements on the PBX and the Database part, those two running on the same server can be a problem to start with. We think that 10 Agents is a safe value for a single server setup. With everything being setup properly, good hardware, no or limited recording and some care in the selection of the component we have seen single Server systems with 40 Agents, this is however not a typical result.

 How many Servers do I need?

The Rule of thumb:

Separate Database Server 

If you have more then 10 Agents you should run a separate database/application server.

Separate Application Server

If you have more then 3 Dialer Servers in your setup you should have a dedicated application server. Below that the application part can be run on either the Dialer or the Database Server.

Inbound calls

One Server per 50 Agents with short queues. When you expect longer queues, the number of calls in queue plus the number of agents should not be greater than 50 to 75. If calls are spread out evenly the number can be higher if calls are coming in bursts you should make it less.

 Outbound manual or assisted List-dialing

As a list dialer (Power dialer) that dials the next number automatically or manually on a one call per Agent basis as soon as the Agents requests the next call to be dialed each server can support around 50 Agents as well. The dialing frequency is usually not that high and there is only one line dialed per agent, this allows for more agents then heavy predictive dialing.

 Predictive dialing

Predictive dialing puts a higher load on the dialing servers, for that only about 30 Agents should be put on each server. If the talk-time per call is unusually long (> 3min avg.) you can put more Agents on each server. This is assuming to not use Answering Machine Detection or Text to Speech.

Smart predictive dialing 

If you are using Answering Machine Detection, Interactive Voice Response, "press 1 to speak to an agent" or similar techniques your safe number of Agents is at around 25 per server.

 How many Agents does Vicidial support at most?

We are not really sure because we did not reach that limit yet. What we however know is that you can cluster over 20 Servers in a single setup without any major problems. And while we are working on the performance of Vicidial that will increase the number of maximum agents as well. If you have to support more than 200 Agents we suggest to work directly with us since we know how to optimize Vicidial best and would like to have more large scale alpha or beta sites. As long as we have that need we might be able to give you speciall rates for that.

Can I run Vicidial on a virtualized Server?

We seriously would not recommend it. Vicidial uses the Server Hardware in a number of areas to its max. Putting Vicidial in a Virtual machine, especially one that has to share resources with other machines makes the system very unstable. Because of that  we are sometimes running Vicidial for testing purposes in a virtual machine, we do so, because the virtual machiene setup shows problems way earlier than a regular setup. So if you try to have as many problems as possible, running Vicidial in a virtual machine is the way to go. The only type of virtual setup that seems to make sense in a production environment, is to use it as a hardware abstraction layer on dedicated hardware. There are however even some problems with that.

VICIdial Scratch installation Guide Latest SVN Trunk 2.8 with Asterisk 1.8.23.0-vici On CentOS 6.5

VICIdial Scratch installation Guide Latest SVN Trunk 2.8 with Asterisk 1.8.23.0-vici On CentOS 6.5

Update the system

Make sure you update the system first, then reboot if you installed an updated kernel.
yum -y update
reboot

Install the following software
yum install make patch gcc gcc-c++ subversion php php-devel php-gd gd-devel php-mbstring php-mcrypt php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel httpd libpcap libpcap-devel libnet ncurses ncurses-devel screen mysql-server mysql-devel ntp kernel* mutt glibc.i686

Setup MySQL


Setup default MySQL tables, start MySQL and configure root password
Replace "MYSQL_PASSWORD" with a password that you want to create.
/etc/init.d/mysqld start
/usr/bin/mysqladmin -u root password 'MYSQL_PASSWORD'
mysql_secure_installation
chkconfig mysqld on
Here is a sample mysql configuration file you can use. Backup your original, then use this instead.
service mysqld stop
cp /etc/my.cnf /etc/my.cnf.original
echo "" > /etc/my.cnf
nano /etc/my.cnf
[mysql.server]
user = mysql
#basedir = /var/lib

[client]
port = 3306
socket = /var/lib/mysql/mysql.sock

[mysqld]
datadir = /var/lib/mysql
#tmpdir = /home/mysql_tmp
socket = /var/lib/mysql/mysql.sock
user = mysql
old_passwords = 0
ft_min_word_len = 3
max_connections = 800
max_allowed_packet = 32M
skip-external-locking

log-error = /var/log/mysqld/mysqld.log

query-cache-type = 1
query-cache-size = 32M

long_query_time = 1
#slow_query_log = 1
#slow_query_log_file = /var/log/mysqld/slow-queries.log

tmp_table_size = 128M
table_cache = 1024

join_buffer_size = 1M
key_buffer = 512M
sort_buffer_size = 6M
read_buffer_size = 4M
read_rnd_buffer_size = 16M
myisam_sort_buffer_size = 64M

max_tmp_tables = 64

thread_cache_size = 8
thread_concurrency = 8

# If using replication, uncomment log-bin below
#log-bin = mysql-bin

[mysqldump]
quick
max_allowed_packet = 16M

[mysql]
no-auto-rehash

[isamchk]
key_buffer = 256M
sort_buffer_size = 256M
read_buffer = 2M
write_buffer = 2M

[myisamchk]
key_buffer = 256M
sort_buffer_size = 256M
read_buffer = 2M
write_buffer = 2M

[mysqlhotcopy]
interactive-timeout

[mysqld_safe]
#log-error = /var/log/mysqld/mysqld.log
#pid-file = /var/run/mysqld/mysqld.pid

mkdir /var/log/mysqld
mv /var/log/mysqld.log /var/log/mysqld/mysqld.log
touch /var/log/mysqld/slow-queries.log
chown -R mysql:mysql /var/log/mysqld
service mysqld restart

Update the time zone

Configure the system time and update it.
Customize the timezone. Take a look inside /usr/share/zoneinfo/ for all possible values.
rm /etc/localtime
ln -sf /usr/share/zoneinfo/US/Arizona /etc/localtime
rdate -s nist1-ny.ustiming.org
Changes take effect immediately after you run the rdate command.
Note: It's very important to set the correct time zone of your Operating System (shown above) and in the vicidial admin area (Admin->Phones, Admin->Servers, Admin->System Settings) and also in your php.ini file. They must all be the same time zone or offset equivalent. Don't forget about this when configuring vicidial after using this guide.

Turn off ntpd and remove it from bootup runlevels.
You will be running ntpdate from cron instead.
service ntpd stop
chkconfig ntpd off

Setup CPAN and install libraries

Run the following command
yum install perl-CPAN
yum install perl-YAML
perl -MCPAN -e shell

You will then install some CPAN libraries
Once you see the cpan> prompt you can begin installing modules.
This may take a while.
cpan> install CPAN
cpan> reload cpan
cpan> install YAML
cpan> install MD5
cpan> install Digest::MD5
cpan> install Digest::SHA1
cpan> install readline
cpan> install Bundle::CPAN
cpan> reload cpan
cpan> install DBI
cpan> force install DBD::mysql
cpan> install Net::Telnet
cpan> install Time::HiRes
cpan> install Net::Server
cpan> install Switch
cpan> install Mail::Sendmail
cpan> install Unicode::Map
cpan> install Jcode
cpan> install Spreadsheet::WriteExcel
cpan> install OLE::Storage_Lite
cpan> install Proc::ProcessTable
cpan> install IO::Scalar
cpan> install Spreadsheet::ParseExcel
cpan> install Curses
cpan> install Getopt::Long
cpan> install Net::Domain
cpan> install Term::ReadKey
cpan> install Term::ANSIColor
cpan> install Spreadsheet::XLSX
cpan> install Spreadsheet::Read
cpan> install LWP::UserAgent
cpan> install HTML::Entities
cpan> install HTML::Strip
cpan> install HTML::FormatText
cpan> install HTML::TreeBuilder
cpan> install Time::Local
cpan> install MIME::Decoder
cpan> install Mail::POP3Client
cpan> install Mail::IMAPClient
cpan> install Mail::Message
cpan> install IO::Socket::SSL
cpan> install MIME::Base64
cpan> install MIME::QuotedPrint
cpan> install Crypt::Eksblowfish::Bcrypt
cpan> quit
In the end, I usually run all these commands once again to make sure its all installed.

Installing the Asterisk-Perl module

NOTE: Do NOT use the 0.09 or any newer version, they do not work with ViciDial.
cd /usr/src
wget http://asterisk.gnuinter.net/files/asterisk-perl-0.08.tar.gz
tar -zxf asterisk-perl-0.08.tar.gz
cd asterisk-perl-0.08
perl Makefile.PL
make all
make install

Installing additional software from source

Next, you will download, compile and install the following software.
  • lame
  • ttyload
  • iftop
  • mtop
  • mytop
  • htop
  • sipsak
  • ploticus

LAME:
LAME is an MP3 encoder used to convert audio files from WAV to MP3. Some prefer GSM usually, but others have standardized on MP3 so you would need this utility to be loaded to use that option.
cd /usr/src
wget http://downloads.sourceforge.net/project/lame/lame/3.99/lame-3.99.5.tar.gz
tar -zxf lame-3.99.5.tar.gz
cd lame-3.99.5
./configure
make
make install

SOX:
SoX is a cross-platform command line utility that can convert various formats of computer audio files in to other formats.
cd /usr/src
wget http://downloads.sourceforge.net/project/sox/sox/14.4.1/sox-14.4.1.tar.gz
tar -zxf sox-14.4.1.tar.gz
cd sox-14.4.1
./configure
make -s
make install

TTYLOAD:
ttyload is a simple terminal application that shows the processor load in a graphical time-based scrolling graph. I use it to view how loaded the system is and it visualizes load spikes very well.
cd /usr/src
wget http://www.daveltd.com/src/util/ttyload/ttyload-0.5.3.tar.bz2
tar -xvjpf ttyload-0.5.3.tar.bz2
cd ttyload-0.5.3
nano ttyload.h

   insert this #include directive just above the #define directives, then save and close the ttyload.h file
   #include <time.h>

make
ln -s /usr/src/ttyload-0.5.3/ttyload /usr/bin/ttyload

IFTOP:
iftop is a good console bandwidth visualization tool that shows you active connections, where they are going to/from and how much of your precious bandwidth they are using.
cd /usr/src
wget http://www.ex-parrot.com/~pdw/iftop/download/iftop-0.17.tar.gz
tar -zxf iftop-0.17.tar.gz
cd iftop-0.17
./configure
make
make install

MTOP:
mtop is a great utility for real-time monitoring of mysql and the queries that are running in it.
Note: the root mysql password must be blank before installing this
mysql -u root -p

Enter your MySQL password, then the following MySQL command:
SET PASSWORD FOR root@localhost=PASSWORD('');QUIT;
cd /usr/src
wget http://downloads.sourceforge.net/project/mtop/mtop/v0.6.6/mtop-0.6.6.tar.gz
tar -zxf mtop-0.6.6.tar.gz
cd mtop-0.6.6
perl Makefile.PL
make
make install

Enter the following MySQL command to put your root password back the way it was originally
Replace "MYSQL_PASSWORD" with your real password.
SET PASSWORD FOR root@localhost=PASSWORD('MYSQL_PASSWORD');QUIT;

MYTOP:
mytop is is an optional utility for monitoring the threads and overall performance of mysql
Note: the root mysql password must be blank before installing this
mysql -u root -p

Enter your MySQL password, then the following MySQL command:
SET PASSWORD FOR root@localhost=PASSWORD('');QUIT;
cd /usr/src
wget http://jeremy.zawodny.com/mysql/mytop/mytop-1.6.tar.gz
tar -zxf mytop-1.6.tar.gz
cd mytop-1.6
perl Makefile.PL
make
make test
make install
Enter the following MySQL command to put your root password back the way it was originally
Replace "MYSQL_PASSWORD" with your real password.
SET PASSWORD FOR root@localhost=PASSWORD('MYSQL_PASSWORD');QUIT;

HTOP:
htop is an interactive process viewer for Linux
cd /usr/src
wget http://downloads.sourceforge.net/project/htop/htop/1.0.2/htop-1.0.2.tar.gz
tar -zxf htop-1.0.2.tar.gz
cd htop-1.0.2
./configure
make
make install

SIPSAK:
sipsak is an optional utility that VICIDIAL can use to send messages to an agent's SIP-based phone(like the Snom 320) to display text on their LCD screen.
cd /usr/src
wget http://download.berlios.de/sipsak/sipsak-0.9.6-1.tar.gz
tar -zxf sipsak-0.9.6-1.tar.gz
cd sipsak-0.9.6
./configure
make
make install
/usr/local/bin/sipsak --version

PLOTICUS:
ploticus is a free graph creation package that allows you to create line graphs within PNG files simply by creating a config file and a data file. ViciDial uses this package to generate server performance graphs that can be displayed real-time within the ViciDial reports page.
cd /usr/src
wget http://downloads.sourceforge.net/project/ploticus/ploticus/2.42/ploticus242_src.tar.gz
tar -zxf ploticus242_src.tar.gz
cd ploticus242/src/
make clean
make
make install
mkdir -p /var/www/html/vicidial/ploticus/
cp pl /var/www/html/vicidial/ploticus/

Installing eAccelerator for PHP

Install the php module
cd /usr/src
wget http://downloads.sourceforge.net/project/eaccelerator/eaccelerator/eAccelerator%200.9.6.1/eaccelerator-0.9.6.1.zip
unzip eaccelerator-0.9.6.1.zip
cd eaccelerator-0.9.6.1
export PHP_PREFIX="/usr"
$PHP_PREFIX/bin/phpize
./configure --enable-eaccelerator=shared --with-php-config=$PHP_PREFIX/bin/php-config
make
make install

Configure php.ini
nano /etc/php.ini
Change the following values in your php.ini file.
Customize the date.timezone so you don't end up with a bunch of php errors complaining about it not being defined.
error_reporting  =  E_ALL & ~E_NOTICE
memory_limit = 48M
short_open_tag = On
max_execution_time = 330
max_input_time = 360
post_max_size = 48M
upload_max_filesize = 42M
default_socket_timeout = 360
date.timezone = America/Phoenix

Add the following lines to the dynamic extensions section of php.ini:
Note: For CentOS 32-bit, use this below: zend_extension="/usr/lib/php/modules/eaccelerator.so"
zend_extension="/usr/lib64/php/modules/eaccelerator.so"
;For CentOS 32-bit: zend_extension="/usr/lib/php/modules/eaccelerator.so"
eaccelerator.shm_size="48"
eaccelerator.cache_dir="/tmp/eaccelerator"
eaccelerator.enable="1"
eaccelerator.optimizer="1"
eaccelerator.check_mtime="1"
eaccelerator.debug="0"
eaccelerator.filter=""
eaccelerator.shm_max="0"
eaccelerator.shm_ttl="0"
eaccelerator.shm_prune_period="0"
eaccelerator.shm_only="0"
eaccelerator.compress="1"
eaccelerator.compress_level="9"

mkdir /tmp/eaccelerator
chmod 0777 /tmp/eaccelerator
php -v
You should see something like this:
PHP 5.3.3 (cli) (built: Dec 11 2013 03:29:57)
Copyright (c) 1997-2010 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies
with eAccelerator v0.9.6.1, Copyright (c) 2004-2010 eAccelerator, by eAccelerator

Editing the Apache config file


nano /etc/httpd/conf/httpd.conf

To disable logging, change:
CustomLog logs/access_log common
        to this:
CustomLog /dev/null common

To enable web browsing of Recordings on Asterisk server, add this:
Alias /RECORDINGS/ "/var/spool/asterisk/monitorDONE/"

<Directory "/var/spool/asterisk/monitorDONE">
    Options Indexes MultiViews
    AllowOverride None
    Order allow,deny
    Allow from all
        <files *.mp3>
            Forcetype application/forcedownload
        </files>
</Directory>


Change the values of ServerSignature and ServerTokens directives as shown below.
ServerSignature Off
ServerTokens Prod

Restart the Apache web server to apply the changes
service httpd restart
chkconfig httpd on

Install php-mcrypt extension module from a fedora repository since its not available in the standard repo.
You will need this so phpMyAdmin doesn't complain about not having mcrypt installed.
cd /usr/src
wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
wget http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
rpm -Uvh remi-release-6*.rpm epel-release-6*.rpm
nano /etc/php.d/mcrypt.ini
yum update
yum install php-mcrypt*
nano /etc/php.d/mcrypt.ini

Comment out the current mcrypt location because it is incorrect, then add the new path below it.
Note: For CentOS 32-bit, use this below: extension=mcrypt.so"
; Enable mcrypt extension module
;For CentOS 32-bit: extension=mcrypt.so
extension=/usr/lib64/php/modules/mcrypt.so

Restart the Apache web server to apply the changes
service httpd restart


Installing Asterisk

Any time you upgrade the Linux kernel you must recompile/install dahdi for the new kernel.
Asterisk must be compiled with dahdi support.
Note: The install MUST be done in the following order:
Minor note: dahdi-linux-complete-current.tar.gz and libpri-1.4-current.tar.gz may contain an updated version than what I am currently using, therefore the directory names may be different than shown below.
mkdir /usr/src/asterisk
cd /usr/src/asterisk
wget http://downloads.vicidial.com/required-apps/asterisk-1.8.23.0-vici.tar.gz
wget http://downloads.asterisk.org/pub/telephony/dahdi-linux-complete/dahdi-linux-complete-current.tar.gz
wget http://downloads.asterisk.org/pub/telephony/libpri/libpri-1.4-current.tar.gz
tar -zxf asterisk-1.8.23.0-vici.tar.gz
tar -zxf dahdi-linux-complete-current.tar.gz
tar -zxf libpri-1.4-current.tar.gz
cd ../dahdi-linux-complete-2.8.0.1+2.8.0
make clean
make
make install
make config
cd tools
make clean
make
make install
make config
cd ../../libpri-1.4.14
make clean
make
make install
cd ../asterisk-1.8.23.0
./configure
make clean
make
make install
make samples

cp /usr/src/asterisk/asterisk-1.8.23.0/contrib/init.d/rc.redhat.asterisk /etc/init.d/asterisk
chkconfig asterisk on

* Confirm DAHDI works properly.
* You do not need dahdi_dummy anymore, because it has not been required since DAHDI-Linux 2.3.0.
* The core of DAHDI is now able to use the kernel timers automatically if no telephony hardware is installed.
* http://www.voip-info.org/wiki/view/DAHDI
* http://www.voip-info.org/wiki/view/chan_dahdi.conf
* http://www.voip-info.org/wiki/view/Asterisk+CLI
service dahdi restart
chkconfig dahdi on
modprobe dahdi
lsmod | grep dahdi
dahdi_genconf
dahdi_cfg -vvv
dahdi_test
Check to see if the dahdi drivers are loaded.
lsmod | grep dahdi
Output should look similar to this:
dahdi_transcode         6697  1 wctc4xxp
dahdi_voicebus         54834  2 wctdm24xxp,wcte12xp
dahdi                 223523  15 xpp,dahdi_transcode,wcb4xxp,wctdm,wcfxo,wcaxx,wctdm24xxp,wcte11xp,wct1xxp,wcte13xp,wcte12xp,dahdi_voicebus,wcte43x,wct4xxp,oct612x
crc_ccitt               1717  2 wctdm24xxp,dahdi


Installing audio files

Download the audio files
cd /usr/src
wget http://downloads.digium.com/pub/telephony/sounds/asterisk-core-sounds-en-ulaw-current.tar.gz
wget http://downloads.digium.com/pub/telephony/sounds/asterisk-core-sounds-en-wav-current.tar.gz
wget http://downloads.digium.com/pub/telephony/sounds/asterisk-core-sounds-en-gsm-current.tar.gz
wget http://downloads.digium.com/pub/telephony/sounds/asterisk-extra-sounds-en-ulaw-current.tar.gz
wget http://downloads.digium.com/pub/telephony/sounds/asterisk-extra-sounds-en-wav-current.tar.gz
wget http://downloads.digium.com/pub/telephony/sounds/asterisk-extra-sounds-en-gsm-current.tar.gz
wget http://downloads.asterisk.org/pub/telephony/sounds/asterisk-moh-opsound-gsm-current.tar.gz
wget http://downloads.asterisk.org/pub/telephony/sounds/asterisk-moh-opsound-ulaw-current.tar.gz
wget http://downloads.asterisk.org/pub/telephony/sounds/asterisk-moh-opsound-wav-current.tar.gz
Place the audio files in their proper places
cd /var/lib/asterisk/sounds
tar -zxf /usr/src/asterisk-core-sounds-en-gsm-current.tar.gz
tar -zxf /usr/src/asterisk-core-sounds-en-ulaw-current.tar.gz
tar -zxf /usr/src/asterisk-core-sounds-en-wav-current.tar.gz
tar -zxf /usr/src/asterisk-extra-sounds-en-gsm-current.tar.gz
tar -zxf /usr/src/asterisk-extra-sounds-en-ulaw-current.tar.gz
tar -zxf /usr/src/asterisk-extra-sounds-en-wav-current.tar.gz

mkdir /var/lib/asterisk/mohmp3
mkdir /var/lib/asterisk/quiet-mp3
ln -s /var/lib/asterisk/mohmp3 /var/lib/asterisk/default

cd /var/lib/asterisk/mohmp3
tar -zxf /usr/src/asterisk-moh-opsound-gsm-current.tar.gz
tar -zxf /usr/src/asterisk-moh-opsound-ulaw-current.tar.gz
tar -zxf /usr/src/asterisk-moh-opsound-wav-current.tar.gz
rm -f CHANGES*
rm -f LICENSE*
rm -f CREDITS*

cd /var/lib/asterisk/moh
rm -f CHANGES*
rm -f LICENSE*
rm -f CREDITS*

cd /var/lib/asterisk/sounds
rm -f CHANGES*
rm -f LICENSE*
rm -f CREDITS*


cd /var/lib/asterisk/quiet-mp3
sox ../mohmp3/macroform-cold_day.wav macroform-cold_day.wav vol 0.25
sox ../mohmp3/macroform-cold_day.gsm macroform-cold_day.gsm vol 0.25
sox -t ul -r 8000 -c 1 ../mohmp3/macroform-cold_day.ulaw -t ul macroform-cold_day.ulaw vol 0.25
sox ../mohmp3/macroform-robot_dity.wav macroform-robot_dity.wav vol 0.25
sox ../mohmp3/macroform-robot_dity.gsm macroform-robot_dity.gsm vol 0.25
sox -t ul -r 8000 -c 1 ../mohmp3/macroform-robot_dity.ulaw -t ul macroform-robot_dity.ulaw vol 0.25
sox ../mohmp3/macroform-the_simplicity.wav macroform-the_simplicity.wav vol 0.25
sox ../mohmp3/macroform-the_simplicity.gsm macroform-the_simplicity.gsm vol 0.25
sox -t ul -r 8000 -c 1 ../mohmp3/macroform-the_simplicity.ulaw -t ul macroform-the_simplicity.ulaw vol 0.25
sox ../mohmp3/reno_project-system.wav reno_project-system.wav vol 0.25
sox ../mohmp3/reno_project-system.gsm reno_project-system.gsm vol 0.25
sox -t ul -r 8000 -c 1 ../mohmp3/reno_project-system.ulaw -t ul reno_project-system.ulaw vol 0.25
sox ../mohmp3/manolo_camp-morning_coffee.wav manolo_camp-morning_coffee.wav vol 0.25
sox ../mohmp3/manolo_camp-morning_coffee.gsm manolo_camp-morning_coffee.gsm vol 0.25
sox -t ul -r 8000 -c 1 ../mohmp3/manolo_camp-morning_coffee.ulaw -t ul manolo_camp-morning_coffee.ulaw vol 0.25

Installing Proftpd

Install the FTP server from source
cd /usr/src
wget --passive-ftp ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.4d.tar.gz
tar -zxf proftpd-1.3.4d.tar.gz
cd proftpd-1.3.4d
./configure --prefix=/usr --sysconfdir=/etc
make
make install

The proftpd binary gets installed in /usr/local/sbin, but we need it in /usr/sbin, so we create a symlink:
(This file might already exist, so don't worry if it gives you an error message that says it already exists)
ln -s /usr/local/sbin/proftpd /usr/sbin/proftpd

Create the init.d script
touch /etc/init.d/proftpd
nano /etc/init.d/proftpd

insert the following code:
#! /bin/sh
#
# proftpd          Start/Stop the cron proftpd daemon.
#
# chkconfig: 2345 40 60
# description: proftpd is a ftp server.
# processname: proftpd
# config: /etc/proftpd
# pidfile: /var/run/proftpd

# RedHat or Suse?
if [ -e "/etc/SuSE-release" ]; then
        SUSE=1
        DAEMONIZE=''
        RESULT='done'
else
        REDHAT=1
        DAEMONIZE='daemon'
        RESULT=''
fi

if [ "$REDHAT" = "1" ]; then
        # Source function library.
        if [ -f /etc/init.d/functions ]; then
          . /etc/init.d/functions
        elif [ -f /etc/rc.d/init.d/functions ]; then
          . /etc/rc.d/init.d/functions
        else
          echo "Could not find functions file, your system may be broken"
        exit 1
        fi
fi

if [ "$SUSE" = "1" ]; then
        # Source rc status functions
        . /etc/rc.status

fi


# See how we were called.
case "$1" in
  start)
        echo -n "Starting proftpd: "
        $DAEMONIZE proftpd -p 0
        echo $RESULT
        touch /var/lock/subsys/proftpd
        ;;
  stop)
        echo -n "Stopping proftpd: "
        killproc proftpd
        echo $RESULT
        rm -f /var/lock/subsys/proftpd
        ;;
  status)
        status proftpd
        ;;
  restart)
        $0 stop
        $0 start
        ;;
  *)
        echo "Usage: proftpd {start|stop|status|restart}"
        exit 1
esac

exit 0

Create a log directory and log files for proftpd to use
mkdir /var/log/proftpd/
touch /var/log/proftpd/ftpxferlog
touch /var/log/proftpd/proftpd.log

I use /var/www/html as my web root. You should do the same.
MY_FTP_USERNAME is the name of a Linux user account that you will create.
groupadd proftpd
useradd MY_FTP_USERNAME
passwd MY_FTP_USERNAME
chown -R MY_FTP_USERNAME /var/www/html

Generate SSL certificate and key so you can transfer files securely to/from your server using SSL.
openssl version -a
openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/ftpd-rsa-key.pem -out /etc/ftpd-rsa.pem

It will ask you some questions. Fill it out correctly.
Country Name (2 letter code) [XX]: US
State or Province Name (full name) []: Arizona
Locality Name (eg, city) [Default City]: Mesa
Organization Name (eg, company) [Default Company Ltd]: MyBusiness LLC
Organizational Unit Name (eg, section) []: HQ
Common Name (eg, your name or your server's hostname) []: dialer.mydomain.com
Email Address []: email@ddress.com

Backup the proftpd.conf file, delete all the contents, then edit it.
cp /etc/proftpd.conf /etc/proftpd.conf.original
echo "" > /etc/proftpd.conf
nano /etc/proftpd.conf

insert the collowing code and replace xxx.xxx.xxx.xxx with the static IP address that ONLY YOU will be connecting from:
# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use.  It establishes a single server
# and a single anonymous login.  It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.

ServerName                      "MyBusiness Dialer"
ServerType                      standalone
DefaultServer                   on

<IfModule mod_tls.c>
    TLSEngine on
    TLSProtocol SSLv23
    TLSRequired off
    TLSRSACertificateFile /etc/ftpd-rsa.pem


    TLSRSACertificateKeyFile /etc/ftpd-rsa-key.pem
    TLSVerifyClient off
    TLSCipherSuite HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3
     TLSOptions NoSessionReuseRequired
</IfModule>
TransferLog /var/log/proftpd/ftpxferlog
ExtendedLog /var/log/proftpd/proftpd.log read,write
UseReverseDNS off
IdentLookups off

# Port 21 is the standard FTP port.
Port                            21

# Don't use IPv6 support by default.
UseIPv6                         off

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask                           022

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances                    30

# Set the user and group under which the server will run.
User                            nobody
Group                           proftpd

# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
#DefaultRoot ~

# Normally, we want files to be overwriteable.
AllowOverwrite          on

DefaultRoot /var/www/html

<Limit LOGIN>
Order Allow,Deny
Allow xxx.xxx.xxx.xxx
Deny from all
</Limit>
<Limit LIST NLST  STOR STOU  APPE  RETR  RNFR RNTO  DELE  MKD XMKD SITE_MKDIR  RMD XRMD SITE_RMDIR  SITE_CHMOD  PWD XPWD  SIZE  STAT  CWD XCWD  CDUP XCUP >
 AllowAll
</Limit>
<Limit SITE  SITE_CHMOD  SITE_CHGRP  MTDM >
 DenyAll
</Limit>

Allow proftpd to run on bootup and start proftpd
chmod 755 /etc/init.d/proftpd
chkconfig proftpd on
service proftpd restart

Now you can connect to your server via FTP with or without SSL. Vicidial by default will not use SSL. This configuration gives the opportunity to use it either way. Use Filezilla to test this and see what it does.

Installing astGUIclient (ViciDial)


First, login to mysql to create the database, add a couple users and assign privileges.
NOTE: MY_DATABASE_USER and MY_DATABASE_PASSWORD will be used for login with phpMyAdmin
mysql -u root -p

Enter these MySQL commands:
CREATE DATABASE `asterisk` DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;
CREATE USER 'MY_DATABASE_USER'@'localhost' IDENTIFIED BY 'MY_DATABASE_PASSWORD';
GRANT ALL PRIVILEGES on asterisk.* to MY_DATABASE_USER@localhost;
CREATE USER 'cron'@'localhost' IDENTIFIED BY '1234';
GRANT SELECT,INSERT,UPDATE,DELETE,LOCK TABLES on asterisk.* TO cron@'%' IDENTIFIED BY '1234';
GRANT SELECT,INSERT,UPDATE,DELETE,LOCK TABLES on asterisk.* TO cron@localhost IDENTIFIED BY '1234';
GRANT RELOAD ON *.* TO cron@'%';
GRANT RELOAD ON *.* TO cron@localhost;
flush privileges;
quit

I am going to install the latest 2.x SVN trunk which happens to be version 2.8 at the time of writing this guide
mkdir /usr/src/astguiclient
cd /usr/src/astguiclient
svn checkout svn://svn.eflo.net:3690/agc_2-X/trunk
cd trunk
perl install.pl

You will have to define various things like IP address of the server and FTP username/password.
It will also ask you where is the web root, use /var/www/html
Leave the other login settings as-is unless you already know how to update the database and other asterisk config files.
defined server_ip:        xxx.xxx.xxx.xxx
defined DB_server:        localhost
defined DB_database:      asterisk
defined DB_user:          cron
defined DB_pass:          1234
defined DB_custom_user:   custom
defined DB_custom_pass:   custom1234
defined DB_port:          3306
defined active_keepalives:     1234568
defined asterisk_version:      1.8
defined copying conf files:    y
defined copying weblang files: n
defined FTP_host:         xxx.xxx.xxx.xxx
defined FTP_user:         MY_FTP_USERNAME
defined FTP_pass:         MY_FTP_PASSWORD
defined FTP_port:         21
defined FTP_dir:          RECORDINGS
defined HTTP_path:        http://xxx.xxx.xxx.xxx
defined REPORT_host:      xxx.xxx.xxx.xxx
defined REPORT_user:      MY_FTP_USERNAME
defined REPORT_pass:      MY_FTP_PASSWORD
defined REPORT_port:      21
defined REPORT_dir:       REPORTS


Import sample data

Login to mysql to run some commands
mysql -u root -p
Enter these MySQL commands:
SET GLOBAL connect_timeout=60;
use asterisk;

\. /usr/src/astguiclient/trunk/extras/MySQL_AST_CREATE_tables.sql
\. /usr/src/astguiclient/trunk/extras/first_server_install.sql
\. /usr/src/astguiclient/trunk/extras/sip-iax_phones.sql

quit
In the Linux terminal, enter these commands
/usr/src/astguiclient/trunk/bin/ADMIN_area_code_populate.pl
cp /usr/src/astguiclient/trunk/extras/performance_test_leads.txt /usr/share/astguiclient/LEADS_IN/
/usr/src/astguiclient/trunk/bin/VICIDIAL_IN_new_leads_file.pl --forcelistid=107 --forcephonecode=1

Final Adjustments

Make several entries in the rc.local of your system.
nano /etc/rc.d/rc.local
On a new system I just overwrite the file with the following:
#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.

touch /var/lock/subsys/local

# OPTIONAL enable ip_relay(for same-machine trunking and blind monitoring)
/usr/share/astguiclient/ip_relay/relay_control start 2>/dev/null 1>&2

# Disable console blanking and powersaving
/usr/bin/setterm -blank
/usr/bin/setterm -powersave off
/usr/bin/setterm -powerdown

### start up the MySQL server
/etc/init.d/mysqld start

### start up the apache web server
/etc/init.d/httpd start

### roll the Asterisk logs upon reboot
/usr/share/astguiclient/ADMIN_restart_roll_logs.pl

### clear the server-related records from the database
/usr/share/astguiclient/AST_reset_mysql_vars.pl

### load dahdi drivers
modprobe dahdi
/usr/sbin/dahdi_cfg -vvvvvvvvvvvvv

### sleep for 20 seconds before launching Asterisk
sleep 20

### start up asterisk
/usr/share/astguiclient/start_asterisk_boot.pl

Make several entries in the crontab of your system:
crontab -e
### recording mixing/compressing/ftping scripts
#0,3,6,9,12,15,18,21,24,27,30,33,36,39,42,45,48,51,54,57 * * * * /usr/share/astguiclient/AST_CRON_audio_1_move_mix.pl
0,3,6,9,12,15,18,21,24,27,30,33,36,39,42,45,48,51,54,57 * * * * /usr/share/astguiclient/AST_CRON_audio_1_move_mix.pl --MIX
0,3,6,9,12,15,18,21,24,27,30,33,36,39,42,45,48,51,54,57 * * * * /usr/share/astguiclient/AST_CRON_audio_1_move_VDonly.pl
1,4,7,10,13,16,19,22,25,28,31,34,37,40,43,46,49,52,55,58 * * * * /usr/share/astguiclient/AST_CRON_audio_2_compress.pl --GSM
#2,5,8,11,14,17,20,23,26,29,32,35,38,41,44,47,50,53,56,59 * * * * /usr/share/astguiclient/AST_CRON_audio_3_ftp.pl --GSM

### keepalive script for astguiclient processes
* * * * * /usr/share/astguiclient/ADMIN_keepalive_ALL.pl --cu3way

### kill Hangup script for Asterisk updaters
* * * * * /usr/share/astguiclient/AST_manager_kill_hung_congested.pl

### updater for voicemail
* * * * * /usr/share/astguiclient/AST_vm_update.pl

### updater for conference validator
* * * * * /usr/share/astguiclient/AST_conf_update.pl

### flush queue DB table every hour for entries older than 1 hour
11 * * * * /usr/share/astguiclient/AST_flush_DBqueue.pl -q

### fix the vicidial_agent_log once every hour and the full day run at night
33 * * * * /usr/share/astguiclient/AST_cleanup_agent_log.pl
50 0 * * * /usr/share/astguiclient/AST_cleanup_agent_log.pl --last-24hours
## uncomment below if using QueueMetrics
#*/5 * * * * /usr/share/astguiclient/AST_cleanup_agent_log.pl --only-qm-live-call-check

## uncomment below if using Vtiger
#1 1 * * * /usr/share/astguiclient/Vtiger_optimize_all_tables.pl --quiet

### updater for VICIDIAL hopper
* * * * * /usr/share/astguiclient/AST_VDhopper.pl -q

### adjust the GMT offset for the leads in the vicidial_list table
1 1,7 * * * /usr/share/astguiclient/ADMIN_adjust_GMTnow_on_leads.pl --debug

### reset several temporary-info tables in the database
2 1 * * * /usr/share/astguiclient/AST_reset_mysql_vars.pl

### optimize the database tables within the asterisk database
3 1 * * * /usr/share/astguiclient/AST_DB_optimize.pl

## adjust time on the server with ntp
30 * * * * /usr/sbin/ntpdate -u pool.ntp.org 2>/dev/null 1>&2

### VICIDIAL agent time log weekly and daily summary report generation
2 0 * * 0 /usr/share/astguiclient/AST_agent_week.pl
22 0 * * * /usr/share/astguiclient/AST_agent_day.pl

### VICIDIAL campaign export scripts (OPTIONAL)
#32 0 * * * /usr/share/astguiclient/AST_VDsales_export.pl
#42 0 * * * /usr/share/astguiclient/AST_sourceID_summary_export.pl

### remove old recordings more than 7 days old
#24 0 * * * /usr/bin/find /var/spool/asterisk/monitorDONE -maxdepth 2 -type f -mtime +7 -print | xargs rm -f

### roll logs monthly on high-volume dialing systems
#30 1 1 * * /usr/share/astguiclient/ADMIN_archive_log_tables.pl

### remove old vicidial logs and asterisk logs more than 2 days old
28 0 * * * /usr/bin/find /var/log/astguiclient -maxdepth 1 -type f -mtime +2 -print | xargs rm -f
29 0 * * * /usr/bin/find /var/log/asterisk -maxdepth 3 -type f -mtime +2 -print | xargs rm -f
30 0 * * * /usr/bin/find / -maxdepth 1 -name "screenlog.0*" -mtime +4 -print | xargs rm -f

### cleanup of the scheduled callback records
25 0 * * * /usr/share/astguiclient/AST_DB_dead_cb_purge.pl --purge-non-cb -q

### GMT adjust script - uncomment to enable
#45 0 * * * /usr/share/astguiclient/ADMIN_adjust_GMTnow_on_leads.pl --list-settings

### Dialer Inventory Report
1 7 * * * /usr/share/astguiclient/AST_dialer_inventory_snapshot.pl -q --override-24hours

### inbound email parser
* * * * * /usr/share/astguiclient/AST_inbound_email_parser.pl


Next, it is important to change the externip and localnet values in the sip.conf
The externip needs to be the public facing ip of your server.
The localnet will consist of the public facing ip and netmask of your server.
nano /etc/asterisk/sip.conf
externip = xxx.xxx.xxx.xxx
localnet=xxx.xxx.xxx.xxx/xxx.xxx.xxx.xxx

Run this perl script to update the server_ip fields in the asterisk tables (copy the command as-is)
/usr/share/astguiclient/ADMIN_update_server_ip.pl --old-server_ip=10.10.10.15

Update music on hold configuration
nano /etc/asterisk/musiconhold.conf
;
; Music on Hold -- Sample Configuration
;

[default]
mode=files
directory=/var/lib/asterisk/mohmp3

[quiet]
mode=files
directory=/var/lib/asterisk/quiet-mp3

#include musiconhold-vicidial.conf

* There are other sample configration files in /usr/src/astguiclient/docs/conf_examples/ that you might want to look at and maybe copy from and customize.

Lastly, reboot the machine
reboot

Diagnostics

After reboot, check your logs for any errors, make sure asterisk is up and running.
Be proactive and look for problems before you start configuring vicidial.
Run these commands to view log files:
  • tail -f -n 50 /var/log/asterisk/messages
  • tail -f -n 50 /var/log/messages
  • more /var/log/dmesg
  • tail -f -n 40 /etc/httpd/logs/error_log
  • tail -f -n 40 /var/log/maillog
  • tail -f -n 40 /var/log/cron
Run this command:
screen -ls
The output should look similar to this:
There are screens on:
        2301.ASTVDauto  (Detached)
        2125.asterisk   (Detached)
        2292.ASTupdate  (Detached)
        2307.ASTVDadapt (Detached)
        2120.astshell20131221211922     (Detached)
        2304.ASTVDremote        (Detached)
        2310.ASTfastlog (Detached)
        2298.ASTlisten  (Detached)
        2295.ASTsend    (Detached)
9 Sockets in /var/run/screen/S-root.

Start using vicidial

Login to vicidial and configure it.
Add users, campaigns, in-group, DID's, server, etc....
Go to: http://youripaddress/vicidial/admin.php
The default username is: 6666 and the password is: 1234

A note about security

When you get the vicidial server configured and working, make sure to follow basic common sense server administration rules like setting up a firewall, changing default passwords, disallow remote mysql connections or limiting it, etc...

Below is firewall script I borrowed from VICIbox Server that works quite well (why reinvent the wheel?). It basically blocks all IP adresses by default and only allows the IP addresses in which you specify to have access to the server. It's pretty good at blocking out all those voip hackers. I almost don't even need to worry anymore.
I personally implement these iptable rules as soon as I get my server online and running and BEFORE starting this guide. DO NOT implement this unless you have a way to get back into your server in case it does not work for you. Take a look at it and modify it as needed. In my case, I use a server that I lease from Softlayer and they provide me with a VPN and IPMI interface and software to get back in if needed.
mkdir /usr/src/iptables/
touch /usr/src/iptables/whitelist.rules
nano /usr/src/iptables/whitelist.rules
I also had to add various IP addresses for softlayer to connect to my server because they might do automated ping scans and remote management.
Replace xxx.xxx.xxx.xxx with the IP address that you need to allow access to your server.
These ip addresses will be your remote location (using a static IP), your data center IP's, DID providers (such as Aretta, Switch2Voip, etc..), external database servers, etc...
Customize and add the following code to the whitelist.rules file:
# Generated by iptables-save v1.4.7 on Sat Dec 21 21:31:39 2013
*raw
:PREROUTING ACCEPT [72:5698]
:OUTPUT ACCEPT [71:5742]
-A PREROUTING -i lo -j NOTRACK
-A OUTPUT -o lo -j NOTRACK
COMMIT
# Completed on Sat Dec 21 21:31:39 2013
# Generated by iptables-save v1.4.7 on Sat Dec 21 21:31:39 2013
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:forward_ext - [0:0]
:forward_int - [0:0]
:input_ext - [0:0]
:input_int - [0:0]
:reject_func - [0:0]
-A INPUT -s xxx.xxx.xxx.xxx -j ACCEPT
-A INPUT -s xxx.xxx.xxx.xxx -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state ESTABLISHED -j ACCEPT
-A INPUT -p icmp -m state --state RELATED -j ACCEPT
-A INPUT -i eth0 -j input_int
-A INPUT -i eth1 -j input_ext
-A INPUT -j input_ext
-A INPUT -m limit --limit 3/min -j LOG --log-prefix "SFW2-IN-ILL-TARGET " --log-tcp-options --log-ip-options
-A INPUT -j DROP
-A FORWARD -m limit --limit 3/min -j LOG --log-prefix "SFW2-FWD-ILL-ROUTING " --log-tcp-options --log-ip-options
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -m limit --limit 3/min -j LOG --log-prefix "SFW2-OUT-ERROR " --log-tcp-options --log-ip-options
-A input_ext -m pkttype --pkt-type broadcast -j DROP
-A input_ext -m recent --rcheck --name GOOD --rsource -j ACCEPT
-A input_ext -p icmp -m icmp --icmp-type 4 -j ACCEPT
-A input_ext -p tcp -m tcp --dport 113 -m state --state NEW -j reject_func
-A input_ext -m pkttype --pkt-type multicast -j DROP
-A input_ext -m pkttype --pkt-type broadcast -j DROP
-A input_ext -p tcp -m limit --limit 3/min -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-DROP-DEFLT " --log-tcp-options --log-ip-options
-A input_ext -p icmp -m limit --limit 3/min -j LOG --log-prefix "SFW2-INext-DROP-DEFLT " --log-tcp-options --log-ip-options
-A input_ext -p udp -m limit --limit 3/min -m state --state NEW -j LOG --log-prefix "SFW2-INext-DROP-DEFLT " --log-tcp-options --log-ip-options
-A input_ext -j DROP
-A input_ext -p icmp -m icmp --icmp-type 4 -j ACCEPT
-A input_ext -p tcp -m tcp --dport 113 -m state --state NEW -j reject_func
-A input_int -j ACCEPT
-A reject_func -p tcp -j REJECT --reject-with tcp-reset
-A reject_func -p udp -j REJECT --reject-with icmp-port-unreachable
-A reject_func -j REJECT --reject-with icmp-proto-unreachable
COMMIT
# Completed on Sat Dec 21 21:31:39 2013

To implement the firewall rules immediately, run this command
iptables-restore < /usr/src/iptables/whitelist.rules
Edit the iptables configuration
nano /etc/sysconfig/iptables-config
Change the following values to yes
This will ensure the iptable rules get saved to the default iptables file (/etc/sysconfig/iptables) and re-used each time the firewall is stopped or restarted.
IPTABLES_SAVE_ON_STOP="yes"
IPTABLES_SAVE_ON_RESTART= "yes"
You can verify this by stopping and restarting the firewall or rebooting the server. Go ahead and try this.
service iptables stop
iptables -L
service iptables restart
iptables -L
reboot
iptables -L


Upgrading

First, you will do a full backup, then you will upgrade your local copy of astguiclient via SVN and install it.
Make sure to read the UPGRADE doc for any new instructions.
/usr/share/astguiclient/ADMIN_backup.pl --debugX
cd /usr/src/astguiclient/trunk
svn up
perl install.pl
nano UPGRADE