php-GD enabled in FreeBSD

hohohoho…………………….. i finally found how to solve error in GD + php.Useally, when we try to install php + gd enabled, we will get some error, not error when we complie php or gd, but error in your web. like your image won’t display properly in your web.. why i wrote this article, because i’ve got experience. when i migrate my system from linux to freebsd, because the HD error T_T, i install php with gd. i think, it will same from the old system. but, when i finished installing php+ gd, iv got the problem. jpeg or jpg image wont display properly. my expericence is, when i try to upload a jpeg or jpg image, i ve got some error, altough the web is normal, work properly. jpeg or jpg image thumbnail view  wont displayed. damn!!!!!!! i’ve install gd from the freebsd ports and compile php from source manually. hooooooooooo, then my partner check the php info. shit!!!! jpeg not enabled in php……waaaaaaaaaaaaaaaa.. what happen????    my friend told me, gd in freebsd still got some error. beuuuuuu….. ive try many times with different options in php, but still got same problem, jpeg/jpg image wont display properly. T_T…………. i finally realize i must install libpng + libjpeg manually, not from the bsd ports….. ckckcckkcckckk, just waste my time (almost 2 monhts, ive got this problem T_T). hmmmm. i must solve it!!!!! then, i remember, my students mirror still up ^_^. i try to install libjpeg and libpng manualy and gd from ports. first still error, those packets got error when i compile it. and the second. hoohohoho it works (my friend said that)….. almost 8 hours with my daemon ^_^ just to enabling GD in php in freebsd. but how i solve it??????

hmmmm……………… frist you should fetch it manually thoose packets (i install thoose packets in freebsd fresh install ^_^), here there are :

libxml2-2.6.22.tar.gz
zlib-1.2.3.tar.gz
libpng-1.2.9.tar.gz
jpegsrc.v6b.tar.gz

after you fetched it follow this steps :
1. you should install mysql first, if you plan your web using databases
cd /usr/ports/databases/mysql-server/
make WITH_LINUXTHREADS=yes install clean (and so on….. i wont explain in         here)
2.install httpd. im using httpd-2.x.x…….. just up to you (using httpd-2.x.x                 versions). i think you know how to install httpd apache server from source. i’ve         explained it before
3. install your libxml2 first
tar xzvf libxml2-2.6.22.tar.gz
cd libxml2-2.6.22
./configure
make
make install
4. install your zlib.
    tar xzvf zlib-1.2.3.tar.gz
cd zlib-1.2.3
./configure
make
make install
make clean
5. libpng
tar xzvf libpng-1.2.9.tar.gz
cd libpng-1.2.9
cp scripts/makefile.std makefile
edit your makefile, find “prefix= ………..” (i dont remember it), change it to
prefix=/usr/local/libpng2
make
mkdir /usr/local/libpng2
make install
make clean
6. install your jpeg library.
tar -zxvf jpegsrc.v6b.tar.gz
cd jpeg-6b
./configure –prefix=/usr/local/jpeg6 –enable-shared
make
mkdir /usr/local/jpeg6
mkdir /usr/local/jpeg6/include
mkdir /usr/local/jpeg6/lib
mkdir /usr/local/jpeg6/bin
mkdir /usr/local/jpeg6/man
mkdir /usr/local/jpeg6/man/man1
make install-lib
make install
make clean   
7.    install GD
cd /usr/ports/graphics/gd
make install clean

huhhhhh……… finished installing library GD support.. then, finally install your php.
just follow this steps..
tar xzvf php-5.x.x.tar.gz
cd php-5.x.x
./configure –prefix=/usr/local/httpd/php –with-gd –with-apxs2=/usr/local/httpd/bin/apxs –with-xml –with-mysql –with-zlib –with-jpeg-dir=/usr/local/jpeg6 –with-png-dir=/usr/local/libpng2 –disable-debug –enable-trans-sid –enable-sockets –enable-memory-limit (one line of course, i assume that you install your httpd apache server in /usr/local/httpd, and php in /usr/local/httpd/php)
make
make install
then copy your php.ini in /usr/local/httpd/php/lib/

next step just adding “AddType application/x-httpd-php .php” in your httpd.conf….

just wait and see the difference……….. i check my web, hmmmm looks fine. then i asked my partner (web programer), “did the GD still error????” my partner told me “hoho, thats worksss”………….huaaahhhhhahahaha finally finish it !!!!!!!

hmmmmm……… just share my experience with the daemon ^_^ thanks to allDelta for the team works ^_^. solved one problem, another problem still wait. like Indonesian peole said, “derita tiada akhir” hahahahahhaahha.. just kidding. hope it will help you too…………

thanks

tunk

IPFW vs PF

 

FreeBSD platform is a great platform for firewalls. As far as i know, FreeBSD has 3 firewall apllication for building a great firewall : IPFW, PF and IPF. hmmmm, i only will explain the IPFW and PF firewall. IPF and PF is almost same.

• IPFW : FreeBSD’s primary firewall is called IPFW (Internet Protocol Firewall). IPFW is composed of two parts: a kernel-level packet filter engine and a userland utility for controlling firewall functionality. IPFW has been part of FreeBSD since FreeBSD 2.0. IPFW went through a major overhaul as part of FreeBSD 5 development. This “new” IPFW became known as IPFW2. However, for the sake of sanity, we will refer to IPFW2 simply as IPFW.

• PF : OpenBSD utilizes a firewall mechanism called PF (packet filter). Like FreeBSD’s IPFW, PF is made up of a kernel-level packet filter and a userland utility for control of the firewall functionality. Unlike FreeBSD, PF is exposed via a device node, /dev/pf. PF is a newcomer to the OpenBSD world. Before using PF, OpenBSD utilized a firewall called IPFilter. I dont know why IPFilter removed from OpenBSD. maybe a licensce trouble. The end result was that IPFilter was removed from OpenBSD. PF was created to fill the void left by IPFilter. PF has been designed from day one to integrate cleanly into OpenBSD, and as such, is very usable and flexible.

The Differences
There are big differences between IPFW and PF. If you had ever using both IPFW and PF, you will find the differences. IPFW is list-based while PF is much more object oriented. PF configuration is broken into many parts, but IPFW generally a shell scripts with rules processed in order. but, both firewall supports statefull and stateless processing of connection.

In IPFW, the first rule in a ruleset that matches a packet “wins.” That means, if a ruleset has a rule to allow traffic to port 80 before a rule that denies all traffic, the packet destined to port 80 will be allowed. In PF, the exact opposite is true; the last rule that matches “wins.” In the same example, the packet to port 80 would be denied by the firewall. If you really need to have a packet match a rule and then be processed in PF, you can use the quick keyword to force the issue. (you can read my blog about PF)
In IPFW, denied packets are logged through the syslog facility. In PF, denied packets are logged to a special interface called pflog0. This interface is actually a BPF (Berkeley Packet Filter) interface that allows utilities like tcpdump to sniff logged packets directly. This feature can be used by IDS engines and monitoring tools to analyze the firewall’s activity without having to interact or affect the firewall processing.

PF implements Network Address Translation (NAT) and Quality of Service (QoS) directly into the firewall. In IPFW, these features are provided by other programs. In general, there is no functional difference. The integration in PF makes administration a bit easier as all configuration is done in one file.
PF performs more aggressive optimization than IPFW. In PF, large lists of rules are compressed into a table (of course you must read the PF manual first). So while the configuration file for PF may still have list-like properties, the core processing engine of PF treats the rules more efficient. This ultimately results in a tree data-structure for the rules making even huge rulesets rapidly searchable.
PF also has the capability to reassembly and normalizing fragmented packets before sending them through the firewall. This prevents fragmentation attacks behind the firewall. This is a great feature of PF, as it prevents other applications on the firewall (like an IDS sensor) from having to deal with fragments.
Seems that PF is a weapon weapon for building a firewall. If you need the flexibility and scalability, use PF. However, for smaller-scale deployments, such as a small or home office, IFPW’s simple interface and simple administration may be your choice.
Back to you again, just choose PF or IPFW as your firewall in a FreeBSD machine or in your networks.

And how about IPTABLES??? hmmmmmmmmm, long time not using iptables as firewall. look likes i must read the iptables manual again….. ^_^

SIP and H.323 (Part 1)

Computer networks devided into two types :
Voice networks : based on circuit swithcing. Communication is always made by the same path. Example: Public Switched Telephone Network (PSTN).
Data Netwoks : based on packet swithcing. information data is devided into packets, and the packets can travel accros different route/path. Example : internet.

Main problem about circuit swithcing is it need a lot of bandwidth for each communication. Why ?? because same channel is used when during a call (communication) and most of the phone calls have a lot of silence moments.
Data networks only transmit information when it is necessary, so it using bandwidth more efficiently. Delay and loss packets should not be a disadvantage, due the system has a capability to recover the information. However, voice and video streaming are sensitive with those parameters (Delay and loss). So, networks and protocols with high degree of QoS are required.

Voice over IP (VoIP) defines the necessary routing systems and protocols for transmit voice conversations over Internet. Internet is a packet swithcing networks based on TCP/IP protocols.

So, what is SIP and H.323??? VoIP has two architecture for the voice transmission :
SIP (Session Initiation Protocols) : SIP is a signalling protocol to establish and conferences in IP networks. Beginning of the sessions, change or term of the sessions, is independent of the type of application that it is being used in the call. (a sessions including several data types : voice, video, or many other formats.)
H.323 : standard of communications multimedia, that facilitated the convergence of voice, video and data. nitially it was thought for packet circuit networks.

SIP
SIP is used for initiating, modifying, and terminating user sessions that involves multimedia communication elements ; ex : voice, video , instant messaging, etc. Main objective of SIP is the communicating between multimedia devices. SIP using two main protocols, RTP and SDP (you can read the RFC or manual about RTP and SDP). RTP is used to transport voice data in real time; SDP is used to negotiate the participant capabilities, codification type, etc. SIP is end-to-end oriented protocols. it means that all the logic is stored in end devices. State is also stored in end-device only. SIP is an application-layer protocols, a signalling protocol for internet-telephony.
SIP has ability to establish and end multimedia sessions (ex : location, availability, resource use, etc). In order to implement these functions, SIP has different components. main components are User Agent (UA) and SIP servers.

1. User Agent (UA): User Agent has two different parts, User Agent Client (UAC) and User Agent Server (UAS). UAC is used for sending SIP request and receive the answers for those request. UAS used to send answer to the SIP request. Both entities are in every user agent, to allow the communication between different user agents in a client-server communication.
2. SIP servers, devided into 3 types :

• Proxy servers : This server has a similar functionality to an HTTP Proxy. Proxy servers devided into 2 types, statefull proxy and stateless proxy. Statefull proxy keep the state of the transaction during the request processing. Stateless proxy do not keep the state of the transaction during the requests processing, They only resend messages.
• Registrar Servers : a server which accepts register request from the users and keep the information about this request t provides a location and address translation service.
• Redirect Servers : server which generates redirection answers to the received requests. This server routes again the requests to the next server.

All of thoose parts are conceptual, can be placed in the same machine, or may be in different machine

One of the SIP server function is user location and name resolution. Normally, user agents doesnt know the IP address of the called persons. SIP entities identify a user by SIP URI (Uniform Resource Identification)see RFC 2396. SIP URI has a format similiar with email address consists of a user and a domain delimited by one @. examples :
user@domain
user@machine
user@ip_address
telephone_number@gateway

and, how about H.323????……….. next article. i promise it!!! ^_^

troubleshouting error in PF firewall

 

moga aja pada ga bosen kalo artikelnya tentang PF lagi. ini sebenernya cuman mo nambahin aja. Tenang aja, gw disini ga akan bahas gimana cara bikin rule firewall, seting parameter PF, ato NAT+RDR de-el-el.
tadi pagi, sekitar jam 3 pagi-an, gw setting PF lagi…….. hmmmmmmmmm tapi lagi lagi error lagi lagi error, padahal sintaks nya udah bener……. duh, gimana ini???? gw liat di settingan pf.conf default bawaan dari *BSD, ga banyak membantu. ternyata dalam PF, ada aturan-aturan yang harus kita patuhi ketika kita bikin firewall. waaaaaaaaaaaa, apa aja itu????

gini aturannya

#1. set variable
#2. options rule
#3. scrub rules
#4. nat,rdr,binat
#5. rules, block pass, antispoof
kalo ga match ma urutan itu, ga bakalan jalan.

ini contohnya (di /etc/pf.conf)
###################aturan 1, set variable#############
if=”rl0″
dns=”{10.14.203.7,202.154.1.2,202.134.0.155,202.134.2.5}”
ga_penting= “{137,138,139,81}”
#voip=”{5060, 4569, 5036, 9999 >< 20001, 2727}”
irc=”{6666,6667,6668}”
ob_state = “flags S/SA keep state”
ib_state = “flags S/SA keep state”
################end set variable####################

##############aturan 2, options rule###################
set block-policy drop
set state-policy if-bound

set loginterface $if
set fingerprints “/etc/pf.os”
##############end options rule######################

#######aturan 3, scrub rules##########################
scrub in on $if all random-id
scrub reassemble tcp
############ end scrub rules #######################

################ aturan 4 nat rules#################
nat on fxp0 proto {tcp,udp,icmp} from 10.14.x.x to any -> 21.1.3.5
##############end aturan 4 nat rules#################
########silakan baca tutorial sebelumnya tentang NAT#########

###############aturan 5, antispoof, block, pass rules########
antispoof for $if
pass quick on lo0 all
pass out quick on $if proto tcp from any to $dns port 53 $ob_state
pass out quick on $if proto udp from any to $dns port 53 keep state
#####dan seterusmnya, silakan baca di artikel sebelumnya#########
############end aturan 5, antispoof, block,pass, rules#########

heheee, tinggal di save, trus jalanin aja pake pfctl -f /etc/pf.conf, and gotcha!!!!!!!!!!!!!!!!!!!!!!!!! jalan

semoga pengalaman gw bermain main dengan PF bisa berguna bagi temen temen semua. oh iya, rule nya enggak lengkap, udah ada di artikel sebelumnya (males nulisnya lagi). tinggal baca aja di artikel sebelumnya.

hehehe……………. sekian dan tingkyuuu dah baca artikel gw