After installing the BSF server and NAF filter, you’ll need to update the XCAP server, configure HTTP port mapping and optionally create init.d scripts
Update the XCAP server
To configure the XCAP Server for the Sentinel Authentication Gateway, you need to change the Diameter peer connection to the HSS and populate XCAP server settings and MMTel service data.
Set the Diameter peer connection to the HSS
For the Diameter peer connection to the HSS, a file called VolteHssDiameterConfig.xml
must be present in a folder called rem_home
in Tomcat. If this folder does not exist, create it:
1 |
Copy the Sample VolteHssDiameterConfig XML. |
||
---|---|---|---|
2 |
Change the values for the HSS hostname and port. There are two
|
||
3 |
If necessary, modify the host and realm attribute-values to match the values in your HSS.
|
Populate XCAP server settings and MMTel service data
There are several configuration pages in REM for XCAP connectivity and MMTel service data mappings that must be populated. This can be done using the script volte-sentinel-mappings-config
.
This file is located in the build/bin
directory of the Sentinel Authentication Gateway SDK.
This can be executed from your Sentinel Authentication Gateway’s command line, provided the Java Runtime Environment (v 7+) is installed. The command must be given these arguments:
Argument | What it specifies |
---|---|
-u (--username) |
Your Rhino Element Manager (REM) username. |
-pw (--password) |
Your Rhino Element Manager (REM) password. |
-h (--hostname) |
The hostname or IP address of your Rhino Element Manager (REM). |
-p (--port) |
The port of your Rhino Element Manager (REM). |
-n (--network-operator) |
The network operator name. |
-r (--rhino-instance-id) |
The Rhino Instance ID. |
-dh (--hss-destination-host) |
The destination host of the HSS. |
-dr (--hss-destination-realm) |
The destination realm of the HSS. |
The hostname value must match your NAF server, e.g. naf.home1.net. |
The rhino-instance-id value equates to the Rhino instance where your BSF is deployed, e.g. Local if you have Rhino and REM on the same host. |
Here is an example command:
cd ~/sentinel-gaa/sentinel-gaa-sdk ./build/bin/volte-sentinel-mappings-config -u emadm -pw password -h naf.home1.net -p 8080 -r Local -n OpenCloud -dh hss-instance -dr example.com
To see a listing of the required arguments, from the command line, execute the script without any arguments. |
Configure HTTP port mapping
The BSF Server receives HTTP requests via the HTTP Resource Adaptor (HTTP RA) running on Rhino.
In the default BSF configuration, the HTTP RA listens on port 8001
; however for a production deployment it needs to receive requests on port 80
, the standard HTTP port.
On Unix systems, only processes running as the super user (root) can listen on ports below 1024. Rhino is a multi-purpose platform, running potentially many different kinds of services, so running it as root is not recommended. Instead, we can use the operating system’s port translation features to redirect traffic on port 80 to a different port where the HTTP RA is listening.
Use iptables to redirect port 80
Most Linux distributions have iptables preinstalled. This is a program for configuring the Linux kernel’s firewall, including port translation.
Below are the iptables
commands for redirecting port 80 traffic to port 8001. These include procedures to:
Add rules to redirect port 80 traffic
$ sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8001 $ sudo iptables -t nat -A OUTPUT -p tcp -d 127.0.0.0/8 --dport 80 -j REDIRECT --to-port 8001
Redirects connections to port 80 from external hosts. | |
Redirects connections to port 80 from processes on the same host. |
To delete these rules, simply replace -A
with -D
in the above commands.
Remove redirection rules
$ sudo iptables -t nat -D PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8001 $ sudo iptables -t nat -D OUTPUT -p tcp -d 127.0.0.0/8 --dport 80 -j REDIRECT --to-port 8001
The Linux firewall’s nat
(network address translation) tables can be viewed with the iptables -L
command.
With the HTTP port translation applied as above, you should see something like the example below.
View the nat tables
$ sudo iptables -t nat -L -n Chain PREROUTING (policy ACCEPT) target prot opt source destination REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 8001 Chain INPUT (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination REDIRECT tcp -- 0.0.0.0/0 127.0.0.0/8 tcp dpt:80 redir ports 8001 Chain POSTROUTING (policy ACCEPT) target prot opt source destination
The -n parameter disables name service lookups. |
Create init.d scripts
There are two init.d
scripts for Ubuntu Linux which make starting and stopping Rhino and REM easier:
Note: These are illustrative and useful for Proof of concept rather than production environments.
To set these up:
1 |
Copy the script to the host server’s sudo cp rhino /etc/init.d sudo cp rem /etc/init.d |
---|---|
2 |
Make the script executable: |
3 |
Refresh, with the sudo update-rc.d rhino defaults 99 sudo update-rc.d rem defaults 99 |