HowTo.doc

(37154 KB) Pobierz
Mini-HOWTO: Ipcop + QoS_NG + Samba Server

Mini HOWTO: Ipcop + QoS_NG + Samba Server              by azegc

Mini-HOWTO: Ipcop + QoS_NG + Samba Server

azegc, azegc@hotmail.com

v0.2b -  20/08/2007

Released for Markus Hoffmann Revision

1. Introduction

The problem begins when i was trying to limit ARES traffic on my cybercafé. I believed that Layer7 filters could be best way, so I install IPCOP + P2PBlock, but I found that ARES still downloading files eating my precious bandwidth. I done a  investigation and I found that P2PBlock was working fine. The main problem is that ARES patterns are out dated. I guess in the future it could be fixed because ARES is open source software.

 

This document is based on the my little knowledge of HTB linux queuing discipline. The core solution of traffic limiting was proposed by Markus Hoffmann on this forums who help me to reach to this solution.

1.1 Copyright

This document is Copyright 2000 by azegc. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1 or any later version published by the Free Software Foundation with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.

1.2 Disclaimer

You are strongly recommended to take a backup of your system before install anything.

Use the information in this document at your own risk. I disavow any potential liability for the contents of this document. Use of the concepts, examples, and/or other content of this document is entirely at your own risk.

All copyrights are owned by their owners, unless specifically noted otherwise. Use of a term in this document should not be regarded as affecting the validity of any trademark or service mark.

Naming of particular products or brands should not be seen as endorsements.

1.3 Credits

Markus Hoffmann author of lots of great IPCOP addons including QoS_NG.

Stephan Feddersen author of Samba Server easy and useful addon.

 

I think the best things in internet and linux is done by generous and visionary people like you guys.

 

"Collecting data is only the first step toward wisdom, but sharing data is the first step toward community."

Henry Lewis Gates (professor at Harvard):

 

 

1.4 Translations

 

English              azegc                            azegc@hotmail.com

Spanish              azegc                            azegc@hotmail.com

 

 

2. Glossary

 

Linux – Is a Unix-like computer operating system.

 

IPCOP – Firewall Linux Distribution 

 

LAN – Local Area Network

 

WLAN – Wireless LAN

 

DMZ – Demilitarized Zone which provide secure access to services like: web server, ftp server, etc, to LAN (or Internet users in some cases).

 

HTB – Hierarchical Token Bucket – A packet scheduler

 

IMQ – A dummy interface which intercepts all incoming packets just before they are queued into RED Interface.

 

L7-filter – Application Layer Packet Classifier

 

qdisc – Linux based systems Queuing Discipline.

 

VoIP – Voice over IP

 

NIC Network Interface Controller

 

RED – Ipcop designation of a NIC which is pointing to Internet

 

GREEN – Ipcop designation of a NIC which is pointing to LAN

 

ORANGE – Ipcop designation of a NIC which is pointing to Servers like DMZ.

 

BLUE – Ipcop designation of a NIC which is pointing to WLAN.

 

 

 

 

3. Problem Scenario

I had ten computers and  three VoIP phones connected in a LAN, six of them are located on Cybercafé Hall and four of them are located in a gamming hall. The VoIP phones are located in a privates rooms. The main problem was teenage boys install ARES in P1 to P10, eating all bandwidth available and making VoIP calls terrible.

 

I won’t spend money to buy a expensive professional router with QoS only for thirteen devices. I am not planning buy another ADSL Internet connection for VoIP only. I dislike the idea of  buy windows software for limit bandwidth of each PC. So I decide to deploy a Linux like solution using IPCOP as battle horse. I’m going to use a old PC between my router and LAN in order to limit the bandwidth.

 

I’m certain that Figure 1 is more clear than any word.

 

FIGURE 1

 

4. Prerequisites

Hardware requisites:

 

- Old intel or amd PC: 1.x Ghz, 512 Mb memory and 20 GBytes at least.

- Two NICs (same brand/ model recommended) and one CD drive installed on it.

 

- ADSL Line.

- Router/Modem and Switch (100 Mbps)

- Network connected to Switch (at least one PC)

 

Software requisites:

 

Ipcop v1.4.15 (ISO burned CD)

http://ipcop.org/

Ipcop kernel with L7-filter and Ipp2p compiled modules for Ipcop v1.4.15

http://www.mhaddons.tk/

QoS_NG addon for Ipcop v.1.5.1

http://www.mhaddons.tk/

Samba Server addon for Ipcop v.0.1.9beta

http://www.h-loit.de/

WinSCP (for WinXX)

http://winscp.net/

Putty (for WinXX)

http://www.chiark.greenend.org.uk/~sgtatham/putty/

 

Other requisites:

 

- User level knowledge about Linux.

- Little practice with IPCOP

- Two hours of your time for fun.

 

5. Installing IPCOP and Addons.

At this point I guess you have all requirements, so I continue.

 

1)     Turn you old computer and go to your BIOS setting and set it to boot cd-rom in the priority list. From now this Old computer is called “Ipcop box”

 

2)     Insert Ipcop v1.4.15 CDROM and restart.

 

3)     In the First screen you press ENTER. In the next window you select your prefered language. If know about language codes in the first screen you can enter something like:  “vmlinuz lang=<language_code>”. By example “vmlinuz lang=es” if you live in spanish or latin america. This selection is for IPcop language installation.

 

 

4)     Now you see a welcome window.

 

5)     Press OK. In the next window you must select CDROM/USB-KEY

 

6)     Now Ipcop installer is going to format “Ipcop Box” hardisk and install all files. Press OK.

 

 

7)     Select Skip when it prompt you for backup

 

8)     Now its gonna setup your GREEN NIC, select Probe and it will autodetect you first NIC

 

9)     Now its gonna ask for the ip address for GREEN interface. We enter IP: 192.168.0.2 and Mask: 255.255.255.0 according with Figure 1.

 

10) Now you finish installing it, so take out your CD and enter OK”. Now select your keyboard language and timezone

 

11) Enter your Ipcop box name. I use the default name “ipcop”. In the next window you must enter domain_name/workgroup of your network. I used “starcraft” workgroup in PC1 to PC13.

 

12) Select “Disable ISDN”, we won’t need this.

 

13) Now you are in Ipcop network configuration Menu.

 

14) Now go to Network configuration type and select GREEN + RED

15) Then go to Drivers and card assignments and select “OK” and it will automatic scan for your other NIC (RED interface).

 

16) Now go to Address Setting” in Netwok configuration Menu and select RED interface. Then select “Static” and type IP: 192.168.1.5 and Mask: 255.255.255.0 according with “Figure 1”. Select “OK”, then “Done”.

 

17) Now go to “DNS and Gateway settings” and type DNS servers provided by your ISP. In Default Gateway type 192.168.1.1 (router IP) according with “Figure 1”. Select “OK”

18) Select “Enabled” and enter your prefered starting address and ending address. I use far IP addresses because I don’t like use DHCP. In this scenario we must know each IP address in network, so we have to set up network configuration manually on each PC according with “Figure 1”.

 

19) Now in Network configuration menu, select “Done”. The next window will be DHCP configuration again (I don’t know why), select “OK”.

 

20) Now enter your root, admin and backup password. Remember your passwords. The password needs at least 6 characters. Then select “OK” to reboot.

 

21) Finally you done installing Ipcop on “Ipcop Box”

 

22) Now you don’t need keyboard, mouse, monitor anymore on “Ipcop box”. Turn on PC1 and set up network configuration according “Figure 1”.

 

23) Set up PC2 to PC10 network configuration like (22). For VoIP devices use...

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika:

Zgłoś jeśli naruszono regulamin