Difference between revisions of "Layer7 IMQ Route Multipath Loadbalance Debian Lenny 2.6.28"
From MS Computech
| Line 1: | Line 1: | ||
| − | '''Debian Lenny,Kernel 2.6.28+iptables 1.4.2 Contribute post and test by phat@mscompute June 13 2009 '''<br> | + | '''Debian Lenny,Kernel 2.6.28+iptables 1.4.2 Contribute post and test by phat@mscompute June 13 2009 '''<br> |
| + | |||
| + | Deb | ||
<pre>apt-get install bzip2 gzip unzip | <pre>apt-get install bzip2 gzip unzip | ||
apt-get install debhelper modutils | apt-get install debhelper modutils | ||
apt-get install libncurses5-dev kernel-package build-essential zlib1g-dev | apt-get install libncurses5-dev kernel-package build-essential zlib1g-dev | ||
| + | </pre> | ||
| + | <pre> | ||
| + | Clarkconnect 4.3 | ||
| + | apt-get install cc-devel | ||
</pre> | </pre> | ||
ดาวโหลด Package | ดาวโหลด Package | ||
| Line 9: | Line 15: | ||
wget http://ufpr.dl.sourceforge.net/sourceforge/l7-filter/netfilter-layer7-v2.21.tar.gz | wget http://ufpr.dl.sourceforge.net/sourceforge/l7-filter/netfilter-layer7-v2.21.tar.gz | ||
wget http://ufpr.dl.sourceforge.net/sourceforge/l7-filter/l7-protocols-2009-05-28.tar.gz | wget http://ufpr.dl.sourceforge.net/sourceforge/l7-filter/l7-protocols-2009-05-28.tar.gz | ||
| − | wget http://www.netfilter.org/projects/iptables/files/iptables-1.4.2.tar.bz2</pre> | + | wget http://www.netfilter.org/projects/iptables/files/iptables-1.4.2.tar.bz2</pre> |
แตกไฟล์ออกมา | แตกไฟล์ออกมา | ||
<pre>tar xjfv linux-2.6.28.tar.bz2 | <pre>tar xjfv linux-2.6.28.tar.bz2 | ||
| Line 15: | Line 21: | ||
tar zxvf netfilter-layer7-v2.21.tar.gz | tar zxvf netfilter-layer7-v2.21.tar.gz | ||
tar xzfv l7-protocols-2009-05-28.tar.gz | tar xzfv l7-protocols-2009-05-28.tar.gz | ||
| − | </pre> | + | </pre> |
สร้าง Symbol Link | สร้าง Symbol Link | ||
<pre>ln -s /usr/src/linux-2.6.28 /usr/src/linux | <pre>ln -s /usr/src/linux-2.6.28 /usr/src/linux | ||
| − | </pre> | + | </pre> |
Patch Kernel ด้วย patch file | Patch Kernel ด้วย patch file | ||
| − | <pre> | + | <pre>cd linux |
| − | cd linux | + | patch -p1 </usr/src/netfilter-layer7-v2.21/kernel-2.6.25-2.6.28-layer7-2.21.patch |
| − | patch -p1 | + | </pre> |
| − | </pre> | ||
Config Kernel | Config Kernel | ||
<pre>make menuconfig | <pre>make menuconfig | ||
| Line 30: | Line 35: | ||
<M> layer7 match support | <M> layer7 match support | ||
| − | [*] | + | [*] select all |
| + | [M] select all | ||
| − | & | + | Networking support —> Networking options —> Network packet filtering framework (Netfilter) —>IP: Netfilter Configuration. |
| − | </pre> | + | |
| − | Exit Save config | + | [*] select all |
| + | [M] select all | ||
| + | </pre> | ||
| + | Exit Save config | ||
| − | คอมไพล์และติดตั้งมันซะ | + | คอมไพล์และติดตั้งมันซะ Deb + CC4.3 |
| − | <pre>make | + | <pre>make && make modules && make modules_install</pre> |
| − | make modules | + | ทำให้มันบูท Kernel ใหม่ ( Debian Only ) CC4.3 ไม่ต้องทำ |
| − | make modules_install | ||
| − | |||
| − | </pre> | ||
| − | ทำให้มันบูท Kernel ใหม่ | ||
<pre>cd /boot | <pre>cd /boot | ||
mkinitramfs -o initrd.img-2.6.28 2.6.28 | mkinitramfs -o initrd.img-2.6.28 2.6.28 | ||
update-grub | update-grub | ||
reboot | reboot | ||
| + | </pre> | ||
| + | แก้ไข /boot/grub/menu.lst ( CC4.3 Only ) | ||
| + | <pre> | ||
| + | # grub.conf generated by anaconda | ||
| + | # | ||
| + | # Note that you do not have to rerun grub after making changes to this file | ||
| + | # NOTICE: You have a /boot partition. This means that | ||
| + | # all kernel and initrd paths are relative to /boot/, eg. | ||
| + | # root (hd0,0) | ||
| + | # kernel /vmlinuz-version ro root=/dev/sda3 | ||
| + | # initrd /initrd-version.img | ||
| + | #boot=/dev/sda | ||
| + | default=1 | ||
| + | timeout=5 | ||
| + | splashimage=(hd0,0)/grub/splash.xpm.gz | ||
| + | hiddenmenu | ||
| + | title Linux (2.6.28) | ||
| + | root (hd0,0) | ||
| + | kernel /vmlinuz-2.6.28 ro root=LABEL=/ video=vesafb vga=0x313 | ||
| + | initrd /initrd-2.6.28.img | ||
| + | #title Linux (2.6.18-93.cc4) | ||
| + | # root (hd0,0) | ||
| + | # kernel /vmlinuz-2.6.18-93.cc4 ro root=LABEL=/ video=vesafb vga=0x313 | ||
| + | # initrd /initrd-2.6.18-93.cc4.img | ||
| + | #title Linux Safe Mode (2.6.18-93.cc4) | ||
| + | # root (hd0,0) | ||
| + | # kernel /vmlinuz-2.6.18-93.cc4 ro root=LABEL=/ | ||
| + | # initrd /initrd-2.6.18-93.cc4.img | ||
</pre> | </pre> | ||
คอมไพล์ iptables v1.4.2 เพื่อให้รองรับกับ layer7 | คอมไพล์ iptables v1.4.2 เพื่อให้รองรับกับ layer7 | ||
| Line 57: | Line 90: | ||
make install | make install | ||
cp /usr/local/sbin/iptables /sbin/ | cp /usr/local/sbin/iptables /sbin/ | ||
| − | </pre> | + | </pre> |
ลอง | ลอง | ||
<pre>iptables -A FORWARD -m layer7 –l7proto msnmessenger -j DROP | <pre>iptables -A FORWARD -m layer7 –l7proto msnmessenger -j DROP | ||
iptables -A FORWARD -m layer7 –l7proto httpvideo -j DROP | iptables -A FORWARD -m layer7 –l7proto httpvideo -j DROP | ||
iptables -A FORWARD -m layer7 --l7proto bittorrent -j DROP | iptables -A FORWARD -m layer7 --l7proto bittorrent -j DROP | ||
| − | </pre> | + | </pre> |
http://l7-filter.sourceforge.net/protocols | http://l7-filter.sourceforge.net/protocols | ||
Protocal Definition /etc/l7-protocols | Protocal Definition /etc/l7-protocols | ||
Revision as of 13:40, 19 June 2009
Debian Lenny,Kernel 2.6.28+iptables 1.4.2 Contribute post and test by phat@mscompute June 13 2009
Deb
apt-get install bzip2 gzip unzip apt-get install debhelper modutils apt-get install libncurses5-dev kernel-package build-essential zlib1g-dev
Clarkconnect 4.3 apt-get install cc-devel
ดาวโหลด Package
wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.28.tar.bz2 wget http://ufpr.dl.sourceforge.net/sourceforge/l7-filter/netfilter-layer7-v2.21.tar.gz wget http://ufpr.dl.sourceforge.net/sourceforge/l7-filter/netfilter-layer7-v2.21.tar.gz wget http://ufpr.dl.sourceforge.net/sourceforge/l7-filter/l7-protocols-2009-05-28.tar.gz wget http://www.netfilter.org/projects/iptables/files/iptables-1.4.2.tar.bz2
แตกไฟล์ออกมา
tar xjfv linux-2.6.28.tar.bz2 tar xjfv iptables-1.4.2.tar.bz2 tar zxvf netfilter-layer7-v2.21.tar.gz tar xzfv l7-protocols-2009-05-28.tar.gz
สร้าง Symbol Link
ln -s /usr/src/linux-2.6.28 /usr/src/linux
Patch Kernel ด้วย patch file
cd linux patch -p1 </usr/src/netfilter-layer7-v2.21/kernel-2.6.25-2.6.28-layer7-2.21.patch
Config Kernel
make menuconfig Networking support —> Networking options —> Network packet filtering framework (Netfilter) —> Core Netfilter Configuration. <M> layer7 match support [*] select all [M] select all Networking support —> Networking options —> Network packet filtering framework (Netfilter) —>IP: Netfilter Configuration. [*] select all [M] select all
Exit Save config
คอมไพล์และติดตั้งมันซะ Deb + CC4.3
make && make modules && make modules_install
ทำให้มันบูท Kernel ใหม่ ( Debian Only ) CC4.3 ไม่ต้องทำ
cd /boot mkinitramfs -o initrd.img-2.6.28 2.6.28 update-grub reboot
แก้ไข /boot/grub/menu.lst ( CC4.3 Only )
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,0)
# kernel /vmlinuz-version ro root=/dev/sda3
# initrd /initrd-version.img
#boot=/dev/sda
default=1
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title Linux (2.6.28)
root (hd0,0)
kernel /vmlinuz-2.6.28 ro root=LABEL=/ video=vesafb vga=0x313
initrd /initrd-2.6.28.img
#title Linux (2.6.18-93.cc4)
# root (hd0,0)
# kernel /vmlinuz-2.6.18-93.cc4 ro root=LABEL=/ video=vesafb vga=0x313
# initrd /initrd-2.6.18-93.cc4.img
#title Linux Safe Mode (2.6.18-93.cc4)
# root (hd0,0)
# kernel /vmlinuz-2.6.18-93.cc4 ro root=LABEL=/
# initrd /initrd-2.6.18-93.cc4.img
คอมไพล์ iptables v1.4.2 เพื่อให้รองรับกับ layer7
cd /usr/src/iptables-1.4.2 cp /usr/src/netfilter-layer7-v2.21/iptables-1.4.1.1-for-kernel-2.6.20forward/* /usr/src/iptables-1.4.2/extensions/ ./configure --with-kernel=/usr/src/linux make make install cd /usr/src/l7-protocols-2009-05-28 make install cp /usr/local/sbin/iptables /sbin/
ลอง
iptables -A FORWARD -m layer7 –l7proto msnmessenger -j DROP iptables -A FORWARD -m layer7 –l7proto httpvideo -j DROP iptables -A FORWARD -m layer7 --l7proto bittorrent -j DROP
http://l7-filter.sourceforge.net/protocols
Protocal Definition /etc/l7-protocols
