Difference between revisions of "Layer7 IMQ Route Multipath Loadbalance Debian Lenny 2.6.28"
From MS Computech
Line 2: | Line 2: | ||
Deb | Deb | ||
− | <pre>apt-get install bzip2 gzip unzip | + | <pre>[root@gateway ~]# apt-get install bzip2 gzip unzip |
− | apt-get install debhelper modutils | + | [root@gateway ~]# apt-get install debhelper modutils |
− | apt-get install libncurses5-dev kernel-package build-essential zlib1g-dev | + | [root@gateway ~]# apt-get install libncurses5-dev kernel-package build-essential zlib1g-dev |
</pre> | </pre> | ||
Clarkconnect 4.3 | Clarkconnect 4.3 | ||
− | <pre>apt-get install cc-devel</pre> | + | <pre>[root@gateway ~]# apt-get install cc-devel</pre> |
ดาวโหลด Package | ดาวโหลด Package | ||
− | <pre>wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.28.tar.bz2 | + | <pre>[root@gateway ~]# wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.28.tar.bz2 |
− | wget http://ufpr.dl.sourceforge.net/sourceforge/l7-filter/netfilter-layer7-v2.21.tar.gz | + | [root@gateway ~]# wget http://ufpr.dl.sourceforge.net/sourceforge/l7-filter/netfilter-layer7-v2.21.tar.gz |
− | wget http://ufpr.dl.sourceforge.net/sourceforge/l7-filter/netfilter-layer7-v2.21.tar.gz | + | [root@gateway ~]# wget http://ufpr.dl.sourceforge.net/sourceforge/l7-filter/netfilter-layer7-v2.21.tar.gz |
− | wget http://ufpr.dl.sourceforge.net/sourceforge/l7-filter/l7-protocols-2009-05-28.tar.gz | + | [root@gateway ~]# wget http://ufpr.dl.sourceforge.net/sourceforge/l7-filter/l7-protocols-2009-05-28.tar.gz |
− | wget http://www.netfilter.org/projects/iptables/files/iptables-1.4.2.tar.bz2</pre> | + | [root@gateway ~]# wget http://www.netfilter.org/projects/iptables/files/iptables-1.4.2.tar.bz2</pre> |
แตกไฟล์ออกมา | แตกไฟล์ออกมา | ||
− | <pre>tar xjfv linux-2.6.28.tar.bz2 | + | <pre>[root@gateway ~]# tar xjfv linux-2.6.28.tar.bz2 |
− | tar xjfv iptables-1.4.2.tar.bz2 | + | [root@gateway ~]# tar xjfv iptables-1.4.2.tar.bz2 |
− | tar zxvf netfilter-layer7-v2.21.tar.gz | + | [root@gateway ~]# tar zxvf netfilter-layer7-v2.21.tar.gz |
− | tar xzfv l7-protocols-2009-05-28.tar.gz | + | [root@gateway ~]# tar xzfv l7-protocols-2009-05-28.tar.gz |
</pre> | </pre> | ||
สร้าง Symbol Link | สร้าง Symbol Link | ||
− | <pre>ln -s /usr/src/linux-2.6.28 /usr/src/linux | + | <pre>[root@gateway ~]# ln -s /usr/src/linux-2.6.28 /usr/src/linux |
</pre> | </pre> | ||
Patch Kernel ด้วย patch file | Patch Kernel ด้วย patch file | ||
− | <pre>cd linux | + | <pre>[root@gateway ~]# cd linux |
− | patch -p1 </usr/src/netfilter-layer7-v2.21/kernel-2.6.25-2.6.28-layer7-2.21.patch | + | [root@gateway ~]# patch -p1 </usr/src/netfilter-layer7-v2.21/kernel-2.6.25-2.6.28-layer7-2.21.patch |
</pre> | </pre> | ||
Config Kernel | Config Kernel | ||
− | <pre>make menuconfig | + | <pre>[root@gateway ~]# make menuconfig |
Networking support —> Networking options —> Network packet filtering framework (Netfilter) —> Core Netfilter Configuration. | Networking support —> Networking options —> Network packet filtering framework (Netfilter) —> Core Netfilter Configuration. | ||
Line 46: | Line 46: | ||
<pre>make && make modules && make modules_install</pre> | <pre>make && make modules && make modules_install</pre> | ||
ทำให้มันบูท Kernel ใหม่ ( Debian Only ) CC4.3 ไม่ต้องทำ | ทำให้มันบูท Kernel ใหม่ ( Debian Only ) CC4.3 ไม่ต้องทำ | ||
− | <pre>cd /boot | + | <pre>[root@gateway ~]# cd /boot |
− | mkinitramfs -o initrd.img-2.6.28 2.6.28 | + | [root@gateway ~]# mkinitramfs -o initrd.img-2.6.28 2.6.28 |
− | update-grub | + | [root@gateway ~]# update-grub |
− | reboot | + | [root@gateway ~]# reboot |
</pre> | </pre> | ||
แก้ไข /boot/grub/menu.lst ( CC4.3 Only ) | แก้ไข /boot/grub/menu.lst ( CC4.3 Only ) | ||
− | <pre># grub.conf generated by anaconda | + | <pre> |
+ | [root@gateway ~]# nano /boot/grub/menu.lst | ||
+ | # grub.conf generated by anaconda | ||
# | # | ||
# Note that you do not have to rerun grub after making changes to this file | # Note that you do not have to rerun grub after making changes to this file | ||
Line 79: | Line 81: | ||
</pre> | </pre> | ||
Reboot เครื่อง | Reboot เครื่อง | ||
− | <pre>reboot | + | <pre>[root@gateway ~]# reboot |
</pre> | </pre> | ||
− | ตรวจสอบ Kernel Version | + | ตรวจสอบ Kernel Version |
<pre>[root@gateway ~]# uname -a | <pre>[root@gateway ~]# uname -a | ||
Linux gateway.clarkconnect.lan 2.6.28 #1 SMP Fri Jun 19 13:17:45 ICT 2009 i686 i686 i386 GNU/Linux | Linux gateway.clarkconnect.lan 2.6.28 #1 SMP Fri Jun 19 13:17:45 ICT 2009 i686 i686 i386 GNU/Linux | ||
− | </pre> | + | </pre> |
คอมไพล์ iptables v1.4.2 เพื่อให้รองรับกับ layer7 | คอมไพล์ iptables v1.4.2 เพื่อให้รองรับกับ layer7 | ||
− | <pre>cd /usr/src/iptables-1.4.2 | + | <pre>[root@gateway ~]# cd /usr/src/iptables-1.4.2 |
− | cp /usr/src/netfilter-layer7-v2.21/iptables-1.4.1.1-for-kernel-2.6.20forward/* /usr/src/iptables-1.4.2/extensions/ | + | [root@gateway ~]# cp /usr/src/netfilter-layer7-v2.21/iptables-1.4.1.1-for-kernel-2.6.20forward/* /usr/src/iptables-1.4.2/extensions/ |
− | ./configure --with-kernel=/usr/src/linux | + | [root@gateway ~]# ./configure --with-kernel=/usr/src/linux |
− | make | + | [root@gateway ~]# make |
− | make install | + | [root@gateway ~]# make install |
− | cd /usr/src/l7-protocols-2009-05-28 | + | [root@gateway ~]# cd /usr/src/l7-protocols-2009-05-28 |
− | make install | + | [root@gateway ~]# make install |
− | cp /usr/local/sbin/iptables /sbin/ | + | [root@gateway ~]# cp /usr/local/sbin/iptables /sbin/ |
− | modprobe xt_layer7 | + | [root@gateway ~]# modprobe xt_layer7 |
</pre> | </pre> | ||
แก้ไข /etc/rc.local | แก้ไข /etc/rc.local | ||
− | <pre>nano /etc/rc.local | + | <pre>[root@gateway ~]# nano /etc/rc.local |
modprobe xt_layer7 | modprobe xt_layer7 | ||
</pre> | </pre> | ||
Line 107: | Line 109: | ||
</pre> | </pre> | ||
ทดสอบ layer7 | ทดสอบ layer7 | ||
− | <pre>iptables -A FORWARD -m layer7 --l7proto bittorrent -j DROP | + | <pre>[root@gateway ~]# iptables -A FORWARD -m layer7 --l7proto bittorrent -j DROP |
− | iptables -A FORWARD -m layer7 --l7proto msnmessenger -j DROP | + | [root@gateway ~]# iptables -A FORWARD -m layer7 --l7proto msnmessenger -j DROP |
− | iptables -A FORWARD -m layer7 --l7proto fasttrack -j DROP | + | [root@gateway ~]# iptables -A FORWARD -m layer7 --l7proto fasttrack -j DROP |
</pre> <pre> [root@gateway ~]# iptables -nvL | grep LAYER | </pre> <pre> [root@gateway ~]# iptables -nvL | grep LAYER | ||
Revision as of 14:34, 19 June 2009
Debian Lenny,Kernel 2.6.28+iptables 1.4.2 Contribute post and test by phat@mscompute June 13 2009
Deb
[root@gateway ~]# apt-get install bzip2 gzip unzip [root@gateway ~]# apt-get install debhelper modutils [root@gateway ~]# apt-get install libncurses5-dev kernel-package build-essential zlib1g-dev
Clarkconnect 4.3
[root@gateway ~]# apt-get install cc-devel
ดาวโหลด Package
[root@gateway ~]# wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.28.tar.bz2 [root@gateway ~]# wget http://ufpr.dl.sourceforge.net/sourceforge/l7-filter/netfilter-layer7-v2.21.tar.gz [root@gateway ~]# wget http://ufpr.dl.sourceforge.net/sourceforge/l7-filter/netfilter-layer7-v2.21.tar.gz [root@gateway ~]# wget http://ufpr.dl.sourceforge.net/sourceforge/l7-filter/l7-protocols-2009-05-28.tar.gz [root@gateway ~]# wget http://www.netfilter.org/projects/iptables/files/iptables-1.4.2.tar.bz2
แตกไฟล์ออกมา
[root@gateway ~]# tar xjfv linux-2.6.28.tar.bz2 [root@gateway ~]# tar xjfv iptables-1.4.2.tar.bz2 [root@gateway ~]# tar zxvf netfilter-layer7-v2.21.tar.gz [root@gateway ~]# tar xzfv l7-protocols-2009-05-28.tar.gz
สร้าง Symbol Link
[root@gateway ~]# ln -s /usr/src/linux-2.6.28 /usr/src/linux
Patch Kernel ด้วย patch file
[root@gateway ~]# cd linux [root@gateway ~]# patch -p1 </usr/src/netfilter-layer7-v2.21/kernel-2.6.25-2.6.28-layer7-2.21.patch
Config Kernel
[root@gateway ~]# make menuconfig Networking support —> Networking options —> Network packet filtering framework (Netfilter) —> Core Netfilter Configuration. <M> layer7 match support [*] select all [M] select all Networking support —> Networking options —> Network packet filtering framework (Netfilter) —>IP: Netfilter Configuration. [*] select all [M] select all
Exit Save config
คอมไพล์และติดตั้งมันซะ Deb + CC4.3
make && make modules && make modules_install
ทำให้มันบูท Kernel ใหม่ ( Debian Only ) CC4.3 ไม่ต้องทำ
[root@gateway ~]# cd /boot [root@gateway ~]# mkinitramfs -o initrd.img-2.6.28 2.6.28 [root@gateway ~]# update-grub [root@gateway ~]# reboot
แก้ไข /boot/grub/menu.lst ( CC4.3 Only )
[root@gateway ~]# nano /boot/grub/menu.lst # grub.conf generated by anaconda # # Note that you do not have to rerun grub after making changes to this file # NOTICE: You have a /boot partition. This means that # all kernel and initrd paths are relative to /boot/, eg. # root (hd0,0) # kernel /vmlinuz-version ro root=/dev/sda3 # initrd /initrd-version.img #boot=/dev/sda default=1 timeout=5 splashimage=(hd0,0)/grub/splash.xpm.gz hiddenmenu title Linux (2.6.28) root (hd0,0) kernel /vmlinuz-2.6.28 ro root=LABEL=/ video=vesafb vga=0x313 initrd /initrd-2.6.28.img #title Linux (2.6.18-93.cc4) # root (hd0,0) # kernel /vmlinuz-2.6.18-93.cc4 ro root=LABEL=/ video=vesafb vga=0x313 # initrd /initrd-2.6.18-93.cc4.img #title Linux Safe Mode (2.6.18-93.cc4) # root (hd0,0) # kernel /vmlinuz-2.6.18-93.cc4 ro root=LABEL=/ # initrd /initrd-2.6.18-93.cc4.img
Reboot เครื่อง
[root@gateway ~]# reboot
ตรวจสอบ Kernel Version
[root@gateway ~]# uname -a Linux gateway.clarkconnect.lan 2.6.28 #1 SMP Fri Jun 19 13:17:45 ICT 2009 i686 i686 i386 GNU/Linux
คอมไพล์ iptables v1.4.2 เพื่อให้รองรับกับ layer7
[root@gateway ~]# cd /usr/src/iptables-1.4.2 [root@gateway ~]# cp /usr/src/netfilter-layer7-v2.21/iptables-1.4.1.1-for-kernel-2.6.20forward/* /usr/src/iptables-1.4.2/extensions/ [root@gateway ~]# ./configure --with-kernel=/usr/src/linux [root@gateway ~]# make [root@gateway ~]# make install [root@gateway ~]# cd /usr/src/l7-protocols-2009-05-28 [root@gateway ~]# make install [root@gateway ~]# cp /usr/local/sbin/iptables /sbin/ [root@gateway ~]# modprobe xt_layer7
แก้ไข /etc/rc.local
[root@gateway ~]# nano /etc/rc.local modprobe xt_layer7
ตรวจสอบ xt_layer7
[root@gateway ~]# lsmod | grep xt_layer7 xt_layer7 14356 0 nf_conntrack 64392 14 xt_layer7,xt_CONNMARK,xt_state,nf_nat_pptp,nf_nat_irc,nf_nat_ftp,ipt_MASQUERADE,nf_conntrack_pptp,nf_conntrack_proto_gre,nf_conntrack_irc,nf_conntrack_ftp,iptable_nat,nf_nat,nf_conntrack_ipv4 x_tables 18188 10 xt_layer7,xt_CONNMARK,xt_mark,xt_tcpudp,xt_state,ipt_MASQUERADE,ipt_REJECT,ipt_LOG,iptable_nat,ip_tables
ทดสอบ layer7
[root@gateway ~]# iptables -A FORWARD -m layer7 --l7proto bittorrent -j DROP [root@gateway ~]# iptables -A FORWARD -m layer7 --l7proto msnmessenger -j DROP [root@gateway ~]# iptables -A FORWARD -m layer7 --l7proto fasttrack -j DROP
[root@gateway ~]# iptables -nvL | grep LAYER0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto bittorrent 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto msnmessenger 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto fasttrack
http://l7-filter.sourceforge.net/protocols
Protocal Definition /etc/l7-protocols