Difference between revisions of "Layer7 IMQ Route Multipath Loadbalance Debian Lenny 2.6.28"

From MS Computech
Jump to: navigation, search
Line 2: Line 2:
  
 
Deb  
 
Deb  
<pre>apt-get install bzip2 gzip unzip
+
<pre>[root@gateway ~]# apt-get install bzip2 gzip unzip
apt-get install debhelper modutils  
+
[root@gateway ~]# apt-get install debhelper modutils  
apt-get install libncurses5-dev kernel-package build-essential zlib1g-dev
+
[root@gateway ~]# apt-get install libncurses5-dev kernel-package build-essential zlib1g-dev
 
</pre>  
 
</pre>  
 
Clarkconnect 4.3  
 
Clarkconnect 4.3  
<pre>apt-get install cc-devel</pre>  
+
<pre>[root@gateway ~]# apt-get install cc-devel</pre>  
 
ดาวโหลด Package  
 
ดาวโหลด Package  
<pre>wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.28.tar.bz2
+
<pre>[root@gateway ~]# wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.28.tar.bz2
wget http://ufpr.dl.sourceforge.net/sourceforge/l7-filter/netfilter-layer7-v2.21.tar.gz
+
[root@gateway ~]# wget http://ufpr.dl.sourceforge.net/sourceforge/l7-filter/netfilter-layer7-v2.21.tar.gz
wget http://ufpr.dl.sourceforge.net/sourceforge/l7-filter/netfilter-layer7-v2.21.tar.gz
+
[root@gateway ~]# wget http://ufpr.dl.sourceforge.net/sourceforge/l7-filter/netfilter-layer7-v2.21.tar.gz
wget http://ufpr.dl.sourceforge.net/sourceforge/l7-filter/l7-protocols-2009-05-28.tar.gz
+
[root@gateway ~]# wget http://ufpr.dl.sourceforge.net/sourceforge/l7-filter/l7-protocols-2009-05-28.tar.gz
wget http://www.netfilter.org/projects/iptables/files/iptables-1.4.2.tar.bz2</pre>  
+
[root@gateway ~]# wget http://www.netfilter.org/projects/iptables/files/iptables-1.4.2.tar.bz2</pre>  
 
แตกไฟล์ออกมา  
 
แตกไฟล์ออกมา  
<pre>tar xjfv linux-2.6.28.tar.bz2
+
<pre>[root@gateway ~]# tar xjfv linux-2.6.28.tar.bz2
tar xjfv iptables-1.4.2.tar.bz2
+
[root@gateway ~]# tar xjfv iptables-1.4.2.tar.bz2
tar zxvf netfilter-layer7-v2.21.tar.gz
+
[root@gateway ~]# tar zxvf netfilter-layer7-v2.21.tar.gz
tar xzfv l7-protocols-2009-05-28.tar.gz
+
[root@gateway ~]# tar xzfv l7-protocols-2009-05-28.tar.gz
 
</pre>  
 
</pre>  
 
สร้าง Symbol Link  
 
สร้าง Symbol Link  
<pre>ln -s /usr/src/linux-2.6.28 /usr/src/linux
+
<pre>[root@gateway ~]# ln -s /usr/src/linux-2.6.28 /usr/src/linux
 
</pre>  
 
</pre>  
 
Patch Kernel ด้วย patch file  
 
Patch Kernel ด้วย patch file  
<pre>cd linux  
+
<pre>[root@gateway ~]# cd linux  
patch -p1 &lt;/usr/src/netfilter-layer7-v2.21/kernel-2.6.25-2.6.28-layer7-2.21.patch  
+
[root@gateway ~]# patch -p1 &lt;/usr/src/netfilter-layer7-v2.21/kernel-2.6.25-2.6.28-layer7-2.21.patch  
 
</pre>  
 
</pre>  
 
Config Kernel  
 
Config Kernel  
<pre>make menuconfig
+
<pre>[root@gateway ~]# make menuconfig
  
 
Networking support —&gt; Networking options —&gt; Network packet filtering framework (Netfilter) —&gt; Core Netfilter Configuration.
 
Networking support —&gt; Networking options —&gt; Network packet filtering framework (Netfilter) —&gt; Core Netfilter Configuration.
Line 46: Line 46:
 
<pre>make &amp;&amp; make modules &amp;&amp; make modules_install</pre>  
 
<pre>make &amp;&amp; make modules &amp;&amp; make modules_install</pre>  
 
ทำให้มันบูท Kernel ใหม่ ( Debian Only ) CC4.3 ไม่ต้องทำ  
 
ทำให้มันบูท Kernel ใหม่ ( Debian Only ) CC4.3 ไม่ต้องทำ  
<pre>cd /boot
+
<pre>[root@gateway ~]# cd /boot
mkinitramfs -o initrd.img-2.6.28 2.6.28
+
[root@gateway ~]# mkinitramfs -o initrd.img-2.6.28 2.6.28
update-grub
+
[root@gateway ~]# update-grub
reboot
+
[root@gateway ~]# reboot
 
</pre>  
 
</pre>  
 
แก้ไข /boot/grub/menu.lst ( CC4.3 Only )  
 
แก้ไข /boot/grub/menu.lst ( CC4.3 Only )  
<pre># grub.conf generated by anaconda
+
<pre>
 +
[root@gateway ~]# nano /boot/grub/menu.lst
 +
# grub.conf generated by anaconda
 
#
 
#
 
# Note that you do not have to rerun grub after making changes to this file
 
# Note that you do not have to rerun grub after making changes to this file
Line 79: Line 81:
 
</pre>  
 
</pre>  
 
Reboot เครื่อง  
 
Reboot เครื่อง  
<pre>reboot
+
<pre>[root@gateway ~]# reboot
 
</pre>  
 
</pre>  
ตรวจสอบ Kernel Version
+
ตรวจสอบ Kernel Version  
 
<pre>[root@gateway ~]# uname -a
 
<pre>[root@gateway ~]# uname -a
 
Linux gateway.clarkconnect.lan 2.6.28 #1 SMP Fri Jun 19 13:17:45 ICT 2009 i686 i686 i386 GNU/Linux
 
Linux gateway.clarkconnect.lan 2.6.28 #1 SMP Fri Jun 19 13:17:45 ICT 2009 i686 i686 i386 GNU/Linux
</pre>
+
</pre>  
 
คอมไพล์ iptables v1.4.2 เพื่อให้รองรับกับ layer7  
 
คอมไพล์ iptables v1.4.2 เพื่อให้รองรับกับ layer7  
<pre>cd /usr/src/iptables-1.4.2
+
<pre>[root@gateway ~]# cd /usr/src/iptables-1.4.2
cp /usr/src/netfilter-layer7-v2.21/iptables-1.4.1.1-for-kernel-2.6.20forward/* /usr/src/iptables-1.4.2/extensions/
+
[root@gateway ~]# cp /usr/src/netfilter-layer7-v2.21/iptables-1.4.1.1-for-kernel-2.6.20forward/* /usr/src/iptables-1.4.2/extensions/
./configure --with-kernel=/usr/src/linux
+
[root@gateway ~]# ./configure --with-kernel=/usr/src/linux
make
+
[root@gateway ~]# make
make install
+
[root@gateway ~]# make install
cd /usr/src/l7-protocols-2009-05-28
+
[root@gateway ~]# cd /usr/src/l7-protocols-2009-05-28
make install
+
[root@gateway ~]# make install
cp /usr/local/sbin/iptables /sbin/
+
[root@gateway ~]# cp /usr/local/sbin/iptables /sbin/
modprobe xt_layer7
+
[root@gateway ~]# modprobe xt_layer7
 
</pre>  
 
</pre>  
 
แก้ไข /etc/rc.local  
 
แก้ไข /etc/rc.local  
<pre>nano /etc/rc.local
+
<pre>[root@gateway ~]# nano /etc/rc.local
 
     modprobe xt_layer7
 
     modprobe xt_layer7
 
</pre>  
 
</pre>  
Line 107: Line 109:
 
</pre>  
 
</pre>  
 
ทดสอบ layer7  
 
ทดสอบ layer7  
<pre>iptables -A FORWARD -m layer7 --l7proto bittorrent -j DROP
+
<pre>[root@gateway ~]# iptables -A FORWARD -m layer7 --l7proto bittorrent -j DROP
iptables -A FORWARD -m layer7 --l7proto msnmessenger -j DROP
+
[root@gateway ~]# iptables -A FORWARD -m layer7 --l7proto msnmessenger -j DROP
iptables -A FORWARD -m layer7 --l7proto fasttrack -j DROP
+
[root@gateway ~]# iptables -A FORWARD -m layer7 --l7proto fasttrack -j DROP
 
</pre> <pre> [root@gateway ~]# iptables -nvL | grep LAYER  
 
</pre> <pre> [root@gateway ~]# iptables -nvL | grep LAYER  
  

Revision as of 14:34, 19 June 2009

Debian Lenny,Kernel 2.6.28+iptables 1.4.2 Contribute post and test by phat@mscompute June 13 2009

Deb

[root@gateway ~]# apt-get install bzip2 gzip unzip
[root@gateway ~]# apt-get install debhelper modutils 
[root@gateway ~]# apt-get install libncurses5-dev kernel-package build-essential zlib1g-dev

Clarkconnect 4.3

[root@gateway ~]# apt-get install cc-devel

ดาวโหลด Package

[root@gateway ~]# wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.28.tar.bz2
[root@gateway ~]# wget http://ufpr.dl.sourceforge.net/sourceforge/l7-filter/netfilter-layer7-v2.21.tar.gz
[root@gateway ~]# wget http://ufpr.dl.sourceforge.net/sourceforge/l7-filter/netfilter-layer7-v2.21.tar.gz
[root@gateway ~]# wget http://ufpr.dl.sourceforge.net/sourceforge/l7-filter/l7-protocols-2009-05-28.tar.gz
[root@gateway ~]# wget http://www.netfilter.org/projects/iptables/files/iptables-1.4.2.tar.bz2

แตกไฟล์ออกมา

[root@gateway ~]# tar xjfv linux-2.6.28.tar.bz2
[root@gateway ~]# tar xjfv iptables-1.4.2.tar.bz2
[root@gateway ~]# tar zxvf netfilter-layer7-v2.21.tar.gz
[root@gateway ~]# tar xzfv l7-protocols-2009-05-28.tar.gz

สร้าง Symbol Link

[root@gateway ~]# ln -s /usr/src/linux-2.6.28 /usr/src/linux

Patch Kernel ด้วย patch file

[root@gateway ~]# cd linux 
[root@gateway ~]# patch -p1 </usr/src/netfilter-layer7-v2.21/kernel-2.6.25-2.6.28-layer7-2.21.patch 

Config Kernel

[root@gateway ~]# make menuconfig

Networking support —> Networking options —> Network packet filtering framework (Netfilter) —> Core Netfilter Configuration.
<M> layer7 match support

[*] select all
[M] select all

Networking support —> Networking options —> Network packet filtering framework (Netfilter) —>IP: Netfilter Configuration.

[*] select all
[M] select all

Exit Save config

คอมไพล์และติดตั้งมันซะ Deb + CC4.3

make && make modules && make modules_install

ทำให้มันบูท Kernel ใหม่ ( Debian Only ) CC4.3 ไม่ต้องทำ

[root@gateway ~]# cd /boot
[root@gateway ~]# mkinitramfs -o initrd.img-2.6.28 2.6.28
[root@gateway ~]# update-grub
[root@gateway ~]# reboot

แก้ไข /boot/grub/menu.lst ( CC4.3 Only )

[root@gateway ~]# nano /boot/grub/menu.lst
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE:  You have a /boot partition.  This means that
#          all kernel and initrd paths are relative to /boot/, eg.
#          root (hd0,0)
#          kernel /vmlinuz-version ro root=/dev/sda3
#          initrd /initrd-version.img
#boot=/dev/sda
default=1
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title Linux (2.6.28)
        root (hd0,0)
        kernel /vmlinuz-2.6.28 ro root=LABEL=/ video=vesafb vga=0x313
        initrd /initrd-2.6.28.img
#title Linux (2.6.18-93.cc4)
#       root (hd0,0)
#       kernel /vmlinuz-2.6.18-93.cc4 ro root=LABEL=/ video=vesafb vga=0x313
#       initrd /initrd-2.6.18-93.cc4.img
#title Linux Safe Mode (2.6.18-93.cc4)
#       root (hd0,0)
#       kernel /vmlinuz-2.6.18-93.cc4 ro root=LABEL=/
#       initrd /initrd-2.6.18-93.cc4.img

Reboot เครื่อง

[root@gateway ~]# reboot

ตรวจสอบ Kernel Version

[root@gateway ~]# uname -a
Linux gateway.clarkconnect.lan 2.6.28 #1 SMP Fri Jun 19 13:17:45 ICT 2009 i686 i686 i386 GNU/Linux

คอมไพล์ iptables v1.4.2 เพื่อให้รองรับกับ layer7

[root@gateway ~]# cd /usr/src/iptables-1.4.2
[root@gateway ~]# cp /usr/src/netfilter-layer7-v2.21/iptables-1.4.1.1-for-kernel-2.6.20forward/* /usr/src/iptables-1.4.2/extensions/
[root@gateway ~]# ./configure --with-kernel=/usr/src/linux
[root@gateway ~]# make
[root@gateway ~]# make install
[root@gateway ~]# cd /usr/src/l7-protocols-2009-05-28
[root@gateway ~]# make install
[root@gateway ~]# cp /usr/local/sbin/iptables /sbin/
[root@gateway ~]# modprobe xt_layer7

แก้ไข /etc/rc.local

[root@gateway ~]# nano /etc/rc.local
     modprobe xt_layer7

ตรวจสอบ xt_layer7

[root@gateway ~]# lsmod | grep xt_layer7
xt_layer7              14356  0
nf_conntrack           64392  14 xt_layer7,xt_CONNMARK,xt_state,nf_nat_pptp,nf_nat_irc,nf_nat_ftp,ipt_MASQUERADE,nf_conntrack_pptp,nf_conntrack_proto_gre,nf_conntrack_irc,nf_conntrack_ftp,iptable_nat,nf_nat,nf_conntrack_ipv4
x_tables               18188  10 xt_layer7,xt_CONNMARK,xt_mark,xt_tcpudp,xt_state,ipt_MASQUERADE,ipt_REJECT,ipt_LOG,iptable_nat,ip_tables

ทดสอบ layer7

[root@gateway ~]# iptables -A FORWARD -m layer7 --l7proto bittorrent -j DROP
[root@gateway ~]# iptables -A FORWARD -m layer7 --l7proto msnmessenger -j DROP
[root@gateway ~]# iptables -A FORWARD -m layer7 --l7proto fasttrack -j DROP
 [root@gateway ~]# iptables -nvL | grep LAYER 
   0     0 DROP       all  --  *   *    0.0.0.0/0    0.0.0.0/0    LAYER7 l7proto bittorrent
   0     0 DROP       all  --  *   *    0.0.0.0/0    0.0.0.0/0    LAYER7 l7proto msnmessenger
   0     0 DROP       all  --  *   *    0.0.0.0/0    0.0.0.0/0    LAYER7 l7proto fasttrack

http://l7-filter.sourceforge.net/protocols

Protocal Definition /etc/l7-protocols