Difference between revisions of "Layer7 IMQ Route Multipath Loadbalance Debian Lenny 2.6.28"
From MS Computech
| Line 63: | Line 63: | ||
[root@gateway ~]# make menuconfig | [root@gateway ~]# make menuconfig | ||
[root@gateway ~]# make-kpkg clean | [root@gateway ~]# make-kpkg clean | ||
| − | [root@gateway ~]# fakeroot make-kpkg --initrd --append-to-version=- | + | [root@gateway ~]# fakeroot make-kpkg --initrd --append-to-version=-l7multiroute kernel_image kernel_headers |
[root@gateway ~]# cd /usr/src | [root@gateway ~]# cd /usr/src | ||
[root@gateway ~]# dpkg -i linux-image-* | [root@gateway ~]# dpkg -i linux-image-* | ||
| Line 140: | Line 140: | ||
</pre> | </pre> | ||
===== ทดสอบ layer7 ===== | ===== ทดสอบ layer7 ===== | ||
| − | <pre>[root@gateway ~]# iptables -A FORWARD -m layer7 --l7proto bittorrent -j DROP | + | <pre> |
| + | [root@gateway ~]# iptables -A FORWARD -m layer7 --l7proto bittorrent -j DROP | ||
[root@gateway ~]# iptables -A FORWARD -m layer7 --l7proto msnmessenger -j DROP | [root@gateway ~]# iptables -A FORWARD -m layer7 --l7proto msnmessenger -j DROP | ||
[root@gateway ~]# iptables -A FORWARD -m layer7 --l7proto fasttrack -j DROP | [root@gateway ~]# iptables -A FORWARD -m layer7 --l7proto fasttrack -j DROP | ||
| − | </pre> <pre> [root@gateway ~]# iptables -nvL | grep LAYER | + | </pre> |
| − | + | <pre>[root@gateway ~]# iptables -nvL | grep LAYER | |
| − | 0 0 DROP all -- * * | + | </pre> |
| − | 0 0 DROP all -- * | + | <source lang=bash> |
| − | 0 0 DROP all -- * | + | 533 50633 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto bittorrent state NEW |
| + | 30091 2183K DROP all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto edonkey state NEW | ||
| + | 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto fasttrack state NEW | ||
| + | 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto gnutella state NEW | ||
| + | 74468 6939K DROP all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto bittorrent state NEW | ||
| + | 325K 24M DROP all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto edonkey state NEW | ||
| + | 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto fasttrack state NEW | ||
| + | 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto gnutella state NEW | ||
| + | 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto bittorrent state NEW | ||
| + | 17392 1161K DROP all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto edonkey state NEW | ||
| + | 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto fasttrack state NEW | ||
| + | 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto gnutella state NEW | ||
| + | </source> | ||
| − | |||
http://l7-filter.sourceforge.net/protocols | http://l7-filter.sourceforge.net/protocols | ||
Protocal Definition /etc/l7-protocols | Protocal Definition /etc/l7-protocols | ||
| + | |||
| + | http://www.linuximq.net/ | ||
| + | |||
| + | http://www.howtoforge.com/kernel_compilation_debian_etch | ||
Revision as of 20:42, 11 July 2009
Debian Lenny, Clarkconnect Enterprise 4.3 Kernel 2.6.28, iptables 1.4.2 IMQ Route_Multipath patch contribute and test by [email protected] June 13 2009( Update 11 July 2009 )
Contents
Debian
[root@gateway ~]# apt-get install gzip unzip bzip2 [root@gateway ~]# apt-get install debhelper modutils [root@gateway ~]# apt-get install screen fakeroot zlib1g-dev kernel-package build-essential libncurses5-dev
Clarkconnect 4.3
[root@gateway ~]# apt-get install cc-devel
ดาวโหลด Package
[root@gateway ~]# wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.28.tar.bz2 [root@gateway ~]# wget http://ufpr.dl.sourceforge.net/sourceforge/l7-filter/netfilter-layer7-v2.21.tar.gz [root@gateway ~]# wget http://ufpr.dl.sourceforge.net/sourceforge/l7-filter/l7-protocols-2009-05-28.tar.gz [root@gateway ~]# wget http://www.ssi.bg/~ja/routes-2.6.28-16.diff [root@gateway ~]# wget http://www.linuximq.net/patchs/linux-2.6.28.9-imq-test2.diff [root@gateway ~]# wget http://www.netfilter.org/projects/iptables/files/iptables-1.4.2.tar.bz2
แตกไฟล์ออกมา
[root@gateway ~]# tar xjfv linux-2.6.28.tar.bz2 [root@gateway ~]# tar xjfv iptables-1.4.2.tar.bz2 [root@gateway ~]# tar zxvf netfilter-layer7-v2.21.tar.gz [root@gateway ~]# tar xzfv l7-protocols-2009-05-28.tar.gz
สร้าง Symbol Link
[root@gateway ~]# ln -s /usr/src/linux-2.6.28 /usr/src/linux
Patch Kernel ด้วย patch file
[root@gateway ~]# cd linux [root@gateway ~]# patch -p1 </usr/src/netfilter-layer7-v2.21/kernel-2.6.25-2.6.28-layer7-2.21.patch [root@gateway ~]# patch -p1 </usr/src/routes-2.6.28-16.diff [root@gateway ~]# patch -p1 </usr/src/linux-2.6.28.9-imq-test2.diff
Config Kernel
[root@gateway ~]# make menuconfig
<source lang=bash> Networking support > Networking options > Network packet filtering framework (Netfilter) > Core Netfilter Configuration. <M> layer7 match support
[*] select all [M] select all
Networking support > Networking options > Network packet filtering framework (Netfilter) > IP: Netfilter Configuration.
[*] select all [M] select all </source> Exit Save .config
คอมไพล์และติดตั้งมันซะ Deb + CC4.3
[root@gateway ~]# make && make modules && make modules_install && make install
ทำให้มันบูท Kernel ใหม่ ( Debian Only ) CC4.3 ไม่ต้องทำ
[root@gateway ~]# cd /boot [root@gateway ~]# mkinitramfs -o initrd.img-2.6.28 2.6.28 [root@gateway ~]# update-grub [root@gateway ~]# reboot
ถ้าต้องการ Compile และสร้าง .deb ด้วยใช้คำสั่ง
[root@gateway ~]# make clean && make mrproper [root@gateway ~]# cp /boot/config-`uname -r` ./.config [root@gateway ~]# make menuconfig [root@gateway ~]# make-kpkg clean [root@gateway ~]# fakeroot make-kpkg --initrd --append-to-version=-l7multiroute kernel_image kernel_headers [root@gateway ~]# cd /usr/src [root@gateway ~]# dpkg -i linux-image-* [root@gateway ~]# dpkg -i linux-headers-* [root@gateway ~]# reboot
แก้ไข /boot/grub/menu.lst ( CC4.3 Only )
[root@gateway ~]# nano /boot/grub/menu.lst
<source lang=bash>
- grub.conf generated by anaconda
- Note that you do not have to rerun grub after making changes to this file
- NOTICE: You have a /boot partition. This means that
- all kernel and initrd paths are relative to /boot/, eg.
- root (hd0,0)
- kernel /vmlinuz-version ro root=/dev/sda3
- initrd /initrd-version.img
- boot=/dev/sda
default=1 timeout=5 splashimage=(hd0,0)/grub/splash.xpm.gz hiddenmenu title Linux (2.6.28)
root (hd0,0)
kernel /vmlinuz-2.6.28 ro root=LABEL=/ video=vesafb vga=0x313
initrd /initrd-2.6.28.img
- title Linux (2.6.18-93.cc4)
- root (hd0,0)
- kernel /vmlinuz-2.6.18-93.cc4 ro root=LABEL=/ video=vesafb vga=0x313
- initrd /initrd-2.6.18-93.cc4.img
- title Linux Safe Mode (2.6.18-93.cc4)
- root (hd0,0)
- kernel /vmlinuz-2.6.18-93.cc4 ro root=LABEL=/
- initrd /initrd-2.6.18-93.cc4.img
</source> Reboot เครื่อง
[root@gateway ~]# reboot
ตรวจสอบ Kernel Version CC4.3
[root@gateway ~]# uname -a Linux gateway.clarkconnect.lan 2.6.28 #1 SMP Fri Jun 19 13:17:45 ICT 2009 i686 i686 i386 GNU/Linux
ตรวจสอบ Kernel Version Debian Lenny
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Fri Jun 19 12:02:27 2009 from 125.24.196.166.adsl.dynamic.totbb.net gw:~# uname -a Linux l7.mscompute.com 2.6.28 #2 SMP Sat Jun 13 18:19:43 ICT 2009 i686 GNU/Linux
คอมไพล์ iptables v1.4.2 เพื่อให้รองรับกับ layer7
[root@gateway ~]# cd /usr/src/iptables-1.4.2 [root@gateway ~]# cp /usr/src/netfilter-layer7-v2.21/iptables-1.4.1.1-for-kernel-2.6.20forward/* /usr/src/iptables-1.4.2/extensions/ [root@gateway ~]# ./configure --with-kernel=/usr/src/linux [root@gateway ~]# make [root@gateway ~]# make install [root@gateway ~]# cd /usr/src/l7-protocols-2009-05-28 [root@gateway ~]# make install [root@gateway ~]# cp /usr/local/sbin/iptables /sbin/ [root@gateway ~]# modprobe xt_layer7
แก้ไข /etc/rc.local
[root@gateway ~]# nano /etc/rc.local modprobe xt_layer7 modprobe xt_conntrack modprobe nf_conntrack
ตรวจสอบ xt_layer7
[root@gateway ~]# lsmod | grep xt_layer7 xt_layer7 14356 0 nf_conntrack 64392 14 xt_layer7,xt_CONNMARK,xt_state,nf_nat_pptp,nf_nat_irc,nf_nat_ftp,ipt_MASQUERADE,nf_conntrack_pptp,nf_conntrack_proto_gre,nf_conntrack_irc,nf_conntrack_ftp,iptable_nat,nf_nat,nf_conntrack_ipv4 x_tables 18188 10 xt_layer7,xt_CONNMARK,xt_mark,xt_tcpudp,xt_state,ipt_MASQUERADE,ipt_REJECT,ipt_LOG,iptable_nat,ip_tables
ทดสอบ layer7
[root@gateway ~]# iptables -A FORWARD -m layer7 --l7proto bittorrent -j DROP [root@gateway ~]# iptables -A FORWARD -m layer7 --l7proto msnmessenger -j DROP [root@gateway ~]# iptables -A FORWARD -m layer7 --l7proto fasttrack -j DROP
[root@gateway ~]# iptables -nvL | grep LAYER
<source lang=bash>
533 50633 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto bittorrent state NEW
30091 2183K DROP all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto edonkey state NEW
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto fasttrack state NEW 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto gnutella state NEW
74468 6939K DROP all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto bittorrent state NEW
325K 24M DROP all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto edonkey state NEW 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto fasttrack state NEW 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto gnutella state NEW 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto bittorrent state NEW
17392 1161K DROP all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto edonkey state NEW
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto fasttrack state NEW 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto gnutella state NEW
</source>
http://l7-filter.sourceforge.net/protocols
Protocal Definition /etc/l7-protocols
