Gateway + Shaper for Ubuntu's Home Network
My home network has grown to three computers. In this connection, the division has begun: who will swing first.
Sometimes even a page in FF opens for 2-3 minutes, since on a nearby computer the torrent is swinging at full speed.
The board of system administrators (that is, me) decided to create a gateway with a shaper that will dynamically divide the channel into all.
let's start
There are two network cards, eth0 - looks to the Internet (modem in router mode, and eth1 - looks to the local network
I will not describe the configs of the network interfaces themselves, but I will say that eth0 receives IP from the router, while static IP is set to eth1 , I selected 10.2.2.1
To begin with, we will raise a DHCP server so that the remaining computers can get IP addresses automatically.
Install DHCP server
Then edit the config /etc/dhcp3/dhcp.conf I brought it to this form
then edit the file / etc / default / dhcp3-server by typing in it a line
in order for the server to “listen” to this particular interface
Then we can start the server
To “distribute” the Internet to the internal network, we use IP masquerading (IPMASQUARADE)
In abbreviated form (without comments and non-functional message output), the script looks like this:
Save it in a file in /etc/profile.d and name it, for example masq.sh.
Make it executable and execute
After these actions, you need to "lower" and then again "raise" the eth1 network interface
After that, customers will be able to get IP addresses and use the Internet)))
And now we will set up the shaper, in principle, for this, everything was planned in order to dynamically share the speed of the Internet.
I chose the htb.init script for the shaper which can be downloaded here sourceforge.net/projects/htbinit
In the folder into which HTB_PATH points, (I personally corrected this variable and I managed / etc / htb, naturally this folder in the system does not need to be created) we create the following files:
eth1:
R2Q - coefficient determining the ratio of the accuracy / speed of the shaper
DEFAULT is the class identifier into which the packets fall, if they do not fall under other rules. The class with identifier 0 always exists and passes packets without any shaping, that is, at full speed.
With this file, we initialized the shaper on the eth0 interface.
eth1-2.root:
With this file, we created a root traffic class on the eth0 interface and limited the maximum upload speed through this class to 24 megabits.
eth1-2: 2001:
With this file we created a class for the first client.
RATE - guaranteed speed for the client. Since in our case no need to guarantee any speed, but HTB requires it, we proceed from the inequality: 24000 Kbit / 3> RATE.
CEIL is the maximum speed for a client with a free channel.
LEAF - indicates that the class is one of the leaves of the tree, that is, it receives traffic that satisfies a certain rule (RULE). The sfq parameter means that we want the speed to be distributed evenly between sessions within this class.
RULE is a rule specifying which traffic will fall into this class (see Note 1). In this case, all traffic with assignment IPs from 10.2.2.10 to 10.2.2.255 falls into the class.
You can learn about the purpose and values of the parameters that are specified in the files, and the file names from the htb.init script - there is a good help there at the top.
We start our shaper
Everything, shaper is included. Further, if something changes in the configuration, you need to do /etc/init.d/htb restart.
You can check the work of the htb.init script, except for speed tests, by viewing the configuration with the commands:
Well, you can still attach a lot to our server, and Clam AV and firewall, but I'll leave it to you)))
Good luck!
PS The article was published at the request of a friend who does not have access to Habr, but wants to become one of the Habrouseurs (his mail is ktattoo@gmail.ru).
')
Upd1. Thanks for the karma moved to Ubuntarium
Upd2. The author of the article is now a user of habr - KTATTOO .
Sometimes even a page in FF opens for 2-3 minutes, since on a nearby computer the torrent is swinging at full speed.
The board of system administrators (that is, me) decided to create a gateway with a shaper that will dynamically divide the channel into all.
let's start
There are two network cards, eth0 - looks to the Internet (modem in router mode, and eth1 - looks to the local network
I will not describe the configs of the network interfaces themselves, but I will say that eth0 receives IP from the router, while static IP is set to eth1 , I selected 10.2.2.1
To begin with, we will raise a DHCP server so that the remaining computers can get IP addresses automatically.
Install DHCP server
sudo apt-get install dhcp3-serverThen edit the config /etc/dhcp3/dhcp.conf I brought it to this form
subnet 10.2.2.0 netmask 255.255.255.0
{
option routers 10.2.2.1;
option subnet-mask 255.255.255.0;
option domain-name-servers 195.54.2.1;
option domain-name-servers 195.54.3.2;
range 10.2.2.10 10.2.2.254;
default-lease-time 21600;
max-lease-time 28800;
}then edit the file / etc / default / dhcp3-server by typing in it a line
INTERFACES=eth1in order for the server to “listen” to this particular interface
Then we can start the server
sudo /etc/init.d/dhcp3-server startTo “distribute” the Internet to the internal network, we use IP masquerading (IPMASQUARADE)
In abbreviated form (without comments and non-functional message output), the script looks like this:
#!/bin/sh
# : lafox.net/docs/masq
IPTABLES=/sbin/iptables
DEPMOD=/sbin/depmod
MODPROBE=/sbin/modprobe
EXTIF="eth0"
INTIF="eth1"
$DEPMOD -a
$MODPROBE ip_tables
$MODPROBE ip_conntrack
$MODPROBE ip_conntrack_ftp
$MODPROBE ip_conntrack_irc
$MODPROBE iptable_nat
$MODPROBE ip_nat_ftp
$MODPROBE ip_nat_irc
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
echo -e "done.\n"
Save it in a file in /etc/profile.d and name it, for example masq.sh.
Make it executable and execute
sudo chmod +x /etc/profile.d/masq.sh
sudo sh /etc/profile.d/masq.sh
After these actions, you need to "lower" and then again "raise" the eth1 network interface
sudo ifonfig eth1 down
sudo ifonfig eth1 up
After that, customers will be able to get IP addresses and use the Internet)))
And now we will set up the shaper, in principle, for this, everything was planned in order to dynamically share the speed of the Internet.
I chose the htb.init script for the shaper which can be downloaded here sourceforge.net/projects/htbinit
sudo cp htb.init /etc/init.d/htb
sudo chmod +x /etc/init.d/htb
sudo update-rc.d htb defaults
In the folder into which HTB_PATH points, (I personally corrected this variable and I managed / etc / htb, naturally this folder in the system does not need to be created) we create the following files:
eth1:
R2Q=20
DEFAULT=0
R2Q - coefficient determining the ratio of the accuracy / speed of the shaper
DEFAULT is the class identifier into which the packets fall, if they do not fall under other rules. The class with identifier 0 always exists and passes packets without any shaping, that is, at full speed.
With this file, we initialized the shaper on the eth0 interface.
eth1-2.root:
RATE=24MbitWith this file, we created a root traffic class on the eth0 interface and limited the maximum upload speed through this class to 24 megabits.
eth1-2: 2001:
RATE=512Kbit
CEIL=24Mbit
LEAF=sfq
RULE=10.2.2.10/24
With this file we created a class for the first client.
RATE - guaranteed speed for the client. Since in our case no need to guarantee any speed, but HTB requires it, we proceed from the inequality: 24000 Kbit / 3> RATE.
CEIL is the maximum speed for a client with a free channel.
LEAF - indicates that the class is one of the leaves of the tree, that is, it receives traffic that satisfies a certain rule (RULE). The sfq parameter means that we want the speed to be distributed evenly between sessions within this class.
RULE is a rule specifying which traffic will fall into this class (see Note 1). In this case, all traffic with assignment IPs from 10.2.2.10 to 10.2.2.255 falls into the class.
You can learn about the purpose and values of the parameters that are specified in the files, and the file names from the htb.init script - there is a good help there at the top.
We start our shaper
sudo /etc/init.d/htb startEverything, shaper is included. Further, if something changes in the configuration, you need to do /etc/init.d/htb restart.
You can check the work of the htb.init script, except for speed tests, by viewing the configuration with the commands:
tc class show dev eth1
tc qdisc show dev eth1
Well, you can still attach a lot to our server, and Clam AV and firewall, but I'll leave it to you)))
Good luck!
PS The article was published at the request of a friend who does not have access to Habr, but wants to become one of the Habrouseurs (his mail is ktattoo@gmail.ru).
')
Upd1. Thanks for the karma moved to Ubuntarium
Upd2. The author of the article is now a user of habr - KTATTOO .
Source: https://habr.com/ru/post/73257/
All Articles