Join us now. It is free, and it takes less than 1 minute to register.
Register now
Subscribe to our daily newsletter. It is free, and it comes with many benefits.


+ Reply to Thread
Page 1 of 14 1234511 ... LastLast
Results 1 to 15 of 199

Thread: Splitting International and Local Bandwidth with IPcop

  1. #1

    Default Splitting International and Local Bandwidth with IPcop

    Hey Everyone. (Latest Version)

    I managed to get my IPcop firewall to split traffic between International and Local. I was all ways jealous of those who used routesentry but I was not prepared to do away with my IPcop and didnt want to create PPPoE connections on the PC's, and know there must be a way to do this on IPcop.

    I would like to acknowledge that I used the idea from Fausto's post (http://mybroadband.co.za/vb/showthread.php?t=52541). I also used Fausto's excel spreadsheet to get the list of local subnets. Thank You.

    This is what I did:

    (You need to SSH into the IPcop box with putty or similar app)

    The first thing I needed to find out is what is the pppd command that I need in order to set up a second PPPoE connection to my isp. All I did is issue the following command while I had a connection running:

    ps -ef|grep pppd

    I got the following:

    root 12942 1 0 Jan24 ? 00:00:00 /usr/sbin/pppd plugin rp-pppoe.so eth1 usepeerdns noipdefault defaultroute hide-password ipcp-accept-local ipcp-accept-remote passive noccp nopcomp novjccomp user MyUserName lcp-echo-interval 20 lcp-echo-failure 3 lcp-max-configure 50 maxfail 5

    I then saved the command into a separate file for later use in a script.

    I made a couple of changes to the command for my second link. The first change I made was use the "nodefaultroute" option as I was going to be setting up only the static local subnets as routes. I also took out the "hide-password" option. I was going to use the "password" option directly in the command itself.

    My new pppd command now looks like this:

    /usr/sbin/pppd plugin rp-pppoe.so eth1 usepeerdns noipdefault nodefaultroute ipcp-accept-local ipcp-accept-remote passive noccp nopcomp novjccomp user MyUserName password MyPassword lcp-echo-interval 20 lcp-echo-failure 3 lcp-max-configure 50 maxfail 5

    If you now issue this command, it will create a second PPPoE. This session I use for my local bandwidth using the login and password for my ISP's local only bandwidth. This will now create a ppp1 interface.

    if you now issue the "ifconfig" command you should see something resembling this:

    ppp0 Link encap:Point-to-Point Protocol
    inet addr:41.242.xxx.xxx P-t-P:41.242.64.1 Mask:255.255.255.255
    UP POINTOPOINT RUNNING NOARP MTU:1492 Metric:1
    RX packets:22389 errors:0 dropped:0 overruns:0 frame:0
    TX packets:18924 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:3
    RX bytes:13928646 (13.2 MB) TX bytes:2324103 (2.2 MB)

    ppp1 Link encap:Point-to-Point Protocol
    inet addr:165.146.xxx.xx P-t-P:165.146.136.1 Mask:255.255.255.255
    UP POINTOPOINT RUNNING NOARP MTU:1492 Metric:1
    RX packets:33469 errors:0 dropped:0 overruns:0 frame:0
    TX packets:25741 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:3
    RX bytes:34376539 (32.7 MB) TX bytes:3326728 (3.1 MB)

    Where ppp0 is international and ppp1 is local.

    Now that we have both connections up and running we need to add in the static routes for our local only interface (ppp1 in my case). For each static route issue the following command:

    route add -net 129.227.206.0 netmask 255.255.255.0 ppp1
    .
    .
    .
    route add -net 163.199.18.0 netmask 255.255.255.0 ppp1
    etc. etc.

    We now need to tell IPcop, that any traffic not found in the above static routing, to now use the international interface (ppp0 in my case). Issue the following command.

    route add default dev ppp0 metric 0

    While testing, I found that when trying to send emails using local only bandwidth, the email gets rejected. So in my case, since I use smtp.saix.net, I had to explicitly add a static route to this host on my international bandwidth interface. I issued the following command:

    route add -host 196.25.240.94 ppp0

    Now, the last thing to do is to enable NAT/MASQUERADING for ppp0 and ppp1, you need to add the following iptables command:

    iptables -t nat -A POSTROUTING -o ppp+ -j MASQUERADE

    And Bobs your uncle, Janes your Aunt this now effectively splits the bandwidth accordingly.

    What I did is put all of this into a script file. The script basically does the following:

    It runs every 2 minutes (in the cron) and checks if international is up (ppp0). If it is up, it then checks to see if local is up (ppp1). If both are up and running the script exits. If International is up, and local is not, it re-establishes ppp1, the routes etc and exits. If international is down but local is up, I just kill the process that is running local (ppp1). My IPcop box will then just automatically attempt to re-start international session as that is what the default profile is set to. At the next script cycle (within 2mins), the local connection will be re-established.

    For my use, I only wanted local running if international was running, thats why I use the above logic, to try and keep ppp1 and ppp0 basically in sync.

    I initially tried to use the systems /etc/rc.d scripts to achieve this, but met with limited success, I was not to aufait with these scripts and how they all interlink. Also I was worried that a new IPcop update will automatically override these scripts, so decided to use the cron method.

    Below is the script that I am using:

    DATE=`date`
    LOGFL=/tmp/rt.set.log
    echo "----------------------" >> $LOGFL
    echo $DATE >> $LOGFL

    LOCAL=ppp1
    INTL=ppp0
    PPCHKI=`ifconfig|grep $INTL|awk '{print $1}'`
    PPCHKL=`ifconfig|grep $LOCAL|awk '{print $1}'`
    if [ "$PPCHKI" == $INTL ]; then
    if [ "$PPCHKL" == $LOCAL ]; then
    echo "$LOCAL already exists. Exiting..." >> $LOGFL
    exit
    fi
    else
    if [ "$PPCHKL" == $LOCAL ]; then
    PID=`ps -ef|grep MyLocalUserName|awk '{print $2}'`
    echo "NO $INTL, therfor killing $LOCAL PID $PID" >> $LOGFL
    kill -9 $PID
    fi
    echo "$INTL Not connected. Exiting..." >> $LOGFL
    exit
    fi

    echo "Creating connection..." >> $LOGFL
    PPUSER=MyUserName
    PPASS=MyPassword
    /usr/sbin/pppd plugin rp-pppoe.so eth1 usepeerdns noipdefault nodefaultroute ipcp-accept-local ipcp-accept-remote passive noccp nopcomp novjccomp user $PPUSER password $PPASS lcp-echo-interval 20 lcp-echo-failure 3 lcp-max-configure 50 maxfail 5
    sleep 5
    echo "Setting up routes..."
    route add -net 129.227.206.0 netmask 255.255.255.0 $LOCAL
    route add -net 129.227.207.0 netmask 255.255.255.0 $LOCAL
    route add -net 129.227.208.0 netmask 255.255.255.0 $LOCAL
    route add -net 129.227.209.0 netmask 255.255.255.0 $LOCAL
    route add -net 129.227.210.0 netmask 255.255.255.0 $LOCAL
    route add -net 129.227.211.0 netmask 255.255.255.0 $LOCAL
    route add -net 129.227.212.0 netmask 255.255.255.0 $LOCAL
    route add -net 129.227.213.0 netmask 255.255.255.0 $LOCAL
    route add -net 129.227.214.0 netmask 255.255.255.0 $LOCAL
    route add -net 129.227.215.0 netmask 255.255.255.0 $LOCAL
    route add -net 137.158.0.0 netmask 255.255.0.0 $LOCAL
    route add -net 137.214.0.0 netmask 255.255.0.0 $LOCAL
    route add -net 137.215.0.0 netmask 255.255.0.0 $LOCAL
    <snip>
    route add -net 80.87.74.0 netmask 255.255.254.0 $LOCAL
    route add -net 80.87.76.0 netmask 255.255.254.0 $LOCAL

    echo "Setting Intl. Route..."
    route add default dev $INTL metric 0
    # SAIX does not allow email to be sent from local only account, therfore
    # have to explicitly add the IP of smtp.saix.net to INTL route
    route add -host 196.25.240.94 $INTL
    sleep 2
    echo "Adjusting IPTABLES..."
    iptables -t nat -A POSTROUTING -o ppp+ -j MASQUERADE
    sleep 2
    echo "--- END SCRIPT ---" >> $LOGFL

    the entry in my crontab looks like this:

    #Added to check for ppp1 every 2 mins
    */2 * * * * /tmp/rt.set > /dev/null


    Some Notes:

    I am by no means a Network/Linux/IPcop guru. The above does work for me though. And I have no doubt that this could be tweaked and improved and streamlined.

    I cannot say if the above punches any holes in the firewall. What I can say is that I ran a shields up test at https://www.grc.com/default.htm and it passed 100% stealth. My firewall logs look pretty normal and I have not noticed anything thing strange. To my knowlege and experience all seems OK.

    What I also noticed, as that as soon as the second PPPoE connection is established, IPcop shows that connection as the RED connection, although both connections are treated as RED. So all remote admin, SSHing will be done via the local connection (which is what I want in my case).

    If anyone can spot any weaknesses or problems please give feedback.


    I see the indentation of the script is removed. Not sure why. Must be the forum software. Appologies.
    Last edited by Bernie; 11-12-2007 at 08:59 PM.

  2. #2
    Master
    Join Date
    Apr 2005
    Location
    Cape Town, Northern Suburbs
    Posts
    507

    Default

    routesentry is much simpler to set up...

  3. #3

    Default

    I agree. This is true. But for my needs this works well. Once setup, the whole network is setup. Any PC that joins the network will automatically use this configuration. I have 4 PC's at home, and I occasionally get family and friends who bring their notebooks to my house to use the network, and by default their bandwidth will be split, I dont have to make sure that each PC has routesentry loaded.

  4. #4

    Default

    I'm convinced - gonna give it a go now.

    BTW: do you need two NIC's for IP cop and PPOE connections?

  5. #5

    Default

    Quote Originally Posted by carudden View Post
    I'm convinced - gonna give it a go now.

    BTW: do you need two NIC's for IP cop and PPOE connections?
    You need at least 2 NICs, one for your GREEN (internal) network and one for your RED (Internet). You can have upto 4 NIC's.

  6. #6

    Default

    Quote Originally Posted by Bernie View Post
    You need at least 2 NICs, one for your GREEN (internal) network and one for your RED (Internet). You can have upto 4 NIC's.
    OK, will get that second NIC lying around installed. Asking because the docs say you at least one...

  7. #7

    Default

    Quote Originally Posted by carudden View Post
    OK, will get that second NIC lying around installed. Asking because the docs say you at least one...
    It has been a while since I did a full install, So I do stand to be corrected. Maybe what I meant was that for IPcop to work, you need at least 2 connections, one can be a simple Dial up modem the other a NIC.

  8. #8
    Grandmaster Kloon's Avatar
    Join Date
    Nov 2006
    Location
    172.0.0.0/8
    Posts
    1,545
    Blog Entries
    2

    Default

    Nice Bernie, have been looking for something like this for quite a while.

  9. #9

    Default

    Quote Originally Posted by SlowHands View Post
    routesentry is much simpler to set up...
    True, but this is a way neater/transparent option for multiple PC's on one ADSL connection.

    We're currently running RouteSentry (great app), and a Proxy. Setting up every app to use that proxy is a nightmare, never mind the email setup - uggh.

    If this works properly, and as Bernie says, can be stabilised/improved to the point where it's perfect - GREAT!

    Thanks for sharing Bernie.

  10. #10

    Default

    Well done this is great!

    I also wanted to do this for a while! Finlay opted to go for Ubuntu and got it running nicely! Will like to give it a go again on IPcop!
    ADSL Status:Mweb 1Mb Uncapped. Telkom 2Mb adsl
    http://www.ptawug.co.za Free Bandwidth for all...

  11. #11
    The Magician Tinuva's Avatar
    Join Date
    Feb 2005
    Location
    Virgo Super Cluster
    Posts
    7,115

    Default

    Quote Originally Posted by SlowHands View Post
    routesentry is much simpler to set up...
    Thats true, but what a mission if you want to share to that to rest of your home network, and it doesnt work with Vista :P

    Now I have gone for a similar route as the OP, however mine was much much simpler.

    I use a bit of a heavier linux firewall distro called Euro Node (the free version at http://euronode.org/).

    My reason for this is, I want to do more with my linux box that just share the internet and so this works good with an awesome out of the box debian install that is almost as easy as ipcop and I can update it myself!

    I just made a few copies of the pppoe scripts and a little bit of tweaking to the ip-up.d as close to possible as the linux thread thats floating around.

    Of coarse euronode is not as easy as ipcop, but just as secure and can do a lot more
    Few people can see the genius in someone who has offended them.
    - Robertson Davies

  12. #12

    Default

    Quote Originally Posted by carudden View Post
    OK, will get that second NIC lying around installed. Asking because the docs say you at least one...
    You can use one NIC in the the IPCop box if you have a router/switch/hub.

  13. #13

    Default

    Eventually got IPCop to recognise the network cards. And it's confirmed running with the normal international account.

    Question is, where is the full script to run?
    and what is the Script option under the PPPoE settings? - could it not be added in there?

  14. #14

    Default

    Quote Originally Posted by carudden View Post
    Eventually got IPCop to recognise the network cards. And it's confirmed running with the normal international account.

    Question is, where is the full script to run?
    and what is the Script option under the PPPoE settings? - could it not be added in there?
    I will PM you the full script that I use as it is very large. It contains all the local subnets. Or if you prefer, PM me an email address I will email it aswell.

    That script option as far as I understand is used to connect to your ISP without using the PAP or CHAP options. I'm not 100% sure though if it can be used for this purpose. Here is the extract from the documentation.

    Authentication. Username and Password are the username and password that your ISP should have supplied to you when you opened your account with them. There are several ways in which ISPs use this username and password to login to their systems. The most common methods are PAP or CHAP. Select this if your ISP uses either of those two. If your ISP uses a text-based login script, choose standard login script. For people in the UK who use Demon Internet as their ISP, a special script has been created for them to use. The "Other" login script option has been provided for people who have ISPs with special needs. If you need to do this, you will need to login to the IPCop box and create a file in /etc/ppp. This filename (without the /etc/ppp component) should be entered into the Script name box. The file contains 'expect send' pairs, separated by a tab. USERNAME will be substituted for the username and PASSWORD for the password. Examine the file demonloginscript in /etc/ppp, and use it as an example of what should be in this file.

    If you get this script option to work, let me know, as that would be really neat. I will hack around a bit with this script option aswell, see what I can achieve if anything.

    --
    OK, I put the full file on www.4shared.com. Here is the link. Its called rt.set

    http://www.4shared.com/dir/1869544/c...6/sharing.html
    Last edited by Bernie; 26-01-2007 at 11:56 AM. Reason: EDIT

  15. #15

    Default

    Damn, I'm such a n00b @ this!

    I've managed to edit and copy the script into the usr/bin folder... now I'm trying to run it (let alone use it with cron)

    I've set the execute permissions. I get a syntax error near unexpected token 'fi'

    Any ideas what I'm doing wrong here?

+ Reply to Thread
Page 1 of 14 1234511 ... LastLast

Tags for this Thread

Bookmarks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •