Join us now. It is free, and it takes less than 1 minute to register.
Register now
Subscribe to our daily newsletter. It is free, and it comes with many benefits.


+ Reply to Thread
Page 1 of 12 1234511 ... LastLast
Results 1 to 15 of 199

Thread: Splitting International and Local Bandwidth with IPcop

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1

    Default Splitting International and Local Bandwidth with IPcop

    Hey Everyone. (Latest Version)

    I managed to get my IPcop firewall to split traffic between International and Local. I was all ways jealous of those who used routesentry but I was not prepared to do away with my IPcop and didnt want to create PPPoE connections on the PC's, and know there must be a way to do this on IPcop.

    I would like to acknowledge that I used the idea from Fausto's post (http://mybroadband.co.za/vb/showthread.php?t=52541). I also used Fausto's excel spreadsheet to get the list of local subnets. Thank You.

    This is what I did:

    (You need to SSH into the IPcop box with putty or similar app)

    The first thing I needed to find out is what is the pppd command that I need in order to set up a second PPPoE connection to my isp. All I did is issue the following command while I had a connection running:

    ps -ef|grep pppd

    I got the following:

    root 12942 1 0 Jan24 ? 00:00:00 /usr/sbin/pppd plugin rp-pppoe.so eth1 usepeerdns noipdefault defaultroute hide-password ipcp-accept-local ipcp-accept-remote passive noccp nopcomp novjccomp user MyUserName lcp-echo-interval 20 lcp-echo-failure 3 lcp-max-configure 50 maxfail 5

    I then saved the command into a separate file for later use in a script.

    I made a couple of changes to the command for my second link. The first change I made was use the "nodefaultroute" option as I was going to be setting up only the static local subnets as routes. I also took out the "hide-password" option. I was going to use the "password" option directly in the command itself.

    My new pppd command now looks like this:

    /usr/sbin/pppd plugin rp-pppoe.so eth1 usepeerdns noipdefault nodefaultroute ipcp-accept-local ipcp-accept-remote passive noccp nopcomp novjccomp user MyUserName password MyPassword lcp-echo-interval 20 lcp-echo-failure 3 lcp-max-configure 50 maxfail 5

    If you now issue this command, it will create a second PPPoE. This session I use for my local bandwidth using the login and password for my ISP's local only bandwidth. This will now create a ppp1 interface.

    if you now issue the "ifconfig" command you should see something resembling this:

    ppp0 Link encap:Point-to-Point Protocol
    inet addr:41.242.xxx.xxx P-t-P:41.242.64.1 Mask:255.255.255.255
    UP POINTOPOINT RUNNING NOARP MTU:1492 Metric:1
    RX packets:22389 errors:0 dropped:0 overruns:0 frame:0
    TX packets:18924 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:3
    RX bytes:13928646 (13.2 MB) TX bytes:2324103 (2.2 MB)

    ppp1 Link encap:Point-to-Point Protocol
    inet addr:165.146.xxx.xx P-t-P:165.146.136.1 Mask:255.255.255.255
    UP POINTOPOINT RUNNING NOARP MTU:1492 Metric:1
    RX packets:33469 errors:0 dropped:0 overruns:0 frame:0
    TX packets:25741 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:3
    RX bytes:34376539 (32.7 MB) TX bytes:3326728 (3.1 MB)

    Where ppp0 is international and ppp1 is local.

    Now that we have both connections up and running we need to add in the static routes for our local only interface (ppp1 in my case). For each static route issue the following command:

    route add -net 129.227.206.0 netmask 255.255.255.0 ppp1
    .
    .
    .
    route add -net 163.199.18.0 netmask 255.255.255.0 ppp1
    etc. etc.

    We now need to tell IPcop, that any traffic not found in the above static routing, to now use the international interface (ppp0 in my case). Issue the following command.

    route add default dev ppp0 metric 0

    While testing, I found that when trying to send emails using local only bandwidth, the email gets rejected. So in my case, since I use smtp.saix.net, I had to explicitly add a static route to this host on my international bandwidth interface. I issued the following command:

    route add -host 196.25.240.94 ppp0

    Now, the last thing to do is to enable NAT/MASQUERADING for ppp0 and ppp1, you need to add the following iptables command:

    iptables -t nat -A POSTROUTING -o ppp+ -j MASQUERADE

    And Bobs your uncle, Janes your Aunt this now effectively splits the bandwidth accordingly.

    What I did is put all of this into a script file. The script basically does the following:

    It runs every 2 minutes (in the cron) and checks if international is up (ppp0). If it is up, it then checks to see if local is up (ppp1). If both are up and running the script exits. If International is up, and local is not, it re-establishes ppp1, the routes etc and exits. If international is down but local is up, I just kill the process that is running local (ppp1). My IPcop box will then just automatically attempt to re-start international session as that is what the default profile is set to. At the next script cycle (within 2mins), the local connection will be re-established.

    For my use, I only wanted local running if international was running, thats why I use the above logic, to try and keep ppp1 and ppp0 basically in sync.

    I initially tried to use the systems /etc/rc.d scripts to achieve this, but met with limited success, I was not to aufait with these scripts and how they all interlink. Also I was worried that a new IPcop update will automatically override these scripts, so decided to use the cron method.

    Below is the script that I am using:

    DATE=`date`
    LOGFL=/tmp/rt.set.log
    echo "----------------------" >> $LOGFL
    echo $DATE >> $LOGFL

    LOCAL=ppp1
    INTL=ppp0
    PPCHKI=`ifconfig|grep $INTL|awk '{print $1}'`
    PPCHKL=`ifconfig|grep $LOCAL|awk '{print $1}'`
    if [ "$PPCHKI" == $INTL ]; then
    if [ "$PPCHKL" == $LOCAL ]; then
    echo "$LOCAL already exists. Exiting..." >> $LOGFL
    exit
    fi
    else
    if [ "$PPCHKL" == $LOCAL ]; then
    PID=`ps -ef|grep MyLocalUserName|awk '{print $2}'`
    echo "NO $INTL, therfor killing $LOCAL PID $PID" >> $LOGFL
    kill -9 $PID
    fi
    echo "$INTL Not connected. Exiting..." >> $LOGFL
    exit
    fi

    echo "Creating connection..." >> $LOGFL
    PPUSER=MyUserName
    PPASS=MyPassword
    /usr/sbin/pppd plugin rp-pppoe.so eth1 usepeerdns noipdefault nodefaultroute ipcp-accept-local ipcp-accept-remote passive noccp nopcomp novjccomp user $PPUSER password $PPASS lcp-echo-interval 20 lcp-echo-failure 3 lcp-max-configure 50 maxfail 5
    sleep 5
    echo "Setting up routes..."
    route add -net 129.227.206.0 netmask 255.255.255.0 $LOCAL
    route add -net 129.227.207.0 netmask 255.255.255.0 $LOCAL
    route add -net 129.227.208.0 netmask 255.255.255.0 $LOCAL
    route add -net 129.227.209.0 netmask 255.255.255.0 $LOCAL
    route add -net 129.227.210.0 netmask 255.255.255.0 $LOCAL
    route add -net 129.227.211.0 netmask 255.255.255.0 $LOCAL
    route add -net 129.227.212.0 netmask 255.255.255.0 $LOCAL
    route add -net 129.227.213.0 netmask 255.255.255.0 $LOCAL
    route add -net 129.227.214.0 netmask 255.255.255.0 $LOCAL
    route add -net 129.227.215.0 netmask 255.255.255.0 $LOCAL
    route add -net 137.158.0.0 netmask 255.255.0.0 $LOCAL
    route add -net 137.214.0.0 netmask 255.255.0.0 $LOCAL
    route add -net 137.215.0.0 netmask 255.255.0.0 $LOCAL
    <snip>
    route add -net 80.87.74.0 netmask 255.255.254.0 $LOCAL
    route add -net 80.87.76.0 netmask 255.255.254.0 $LOCAL

    echo "Setting Intl. Route..."
    route add default dev $INTL metric 0
    # SAIX does not allow email to be sent from local only account, therfore
    # have to explicitly add the IP of smtp.saix.net to INTL route
    route add -host 196.25.240.94 $INTL
    sleep 2
    echo "Adjusting IPTABLES..."
    iptables -t nat -A POSTROUTING -o ppp+ -j MASQUERADE
    sleep 2
    echo "--- END SCRIPT ---" >> $LOGFL

    the entry in my crontab looks like this:

    #Added to check for ppp1 every 2 mins
    */2 * * * * /tmp/rt.set > /dev/null


    Some Notes:

    I am by no means a Network/Linux/IPcop guru. The above does work for me though. And I have no doubt that this could be tweaked and improved and streamlined.

    I cannot say if the above punches any holes in the firewall. What I can say is that I ran a shields up test at https://www.grc.com/default.htm and it passed 100% stealth. My firewall logs look pretty normal and I have not noticed anything thing strange. To my knowlege and experience all seems OK.

    What I also noticed, as that as soon as the second PPPoE connection is established, IPcop shows that connection as the RED connection, although both connections are treated as RED. So all remote admin, SSHing will be done via the local connection (which is what I want in my case).

    If anyone can spot any weaknesses or problems please give feedback.


    I see the indentation of the script is removed. Not sure why. Must be the forum software. Appologies.
    Last edited by Bernie; 11-12-2007 at 08:59 PM.

  2. #2
    Master
    Join Date
    Apr 2005
    Location
    Cape Town, Northern Suburbs
    Posts
    513

    Default

    routesentry is much simpler to set up...

  3. #3

    Default

    I agree. This is true. But for my needs this works well. Once setup, the whole network is setup. Any PC that joins the network will automatically use this configuration. I have 4 PC's at home, and I occasionally get family and friends who bring their notebooks to my house to use the network, and by default their bandwidth will be split, I dont have to make sure that each PC has routesentry loaded.

  4. #4

    Default

    I'm convinced - gonna give it a go now.

    BTW: do you need two NIC's for IP cop and PPOE connections?

  5. #5

    Default

    Quote Originally Posted by carudden View Post
    I'm convinced - gonna give it a go now.

    BTW: do you need two NIC's for IP cop and PPOE connections?
    You need at least 2 NICs, one for your GREEN (internal) network and one for your RED (Internet). You can have upto 4 NIC's.

  6. #6

    Default

    Quote Originally Posted by Bernie View Post
    You need at least 2 NICs, one for your GREEN (internal) network and one for your RED (Internet). You can have upto 4 NIC's.
    OK, will get that second NIC lying around installed. Asking because the docs say you at least one...

  7. #7

    Default

    Quote Originally Posted by carudden View Post
    OK, will get that second NIC lying around installed. Asking because the docs say you at least one...
    It has been a while since I did a full install, So I do stand to be corrected. Maybe what I meant was that for IPcop to work, you need at least 2 connections, one can be a simple Dial up modem the other a NIC.

  8. #8

    Default

    Quote Originally Posted by carudden View Post
    OK, will get that second NIC lying around installed. Asking because the docs say you at least one...
    You can use one NIC in the the IPCop box if you have a router/switch/hub.

  9. #9

    Default

    Quote Originally Posted by SlowHands View Post
    routesentry is much simpler to set up...
    True, but this is a way neater/transparent option for multiple PC's on one ADSL connection.

    We're currently running RouteSentry (great app), and a Proxy. Setting up every app to use that proxy is a nightmare, never mind the email setup - uggh.

    If this works properly, and as Bernie says, can be stabilised/improved to the point where it's perfect - GREAT!

    Thanks for sharing Bernie.

  10. #10
    The Magician Tinuva's Avatar
    Join Date
    Feb 2005
    Location
    Virgo Super Cluster
    Posts
    7,395

    Default

    Quote Originally Posted by SlowHands View Post
    routesentry is much simpler to set up...
    Thats true, but what a mission if you want to share to that to rest of your home network, and it doesnt work with Vista :P

    Now I have gone for a similar route as the OP, however mine was much much simpler.

    I use a bit of a heavier linux firewall distro called Euro Node (the free version at http://euronode.org/).

    My reason for this is, I want to do more with my linux box that just share the internet and so this works good with an awesome out of the box debian install that is almost as easy as ipcop and I can update it myself!

    I just made a few copies of the pppoe scripts and a little bit of tweaking to the ip-up.d as close to possible as the linux thread thats floating around.

    Of coarse euronode is not as easy as ipcop, but just as secure and can do a lot more
    Few people can see the genius in someone who has offended them.
    - Robertson Davies

  11. #11
    Grandmaster Kloon's Avatar
    Join Date
    Nov 2006
    Location
    172.0.0.0/8
    Posts
    1,612
    Blog Entries
    2

    Default

    Nice Bernie, have been looking for something like this for quite a while.

  12. #12

    Default

    Well done this is great!

    I also wanted to do this for a while! Finlay opted to go for Ubuntu and got it running nicely! Will like to give it a go again on IPcop!
    ADSL Status:Mweb 1Mb Uncapped. Telkom 2Mb adsl
    http://www.ptawug.co.za Free Bandwidth for all...

  13. #13

    Default

    Bernie - this is EXCELENT !! Thank you !!!

    I've used Fausto's router scripts before, but the problem I had was when the router restarted the routes was obviously missing. And, when the line dropped. I've used routesentry for a while now (great util), but I have 4 pc's here at home, and the WA's IS accounts only allows 2 concurrent connections. I tried the iPig solution that an1tb0dy sugessted in another post, but my PC kept on BSOD - after uninstalling iPig, it was fine again. And, 1 of the other PC's could not connect via iPig, no clue why not.

    Anyways, just wanna say thanks for this solution.

    carudden - I did not get any script errors? Took me a while to figure out how to get the script on the IPCop box, and after reading your post, I noticed that I have to give it execute permission (My knowledge of linux is sort of limited to the "ls" command So I had to do a lot of googling this morning)

  14. #14

    Default

    Quote Originally Posted by sleeper View Post
    Bernie - this is EXCELENT !! Thank you !!!

    I've used Fausto's router scripts before, but the problem I had was when the router restarted the routes was obviously missing. And, when the line dropped. I've used routesentry for a while now (great util), but I have 4 pc's here at home, and the WA's IS accounts only allows 2 concurrent connections. I tried the iPig solution that an1tb0dy sugessted in another post, but my PC kept on BSOD - after uninstalling iPig, it was fine again. And, 1 of the other PC's could not connect via iPig, no clue why not.

    Anyways, just wanna say thanks for this solution.

    carudden - I did not get any script errors? Took me a while to figure out how to get the script on the IPCop box, and after reading your post, I noticed that I have to give it execute permission (My knowledge of linux is sort of limited to the "ls" command So I had to do a lot of googling this morning)
    Exellent, glad its worked for others. Thank you

    Carudden, did you get it all to work, did you find the fcrontab command.

  15. #15

    Default

    Quote Originally Posted by Bernie View Post
    Carudden, did you get it all to work, did you find the fcrontab command.
    I did, and the fcrontab -l command shows my job, but never runs the job...?

    /usr/bin/ppp$ fcrontab -l
    14:33:31 listing root's fcrontab
    */2 * * * * /usr/bin/ppp/rt.set
    Last edited by ColinR; 29-01-2007 at 09:49 AM.

+ Reply to Thread
Page 1 of 12 1234511 ... LastLast

Tags for this Thread

Bookmarks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •