Join us now. It is free, and it takes less than 1 minute to register.
Register now
Subscribe to our daily newsletter. It is free, and it comes with many benefits.


+ Reply to Thread
Results 1 to 15 of 199

Thread: Splitting International and Local Bandwidth with IPcop

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Grandmaster
    Join Date
    May 2006
    Location
    Edenvale
    Posts
    1,884
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Default Splitting International and Local Bandwidth with IPcop

    Hey Everyone. (Latest Version)

    I managed to get my IPcop firewall to split traffic between International and Local. I was all ways jealous of those who used routesentry but I was not prepared to do away with my IPcop and didnt want to create PPPoE connections on the PC's, and know there must be a way to do this on IPcop.

    I would like to acknowledge that I used the idea from Fausto's post (http://mybroadband.co.za/vb/showthread.php?t=52541). I also used Fausto's excel spreadsheet to get the list of local subnets. Thank You.

    This is what I did:

    (You need to SSH into the IPcop box with putty or similar app)

    The first thing I needed to find out is what is the pppd command that I need in order to set up a second PPPoE connection to my isp. All I did is issue the following command while I had a connection running:

    ps -ef|grep pppd

    I got the following:

    root 12942 1 0 Jan24 ? 00:00:00 /usr/sbin/pppd plugin rp-pppoe.so eth1 usepeerdns noipdefault defaultroute hide-password ipcp-accept-local ipcp-accept-remote passive noccp nopcomp novjccomp user MyUserName lcp-echo-interval 20 lcp-echo-failure 3 lcp-max-configure 50 maxfail 5

    I then saved the command into a separate file for later use in a script.

    I made a couple of changes to the command for my second link. The first change I made was use the "nodefaultroute" option as I was going to be setting up only the static local subnets as routes. I also took out the "hide-password" option. I was going to use the "password" option directly in the command itself.

    My new pppd command now looks like this:

    /usr/sbin/pppd plugin rp-pppoe.so eth1 usepeerdns noipdefault nodefaultroute ipcp-accept-local ipcp-accept-remote passive noccp nopcomp novjccomp user MyUserName password MyPassword lcp-echo-interval 20 lcp-echo-failure 3 lcp-max-configure 50 maxfail 5

    If you now issue this command, it will create a second PPPoE. This session I use for my local bandwidth using the login and password for my ISP's local only bandwidth. This will now create a ppp1 interface.

    if you now issue the "ifconfig" command you should see something resembling this:

    ppp0 Link encap:Point-to-Point Protocol
    inet addr:41.242.xxx.xxx P-t-P:41.242.64.1 Mask:255.255.255.255
    UP POINTOPOINT RUNNING NOARP MTU:1492 Metric:1
    RX packets:22389 errors:0 dropped:0 overruns:0 frame:0
    TX packets:18924 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:3
    RX bytes:13928646 (13.2 MB) TX bytes:2324103 (2.2 MB)

    ppp1 Link encap:Point-to-Point Protocol
    inet addr:165.146.xxx.xx P-t-P:165.146.136.1 Mask:255.255.255.255
    UP POINTOPOINT RUNNING NOARP MTU:1492 Metric:1
    RX packets:33469 errors:0 dropped:0 overruns:0 frame:0
    TX packets:25741 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:3
    RX bytes:34376539 (32.7 MB) TX bytes:3326728 (3.1 MB)

    Where ppp0 is international and ppp1 is local.

    Now that we have both connections up and running we need to add in the static routes for our local only interface (ppp1 in my case). For each static route issue the following command:

    route add -net 129.227.206.0 netmask 255.255.255.0 ppp1
    .
    .
    .
    route add -net 163.199.18.0 netmask 255.255.255.0 ppp1
    etc. etc.

    We now need to tell IPcop, that any traffic not found in the above static routing, to now use the international interface (ppp0 in my case). Issue the following command.

    route add default dev ppp0 metric 0

    While testing, I found that when trying to send emails using local only bandwidth, the email gets rejected. So in my case, since I use smtp.saix.net, I had to explicitly add a static route to this host on my international bandwidth interface. I issued the following command:

    route add -host 196.25.240.94 ppp0

    Now, the last thing to do is to enable NAT/MASQUERADING for ppp0 and ppp1, you need to add the following iptables command:

    iptables -t nat -A POSTROUTING -o ppp+ -j MASQUERADE

    And Bobs your uncle, Janes your Aunt this now effectively splits the bandwidth accordingly.

    What I did is put all of this into a script file. The script basically does the following:

    It runs every 2 minutes (in the cron) and checks if international is up (ppp0). If it is up, it then checks to see if local is up (ppp1). If both are up and running the script exits. If International is up, and local is not, it re-establishes ppp1, the routes etc and exits. If international is down but local is up, I just kill the process that is running local (ppp1). My IPcop box will then just automatically attempt to re-start international session as that is what the default profile is set to. At the next script cycle (within 2mins), the local connection will be re-established.

    For my use, I only wanted local running if international was running, thats why I use the above logic, to try and keep ppp1 and ppp0 basically in sync.

    I initially tried to use the systems /etc/rc.d scripts to achieve this, but met with limited success, I was not to aufait with these scripts and how they all interlink. Also I was worried that a new IPcop update will automatically override these scripts, so decided to use the cron method.

    Below is the script that I am using:

    DATE=`date`
    LOGFL=/tmp/rt.set.log
    echo "----------------------" >> $LOGFL
    echo $DATE >> $LOGFL

    LOCAL=ppp1
    INTL=ppp0
    PPCHKI=`ifconfig|grep $INTL|awk '{print $1}'`
    PPCHKL=`ifconfig|grep $LOCAL|awk '{print $1}'`
    if [ "$PPCHKI" == $INTL ]; then
    if [ "$PPCHKL" == $LOCAL ]; then
    echo "$LOCAL already exists. Exiting..." >> $LOGFL
    exit
    fi
    else
    if [ "$PPCHKL" == $LOCAL ]; then
    PID=`ps -ef|grep MyLocalUserName|awk '{print $2}'`
    echo "NO $INTL, therfor killing $LOCAL PID $PID" >> $LOGFL
    kill -9 $PID
    fi
    echo "$INTL Not connected. Exiting..." >> $LOGFL
    exit
    fi

    echo "Creating connection..." >> $LOGFL
    PPUSER=MyUserName
    PPASS=MyPassword
    /usr/sbin/pppd plugin rp-pppoe.so eth1 usepeerdns noipdefault nodefaultroute ipcp-accept-local ipcp-accept-remote passive noccp nopcomp novjccomp user $PPUSER password $PPASS lcp-echo-interval 20 lcp-echo-failure 3 lcp-max-configure 50 maxfail 5
    sleep 5
    echo "Setting up routes..."
    route add -net 129.227.206.0 netmask 255.255.255.0 $LOCAL
    route add -net 129.227.207.0 netmask 255.255.255.0 $LOCAL
    route add -net 129.227.208.0 netmask 255.255.255.0 $LOCAL
    route add -net 129.227.209.0 netmask 255.255.255.0 $LOCAL
    route add -net 129.227.210.0 netmask 255.255.255.0 $LOCAL
    route add -net 129.227.211.0 netmask 255.255.255.0 $LOCAL
    route add -net 129.227.212.0 netmask 255.255.255.0 $LOCAL
    route add -net 129.227.213.0 netmask 255.255.255.0 $LOCAL
    route add -net 129.227.214.0 netmask 255.255.255.0 $LOCAL
    route add -net 129.227.215.0 netmask 255.255.255.0 $LOCAL
    route add -net 137.158.0.0 netmask 255.255.0.0 $LOCAL
    route add -net 137.214.0.0 netmask 255.255.0.0 $LOCAL
    route add -net 137.215.0.0 netmask 255.255.0.0 $LOCAL
    <snip>
    route add -net 80.87.74.0 netmask 255.255.254.0 $LOCAL
    route add -net 80.87.76.0 netmask 255.255.254.0 $LOCAL

    echo "Setting Intl. Route..."
    route add default dev $INTL metric 0
    # SAIX does not allow email to be sent from local only account, therfore
    # have to explicitly add the IP of smtp.saix.net to INTL route
    route add -host 196.25.240.94 $INTL
    sleep 2
    echo "Adjusting IPTABLES..."
    iptables -t nat -A POSTROUTING -o ppp+ -j MASQUERADE
    sleep 2
    echo "--- END SCRIPT ---" >> $LOGFL

    the entry in my crontab looks like this:

    #Added to check for ppp1 every 2 mins
    */2 * * * * /tmp/rt.set > /dev/null


    Some Notes:

    I am by no means a Network/Linux/IPcop guru. The above does work for me though. And I have no doubt that this could be tweaked and improved and streamlined.

    I cannot say if the above punches any holes in the firewall. What I can say is that I ran a shields up test at https://www.grc.com/default.htm and it passed 100% stealth. My firewall logs look pretty normal and I have not noticed anything thing strange. To my knowlege and experience all seems OK.

    What I also noticed, as that as soon as the second PPPoE connection is established, IPcop shows that connection as the RED connection, although both connections are treated as RED. So all remote admin, SSHing will be done via the local connection (which is what I want in my case).

    If anyone can spot any weaknesses or problems please give feedback.


    I see the indentation of the script is removed. Not sure why. Must be the forum software. Appologies.
    Last edited by Bernie; 11-12-2007 at 08:59 PM.

+ Reply to Thread

Tags for this Thread

Bookmarks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •