1 |
swift 08/05/20 19:09:36 |
2 |
|
3 |
Modified: home-router-howto.xml |
4 |
Log: |
5 |
Coding style again (did a bit too much before) |
6 |
|
7 |
Revision Changes Path |
8 |
1.61 xml/htdocs/doc/en/home-router-howto.xml |
9 |
|
10 |
file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/home-router-howto.xml?rev=1.61&view=markup |
11 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/home-router-howto.xml?rev=1.61&content-type=text/plain |
12 |
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/home-router-howto.xml?r1=1.60&r2=1.61 |
13 |
|
14 |
Index: home-router-howto.xml |
15 |
=================================================================== |
16 |
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/home-router-howto.xml,v |
17 |
retrieving revision 1.60 |
18 |
retrieving revision 1.61 |
19 |
diff -u -r1.60 -r1.61 |
20 |
--- home-router-howto.xml 20 May 2008 18:57:45 -0000 1.60 |
21 |
+++ home-router-howto.xml 20 May 2008 19:09:36 -0000 1.61 |
22 |
@@ -1,12 +1,12 @@ |
23 |
<?xml version='1.0' encoding='UTF-8'?> |
24 |
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> |
25 |
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/home-router-howto.xml,v 1.60 2008/05/20 18:57:45 swift Exp $ --> |
26 |
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/home-router-howto.xml,v 1.61 2008/05/20 19:09:36 swift Exp $ --> |
27 |
|
28 |
<guide link="/doc/en/home-router-howto.xml" lang="en"> |
29 |
<title>Home Router Guide</title> |
30 |
|
31 |
<author title="Author"> |
32 |
- <mail link="vapier@g.o">Mike Frysinger</mail> |
33 |
+ <mail link="vapier@g.o">Mike Frysinger</mail> |
34 |
</author> |
35 |
|
36 |
<abstract> |
37 |
@@ -27,8 +27,8 @@ |
38 |
|
39 |
<p> |
40 |
Building your own router out of old spare parts has many advantages over buying |
41 |
-a pre-made canned router by say Linksys. The biggest one by far is control |
42 |
-over the connection. The other advantages are left up to your imagination; |
43 |
+a pre-made canned router by say Linksys. The biggest one by far is control |
44 |
+over the connection. The other advantages are left up to your imagination; |
45 |
just about anything can be done in this scenario, it's just a matter of needing |
46 |
it. |
47 |
</p> |
48 |
@@ -42,10 +42,10 @@ |
49 |
</p> |
50 |
|
51 |
<p> |
52 |
-Before getting started, there's a few basic requirements you must meet. First, |
53 |
+Before getting started, there's a few basic requirements you must meet. First, |
54 |
you'll need a computer that has at least 2 Network Interface Cards (NICs) in |
55 |
-it. Next, you'll need the configuration settings for your internet connection |
56 |
-(may include things like IP/DNS/Gateway/username/password). Finally, you'll |
57 |
+it. Next, you'll need the configuration settings for your internet connection |
58 |
+(may include things like IP/DNS/Gateway/username/password). Finally, you'll |
59 |
need a bit of spare time and some Gentoo loving. |
60 |
</p> |
61 |
|
62 |
@@ -64,7 +64,7 @@ |
63 |
<impo> |
64 |
Due to security precautions, I would highly suggest you shut down any unneeded |
65 |
services on the router until we have a chance to get the firewall up and |
66 |
-rolling. To view the currently running services, just run <c>rc-status</c>. |
67 |
+rolling. To view the currently running services, just run <c>rc-status</c>. |
68 |
</impo> |
69 |
|
70 |
</body> |
71 |
@@ -77,91 +77,91 @@ |
72 |
<body> |
73 |
|
74 |
<p> |
75 |
-Your kernel needs to have the drivers running for both your NICs. To see if |
76 |
-your cards are already setup, just run <c>ifconfig</c>. Your output may differ |
77 |
-slightly from the following, that's fine. What matters is that the interface |
78 |
+Your kernel needs to have the drivers running for both your NICs. To see if |
79 |
+your cards are already setup, just run <c>ifconfig</c>. Your output may differ |
80 |
+slightly from the following, that's fine. What matters is that the interface |
81 |
shows up at all. |
82 |
</p> |
83 |
|
84 |
<pre caption="Checking NICs"> |
85 |
# <i>ifconfig -a</i> |
86 |
-eth0 Link encap:Ethernet HWaddr 00:60:F5:07:07:B8 |
87 |
- BROADCAST MULTICAST MTU:1500 Metric:1 |
88 |
- RX packets:0 errors:0 dropped:0 overruns:0 frame:0 |
89 |
- TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 |
90 |
- collisions:0 txqueuelen:1000 |
91 |
- RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) |
92 |
- Interrupt:11 Base address:0x9800 |
93 |
- |
94 |
-eth1 Link encap:Ethernet HWaddr 00:60:F5:07:07:B9 |
95 |
- BROADCAST MULTICAST MTU:1500 Metric:1 |
96 |
- RX packets:0 errors:0 dropped:0 overruns:0 frame:0 |
97 |
- TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 |
98 |
- collisions:0 txqueuelen:1000 |
99 |
- RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) |
100 |
- Interrupt:10 Base address:0x9400 |
101 |
+eth0 Link encap:Ethernet HWaddr 00:60:F5:07:07:B8 |
102 |
+ BROADCAST MULTICAST MTU:1500 Metric:1 |
103 |
+ RX packets:0 errors:0 dropped:0 overruns:0 frame:0 |
104 |
+ TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 |
105 |
+ collisions:0 txqueuelen:1000 |
106 |
+ RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) |
107 |
+ Interrupt:11 Base address:0x9800 |
108 |
+ |
109 |
+eth1 Link encap:Ethernet HWaddr 00:60:F5:07:07:B9 |
110 |
+ BROADCAST MULTICAST MTU:1500 Metric:1 |
111 |
+ RX packets:0 errors:0 dropped:0 overruns:0 frame:0 |
112 |
+ TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 |
113 |
+ collisions:0 txqueuelen:1000 |
114 |
+ RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) |
115 |
+ Interrupt:10 Base address:0x9400 |
116 |
</pre> |
117 |
|
118 |
<p> |
119 |
If you do not see your two cards showing up and you're not sure what kind of |
120 |
-cards you have, try running <c>lspci | grep Ethernet</c>. You can get that |
121 |
-from <c>emerge pciutils</c>. Once you have this information, go into your |
122 |
+cards you have, try running <c>lspci | grep Ethernet</c>. You can get that |
123 |
+from <c>emerge pciutils</c>. Once you have this information, go into your |
124 |
kernel and add support for the correct drivers. |
125 |
</p> |
126 |
|
127 |
<p> |
128 |
The next thing you'll need is support for iptables and NAT (and packet shaping |
129 |
-if you want). The following list is split up into always required (*), |
130 |
+if you want). The following list is split up into always required (*), |
131 |
required only for adsl via PPPoE (a), suggested for everyone (x), and only |
132 |
-for shaper (s) features. It does not matter whether you build the features |
133 |
+for shaper (s) features. It does not matter whether you build the features |
134 |
into the kernel or as a module so long as when the feature is needed, the |
135 |
correct module(s) are loaded (module loading is left to the reader as a fun |
136 |
exercise however). |
137 |
</p> |
138 |
|
139 |
<pre caption="Network Options"> |
140 |
-Networking options ---> |
141 |
- [*] TCP/IP networking |
142 |
- [*] IP: advanced router |
143 |
- [*] Network packet filtering (replaces ipchains) |
144 |
+Networking options ---> |
145 |
+ [*] TCP/IP networking |
146 |
+ [*] IP: advanced router |
147 |
+ [*] Network packet filtering (replaces ipchains) |
148 |
<comment>If you use 2.4.x, you have to enable the following for DHCP:</comment> |
149 |
- [*] Socket Filtering |
150 |
+ [*] Socket Filtering |
151 |
|
152 |
- IP: Netfilter Configuration ---> |
153 |
- [*] Connection tracking (required for masq/NAT) |
154 |
- [x] FTP protocol support |
155 |
- [x] IRC protocol support |
156 |
- [*] IP tables support (required for filtering/masq/NAT) |
157 |
- [*] IP range match support |
158 |
- [x] MAC address match support |
159 |
- [*] Multiple port match support |
160 |
- [*] Packet filtering |
161 |
- [*] REJECT target support |
162 |
- [x] REDIRECT target support |
163 |
- [*] Full NAT |
164 |
- [*] MASQUERADE target support |
165 |
- [s] Packet mangling |
166 |
- [s] MARK target support |
167 |
- [x] LOG target support |
168 |
- |
169 |
- QoS and/or fair queueing ---> |
170 |
- [s] QoS and/or fair queueing |
171 |
- [s] HTB packet scheduler |
172 |
- [s] Ingress Qdisc |
173 |
- |
174 |
- [a] PPP (point-to-point protocol) support |
175 |
- [a] PPP filtering |
176 |
- [a] PPP support for async serial ports |
177 |
- [a] PPP support for sync tty ports |
178 |
- [a] PPP Deflate compression |
179 |
- [a] PPP BSD-Compress compression |
180 |
- [a] PPP over Ethernet |
181 |
+ IP: Netfilter Configuration ---> |
182 |
+ [*] Connection tracking (required for masq/NAT) |
183 |
+ [x] FTP protocol support |
184 |
+ [x] IRC protocol support |
185 |
+ [*] IP tables support (required for filtering/masq/NAT) |
186 |
+ [*] IP range match support |
187 |
+ [x] MAC address match support |
188 |
+ [*] Multiple port match support |
189 |
+ [*] Packet filtering |
190 |
+ [*] REJECT target support |
191 |
+ [x] REDIRECT target support |
192 |
+ [*] Full NAT |
193 |
+ [*] MASQUERADE target support |
194 |
+ [s] Packet mangling |
195 |
+ [s] MARK target support |
196 |
+ [x] LOG target support |
197 |
+ |
198 |
+ QoS and/or fair queueing ---> |
199 |
+ [s] QoS and/or fair queueing |
200 |
+ [s] HTB packet scheduler |
201 |
+ [s] Ingress Qdisc |
202 |
+ |
203 |
+ [a] PPP (point-to-point protocol) support |
204 |
+ [a] PPP filtering |
205 |
+ [a] PPP support for async serial ports |
206 |
+ [a] PPP support for sync tty ports |
207 |
+ [a] PPP Deflate compression |
208 |
+ [a] PPP BSD-Compress compression |
209 |
+ [a] PPP over Ethernet |
210 |
</pre> |
211 |
|
212 |
<note> |
213 |
Some things may be slightly different in a 2.4 vs 2.6 kernel, but you should be |
214 |
-able to figure it out :). Even among 2.6 kernels, these options have a |
215 |
-tendency to move around. Good luck! |
216 |
+able to figure it out :). Even among 2.6 kernels, these options have a |
217 |
+tendency to move around. Good luck! |
218 |
</note> |
219 |
|
220 |
</body> |
221 |
@@ -177,10 +177,10 @@ |
222 |
|
223 |
<p> |
224 |
There are many ways to connect to the internet so I'll just cover the ones I'm |
225 |
-familiar with. That leaves us with ADSL (PPPoE) and cable modems |
226 |
-(static/dynamic). If there are other methods out there, feel free to write up |
227 |
-a little blurb and e-mail me. Feel free to skip any of the following sections |
228 |
-in this chapter that don't apply to you. This chapter is just about getting |
229 |
+familiar with. That leaves us with ADSL (PPPoE) and cable modems |
230 |
+(static/dynamic). If there are other methods out there, feel free to write up |
231 |
+a little blurb and e-mail me. Feel free to skip any of the following sections |
232 |
+in this chapter that don't apply to you. This chapter is just about getting |
233 |
the router connected to the internet via eth1. |
234 |
</p> |
235 |
|
236 |
@@ -194,9 +194,9 @@ |
237 |
All the fancy PPPoE software that used to be provided by rp-pppoe |
238 |
(<uri link="http://www.roaringpenguin.com/">Roaring Penguin</uri>) has been |
239 |
integrated into the <uri link="http://samba.org/ppp/">standard PPP |
240 |
-package</uri>. Simply <c>emerge ppp</c> and you'll be on your way. Remember |
241 |
-how I said you'll need username/password information? Well I wasn't lying so |
242 |
-I hope you have it now! Load up <path>/etc/conf.d/net</path> in your favorite |
243 |
+package</uri>. Simply <c>emerge ppp</c> and you'll be on your way. Remember |
244 |
+how I said you'll need username/password information? Well I wasn't lying so |
245 |
+I hope you have it now! Load up <path>/etc/conf.d/net</path> in your favorite |
246 |
editor and set it up. |
247 |
</p> |
248 |
|
249 |
@@ -214,9 +214,9 @@ |
250 |
link_ppp0="eth1" |
251 |
plugins_ppp0=( "pppoe" ) |
252 |
pppd_ppp0=( |
253 |
- "defaultroute" |
254 |
- "usepeerdns" |
255 |
- <comment>There may be other settings you want, see /etc/conf.d/net.example</comment> |
256 |
+ "defaultroute" |
257 |
+ "usepeerdns" |
258 |
+ <comment>There may be other settings you want, see /etc/conf.d/net.example</comment> |
259 |
) |
260 |
username_ppp0="vla9h924" |
261 |
password_ppp0="boogie" |
262 |
@@ -227,8 +227,8 @@ |
263 |
</pre> |
264 |
|
265 |
<warn> |
266 |
-When the DSL interface comes up, it will create ppp0. Although your NIC is |
267 |
-called eth1, the IP is actually bound to ppp0. From now on, when you see |
268 |
+When the DSL interface comes up, it will create ppp0. Although your NIC is |
269 |
+called eth1, the IP is actually bound to ppp0. From now on, when you see |
270 |
examples that utilize 'eth1', substitute with 'ppp0'. |
271 |
</warn> |
272 |
|
273 |
@@ -252,7 +252,7 @@ |
274 |
|
275 |
<p> |
276 |
If you have a static IP then you will need a few more details than if |
277 |
-you have a dynamic IP. For static users, you will need your IP, |
278 |
+you have a dynamic IP. For static users, you will need your IP, |
279 |
gateway, and DNS servers. |
280 |
</p> |
281 |
|
282 |
@@ -316,28 +316,28 @@ |
283 |
|
284 |
<p> |
285 |
I bet it'd be nice if everyone else in your house could just plug their |
286 |
-computers into the network and things would just work. No need to remember |
287 |
+computers into the network and things would just work. No need to remember |
288 |
mind-numbing details or make them stare at confusing configuration screens! |
289 |
-Life would be grand eh? Introducing the Dynamic Host Configuration Protocol |
290 |
+Life would be grand eh? Introducing the Dynamic Host Configuration Protocol |
291 |
(DHCP) and why you should care. |
292 |
</p> |
293 |
|
294 |
<p> |
295 |
-DHCP is exactly what its name implies. It's a protocol that allows you |
296 |
-to dynamically configure other hosts automatically. You run a DHCP server on |
297 |
+DHCP is exactly what its name implies. It's a protocol that allows you |
298 |
+to dynamically configure other hosts automatically. You run a DHCP server on |
299 |
the router, give it all the information about your network (valid IPs, |
300 |
DNS servers, gateways, etc...), and then when the other hosts start up, they |
301 |
-run a DHCP client to automatically configure themselves. No fuss, no muss! |
302 |
+run a DHCP client to automatically configure themselves. No fuss, no muss! |
303 |
For more information about DHCP, you can always visit <uri |
304 |
link="http://en.wikipedia.org/wiki/DHCP">Wikipedia</uri>. |
305 |
</p> |
306 |
|
307 |
<p> |
308 |
We'll use a package called dnsmasq which provides both DHCP and DNS services. |
309 |
-For now lets just focus on the DHCP aspect. Note that if you want to run a |
310 |
+For now lets just focus on the DHCP aspect. Note that if you want to run a |
311 |
different DHCP server, you can find another example in the Fun Things chapter. |
312 |
Also, if you wish to tinker with the DHCP server settings, just read the |
313 |
-comments in <path>/etc/dnsmasq.conf</path>. All the defaults should work fine |
314 |
+comments in <path>/etc/dnsmasq.conf</path>. All the defaults should work fine |
315 |
though. |
316 |
</p> |
317 |
|
318 |
@@ -354,12 +354,12 @@ |
319 |
</pre> |
320 |
|
321 |
<p> |
322 |
-Now your little router is a bona-fide DHCP server! Plugin those computers and |
323 |
-watch them work! With Windows systems you should go into the TCP/IP Properties |
324 |
+Now your little router is a bona-fide DHCP server! Plugin those computers and |
325 |
+watch them work! With Windows systems you should go into the TCP/IP Properties |
326 |
and select the 'Obtain an IP address automatically' and 'Obtain DNS server |
327 |
-address automatically' options. Sometimes the changes aren't instantaneous, so |
328 |
+address automatically' options. Sometimes the changes aren't instantaneous, so |
329 |
you may have to open a command prompt and run <c>ipconfig /release</c> and |
330 |
-<c>ipconfig /renew</c>. But enough about Windows, let's get back to our |
331 |
+<c>ipconfig /renew</c>. But enough about Windows, let's get back to our |
332 |
favorite penguin. |
333 |
</p> |
334 |
|
335 |
@@ -372,25 +372,25 @@ |
336 |
|
337 |
<p> |
338 |
When people want to visit a place on the internet, they remember names, not a |
339 |
-string of funky numbers. After all, what's easier to remember, ebay.com or |
340 |
-66.135.192.87? This is where the DNS steps in. DNS servers run all over the |
341 |
+string of funky numbers. After all, what's easier to remember, ebay.com or |
342 |
+66.135.192.87? This is where the DNS steps in. DNS servers run all over the |
343 |
internet, and whenever someone wants to visit 'ebay.com', these servers turn |
344 |
'ebay.com' (what we understand) into '66.135.192.87' (what our computers |
345 |
-understand). For more information about DNS, you can always visit <uri |
346 |
+understand). For more information about DNS, you can always visit <uri |
347 |
link="http://en.wikipedia.org/wiki/DNS">Wikipedia</uri>. |
348 |
</p> |
349 |
|
350 |
<p> |
351 |
Since we're using dnsmasq for our DHCP server, and it includes a DNS server, |
352 |
-you've got nothing left to do here! Your little router is already providing |
353 |
-DNS to its DHCP clients. Bet you wish everything was this easy ;). |
354 |
+you've got nothing left to do here! Your little router is already providing |
355 |
+DNS to its DHCP clients. Bet you wish everything was this easy ;). |
356 |
</p> |
357 |
|
358 |
<p> |
359 |
You're welcome to choose other DNS servers if you're more comfortable with |
360 |
them, but the reason dnsmasq is great is because it was designed to do exactly |
361 |
-what we want and nothing more. It's a little DNS caching/forwarding server for |
362 |
-local networks. We're not looking to provide DNS for our own domain here, just |
363 |
+what we want and nothing more. It's a little DNS caching/forwarding server for |
364 |
+local networks. We're not looking to provide DNS for our own domain here, just |
365 |
offer simple DNS services to everyone else on our LAN. |
366 |
</p> |
367 |
|
368 |
@@ -409,17 +409,17 @@ |
369 |
</p> |
370 |
|
371 |
<p> |
372 |
-This is where Network Address Translation (NAT) steps in. NAT is a way of |
373 |
+This is where Network Address Translation (NAT) steps in. NAT is a way of |
374 |
connecting multiple computers in a private LAN to the internet when you have a |
375 |
-smaller number of public IP addresses available to you. Typically you are given |
376 |
+smaller number of public IP addresses available to you. Typically you are given |
377 |
1 IP by your ISP, but you want to let your whole house connect to the internet. |
378 |
-NAT is the magic that makes this possible. For more information about NAT, you |
379 |
+NAT is the magic that makes this possible. For more information about NAT, you |
380 |
can always visit <uri link="http://en.wikipedia.org/wiki/NAT">Wikipedia</uri>. |
381 |
</p> |
382 |
|
383 |
<note> |
384 |
-Before we get started, make sure you have iptables on your system. Although it |
385 |
-is automatically installed on most systems, you may not have it. If you don't, |
386 |
+Before we get started, make sure you have iptables on your system. Although it |
387 |
+is automatically installed on most systems, you may not have it. If you don't, |
388 |
just run <c>emerge iptables</c>. |
389 |
</note> |
390 |
|
391 |
@@ -478,8 +478,8 @@ |
392 |
|
393 |
<p> |
394 |
The ip_dynaddr option is useful for dial on demand systems or when your ISP |
395 |
-gives out dynamic addresses. This works around the problem where a connection |
396 |
-is attempted before the internet interface is fully setup. Really this just |
397 |
+gives out dynamic addresses. This works around the problem where a connection |
398 |
+is attempted before the internet interface is fully setup. Really this just |
399 |
provides for a smoother network experience for users behind your router. |
400 |
</p> |
401 |
|
402 |
@@ -495,8 +495,8 @@ |
403 |
<body> |
404 |
|
405 |
<p> |
406 |
-Believe it or not, you're done :). From here on out, I'll cover a bunch of |
407 |
-common topics that may interest you. Everything in this chapter is completely |
408 |
+Believe it or not, you're done :). From here on out, I'll cover a bunch of |
409 |
+common topics that may interest you. Everything in this chapter is completely |
410 |
optional. |
411 |
</p> |
412 |
|
413 |
@@ -509,10 +509,10 @@ |
414 |
|
415 |
<p> |
416 |
Sometimes you would like to be able to host services on a computer behind the |
417 |
-router, or just to make your life easier when connecting remotely. Perhaps you |
418 |
+router, or just to make your life easier when connecting remotely. Perhaps you |
419 |
want to run a FTP, HTTP, SSH, or VNC server on one or more machines behind your |
420 |
-router and be able to connect to them all. The only caveat is that you can |
421 |
-only have one service/machine combo per port. For example, there is no |
422 |
+router and be able to connect to them all. The only caveat is that you can |
423 |
+only have one service/machine combo per port. For example, there is no |
424 |
practical way to setup three FTP servers behind your router and then try to |
425 |
connect to them all through port 21; only one can be on port 21 while the |
426 |
others would have to be on say port 123 and port 567. |
427 |
@@ -521,9 +521,9 @@ |
428 |
<p> |
429 |
All the port forwarding rules are of the form <c>iptables -t nat -A PREROUTING |
430 |
[-p protocol] --dport [external port on router] -i ${WAN} -j DNAT --to [ip/port |
431 |
-to forward to]</c>. Unfortunately, iptables does not accept hostnames when port |
432 |
-forwarding. If you are forwarding an external port to the same port on the |
433 |
-internal machine, you can omit the destination port. See the iptables(8) man |
434 |
+to forward to]</c>. Unfortunately, iptables does not accept hostnames when port |
435 |
+forwarding. If you are forwarding an external port to the same port on the |
436 |
+internal machine, you can omit the destination port. See the iptables(8) man |
437 |
page for more information. |
438 |
</p> |
439 |
|
440 |
@@ -585,9 +585,9 @@ |
441 |
<body> |
442 |
|
443 |
<p> |
444 |
-Internet Relay Chat utilizes the ident service pretty heavily. Now that the |
445 |
+Internet Relay Chat utilizes the ident service pretty heavily. Now that the |
446 |
IRC clients are behind the router, we need a way to host ident for both the |
447 |
-router and the clients. One such server has been created called |
448 |
+router and the clients. One such server has been created called |
449 |
<c>midentd</c>. |
450 |
</p> |
451 |
|
452 |
@@ -598,7 +598,7 @@ |
453 |
</pre> |
454 |
|
455 |
<p> |
456 |
-There are a few other ident servers in portage. Depending on your needs, I |
457 |
+There are a few other ident servers in portage. Depending on your needs, I |
458 |
would recommend checking out <c>oidentd</c> and <c>fakeidentd</c>. |
459 |
</p> |
460 |
|
461 |
@@ -611,7 +611,7 @@ |
462 |
<body> |
463 |
<p> |
464 |
This is an attempt to simply and Gentooify the <uri link="http://www.tldp.org/HOWTO/ADSL-Bandwidth-Management-HOWTO/">ADSL Bandwidth Management HOWTO</uri> |
465 |
-found over at the TLDP. Feel free to refer to the original document |
466 |
+found over at the TLDP. Feel free to refer to the original document |
467 |
for more details. |
468 |
</p> |
469 |
|
470 |
@@ -622,31 +622,31 @@ |
471 |
Simply put, we want to setup rules on our router that will slow down |
472 |
certain activities (like sending large e-mails or downloading from P2P |
473 |
networks) while keeping other activities (like browsing the web or playing |
474 |
-online video games) reasonably fast. A 30 second difference in a video |
475 |
+online video games) reasonably fast. A 30 second difference in a video |
476 |
game is a lot worse than a 30 second difference in downloading large |
477 |
files :). |
478 |
</p> |
479 |
|
480 |
<p> |
481 |
The first thing is to make sure your kernel has all the features added to |
482 |
-it. See the chapter on <uri link="#doc_chap2">Kernel setup</uri> for more |
483 |
-information. Next, you will need to <c>emerge iptables iputils</c> so that |
484 |
+it. See the chapter on <uri link="#doc_chap2">Kernel setup</uri> for more |
485 |
+information. Next, you will need to <c>emerge iptables iputils</c> so that |
486 |
you will have access to the <c>iptables</c>, <c>ip</c>, and <c>tc</c> |
487 |
commands. |
488 |
</p> |
489 |
|
490 |
<p> |
491 |
-Before we jump into the commands, let's cover a little of the theory. The |
492 |
+Before we jump into the commands, let's cover a little of the theory. The |
493 |
way this whole system works is to classify common network streams and then |
494 |
-to prioritize them. You use iptables to classify network streams, iputils |
495 |
+to prioritize them. You use iptables to classify network streams, iputils |
496 |
to define the different priority levels, and the kernel to adjust speeds. |
497 |
Just remember that although you can control outbound traffic pretty tightly |
498 |
(from the LAN to the WAN), your ability to control inbound traffic (from |
499 |
-the WAN to the LAN) is somewhat limited. Just remember that the following |
500 |
+the WAN to the LAN) is somewhat limited. Just remember that the following |
501 |
examples are to get your feet wet; if you want more then I'd suggest |
502 |
-reading up on the subject. In this example, we will be using the |
503 |
+reading up on the subject. In this example, we will be using the |
504 |
<uri link="http://luxik.cdi.cz/~devik/qos/htb/">Hierarchical Token Buckets (HTB)</uri> |
505 |
-packet scheduling algorithm. Still with me? Great, let's start shaping :). |
506 |
+packet scheduling algorithm. Still with me? Great, let's start shaping :). |
507 |
</p> |
508 |
|
509 |
<pre caption="Setup"> |
510 |
@@ -654,7 +654,7 @@ |
511 |
RATE_OUT=100 <comment>Available outbound bandwidth (in kilobits [kb])</comment> |
512 |
RATE_IN=1400 <comment>Available inbound bandwidth (in kb)</comment> |
513 |
|
514 |
-<comment>Here we initialize the priority system. The 45 is used to set the default classification level.</comment> |
515 |
+<comment>Here we initialize the priority system. The 45 is used to set the default classification level.</comment> |
516 |
ip link set dev ${DEV} qlen 30 |
517 |
tc qdisc add dev ${DEV} root handle 1: htb default 45 |
518 |
tc class add dev ${DEV} parent 1: classid 1:1 htb rate ${RATE_OUT}kbit |
519 |
@@ -662,12 +662,12 @@ |
520 |
|
521 |
<p> |
522 |
Here we initialized the system which will be used to prioritize all of |
523 |
-our network traffic. We created our queue, told it to use the HTB |
524 |
-algorithm, and set the default classification level to '45'. The |
525 |
+our network traffic. We created our queue, told it to use the HTB |
526 |
+algorithm, and set the default classification level to '45'. The |
527 |
default is completely arbitrary, as are the levels we choose from |
528 |
-here on out. The only thing that matters is how the levels compare |
529 |
+here on out. The only thing that matters is how the levels compare |
530 |
relatively; a level '10' packet will be given preference over a |
531 |
-level '45' packet. Let's move on to declaring different levels. |
532 |
+level '45' packet. Let's move on to declaring different levels. |
533 |
</p> |
534 |
|
535 |
<pre caption="Declaring levels"> |
536 |
@@ -690,14 +690,14 @@ |
537 |
</p> |
538 |
|
539 |
<p> |
540 |
-Many people run ntp clients on their computers. Obviously, the more clients in |
541 |
-the world, the larger the load the ntp servers need to shoulder. In |
542 |
+Many people run ntp clients on their computers. Obviously, the more clients in |
543 |
+the world, the larger the load the ntp servers need to shoulder. In |
544 |
environments like home networks though, we can help keep the load down on |
545 |
-public servers while still providing the proper time to all our computers. As |
546 |
+public servers while still providing the proper time to all our computers. As |
547 |
an added bonus, our private updates will be a lot faster for the clients too! |
548 |
All we have to do is run a ntp server on our router that synchronizes itself |
549 |
with the public internet servers while providing the time to the rest of the |
550 |
-computers in the network. To get started, simply <c>emerge ntp</c> on the |
551 |
+computers in the network. To get started, simply <c>emerge ntp</c> on the |
552 |
router. |
553 |
</p> |
554 |
|
555 |
@@ -722,12 +722,12 @@ |
556 |
|
557 |
<note> |
558 |
You should make sure that you allow inbound and outbound communication on the |
559 |
-ntp port (123/udp) when setting up the server. The client just needs outbound |
560 |
+ntp port (123/udp) when setting up the server. The client just needs outbound |
561 |
access on port 123 over udp. |
562 |
</note> |
563 |
|
564 |
<p> |
565 |
-Now, on your clients, have them <c>emerge ntp</c> also. However, we will just |
566 |
+Now, on your clients, have them <c>emerge ntp</c> also. However, we will just |
567 |
run the ntp client so setup is a lot simpler. |
568 |
</p> |
569 |
|
570 |
@@ -748,8 +748,8 @@ |
571 |
<p> |
572 |
For those who run multiple Gentoo boxes on the same lan, you often want to |
573 |
keep from having every machine running <c>emerge sync</c> with remote |
574 |
-servers. By setting up a local rsync, you save on both your bandwidth and |
575 |
-the Gentoo rsync servers' bandwidth. It's pretty simple to do. |
576 |
+servers. By setting up a local rsync, you save on both your bandwidth and |
577 |
+the Gentoo rsync servers' bandwidth. It's pretty simple to do. |
578 |
</p> |
579 |
|
580 |
<note> |
581 |
@@ -758,10 +758,10 @@ |
582 |
</note> |
583 |
|
584 |
<p> |
585 |
-Since every Gentoo machine requires rsync, theres no need to emerge it. Edit |
586 |
+Since every Gentoo machine requires rsync, theres no need to emerge it. Edit |
587 |
the default <path>/etc/rsyncd.conf</path> config file, uncomment the |
588 |
<c>[gentoo-portage]</c> section, and make sure you add an <c>address</c> |
589 |
-option. All the other defaults should be fine. |
590 |
+option. All the other defaults should be fine. |
591 |
</p> |
592 |
|
593 |
<pre caption="Rsync server config"> |
594 |
@@ -771,9 +771,9 @@ |
595 |
address = 192.168.0.1 |
596 |
|
597 |
[gentoo-portage] |
598 |
- path = /mnt/space/portage |
599 |
- comment = Gentoo Linux Portage tree |
600 |
- exclude = /distfiles /packages |
601 |
+ path = /mnt/space/portage |
602 |
+ comment = Gentoo Linux Portage tree |
603 |
+ exclude = /distfiles /packages |
604 |
</pre> |
605 |
|
606 |
<p> |
607 |
@@ -802,9 +802,9 @@ |
608 |
|
609 |
<p> |
610 |
Sometimes it's nice to run your own Simple Mail Transfer Protocol (SMTP) server |
611 |
-on the router. You may have your own reason for wanting to do so, but I run it |
612 |
+on the router. You may have your own reason for wanting to do so, but I run it |
613 |
so that the users see mail as being sent instantly and the work of |
614 |
-retrying/routing is left up to the mail server. Some ISPs also don't allow for |
615 |
+retrying/routing is left up to the mail server. Some ISPs also don't allow for |
616 |
mail relaying for accounts that aren't part of their network (like Verizon). |
617 |
Also, you can easily throttle the delivery of mail so that large attachments |
618 |
won't seriously lag your connection for half an hour. |
619 |
@@ -835,9 +835,9 @@ |
620 |
</pre> |
621 |
|
622 |
<p> |
623 |
-I'm a huge fan of qmail, but you're free to use a different mta :). When you |
624 |
+I'm a huge fan of qmail, but you're free to use a different mta :). When you |
625 |
setup e-mail on the hosts in your network, tell them that their SMTP server is |
626 |
-192.168.0.1 and everything should be peachy. You might want to visit the <uri |
627 |
+192.168.0.1 and everything should be peachy. You might want to visit the <uri |
628 |
link="http://netqmail.org/">netqmail homepage</uri> for more documentation. |
629 |
</p> |
630 |
|
631 |
@@ -868,9 +868,9 @@ |
632 |
<body> |
633 |
|
634 |
<p> |
635 |
-Earlier we used dnsmasq to provide DHCP service to all our clients. For most |
636 |
-people with a simple small LAN, this is perfect. But you may need something |
637 |
-with more features. Thus we turn to a full-featured DHCP server as provided |
638 |
+Earlier we used dnsmasq to provide DHCP service to all our clients. For most |
639 |
+people with a simple small LAN, this is perfect. But you may need something |
640 |
+with more features. Thus we turn to a full-featured DHCP server as provided |
641 |
by the <uri link="http://www.isc.org/products/DHCP">ISC</uri> folks. |
642 |
</p> |
643 |
|
644 |
@@ -881,13 +881,13 @@ |
645 |
authoritative; |
646 |
ddns-update-style interim; |
647 |
subnet 192.168.0.0 netmask 255.255.255.0 { |
648 |
- range 192.168.0.100 192.168.0.250; |
649 |
- default-lease-time 259200; |
650 |
- max-lease-time 518400; |
651 |
- option subnet-mask 255.255.255.0; |
652 |
- option broadcast-address 192.168.0.255; |
653 |
- option routers 192.168.0.1; |
654 |
- option domain-name-servers 192.168.0.1; |
655 |
+ range 192.168.0.100 192.168.0.250; |
656 |
+ default-lease-time 259200; |
657 |
+ max-lease-time 518400; |
658 |
+ option subnet-mask 255.255.255.0; |
659 |
+ option broadcast-address 192.168.0.255; |
660 |
+ option routers 192.168.0.1; |
661 |
+ option domain-name-servers 192.168.0.1; |
662 |
} |
663 |
# <i>nano /etc/conf.d/dhcpd</i> |
664 |
<comment>(Set IFACE="eth0")</comment> |
665 |
@@ -897,8 +897,8 @@ |
666 |
|
667 |
<p> |
668 |
This is the minimal setup required to replace the dnsmasq DHCP functionality |
669 |
-that we used earlier. Speaking of which, you did remember to disable the DHCP |
670 |
-features in dnsmasq didn't you? If not, you should do so now (just comment |
671 |
+that we used earlier. Speaking of which, you did remember to disable the DHCP |
672 |
+features in dnsmasq didn't you? If not, you should do so now (just comment |
673 |
out the <c>dhcp-range</c> setting in <path>/etc/dnsmasq.conf</path> and restart |
674 |
the service). |
675 |
</p> |
676 |
@@ -911,34 +911,34 @@ |
677 |
<body> |
678 |
|
679 |
<p> |
680 |
-Sometimes you have need of connecting the router to another LAN. Maybe you |
681 |
+Sometimes you have need of connecting the router to another LAN. Maybe you |
682 |
want to hook up a group of friends temporarily, or you're a neat freak and |
683 |
want to section off different groups of computers, or you're just really |
684 |
-really bored. Whatever the reasons, extending the router to other LAN |
685 |
-networks should be pretty straightforward. In the following examples, I will |
686 |
+really bored. Whatever the reasons, extending the router to other LAN |
687 |
+networks should be pretty straightforward. In the following examples, I will |
688 |
assume that this new network is connected via a third ethernet card, namely |
689 |
<c>eth2</c>. |
690 |
</p> |
691 |
|
692 |
<p> |
693 |
-First you need to configure the interface. Just take the instructions in the |
694 |
+First you need to configure the interface. Just take the instructions in the |
695 |
<uri link="#doc_chap4_pre1">4.1 code listing</uri> and replace <c>eth0</c> |
696 |
with <c>eth2</c> and <c>192.168.0</c> with <c>192.168.1</c>. |
697 |
</p> |
698 |
|
699 |
<p> |
700 |
-Then you need to tweak dnsmasq to service the new interface. Just edit the |
701 |
+Then you need to tweak dnsmasq to service the new interface. Just edit the |
702 |
<path>/etc/conf.d/dnsmasq</path> file again and append <c>-i eth2</c> to |
703 |
-DNSMASQ_OPTS; using -i multiple times is OK. Then edit |
704 |
+DNSMASQ_OPTS; using -i multiple times is OK. Then edit |
705 |
<path>/etc/dnsmasq.conf</path> and add another line like the dhcp-range line |
706 |
in the <uri link="#doc_chap5_pre1">5.1 code listing</uri>, replacing |
707 |
-<c>192.168.0</c> with <c>192.168.1</c>. Having multiple dhcp-range lines is |
708 |
+<c>192.168.0</c> with <c>192.168.1</c>. Having multiple dhcp-range lines is |
709 |
OK too. |
710 |
</p> |
711 |
|
712 |
<p> |
713 |
Finally, see the rules in the <uri link="#doc_chap5_pre2">5.2 code |
714 |
-listing</uri> and duplicate the rules that have <c>-i ${LAN}</c> in them. You |
715 |
+listing</uri> and duplicate the rules that have <c>-i ${LAN}</c> in them. You |
716 |
may want to create another variable, say <c>LAN2</c>, to make things easier. |
717 |
</p> |
718 |
|
719 |
@@ -962,24 +962,24 @@ |
720 |
|
721 |
<table> |
722 |
<tr> |
723 |
- <th>Utility</th> |
724 |
- <th>Description</th> |
725 |
+ <th>Utility</th> |
726 |
+ <th>Description</th> |
727 |
</tr> |
728 |
<tr> |
729 |
- <ti>wireshark</ti> |
730 |
- <ti>GUI tool to view all raw network data according to filters</ti> |
731 |
+ <ti>wireshark</ti> |
732 |
+ <ti>GUI tool to view all raw network data according to filters</ti> |
733 |
</tr> |
734 |
<tr> |
735 |
- <ti>tcpdump</ti> |
736 |
- <ti>Console tool to dump all raw network data according to filters</ti> |
737 |
+ <ti>tcpdump</ti> |
738 |
+ <ti>Console tool to dump all raw network data according to filters</ti> |
739 |
</tr> |
740 |
<tr> |
741 |
- <ti>iptraf</ti> |
742 |
- <ti>ncurses based IP LAN monitor</ti> |
743 |
+ <ti>iptraf</ti> |
744 |
+ <ti>ncurses based IP LAN monitor</ti> |
745 |
</tr> |
746 |
<tr> |
747 |
- <ti>ettercap</ti> |
748 |
- <ti>ncurses based network monitor/control</ti> |
749 |
+ <ti>ettercap</ti> |
750 |
+ <ti>ncurses based network monitor/control</ti> |
751 |
</tr> |
752 |
</table> |
753 |
|
754 |
@@ -997,16 +997,16 @@ |
755 |
|
756 |
<pre caption="DHCP Failing Example"> |
757 |
# <i>/etc/init.d/dhcp start</i> |
758 |
- * Setting ownership on dhcp.leases ... [ ok ] |
759 |
- * Starting dhcpd ... [ !! ] |
760 |
+ * Setting ownership on dhcp.leases ... [ ok ] |
761 |
+ * Starting dhcpd ... [ !! ] |
762 |
</pre> |
763 |
|
764 |
<p> |
765 |
-The trick is to know where dhcpd is sending its output. Simply browse to |
766 |
-<path>/var/log</path> and read the log files. Since the exact log file depends |
767 |
+The trick is to know where dhcpd is sending its output. Simply browse to |
768 |
+<path>/var/log</path> and read the log files. Since the exact log file depends |
769 |
on the package you are using as a syslog, try running <c>grep -Rl dhcpd |
770 |
-/var/log</c> to narrow down the possibilities. Chances are you made a typo in |
771 |
-your config file. You could also try running <c>dhcpd -d -f</c> (short for |
772 |
+/var/log</c> to narrow down the possibilities. Chances are you made a typo in |
773 |
+your config file. You could also try running <c>dhcpd -d -f</c> (short for |
774 |
debug / foreground) and debug the error based upon the output. |
775 |
</p> |
776 |
|
777 |
@@ -1019,7 +1019,7 @@ |
778 |
|
779 |
<p> |
780 |
If you experience odd errors (such as not being able to access some webpages |
781 |
-while others load fine), you may be having Path MTU Discovery trouble. The |
782 |
+while others load fine), you may be having Path MTU Discovery trouble. The |
783 |
quick way to test is to run this iptables command: |
784 |
</p> |
785 |
|
786 |
@@ -1047,7 +1047,7 @@ |
787 |
If (for whatever reason) you want to connect two machines directly together |
788 |
without a hub or switch, a regular ethernet cable will likely not work, unless |
789 |
you have an Auto MDI/MDI-X (also known as "autosensing") capable network |
790 |
-adapter. You will need a different cable called a crossover cable. This <uri |
791 |
+adapter. You will need a different cable called a crossover cable. This <uri |
792 |
link="http://en.wikipedia.org/wiki/Ethernet_crossover_cable">Wikipedia</uri> |
793 |
page explains the low level details. |
794 |
</p> |
795 |
@@ -1065,7 +1065,7 @@ |
796 |
<p> |
797 |
I have no final notes other than if you experience any troubles with the guide, |
798 |
please contact <mail link="vapier@g.o">me</mail> or file a bug with <uri |
799 |
-link="http://bugs.gentoo.org/">Gentoo's Bugtracking Website</uri>. If you have |
800 |
+link="http://bugs.gentoo.org/">Gentoo's Bugtracking Website</uri>. If you have |
801 |
some interesting bits you think would enhance this guide, by all means send it |
802 |
my way for inclusion. |
803 |
</p> |
804 |
|
805 |
|
806 |
|
807 |
-- |
808 |
gentoo-doc-cvs@l.g.o mailing list |