Monday, November 6. 2006
Mastershaper is a composite tool designed to filter and control ip traffic of all types. It is composed of five primary tools: a specially compiled 2.6 kernel, l7-filter, iptables, ipp2p, and mastershaper. This document walks through the integration and configuration of each of these tools.
The installation is based upon the Debian Etch 2 installation with Apache 2.
Kernel PreparationMake sure you've got the latest and most appropriate kernel for your machine, by using the appropriate base build documentation.
Install tools:
apt-get install yaird apt-get install kernel-package libncurses5-dev fakeroot wget bzip2 cd /usr/src tar -xjf linux-source-2.6.15.tar.bz2 cd linux-source-2.6.15 make menuconfig general: append version info
In the menu, load the alternate configuration file from /boot/config-2.6.15-1-686, or which ever is appropriate for the kernel you have loaded. Make any appropriate adjustments to the configuration. Exit the menu. By leaving all defaults as they were, you can rebuld the kernel in its default configuration. We'll then make further modifications.
make-kpkg clean fakeroot make-kpkg --initrd --revision=mastershaper.1.0 kernel_image cd .. dpkg -i linux-image-2.6.15_mastershaper.1.0_i386.deb reboot
When the image comes back up (you may need to manully select the new image, as well as update /boot/grup.menu.lst), run 'uname -a' to check the build date to confirm it is your new basic rebuild.
Obtain and install the l7-filter and related patches:
cd /usr/src wget http://internap.dl.sourceforge.net/sourceforge/l7-filter/netfilter-layer7-v2.2.tar.gz tar -zxvf netfilter-layer7-v2.2.tar.gz cd linux-source-2.6.15 patch -p1 < ../netfilter-layer7-v2.2/kernel-2.6.13-2.6.16-layer7-2.2.patch
After patching the kernel, install the patterns:
cd /usr/src wget http://internap.dl.sourceforge.net/sourceforge/l7-filter/l7-protocols-2006-06-03.tar.gz tar -zxvf l7-protocols-2006-06-03.tar.gz
cd l7-protocols-2006-06-03 make install
Some changes are required to iptables before compiling the kernel.
apt-get remove iptables cd /usr/src ncftp ftp://ftp.netfilter.org/ cd pub/iptables bin get iptables-1.3.5.tar.bz2 exit bzip2 -d iptables-1.3.5.tar.bz2 tar -xvf iptables-1.3.5.tar cd iptables-1.3.5 patch -p1 < ../netfilter-layer7-v2.2/iptables-layer7-2.2.patch chmod +x extensions/.layer7-test cd /usr/src ncftp ftp://ftp.netfilter.org/ cd pub/patch-o-matic-ng/snapshot bin get patch-o-matic-ng-20060626.tar.bz2 exit tar -xjvf patch-o-matic-ng-20040621.tar.bz2 cd patch-o-matic-ng-20060626 export KERNEL_DIR=/usr/src/linux-source-2.6.15 export IPTABLES_DIR=/usr/src/iptables-1.3.5 ./runme extra ** add the 'time', 'ipp2p', 'route' modules cd ../iptables-1.3.5 make KERNEL_DIR=/usr/src/linux-source-2.6.15 make install KERNEL_DIR=/usr/src/linux-source-2.6.15
Build the kernel again:
Install MasterShaperfakeroot make-kpkg --initrd --revision=mastershaper.1.1 kernel_image
MasterShaper is the web site front end for controlling and monitoring the kernel tools just installed.
apt-get install mysql-server
Create the database and assign privileges:
mysql create database shaper; grant all privileges on shaper.* to 'shaper'@'localhost' identified by 'shaper' with grant option; exit
Download and install MasterShaper:
cd /usr/src wget http://www.mastershaper.org/mastershaper_0.44.tar.bz2 tar -xjvf mastershaper_0.44.tar.bz2 cd MasterShaper-0.44 mkdir /var/www/shaper cp -R htdocs/* /var/www/shaper/ chown -R www-data.www-data /var/www/shaper cd /usr/src
Install some libraries:
Usage Notesapt-get install iproute apt-get install libphp-jpgraph apt-get install php-pear apt-get install sudo apt-get install php-db apt-get install php4-mysql apt-get install libphp-phplayersmenu pear install DB Net_IPv4 cd /var/www/shaper ln -s /usr/share/php/libphp-phplayersmenu phplayersmenu ln -s /usr/share/jpgraph jpgraph
To get help on the IPP2P IPTables plugin:
iptables -m ipp2p --help
To run the GUI:
http://localhost/shaper
On the first configuration screen, iptables should be set to '/usr/local/sbin/iptables'.
MasterShaper documentation can be found at: