|
|||||
|
|||||
|
||||||||
 |
 Debian Internet Install Encryption PGP Key Linux Firewall and CBQ Scripts Presentations Encryption with PGP My public PGP key, created with GnuPG. Feel free to send me encrypted mail with it. To use with Kmail just install gpg in your distro, most likely though you already have it. Evolution works the same way. If you are in Windows, you can use one of the many plugins available for Outlook, Mozilla, Eudora, and ICQ to name a few. CLICK HERE FOR KEY Linux Firewall and CBQ Example Scripts Some example scripts that I used once upon a time with the 2.2 and 2.4 kernels. Nice to get an idea on custom writing your own scripts. I put these at /etc/rc.d/rc.firewall or elsewhere where it is run during startup. IP masquerading and port forwarding is used in these. Linux 2.2 IP Chains Linux 2.4 IP Tables As another bonus, I use CBQ on my firewall with the 2.4 kernel. After searching the net for advanced scripts with CBQ, I finally had to end up making my own. Here is a diagram showing my setup, with multiple segments branching off them. It controls bandwidth both ways. The outside of the firewall is eth0, while the inside is eth1. The eth0 part of the diagram controls stuff going out of my network, and the eth1 controls what goes in. For each block, the class is the cbq class number. Next is the rate limit I have for each. If it is unbounded, if there is available bandwidth in it's parent block it will use it. The lower the priority number, the more bandwidth it will get from its sibling blocks should the bandwidth start to grow short. The mark is related to how I have iptables mark out each packet to be divided up. Here are all my cbq scripts that I put in /etc/sysconfig/cbq/ of my firewall: cbq-1000.eth0_out cbq-1500.eth0_servers_total cbq-1501.eth0_other cbq-1502.eth0_gaming cbq-1503.eth0_ssh_personal cbq-2000.eth0_gnutella_out cbq-2001.eth0_web_out cbq-2002.eth0_web_download_out cbq-5000.eth1_out cbq-6000.eth1_web cbq-7000.eth1_streaming cbq-8000.eth1_gaming cbq-9000.eth1_other_protocols This is the cbq init script I copied to /etc/rc2.d/S50cbq. CBQ Init Now, the next trick is to divide the packets up. I didn't use the cbq rules, but instead used iptables to mark the packets since I was more familiar with its use. Here is a copy of the section of my firewall rules that does the marking. Since I use IP masquerading, the few lines are for the eth1 rules and the bottom ones are for the eth0 rules. Perhaps later I'll add some more description on how I came up with these, but it will give you a start for the meantime. Have fun! |
|
|
|
