Sep 26 2007

Gentoo Firewall/Gateway with Traffic Shaping I

Published by nick at 9:44 pm under General

Intro

Ok, so this is a new little project of mine that I’ve just started. The idea is that I’ll end up with a machine that acts as an internet gateway for my home network with a few added features – Specifically, Traffic Shaping.

 

The reason for this is twofold – firstly, I have ADSL so too much upstream traffic results in very little downstream, and Secondly, at least two of the household are likely to use P2P programs, which generate lots of upstream traffic. So, I figured that rather than take the easy route and just make sure the upload traffic is limited at the client, I’d go for a far more interesting and complex approach and get and old Linux box to do some traffic shaping. This of course, does have the added advantage that I’ll be able to guarantee everyone a minimum amount of bandwidth.

Anyways, the point of this and a few extra posts will be to document my progress and how I’ve done it all so far.

 

Part 1

Ok, first things first I’m doing all this on an old 400 MHz machine running Gentoo Linux. There are two NICs etc etc you know the usual setup.

 

Once the system is installed you’ll need the following packages for basic NAT and firewalling

  • Iptables
  • Shorewall

     

That’s about it – an “emerge shorewall” should install both of these and anything else that’s needed. I’ve also installed Webmin to make my life easier for configuring a few things. Shorewall in particular is nice and easy to setup there. Just make sure Masq is setup and that your interfaces are there and assigned to the correct zones. Set the defauly policy to ACCEPT all traffic (we can make it more secure late) and away we go.

Next we need a DHCP server to run on the internal interface “emerge dhcp” will install one for us. Edit /etc/dhcp/dhcp.conf.sample to your liking and save it to /etc/dhcp/dhcp.conf . Also edit /etc/conf.d/dhcpd and set the listen interface to your internal interface – In my case eth1. Next, start up dhcpd (/etc/init.d/dhcpd start) and check for any errors. It’s a good idea to have a System logger installed for this bit (as I discovered).

 

 

So, next task is to connect it all up physically and test that is does in fact deal out DHCP addresses and you can still access the internet. Assuming it all works, then say hurray. If it doesn’t, then there are plenty more comprehensive tutorials to guide you through the process.

 

 

So…that’s about as far as I’ve got so far. In the next few posts I’ll be detailing the process of Traffic Shaping and probably setting up a DNS server….maybe.

No responses yet

Leave a Reply