Pertama download kernel source kernel 2.6.26.
# wget -t0 -c http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.26.tar.bz2
Download iptables 1.4.1 source.
# wget -t0 -c http://www.netfilter.org/projects/iptables/files/iptables-1.4.1.tar.bz2
Download patch l7 + IMQ (untuk kernel dan iptables) yg sudah saya modifikasi jadi satu bundle.
[download#3]
[download#4]
Extract, patch dan compile kernel source(to RPM)
# tar xjf linux-2.6.26.tar.bz2 # cd linux-2.6.26 # patch -p1 < ../linux-2.6.26-layer7-imq.patch patching file drivers/net/imq.c patching file drivers/net/Kconfig patching file drivers/net/Makefile patching file include/linux/imq.h patching file include/linux/netfilter/xt_IMQ.h patching file include/linux/netfilter/xt_layer7.h patching file include/linux/netfilter_ipv4/ipt_IMQ.h patching file include/linux/netfilter_ipv6/ip6t_IMQ.h patching file include/linux/skbuff.h patching file include/net/netfilter/nf_conntrack.h patching file include/net/netfilter/nf_queue.h patching file net/core/dev.c patching file net/core/skbuff.c patching file net/netfilter/Kconfig patching file net/netfilter/Makefile patching file net/netfilter/nf_conntrack_core.c patching file net/netfilter/nf_conntrack_standalone.c patching file net/netfilter/nf_queue.c patching file net/netfilter/regexp/regexp.c patching file net/netfilter/regexp/regexp.h patching file net/netfilter/regexp/regmagic.h patching file net/netfilter/regexp/regsub.c patching file net/netfilter/xt_IMQ.c patching file net/netfilter/xt_layer7.c # cp /boot/config-`uname -r` .config # make clean # make menuconfig
pilih semua option yg ada hubungannya dengan IMQ device dan layer7
# make rpm # rpm -ivh /path/to/kernel-2.6.26-1.i[3/6]86.rpm # mkinitrd initrd-2.6.26-default.img 2.6.26
konfigure grub supaya booting dengan kernel yg telah di compile.
title CentOS (2.6.26)
root (hd0,0)
kernel /vmlinuz-2.6.26 ro root=LABEL=/
initrd /initrd-2.6.26-default.img
sesuai kan dengan konfig grub anda
Extract ,patch dan compile iptables
# tar xjf iptables-1.4.1.tar.bz2 # cd iptables-1.4.1 # pacth -p1 < ../iptables-1.4.1-layer7-imq.patch # make clean # ./configure --with-ksource=../linux-2.6.26 # make # make install
Jika ingin dalam bentuk rpm bisa cari spec file iptables nya di rpmfind.net
tambah alias untuk imq di modprobe.conf
alias imq0 imq alias imq1 imq
tc/HTB script, taruh di /etc/rc.d/rc
#---- IMQ+layer7 ----- tc qdisc del dev imq0 root > /dev/null 2>&1 /sbin/ip link set imq0 up /sbin/tc qdisc add dev imq0 root handle 1: htb default 2 /sbin/tc class add dev imq0 parent 1: classid 1:1 htb rate 80000Kbit /sbin/tc class add dev imq0 parent 1: classid 1:2 htb rate 80000Kbit /sbin/tc class add dev imq0 parent 1:1 classid 1:10 htb rate 1kbit ceil 2kbit /sbin/tc filter add dev imq0 parent 1: protocol ip prio 1 u32 match ip dst 0/0 match ip src [your ip network] flowid 1:10 /usr/local/sbin/iptables -t mangle -I PREROUTING -i eth1 -m layer7 --l7proto bittorrent -j IMQ --todev 0 /usr/local/sbin/iptables -t mangle -I PREROUTING -i eth1 -m layer7 --l7proto edonkey -j IMQ --todev 0 /usr/local/sbin/iptables -t mangle -I PREROUTING -i eth1 -m layer7 --l7proto gnutella -j IMQ --todev 0 /usr/local/sbin/iptables -t mangle -I PREROUTING -i eth1 -m layer7 --l7proto irc -j IMQ --todev 0 /usr/local/sbin/iptables -t mangle -I PREROUTING -i eth1 -m layer7 --l7proto kugoo -j IMQ --todev 0 /usr/local/sbin/iptables -t mangle -I PREROUTING -i eth1 -m layer7 --l7proto xunlei -j IMQ --todev 0 /usr/local/sbin/iptables -t mangle -I PREROUTING -i eth1 -m layer7 --l7proto pplive -j IMQ --todev 0 /usr/local/sbin/iptables -t mangle -I PREROUTING -i eth1 -m layer7 --l7proto http-dap -j IMQ --todev 0 tc qdisc del dev imq1 root > /dev/null 2>&1 /sbin/ip link set imq1 up /sbin/tc qdisc add dev imq1 root handle 2: htb default 2 /sbin/tc class add dev imq1 parent 2: classid 2:1 htb rate 80000Kbit /sbin/tc class add dev imq1 parent 2: classid 2:2 htb rate 80000Kbit /sbin/tc class add dev imq1 parent 2:1 classid 2:10 htb rate 1kbit ceil 2kbit /sbin/tc filter add dev imq1 parent 2: protocol ip prio 1 u32 match ip dst [your ip network] match ip src 0/0 flowid 2:10 /usr/local/sbin/iptables -t mangle -I POSTROUTING -o eth1 -m layer7 --l7proto bittorrent -j IMQ --todev 1 /usr/local/sbin/iptables -t mangle -I POSTROUTING -o eth1 -m layer7 --l7proto edonkey -j IMQ --todev 1 /usr/local/sbin/iptables -t mangle -I POSTROUTING -o eth1 -m layer7 --l7proto gnutella -j IMQ --todev 1 /usr/local/sbin/iptables -t mangle -I POSTROUTING -o eth1 -m layer7 --l7proto irc -j IMQ --todev 1 /usr/local/sbin/iptables -t mangle -I POSTROUTING -o eth1 -m layer7 --l7proto kugoo -j IMQ --todev 1 /usr/local/sbin/iptables -t mangle -I POSTROUTING -o eth1 -m layer7 --l7proto xunlei -j IMQ --todev 1 /usr/local/sbin/iptables -t mangle -I POSTROUTING -o eth1 -m layer7 --l7proto pplive -j IMQ --todev 1 /usr/local/sbin/iptables -t mangle -I POSTROUTING -o eth1 -m layer7 --l7proto http-dap -j IMQ --todev 1 #---- IMQ+layer7 -----
reboot
done 🙂
warning: not tested with different kernel version or iptables version, be carefull or you’re ended with kernel panic 😀
Bro, I want to ask how do I contact you?
I have a few questions regarding the QOS for Centos, you could email me back and we can chat.
i think, it’s much better if you ask here, so other people can share/learn the information too.
thanks
Can the same instructions be applied to Debian?
for iptables’s command itself, technically yes. but patching the kernel debian’s way might be different.
patch to iptables using -p1 never succeed for me. After googled the NET, I found a solution, using -p0 option, ie:
1 # mv iptables-1.4.1-layer7-imq.patch iptables-1.4.1
2 # cd iptables-1.4.1
3 # pacth -p0 < iptables-1.4.1-layer7-imq.patch
4 # ./configure ….
5 # make
6 # make install
Hope you will check and test it.
well, it depend on the patch file. when imq patch create inside iptables-1.4.1 you might want to use -p0.
it’s been along time since i wrote this article, i’ll check it out.
For the novice, there is a spelling mistake in one of the commands “pacth -p1 < ../linux-2.6.26-layer7-imq.patch" its 'patch' not 'pacth'
thanks 🙂