Differences between revisions 15 and 23 (spanning 8 versions)
Revision 15 as of 2003-04-02 11:15:59
Size: 3735
Editor: dsl093-039-147
Comment:
Revision 23 as of 2007-11-23 18:02:45
Size: 4205
Editor: localhost
Comment: converted to 1.6 markup
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
Here we go loop de loo here we go loop de lai...  [[BR]] Here we go loop de loo here we go loop de lai...
Line 3: Line 3:
This text assumes that you have: [[BR]]
* A working NoCat Gateway [[BR]]
* A working NoCat AuthServer [[BR]]
* A Debian box running the NoCat Gateway [[BR]]
* Enough patience to slog through this [[BR]]
This text assumes that you have:
Line 9: Line 5:
IMQ was the solution: http://luxik.cdi.cz/~patrick/imq/index.html  * A working NoCatAuth gateway
 * A working NoCatAuth AuthServer
 * A DebianLinux box running the NoCat Gateway
 * Enough patience to slog through this
Line 11: Line 10:
First, get the 2.4.20 linux kernel (assuming Debian here folks! May need the unstable apt-site in your /etc/apt/sources.list) [[BR]]
# apt-get update [[BR]]
# apt-get install gcc libcurses5 libcurses5-dev kernel-package kernel-headers-2.4.20 kernel-source-2.4.20 [[BR]]
# cd /usr/src [[BR]]
# bunzip2 kernel-source-2.4.20.tar.bz2 [[BR]]
# tar xvvf kernel-source-2.4.20.tar [[BR]]
IMQ was the solution: http://trash.net/~kaber/imq/ (OLD URL: http://luxik.cdi.cz/~patrick/imq/index.html)

First, get the 2.4.20 linux kernel (assuming Debian here folks! May need the unstable apt-site in your {{{/etc/apt/sources.list}}}):

 1. {{{
# apt-get update}}}
 * {{{
# apt-get install gcc libcurses5 libcurses5-dev kernel-package kernel-headers-2.4.20 kernel-source-2.4.20}}}
 * {{{
# cd /usr/src}}}
 * {{{
# bunzip2 kernel-source-2.4.20.tar.bz2}}}
 * {{{
# tar xvvf kernel-source-2.4.20.tar}}}
Line 20: Line 22:
Get the combo patch attachment:imq-2.4.18-combo-patch.txt and the precompiled shared libs attachment:libipt_IMQ-1.2.6a.tar.gz matching your iptables version (iptables -V - was 1.2.6a for me). Get the combo patch [[attachment:imq-2.4.18-combo-patch.txt]] and the precompiled shared libs [[attachment:libipt_IMQ-1.2.6a.tar.gz]] matching your iptables version (iptables -V - was 1.2.6a for me).
Line 24: Line 26:
# cd /usr/src/linux [[BR]]
# patch -p1 <../imq-2.4.18.diff-combo-6[[BR]]
--
(make sure it's the right name you saved from above) [[BR]]
--
find where iptables keeps its shared libraries (/lib/iptables and /usr/lib/iptables is common) [[BR]]
# tar xvzf libipt_IMQ-1.2.6a.tar.gz -C /lib/iptables [[BR]]
 1. {{{# cd /usr/src/linux}}}
 * {{{
# patch -p1 <../imq-2.4.18.diff-combo-6}}}
  *
(make sure it's the right name you saved from above)
  *
find where iptables keeps its shared libraries (/lib/iptables and /usr/lib/iptables is common)
 * {{{
# tar xvzf libipt_IMQ-1.2.6a.tar.gz -C /lib/iptables}}}
Line 30: Line 32:
Then you need to make and install your kernel. Here's my .config attachment:config-2.4.20-imq file that I used to compile my kernel. It's a pretty stock 2.4.20 kernel, patched with the IMQ patch. Then you need to make and install your kernel. Here's my .config [[attachment:config-2.4.20-imq]] file that I used to compile my kernel. It's a pretty stock 2.4.20 kernel, patched with the IMQ patch.
Line 32: Line 34:
# cd /usr/src/linux [[BR]]
# make menuconfig [[BR]]
 1. {{{# cd /usr/src/linux}}}
* {{{# make menuconfig}}}
Line 36: Line 38:
Networking options ---> IP: Netfilter Configuration --->IMQ target support [[BR]]
Networking options ---> IPv6: Netfilter Configuration --->IMQ target support [[BR]]
Network device support --->IMQ (intermediate queueing device) support [[BR]]
Line 40: Line 39:
Choose at least one of the targets and the device itself.
Netfilter debugging should be turned off, otherwise cou get lots of annoying messages.
 Networking options:: IP: Netfilter Configuration --->IMQ target support
 Networking options:: IPv6: Netfilter Configuration --->IMQ target support
 Network device support:: IMQ (intermediate queueing device) support
Line 43: Line 43:
# make dep modules bzImage modules_install Choose at least one of the targets and the device itself. Netfilter debugging should be turned off, otherwise cou get lots of annoying messages.

 1. {{{# make dep modules bzImage modules_install}}}
Line 45: Line 47:
or, for debian, I use Thing's Kernel Recompile Page:
http://www.thing.dyndns.org/debian/kerneldeb.htm
# make dep [[BR]]
# make-kpkg clean[[BR]]
# make-kpkg --revision=thing.2.0 kernel_image[[BR]]
# type dpkg -i name_of_the_kernel.deb[[BR]]
-- May give you a warning to move your libraries if you're on the same kernel level. If so, you can do this: [[BR]]
# mv /lib/modules/2.4.20 /lib/modules/2.4.20-old[[BR]]
-- and retry installing
or, for DebianLinux, I use [[http://www.thing.dyndns.org/debian/kerneldeb.htm|Thing's Kernel Recompile Page]]:
Line 55: Line 49:
Next, replace the attachment:throttle.fw attachment:initialize.fw and attachment:access.fw scripts, typically located in /usr/local/nocat/bin  1. {{{# make dep}}}
 * {{{# make-kpkg clean}}}
 * {{{# make-kpkg --revision=thing.2.0 kernel_image}}}
 * {{{# type dpkg -i name_of_the_kernel.deb}}}
Line 57: Line 54:
Some 2-machine wireless testing I've done:
http://www.pcpitstop.com -> internet connection for download speed testing (they let you run over and over and over..)
May give you a warning to move your libraries if you're on the same kernel level. If so do this and then retry installing the kernel package.
Line 60: Line 56:
Mac w/ Safari
Thinkpad with IE 6.0
 * {{{# mv /lib/modules/2.4.20 /lib/modules/2.4.20-old}}}
Line 63: Line 58:
Thinkpad logged in as Public, Mac logged in as Public [[BR]]
Download 200 KB file at same time: 89 kb/s each [[BR]]
Download 200 KB file solo: 167 kb/s each (fluctuates up to 263 kb/s for solo - but this is a live node) [[BR]]
Next, replace the [[attachment:throttle.fw]] [[attachment:initialize.fw]] and [[attachment:access.fw]] scripts, typically located in /usr/local/nocat/bin
Line 67: Line 60:
Thinkpad logged in as Public, Mac logged in as Member [[BR]]
Download 500 KB file on Mac, 200 KB file on ThinkPad: 500 kb/sec Mac, 250 kb/sec ThinkPad [[BR]]
Here's some test results I have: <<BR>>
Line 70: Line 62:
ThinkPad logged in as Public, Mac logged in as Ownser [[BR]]
Download 2 MB file on Mac, 200 KB file on ThinkPad: 1000 kb/sec Mac, 250 kb/sec Thinkpad [[BR]]
Thinkpad logged in as Public, Mac logged in as Public <<BR>>
Download 200 KB file at same time: 89 kb/s each <<BR>>
Download 200 KB file solo: 167 kb/s each (fluctuates up to 263 kb/s for solo - but this is a live node) <<BR>>
 
Thinkpad logged in as Public, Mac logged in as Member <<BR>>Download 500 KB file on Mac, 200 KB file on ThinkPad: 500 kb/sec Mac, 250 kb/sec ThinkPad <<BR>>
 
ThinkPad logged in as Public, Mac logged in as Owner <<BR>>
Download 2 MB file on Mac, 200 KB file on ThinkPad: 1000 kb/sec Mac, 250 kb/sec Thinkpad <<BR>>
 
Line 77: Line 75:
-DanRichardson -- DanRichardson
----
Great stuff Dan, thanks! I'm really curious about the "fairness" of it. When you have a chance could you setup two clients and ping flood from one (to something on the local network but on the other side of the nocat gateway) and then try and authenticate from the other client)?-- AdamShand
----
You must have been editing when I posted my initial tests. Not sure which direction you want those tests run. Be more specific, or come down and try it yourself. :-). Oh yeah, feel free to pretty it up all you want. I'm WikiRusty. --DanRichardson
[CategorySoftware]

Here we go loop de loo here we go loop de lai...

This text assumes that you have:

IMQ was the solution: http://trash.net/~kaber/imq/ (OLD URL: http://luxik.cdi.cz/~patrick/imq/index.html)

First, get the 2.4.20 linux kernel (assuming Debian here folks! May need the unstable apt-site in your /etc/apt/sources.list):

  1. # apt-get update

  2. # apt-get install gcc libcurses5 libcurses5-dev kernel-package kernel-headers-2.4.20 kernel-source-2.4.20

  3. # cd /usr/src

  4. # bunzip2 kernel-source-2.4.20.tar.bz2

  5. # tar xvvf kernel-source-2.4.20.tar

To install the IMQ Patch (from the FAQ):

Get the combo patch imq-2.4.18-combo-patch.txt and the precompiled shared libs libipt_IMQ-1.2.6a.tar.gz matching your iptables version (iptables -V - was 1.2.6a for me).

Put the patch file in /usr/src

  1. # cd /usr/src/linux

  2. # patch -p1 <../imq-2.4.18.diff-combo-6

    • (make sure it's the right name you saved from above)
    • find where iptables keeps its shared libraries (/lib/iptables and /usr/lib/iptables is common)
  3. # tar xvzf libipt_IMQ-1.2.6a.tar.gz -C /lib/iptables

Then you need to make and install your kernel. Here's my .config config-2.4.20-imq file that I used to compile my kernel. It's a pretty stock 2.4.20 kernel, patched with the IMQ patch.

  1. # cd /usr/src/linux

  2. # make menuconfig

You will have three new options:

Networking options

IP: Netfilter Configuration --->IMQ target support

Networking options

IPv6: Netfilter Configuration --->IMQ target support

Network device support
IMQ (intermediate queueing device) support

Choose at least one of the targets and the device itself. Netfilter debugging should be turned off, otherwise cou get lots of annoying messages.

  1. # make dep modules bzImage modules_install

or, for DebianLinux, I use Thing's Kernel Recompile Page:

  1. # make dep

  2. # make-kpkg clean

  3. # make-kpkg --revision=thing.2.0 kernel_image

  4. # type dpkg -i name_of_the_kernel.deb

May give you a warning to move your libraries if you're on the same kernel level. If so do this and then retry installing the kernel package.

  • # mv /lib/modules/2.4.20 /lib/modules/2.4.20-old

Next, replace the throttle.fw initialize.fw and access.fw scripts, typically located in /usr/local/nocat/bin

Here's some test results I have:

Thinkpad logged in as Public, Mac logged in as Public
Download 200 KB file at same time: 89 kb/s each
Download 200 KB file solo: 167 kb/s each (fluctuates up to 263 kb/s for solo - but this is a live node)

Thinkpad logged in as Public, Mac logged in as Member
Download 500 KB file on Mac, 200 KB file on ThinkPad: 500 kb/sec Mac, 250 kb/sec ThinkPad

ThinkPad logged in as Public, Mac logged in as Owner
Download 2 MB file on Mac, 200 KB file on ThinkPad: 1000 kb/sec Mac, 250 kb/sec Thinkpad

Looks pretty fair to me - the 2 publics aren't stomping over each other (1 drowning out the other).

There's a lot of stuff in the scripts that I need to take OUT, but it's working right now, and I'll deal with that Jingo problem later. Next, is to make a nice PHP frontend to the user admin page.

-- DanRichardson


Great stuff Dan, thanks! I'm really curious about the "fairness" of it. When you have a chance could you setup two clients and ping flood from one (to something on the local network but on the other side of the nocat gateway) and then try and authenticate from the other client)?-- AdamShand


You must have been editing when I posted my initial tests. Not sure which direction you want those tests run. Be more specific, or come down and try it yourself. :-). Oh yeah, feel free to pretty it up all you want. I'm WikiRusty. --DanRichardson [CategorySoftware]

BandwidthShaping (last edited 2007-11-23 18:02:45 by localhost)