Author Topic: new eBox traffic shaping module with l7 filter support for Ubuntu Hardy 8.04  (Read 12163 times)

javi

  • Zen Hero
  • *****
  • Posts: 1042
  • Karma: +0/-0
    • View Profile
Hi guys,

We have just added a new feature to our traffic shaping module: layer 7 filter.

We are using l7-filter http://l7-filter.sf.net to mark network packets based on its content. This is pretty useful for those of you who are in the need of throttling traffic that can use different ports. Shaping p2p traffic is mucheasier with this new feature.

We are using the kernel space version of l7-filter at the moment. We plan toswitch to the user space version in a few months.

This version of l7-filter needs a patched kernel and patched iptables. But don'tworry just follow the steps below if you want to test it:

To install these packages add the following lines  to your /etc/apt/sources.list file:

Code: [Select]
deb http://ebox-platform.com/testing/packages/l7kernel ./
deb http://ppa.launchpad.net/ebox-unstable/ubuntu hardy main

Once you have added the apt sources run:

Code: [Select]
apt-get update

First of all, we need to install the pactched kernel by running:

Code: [Select]
sudo apt-get install linux-image-2.6.24-19-l7filter

Now you will have to reboot to be able to use the new kernel.

If you manage to boot with the new kernel, the next step is installing the patched iptables package and ebox-l7-protocols:

Code: [Select]
sudo apt-get install ebox-l7-protocols iptables

If everything goes ok, you will be able to access and configure eBox through the web interface.

Note that the eBox traffic shaping module is meant to be used when your machine is acting as gateway, and you can shape on internal interfaces for ingress shaping and on external interfaces for egress shaping.

Don't forget you will have to enable the firewall and add rules to accept traffic from your internal networks to internet.

Enjoy

« Last Edit: September 01, 2008, 01:36:42 pm by javi »

javierin

  • Zen Apprentice
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Hi there

Are there any plans to support the newer 2.6.27 kernels as well as 2.6.28 that will come with 9.04? Also 64 bit support would be great.

Regards,
J.

Ptarmigan

  • Zen Apprentice
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
l7 filter support - install fails on repos
« Reply #2 on: March 31, 2009, 07:48:51 am »
Hi,

I installed the l7-kernel on an IBM Dual CPU Xeon server.
I found two points:
First the l7 kernel is older than the released kernel in EboX v1.0, so Grub defaults to selecting the non-l7 kernel

Second, the repos didn't work for me.
<snip>
Code:
sudo apt-get install ebox-l7-protocols iptables
</snip>

I manually opened the repos in a web browser and found that it appears the correct (or closest available) package to install was
<snip>
Code:
sudo apt-get install l7-protocols iptables
</snip>

I hope this might help someone else.  Now the next question is, is there anyone else out there using this yet and did you have some success / experiences to share (either in classifying or in shaping)?

Thanks,
P

javi

  • Zen Hero
  • *****
  • Posts: 1042
  • Karma: +0/-0
    • View Profile
Please, can you paste the output of:

Code: [Select]
apt-cache policy  ebox-l7-protocols

Thanks!
     

Pfff

  • Zen Warrior
  • ***
  • Posts: 132
  • Karma: +0/-0
  • Be open
    • View Profile
    • Webynux
Hello

With this new release ebox 1.0.

Are they a secure How-to somewhere?

many thx

c4rdinal

  • Zen Samurai
  • ****
  • Posts: 341
  • Karma: +4/-0
    • View Profile
Hi,

Does Ebox L7 filter supports protocol filters such as:

- Peer-to-peer
- Instant messaging
- Streaming audio
- Streaming video
- Video games
- and many others

TIA

James
« Last Edit: May 08, 2009, 10:16:43 am by c4rdinal »

furiac3lta

  • Zen Apprentice
  • *
  • Posts: 48
  • Karma: +0/-0
    • View Profile
hi i want to ask if i can install this kernel in ubuntu hardy heron lts i only need L7 filter support in my kernel. thanks.