Saturday, June 20, 2009

configure Linux machine to Router.

Here is a tutorial to configure your linux machine to Router.
System Config:
Operating System: CentOS 4..5
Kernel : 2.6.22-4
Specs: 1 Gb RAM, Intel D845 Motherboard with Intel Processor 2.4

We will be configuring our linux machine to act as a Failover for Internet along with Load balance and upon then you can configure any firewall (i would suggest Squid). Now lets get into it, we will be achieve this through these steps.

1.Configure the kernel with latest stable one along with some patches
2.Configure the Internet to act as a Failover Server
3.Configure the Internet to control Load Balance.

1. Compiling the kernel

Download your desired kernel to /usr/src from www.kernel.org and select the kernel you want to install, e.g. linux-2.6.22.4.tar.bz2 (you can find all 2.6 kernels here: http://www.kernel.org/pub/linux/kernel/v2.6/). Then you can download it to /usr/src like this:
Code:

cd /usr/src
wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.22.4.tar.bz2

Then we unpack the kernel sources and create a symlink linux to the kernel sources directory:
Code:

tar xjf linux-2.6.18.3.tar.bz2
ln -s linux-2.6.18.3 linux
cd /usr/src/linux

Modify /etc/modprobe.conf

Now you must comment out the mptscsi module in /etc/modprobe.conf because you will get a warning like this in future:
WARNING: No module mptscsi found for kernel 2.6.22.4, continuing anyway
when we build our new kernel.

vi /etc/modprobe.conf
Code:

alias eth0 pcnet32
alias scsi_hostadapter mptbase
# alias scsi_hostadapter1 mptscsi
alias scsi_hostadapter2 mptfc
alias scsi_hostadapter3 mptspi
alias scsi_hostadapter4 mptsas
alias scsi_hostadapter5 mptscsih

Apply Patches To The Kernel Sources
Download the patches for routes from this site http://www.ssi.bg/%7Eja/ for ur respective kernel and give the file read, write, execute permission for root. apply the patch by issuing the command in Konsole. Download these files in /usr/src/
Code:

bzip2 -dc /usr/src/routes-2.6.22-15.diff | patch -p1 --dry-run
bzip2 -dc /usr/src/routes-2.6.22-15.diff | patch -p1

if the file path is missing then give the file path manually. the first command will only test the patch and the second command will patch the kernel. So if your not sure how to do it then donot issue the second command but I strongly suggest to patch the kernel with these route patch.

Configure The Kernel

Code:

make clean && make mrproper

Then we run
Code:

make xconfig

this will bring up a X window, alternately u can use menuconfig instead of xconfig this will bring a command line Gui window.
the Window will have kernel configuration menu. Now go into the Network tab (on the left if your using xconfig or in the window if your using menuconfig) and select all the options to be on a safe side do not select those option for which “EXPERIMENTAL”
is mentioned in brackets without the quotes. Take special care for all netfilter options as we require it, these need to be enabled except those for which “EXPERIMENTAL” is mentioned.

Build And Install The Kernel
To build and install the kernel, execute these three commands:
Code:

make all
make modules_install
make install

Now be patient, the kernel compilation can take some hours, depending on your kernel configuration and your processor speed. The last command will also automatically create a ramdisk for you as well as configure /boot/grub/menu.lst.
Now edit /boot/grub/menu.lst. You should find a stanza for your new kernel at the top of the list, but to make sure that the new kernel gets booted instead of your old one, you must set the value of default to 0.

vi /boot/grub/menu.lst

My menu.lst looks like this:

Code:

# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,0)
# kernel /vmlinuz-version ro root=/dev/VolGroup00/LogVol00
# initrd /initrd-version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title CentOS (2.6.22.4)
root (hd0,0)
kernel /vmlinuz-2.6.22.4 ro root=/dev/VolGroup00/LogVol00 enforcing=0
initrd /initrd-2.6.22.4 .img
title CentOS (2.6.9-42.0.3.EL)
root (hd0,0)
kernel /vmlinuz-2.6.9-42.0.3.EL ro root=/dev/VolGroup00/LogVol00
initrd /initrd-2.6.9-42.0.3.EL.img
title CentOS-4 i386 (2.6.9-42.EL)
root (hd0,0)
kernel /vmlinuz-2.6.9-42.EL ro root=/dev/VolGroup00/LogVol00
initrd /initrd-2.6.9-42.EL.img

do not forget to add that “enforcing=o” without quotes otherwise it will throw “kernel panic” error at the time of booting and your new installed kernel will not boot.
Now reboot the system:
Code:

shutdown -r now

If everything goes well, it should come up with the new kernel. You can check if it's really using your new kernel by running
Code:

uname -r

This should display something like
Code:

2.6.18.3

If the system doesn't start, restart it, and when you see thecountdown of grub trying to boot press
Code:

e

and goto ur old kernel n press
Code:

b

or just press enter and try to compile again.

2.Failover
Now lets configure the system for failover Internet, in the network configuration add the network ip's and gatways along with dns. My setup was like this
Internal Lan Eth0=192.168.1.0 - 192.168.1.255 with netmask 255.255.255.0
ISP1 Eth1=202.61.19.29 with netmask 255.255.255.0
ISP2 Eth2= 202.63.89.45 with netmask 255.255.255.248
You can do these configurations using Xwindow from Start>System Settings>Network. This will open a network configuration window, which will show all the network card on your system. Double click on the LAN card icon you want to configure, select the ‘Statically set IP address’ radio button and assign the IP address with subnet mask.
After this, enable IP forwarding on the Linux box. For this, open the file /etc/sysclt.conf from a terminal window. Here, you’ll find an entry ‘net.ipv4.ip_forward = 0’. Set its value to 1 and save the file. Now execute a command in Konsole
Code:

sysctl –p

Next, you need to set the IP table so that the internal network can route packets to the Internet. For this, issue the following commands from a terminal window.
Code:

# iptables –t nat –A POSTROUTING –o eth1 –j MASQUERADE
(Routing packets to Internet connected to first ISP)

# iptables –t nat –A POSTROUTING –o eth2 –j MASQUERADE
(Routing packets to Internet connected to second ISP)

# iptables –A FORWARD –s 192.168.1.0/24 –j ACCEPT
(Forwarding from Internal lan)

# iptables –A FORWARD –d 192.168.1.0/24 –j ACCEPT
# iptables –A FORWARD –s ! 192.168.1.0/24 –j DROP
# iptables-save > /etc/sysconfig/iptables
(saving the IP tables)

# /etc/init.d/network restart
(restarting the network)

# /etc/init.d/iptables restart
(restarting the IP tables)

If you would like to have Failover + Load balance then skip this otherwise goahead.

Now you need to configure failover routing, wherein if the first route dies, then it will look for an alternative route path. For this, you’ll need to add default gateway routes (provided by your ISP) for both network cards. This is done as follows.
Code:

# route add default gw 202.61.19.1 dev eth1
# route add default gw 202.63.89.1 dev eth2

(202.61.19.1 is a gateway IP given by first ISP and 202.63.89.1 is a gateway IP given by second ISP)
Add these commands in /etc/rc.d/rc.local file, otherwise the routes will vanish every time you reboot the system.
Finally, open /proc/sys/net/ipv4/ route/gc_timeout file from a terminal window and set the value from 300 to 10 and save this file. The gc_timeout file contains some timeout value, after which the kernel declares a route to be dead and automatically switches to other route. Your system will now automatically switch to the second route every time the primary route fails.

Your done with Failover now the next section deals with load balance, if you don't want load balance then stop right here (so that you don't confuse others and yourself).

3. Load balance
Now in order to configure load balance issue this command in Konsole
Code:

#ip route del default
#ip route add default equalize nexthop via 202.61.19.1 dev eth1 nexthop via 202.63.89.1 dev eth2

Add these commands in /etc/rc.d/rc.local file, otherwise the route will vanish every time you reboot the system.
Finally, open /proc/sys/net/ipv4/ route/gc_timeout file from a terminal window and set the value from 300 to 10 and save this file. The gc_timeout file contains some timeout value, after which the kernel declares a route to be dead and automatically switches to other route. Your system will now automatically switch to the second route every time the primary route fails.
To load balance outbound network connections from the internal network, the CONFIG_IP_ROUTE_MULTIPATH kernel option is used, which allows you to have multiple default gateways. It is set up by removing the default gateway from the /etc/sysconfig/network file and setting up the default gateway using advanced routing features with the command we issued.

Congrats now your Linux machine is configured as a Router.

No comments:

Post a Comment