Lan Management System (LMS) On Debian Squeeze - Router Howto

Want to support HowtoForge? Become a subscriber!
 
Submitted by yarzombo (Contact Author) (Forums) on Wed, 2011-09-07 10:00. :: Debian

Lan Management System (LMS) On Debian Squeeze - Router Howto

LMS (Lan Management System) is a good system for small ISPs made in Poland. Documentation for LMS GUI is available in english here. But installation, configuration and integration with firewall or traffic shaping mechanisms could take a lot of time. Here you can try my scripts for express-installation of LMS. The scripts were tested in several companies.

First download and install Debian Squeeze in netinstall version i386 or amd64. Install it with basic system only (no X GUI, no services except ssh). Choose eth0 for your primary interface and configure network settings (IP address, netmask, gateway and DNS servers). Make sure you have a second interface described as eth1. Next log into your root account (via ssh by PuTTY or directly on the console) and type the magic three lines for i386 architecture:

wget http://files.v-smart.pl/v-smart-2.0/install-vsmart-2.0-en-32bit.sh
chmod +x install-vsmart-2.0-en-32bit.sh
./install-vsmart-2.0-en-32bit.sh

and for amd64 architecture:

wget http://files.v-smart.pl/v-smart-2.0/install-vsmart-2.0-en-64bit.sh
chmod +x install-vsmart-2.0-en-64bit.sh
./install-vsmart-2.0-en-64bit.sh

The scripts will download necessary packages from debian repositories and my deb packages:

  • linux kernel 2.6.32 with patches: layer-7, imq, esfq
  • iptables 1.4.8 with patches: layer-7 and imq
  • iproute 20101221 with esfq patch
  • ppp 2.4.3 with mppe and mppc
  • pppoe 3.10 with mppe, mppc and kernel plugin
  • pptpd 1.3.4 with mppe and mppc

All the packages are available for independent download from:

 http://files.v-smart.pl/v-smart-2.0/

You may view the scripts before executing to see what they exactly do. You have to write down the MySQL root password and type it when the install script ask for. After reboot you can go to the router GUI via browser. Simply open the router IP address in the browser. First time LMS will ask you for creating an admin account. Don't forget to check full access option for admin. Example configuration is available for view after installation. You have to set up your WAN bandwidth in the /router/router.conf file in kilobits-per-second. Default is 10Mbps.

How does it work? Network administrator adds clients, computers and tariffs (download and upload speed) into LMS. There is my daemon running in the background which checks if something was changed in the GUI configuration. If so, the daemon will update the configuration file for the firewall (/router/lms.conf) and reload firewall, NAT and traffic shaping. Firewall scripts and configs are in the /router directory. LMS GUI is installed in the /var/www directory. Other stuff (messages, daemon, etc.) are in /var/v-smart directory. Network configuration you can find in /etc/rc.local script.

Installed LMS is pure and unmodified. In the database there is vsmart table with to-do records that are read by the daemon in 3-second period. I added MySQL triggers to follow changes in the LMS tables. The triggers will update to-do records when something is changed in customers' devices configuration. Then the daemon makes a decision about reloading firewall, traffic shaper and NAT. Finally - changes in LMS GUI are set in the router almost instantly. This is the main idea of my project.

In the crontab there are periodicaly run some LMS scripts (stats, payments, host alive checking and other). Feel free to view or adjust /etc/cron.d/vsmart file.

List of router main functions:

- Dynamic traffic shaping on WAN port using IMQ with HTB/esfq and service priority,
- Static traffic shaping on LAN port (LMS tariffs),
- MAC + IP authorization for clients,
- DHCP server,
- DNS server,
- PPPoE server,
- PPtP server (Windows VPN),
- Messages: payment reminder, total block, no authorization,
- LMS GUI - see manual,
- LMS functions: customers, computers, networks, network devices, network map, tariffs, invoices, helpdesk, calendar,
- LMS USERPANEL - access via http://router_ip/userpanel,
- Night tarrifs for LAN and WAN,
- Port forward (/router/forward.conf)

Technical solutions

1. How to add new network(s) to my LAN?

Let us consider new LAN network: 192.168.102.0/24 with 192.168.102.254 gateway address on the eth1 interface. In LMS GUI (IP Networks -> New network) we add:

  • Network name: LAN2
  • Network addres/mask: 192.168.102.0 / 24 (256-addresses)
  • Interface: eth1
  • Gateway: 192.168.102.254
  • DNS servers: 192.168.102.254, 8.8.8.8

In the file /etc/rc.local we add before /usr/sbin/ip link set eth1 up:

/usr/sbin/ip a a 192.168.102.254/24 brd 192.168.102.255 dev eth1

In the file /etc/rc.local we add on the bottom:

/usr/sbin/pppoe-server -I eth1 -L 192.168.102.254 -N 1000 -k

In the file /router/router.conf we add  variable with value:

INTNET2=192.168.102.0/24

In the file /router/scripts/firewall.sh and /router/scripts/nat.sh we find all lines that include $INTNET1 variable and we copy them bellow changing $INTNET1 for $INTNET2. For example:

$IPTABLES -A INPUT -s $INTNET1 -m state --state NEW -p tcp --sport 1024: --dport 53 -j ACCEPT
$IPTABLES -A INPUT -s $INTNET2 -m state --state NEW -p udp --sport 1024: --dport 53 -j ACCEPT

etc..

Tip: If you want to use public subnet on LAN you have to comment MASQUERADE for this subnet in /router/scripts/nat.sh:

#$IPTABLES -t nat -A POSTROUTING -s $INTNET2 -o $EXTDEV -j MASQUERADE

After reboot everything should work fine.


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by Researcher (not registered) on Sat, 2012-05-26 06:32.

Hey,

very good tutorial and excellent sharing, very powerful lan management system as far as i read the documents help files and your tutorial, 

 But download link for your LMS installation script is not working

 http://files.v-smart.pl/v-smart-2.0/ ===>> unable to load page

 Rquest : If possible send me the script on my email address.

 Thanking you

zeeshan@consultant.com

Submitted by sylwek (not registered) on Wed, 2011-10-05 21:01.

Please tell me where and what do I have to change to get in from WAN side ?

From outside to my linux.

putty not working www not working

 BestReg

Sylwester

Submitted by if85myh (registered user) on Thu, 2011-09-08 02:15.

Nice tutorial, but i have a question, i dont use nat, i am using public ips, i have more than 1 ip class, and also i am using bgp.

 How can this setup be used with vlans?

Submitted by yarzombo (registered user) on Thu, 2011-09-08 11:57.

I added a description how to magane IP addresses in the project to the tutorial. If you wan to use vlans you have to simply type:

apt-get install vlan

and add modprobe 8021q to /etc/modules. Then you can add vlans to the physical interfaces:

vconfig add eth1 2
vconfig add eth1 3

where 2 and 3 are vlan IDs. Add it to the /etc/rc.local where you can find LAN IP configuration. Replace eth1 with for example eth1.2. The last step is to replace value of the variable $INTDEV1 in /router/router.conf to the vlan interface name.

Submitted by if85myh (registered user) on Sat, 2011-09-10 17:02.

Yes thanks, i have sorted it.

 Thank you so much for this tutorial, it really helped me alot. I was using LMS for about 4 years and was in need of something like this.