LMS (Lan Management System) is a good system for small ISPs made in Poland. Documentation for LMS GUI is available in english here. But installation, configuration and integration with firewall or traffic shaping mechanisms could take a lot of time. Here you can try my scripts for express-installation of LMS. The scripts were tested in several companies.
First download and install Debian Squeeze in netinstall version i386 or amd64. Install it with basic system only (no X GUI, no services except ssh). Choose eth0for your primary interface and configure network settings (IP address, netmask, gateway and DNS servers). Make sure you have a second interface described aseth1. Next log into your root account (via ssh by PuTTY or directly on the console) and type the magic three lines for i386 architecture:
wget http://files.v-smart.pl/v-smart-2.0/install-vsmart-2.0-en-32bit.sh
chmod +x install-vsmart-2.0-en-32bit.sh
./install-vsmart-2.0-en-32bit.sh
chmod +x install-vsmart-2.0-en-32bit.sh
./install-vsmart-2.0-en-32bit.sh
and for amd64 architecture:
wget http://files.v-smart.pl/v-smart-2.0/install-vsmart-2.0-en-64bit.sh
chmod +x install-vsmart-2.0-en-64bit.sh
./install-vsmart-2.0-en-64bit.sh
chmod +x install-vsmart-2.0-en-64bit.sh
./install-vsmart-2.0-en-64bit.sh
The scripts will download necessary packages from debian repositories and my deb packages:
- linux kernel 2.6.32 with patches: layer-7, imq, esfq
- iptables 1.4.8 with patches: layer-7 and imq
- iproute 20101221 with esfq patch
- ppp 2.4.3 with mppe and mppc
- pppoe 3.10 with mppe, mppc and kernel plugin
- pptpd 1.3.4 with mppe and mppc
All the packages are available for independent download from:
You may view the scripts before executing to see what they exactly do. You have to write down the MySQL root password and type it when the install script ask for. After reboot you can go to the router GUI via browser. Simply open the router IP address in the browser. First time LMS will ask you for creating an admin account. Don't forget to check full access option for admin. Example configuration is available for view after installation. You have to set up your WAN bandwidth in the /router/router.conf file in kilobits-per-second. Default is 10Mbps.
How does it work? Network administrator adds clients, computers and tariffs (download and upload speed) into LMS. There is my daemon running in the background which checks if something was changed in the GUI configuration. If so, the daemon will update the configuration file for the firewall (/router/lms.conf) and reload firewall, NAT and traffic shaping. Firewall scripts and configs are in the /router directory. LMS GUI is installed in the /var/www directory. Other stuff (messages, daemon, etc.) are in /var/v-smart directory. Network configuration you can find in /etc/rc.local script.
Installed LMS is pure and unmodified. In the database there is vsmart table with to-do records that are read by the daemon in 3-second period. I added MySQL triggers to follow changes in the LMS tables. The triggers will update to-do records when something is changed in customers' devices configuration. Then the daemon makes a decision about reloading firewall, traffic shaper and NAT. Finally - changes in LMS GUI are set in the router almost instantly. This is the main idea of my project.
In the crontab there are periodicaly run some LMS scripts (stats, payments, host alive checking and other). Feel free to view or adjust /etc/cron.d/vsmart file.
List of router main functions:
- Dynamic traffic shaping on WAN port using IMQ with HTB/esfq and service priority,
- Static traffic shaping on LAN port (LMS tariffs),
- MAC + IP authorization for clients,
- DHCP server,
- DNS server,
- PPPoE server,
- PPtP server (Windows VPN),
- Messages: payment reminder, total block, no authorization,
- LMS GUI - see manual,
- LMS functions: customers, computers, networks, network devices, network map, tariffs, invoices, helpdesk, calendar,
- LMS USERPANEL - access via http://router_ip/userpanel,
- Night tarrifs for LAN and WAN,
- Port forward (/router/forward.conf)
- local speedtest in http://router_ip/freemeter taken from http://speed-meter.net
- Static traffic shaping on LAN port (LMS tariffs),
- MAC + IP authorization for clients,
- DHCP server,
- DNS server,
- PPPoE server,
- PPtP server (Windows VPN),
- Messages: payment reminder, total block, no authorization,
- LMS GUI - see manual,
- LMS functions: customers, computers, networks, network devices, network map, tariffs, invoices, helpdesk, calendar,
- LMS USERPANEL - access via http://router_ip/userpanel,
- Night tarrifs for LAN and WAN,
- Port forward (/router/forward.conf)
- local speedtest in http://router_ip/freemeter taken from http://speed-meter.net
Technical solutions
1. How to add new network(s) to my LAN?
Let us consider new LAN network: 192.168.102.0/24 with 192.168.102.254 gateway address on the eth1 interface. In LMS GUI (IP Networks -> New network) we add:
- Network name: LAN2
- Network addres/mask: 192.168.102.0 / 24 (256-addresses)
- Interface: eth1
- Gateway: 192.168.102.254
- DNS servers: 192.168.102.254, 8.8.8.8
In the file /etc/rc.local we add before /usr/sbin/ip link set eth1 up:
/usr/sbin/ip a a 192.168.102.254/24 brd 192.168.102.255 dev eth1
In the file /etc/rc.local we add on the bottom:
/usr/sbin/pppoe-server -I eth1 -L 192.168.102.254 -N 1000 -k
In the file /router/router.conf we add variable with value:
INTNET2=192.168.102.0/24
In the file /router/scripts/firewall.sh and /router/scripts/nat.sh we find all lines that include $INTNET1 variable and we copy them bellow changing $INTNET1 for $INTNET2. For example:
$IPTABLES -A INPUT -s $INTNET1 -m state --state NEW -p tcp --sport 1024: --dport 53 -j ACCEPT
$IPTABLES -A INPUT -s $INTNET2 -m state --state NEW -p udp --sport 1024: --dport 53 -j ACCEPT
$IPTABLES -A INPUT -s $INTNET2 -m state --state NEW -p udp --sport 1024: --dport 53 -j ACCEPT
etc..
Tip: If you want to use public subnet on LAN you have to comment MASQUERADE for this subnet in /router/scripts/nat.sh:
#$IPTABLES -t nat -A POSTROUTING -s $INTNET2 -o $EXTDEV -j MASQUERADE
After reboot everything should work fine.
No comments:
Post a Comment