Différences

Ci-dessous, les différences entre deux révisions de la page.

--- public:use_raspberry_4_as_router [2021/08/12 19:27] – [Catégories de flux] pcouderc
+++ public:use_raspberry_4_as_router [2025/03/01 11:15] (Version actuelle) – pcouderc
@@ Ligne 1: / Ligne 1: @@
 ====== Use Raspberry pi 4 as router ======
-==== Why ? ====
+===== Why ? =====
 Why not use the router provided by the ISP ?
@@ Ligne 7: / Ligne 7: @@
 The problem has arised for a QOS problem : the need to give some priority to some services like SIP for asterisk PABX.
-==== How ? ====
+===== How ? =====
 Use tutorial to install you pi4. For this use, as the pi4 is fully dedicated to the router function, we work as root, disable any password communication and connect with ssh keys.
+Moreover, we have decided not to use systemd-networkd but good old ifupdown utility...
-=== Stop DHCPCd ===
+=== on recent systems ===
-DHCPCD is standard on raspbian, but for this use it is not clear that it has advantages over good old networking service. So it is disabled (source  [[https://raspberrypi.stackexchange.com/questions/78510/disable-dhcpcd-service-for-static-ip|here]]).
+Install ifupdown :
+<code>
+apt install ifupdown
+</code>
+=== on old raspbian ===
+DHCPCD was standard on raspbian, but for this use it is not clear that it has advantages over good old networking service. So it is disabled (source  [[https://raspberrypi.stackexchange.com/questions/78510/disable-dhcpcd-service-for-static-ip|here]]).
 <code>
@@ Ligne 21: / Ligne 30: @@
 apt remove dhcpcd5
 </code>
-Basic network/interface is set :
+=== Set /etc/network/interfaces ===
+Basic  is set :
 <code>
 auto lo
@@ Ligne 37: / Ligne 48: @@
         dns-search couderc.eu
 </code>
-After :
+=== Then on old systems ===
 <code>
 ifup eth0
@@ Ligne 43: / Ligne 54: @@
 the old and the new IP addresses should ping...
-=== Connect to internet ===
-You need to connect your box configured to pass all traffic to the pi. This done with an additional physical adapter from USB3 to RJ45 (maybe USB2, but to spare what...?). Here we use a subnetwork, but PPPOE could be used for a simple modem.
+=== Then on recent systems ===
+We need to stop all netword stuff...
+<code>
+systemctl stop systemd-networkd.socket systemd-networkd  systemd-networkd-wait-online NetworkManager ModemManager
+systemctl disable systemd-networkd.socket systemd-networkd  systemd-networkd-wait-online NetworkManager ModemManager
+</code>
+An now, reboot...
+=== Connect to internet box ===
+You need to connect your box configured to pass all traffic to the pi. This done with an additional physical adapter from USB3 to RJ45. Here we use a subnetwork from the box (with usually double NAT...), but PPPOE is described later.
 So we add a second interface :
@@ Ligne 63: / Ligne 83: @@
 The last line will be explained later.
+=== Connect to PPPoE interface ===
+Install :!
+<code>
+apt install  pppoe ppp iptables  vlan pppoeconf
+</code>
+Note vlan is optional,
+Add an initial setting for eth1 (eth1.4001 in the example for 4001 vlan :
+<code>
+auto eth1.4001
+iface eth1.4001 inet static
+</code>
+Be ready to provide user and passsword provided by your ISP, and recommended mtu :
+<code>
+pppoeconf eth1.4001
+ip a
+</code>
+If no problem ppp0 link will show your ip address...
 === Routing ===
@@ Ligne 69: / Ligne 107: @@
 <code>
-/etc/sysctl.conf
+net.ipv4.ip_forward=1
 </code>
@@ Ligne 168: / Ligne 206: @@
 ==== Catégories de flux ====
 (en cours de rédaction)
+Tests de rapidité de la ligne (avec apt install speedtest-cli) : 14.5 / 1.25 Mbit/s
 ( d'après [[https://connect.ed-diamond.com/GNU-Linux-Magazine/GLMF-127/QoS-et-gestion-du-trafic-avec-Traffic-Control|ici]])
-   * 1 interactif (DNS...)
+   * 1 interactif (DNS udp,DNS tcp, other )
    * 2 TCP ACKs
    * 3 SSH
    * 4 SIP/RTP
    * 5 HTTP
-   * 6 Divers dont sauvegarde sur serveur de secours.
+   * 6 mail
+   * 7 sauvegarde (en fait tout trafic de 192.168.163.1)
+   * 8 Divers .
-Prmiers tests : inplémenté comme dans la référence (sansSIP)
+Premiers tests : implémenté comme dans la référence (sans SIP, masi maj debits et eth1)
 <code>
 #-nettoyage
-tc qdisc del dev eth0 root
+tc qdisc del dev eth1 root
 #-root
-tc qdisc add dev eth0 root handle 1: htb default 99 r2q 5
+tc qdisc add dev eth1 root handle 1: htb default 99 r2q 5
 #--------uplink internet
-tc class add dev eth0 parent 1:0 classid 1:1 htb rate 768kbit ceil 768kbit
+tc class add dev eth1 parent 1:0 classid 1:1 htb rate 1250kbit ceil 1250kbit
 #--------gigabit local
-tc class add dev eth0 parent 1:0 classid 1:1000 htb rate 1gbit ceil 1gbit
+tc class add dev eth1 parent 1:0 classid 1:1000 htb rate 1gbit ceil 1gbit
 # == filtre lan
-tc filter add dev eth0 parent 1:0 protocol ip prio 1000 handle 1000 fw flowid 1:1000
+tc filter add dev eth1 parent 1:0 protocol ip prio 1000 handle 1000 fw flowid 1:1000
+#----------------interactive
+tc class add dev eth1 parent 1:1 classid 1:10 htb rate 128kbit ceil 200kbit burst 5k prio 1 linklayer atm
+#----------------------------sub interactive: pfifo
+tc qdisc add dev eth1 parent 1:10 handle 110: pfifo limit 1000
+# == filtre interactive
+tc filter add dev eth1 parent 1:0 protocol ip prio 1 handle 10 fw flowid 1:10
+#-----------------tcp acks
+tc class add dev eth1 parent 1:1 classid 1:20 htb rate 64kbit ceil 1250kbit burst 300 prio 2 linklayer atm
+#----------------------------sub tcp acks: pfifo
+tc qdisc add dev eth1 parent 1:20 handle 120: pfifo limit 1000
+# == filtre tcp acks
+tc filter add dev eth1 parent 1:0 protocol ip prio 2 handle 20 fw flowid 1:20
+#----------------ssh
+tc class add dev eth1 parent 1:1 classid 1:30 htb rate 64kbit ceil 300kbit burst 2k prio 3 linklayer atm
+#----------------------------sub ssh: sfq
+tc qdisc add dev eth1 parent 1:30 handle 130: sfq perturb 10
+# == filtre ssh
+tc filter add dev eth1 parent 1:0 protocol ip prio 3 handle 30 fw flowid 1:30
+#----------------http/s
+tc class add dev eth1 parent 1:1 classid 1:40 htb rate 256kbit ceil 1250kbit burst 2k prio 4
+#####################
+#----------------------------http/s sub 1
+tc class add dev eth1 parent 1:40 classid 1:41 htb rate 100kbit ceil 1250kbit burst 2k prio 4 linklayer atm
+#---------------------------------------------sub http1: sfq
+tc qdisc add dev eth1 parent 1:41 handle 141: sfq perturb 10
+# == filtre http/s sub 1
+tc filter add dev eth1 parent 1:0 protocol ip prio 4 handle 41 fw flowid 1:41
+#####################
+#----------------------------http/s sub 2
+tc class add dev eth1 parent 1:40 classid 1:42 htb rate 100kbit ceil 1250kbit burst 2k prio 4 linklayer atm
+#---------------------------------------------sub http2: sfq
+tc qdisc add dev eth1 parent 1:42 handle 142: sfq perturb 10
+# == filtre http/s sub 2
+tc filter add dev eth1 parent 1:0 protocol ip prio 5 handle 42 fw flowid 1:42
+#####################
+#----------------------------http/s sub 9
+tc class add dev eth1 parent 1:40 classid 1:49 htb rate 56kbit ceil 1250kbit burst 2k prio 4 linklayer atm
+#---------------------------------------------sub http 9: sfq
+tc qdisc add dev eth1 parent 1:49 handle 149: sfq perturb 10
+# == filtre http/s sub 3
+tc filter add dev eth1 parent 1:0 protocol ip prio 6 handle 49 fw flowid 1:49
+#####################
+#----------------torrent
+tc class add dev eth1 parent 1:1 classid 1:50 htb rate 128kbit ceil 1250kbit burst 2k prio 5 linklayer atm
+#----------------------------sub ssh: sfq
+tc qdisc add dev eth1 parent 1:50 handle 150: sfq perturb 10
+# == filtre bittorrent
+tc filter add dev eth1 parent 1:0 protocol ip prio 7 handle 50 fw flowid 1:50
+#----------------default
+tc class add dev eth1 parent 1:1 classid 1:99 htb rate 128kbit ceil 1250kbit burst 2k prio 5 linklayer atm
+#----------------------------sub ssh: sfq
+tc qdisc add dev eth1 parent 1:99 handle 199: sfq perturb 10
+# == filtre default
+tc filter add dev eth1 parent 1:0 protocol ip prio 99 handle 99 fw flowid 1:99
 </code>