{"id":683,"date":"2012-04-01T22:03:29","date_gmt":"2012-04-01T19:03:29","guid":{"rendered":"http:\/\/www.hakancakiroglu.com\/wordpress\/?p=683"},"modified":"2012-04-03T20:33:07","modified_gmt":"2012-04-03T17:33:07","slug":"ubuntu-internet-gateway-yapilandirmasi-ve-bandwidth-yonetimi","status":"publish","type":"post","link":"https:\/\/www.hakancakiroglu.com\/wordpress\/?p=683","title":{"rendered":"Ubuntu \u0130nternet Gateway Yap\u0131land\u0131rmas\u0131 ve Bandwidth Y\u00f6netimi"},"content":{"rendered":"

Evinizde interneti sizin haricinizde payla\u015ft\u0131\u011f\u0131n\u0131z ba\u015fkalar\u0131 da varsa ve siz bu payla\u015ft\u0131\u011f\u0131n\u0131z internetin h\u0131z\u0131n\u0131 deli olmamak i\u00e7in\u00a0 y\u00f6netmek istiyorsan\u0131z s\u00fcrekli a\u00e7\u0131k kalacak 2 ethernet giri\u015fi olan eski bir bilgisayar ve en ucuzundan bir switch i\u015finizi g\u00f6recektir \ud83d\ude42 E\u011fer kablosuz ba\u011flant\u0131lar\u0131n da h\u0131zlar\u0131n\u0131 limitlendirmek isterseniz bir de access pointe ihtiyac\u0131n\u0131z olacak. (Bu AP’yi switch’e ba\u011flayarak)Bunu nas\u0131l yapaca\u011f\u0131m\u0131za gelelim ;<\/p>\n

\u00d6ncelikle Ubuntu y\u00fcklenmi\u015f bir i\u015fletim sisteminin kurulu oldu\u011funu kabul ediyorum.<\/p>\n

A\u015fa\u011f\u0131daki komutlar\u0131 vererek Ubuntuyu gateway olarak yap\u0131land\u0131r\u0131yoruz. Yani bir interfaceden gelen istekleri di\u011fer interfacesine y\u00f6nlendirebilmesi i\u00e7in izin veriyoruz asl\u0131nda.<\/p>\n

E\u011fer kurulmu\u015f Ubuntu versiyonu 10.04 ve eski s\u00fcr\u00fcmler ise<\/p>\n

\/etc\/sysctl.conf dosyas\u0131na \u015fu sat\u0131rlar\u0131 ekliyoruz<\/p>\n

net.ipv4.conf.default.forwarding=1\r\nnet.ipv4.conf.all.forwarding=1<\/pre>\n
E\u011fer kurulu olan Ubuntu versiyonu 10.04’ten daha b\u00fcy\u00fck ise<\/p>\n
 #net.ipv4.ip_forward=1\"\"<\/a><\/pre>\n
sat\u0131r\u0131n\u0131 bularak # i\u015faretini siliyoruz ve kaydediyoruz.<\/p>\n
Daha sonra Panelde bulunan network manager arac\u0131l\u0131g\u0131 ile 2 ethernet kart\u0131na da elle ip adresleri veriyoruz;<\/p>\n
Ok i\u015faretlerine sol tu\u015f ile 1 kere t\u0131klay\u0131n ve en alttaki “Edit Connections” se\u00e7ene\u011fini i\u015faretleyin.<\/p>\n
A\u00e7\u0131lan menude “Wired” sekmesi alt\u0131nda 2 adet ethernet g\u00f6r\u00fcyor olmal\u0131s\u0131n\u0131z.<\/p>\n
eth0’\u0131 se\u00e7in ve “Edit” se\u00e7ene\u011fine t\u0131klay\u0131n. \"\"<\/a><\/p>\n
 <\/p>\n
Ekrana gelen yeni men\u00fcden “IPv4 Settings” sekmesine gelin ve 192.168.1.200 \/ 255.255.255.0 \/ 192.168.1.1 \/8.8.8.8 bilgilerini girerek kaydedin.\u00a0 \"\"<\/a>\"\"<\/a><\/p>\n
 <\/p>\n
 <\/p>\n
 <\/p>\n
 <\/p>\n
Ayn\u0131 \u015fekilde di\u011fer ethernet kart\u0131 i\u00e7in de 192.168.2.200\/255.255.255.0\/0.0.0.0\/8.8.8.8 bilgilerini yaz\u0131n ve kaydedin.<\/p>\n
Evet bu durumda 2 ethernet kart\u0131n\u0131z\u0131 da farkl\u0131 subnetlerden ip vererek yap\u0131land\u0131rm\u0131\u015f olduk. Burada dikkat etmeniz gerken konu sizin kulland\u0131\u011f\u0131n\u0131z ADSL modemin ipsi ve blo\u011funun ne oldugu. Yani eth0 i\u00e7in verdi\u011fimiz degerler ADSL modemin dhcp’sinin dag\u0131tt\u0131 de\u011ferler ile ayn\u0131 olmal\u0131. Benim evde kullan\u0131d\u0131\u011f\u0131m modemin ip adresi 192.168.1.1 dolay\u0131s\u0131yla eth0 i\u00e7in ayn\u0131 subnetten bir ip se\u00e7tim ve gateway olarak modemimin ipsi olan 192.168.1.1 yazd\u0131m. 8.8.8.8 de\u011feri ise google’\u0131n public dns adresi. Buraya istedi\u011finiz ba\u015fka bir dns adres de\u011feri de yazabilirsiniz.<\/p>\n
Di\u011fer ethernet kart\u0131na ise farkl\u0131 bir subnetten ip verdik. Gateway belirtmedik. IPTABLES yard\u0131m\u0131yla 2. ethernet kart\u0131ndan gelen isteklerin 1.ye ge\u00e7mesini sa\u011flayaca\u011f\u0131z. Bu sayede 2. ethernet kart\u0131n\u0131n \u00e7\u0131k\u0131\u015f\u0131na ba\u011flayacag\u0131m\u0131z switche tak\u0131l\u0131 olan t\u00fcm kullan\u0131c\u0131lar\u0131n trafi\u011fi yeni yap\u0131land\u0131rd\u0131\u011f\u0131m\u0131z Ubuntu gateway \u00fczerinden ge\u00e7mek zorunda kalacak ve t\u00fcm trafi\u011fi izlemek \u015fekillendirmek s\u0131n\u0131rland\u0131rmak m\u00fcmk\u00fcn olacak.<\/p>\n
NAT Ayarlar\u0131n\u0131 Yapal\u0131m<\/h4>\n
A\u015fa\u011f\u0131daki komutlar\u0131 vererek Ubuntu i\u00e7in NAT’\u0131 aktifleyelim ve eth1 \u00fczerindeki trafi\u011fin eth0’dan akmas\u0131n\u0131 sa\u011flayal\u0131m.<\/p>\n
sudo iptables -A FORWARD -o eth0 -i eth1 -s 192.168.0.0\/24 -m conntrack --ctstate NEW -j ACCEPT\r\nsudo iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT\r\nsudo iptables -A POSTROUTING -t nat -j MASQUERADE<\/pre>\n
Bu ayarlar\u0131n bilgisayar\u0131m\u0131z\u0131 her ba\u015flatt\u0131\u011f\u0131m\u0131zda aktif olmas\u0131n\u0131 sa\u011flamak i\u00e7in, iptables \u00e7\u0131kt\u0131m\u0131z\u0131 bir dosyaya kaydederek rc.local taraf\u0131ndan aktif olmas\u0131n\u0131 sa\u011flayal\u0131m.<\/p>\n
sudo iptables-save | sudo tee \/etc\/iptables.sav<\/pre>\n
\/etc\/rc.local dosyas\u0131n\u0131 vi ile a\u00e7\u0131n ve \u015fu kodu ekleyin. Bu sayede iptables.sav dosyas\u0131na kaydetti\u011fimiz firwall ayarlar\u0131m\u0131z her ba\u015flang\u0131\u00e7ta\u00a0 tekrardan aktiflenecek<\/p>\n
iptables-restore < \/etc\/iptables.sav<\/pre>\n
Ubuntu y\u00fckl\u00fc bilgisayar\u0131n\u0131z\u0131 ba\u015ftan ba\u015flat\u0131n.<\/p>\n
DHCP Sunucu Olmadan Test Yapal\u0131m<\/h4>\n
Evet buraya kadar her\u015feyi do\u011fru yapt\u0131ysan\u0131z eth1’i yani 192.168.2.200 ip adresini\u00a0 verdi\u011fimiz baca\u011f\u0131 switche ba\u011flay\u0131n, eth0’\u0131 yani 192.168.1.200 baca\u011f\u0131n\u0131 ADSL modeme ba\u011flay\u0131n. Daha sonra switche ba\u015fka bir kablo daha baglayarak bu kabloyu client olarak kullanaca\u011f\u0131n\u0131z herhangi bir makinaya ba\u011flay\u0131n ve el ile 192.168.2.201 \/ 255.55.255.0 \/ 192.168.2.200 \/ 8.8.8.8 ayarlar\u0131n\u0131 yap\u0131n. (Yani ip adresi 192.168.2.201 olacak gw adresi ise 192.168.2.200 ve subnet 255.255.255.0 ve dns 8.8.8.8)\u00a0 Bu yeni ip adresi verdi\u011finiz makina ile 192.168.1.1 adresini pingleyin. E\u011fer 192.168.1.1 adresine eri\u015febiliyorsan\u0131z kurdu\u011fuuz gateway sunucumuz sorunsuz \u00e7al\u0131\u015f\u0131yor demektir. El ile ip adresi vermemeiniz nedeni 192.168.2.0\/24 network\u00fcnde herhangi bir dhcp sunucusu yap\u0131land\u0131r\u0131lmam\u0131\u015f olmas\u0131. ubuntu sunucumuza bir de DHCP sunucu kural\u0131m ve yap\u0131land\u0131ral\u0131m.<\/p>\n
Ubuntu Dhcp Sunucu Kurulumu<\/h4>\n
A\u015fa\u011f\u0131daki komut yard\u0131m\u0131yla dhcp server paketinin kurulumunu yapal\u0131m.<\/p>\n
sudo apt-get install dhcp3-server<\/pre>\n
Kurulum tamamland\u0131ktan sonra konfigurasyon dosyas\u0131n\u0131 yap\u0131land\u0131ral\u0131m. vi ile \/etc\/dhcp3\/dhcpd.conf dosyas\u0131n\u0131 a\u00e7al\u0131m ve \u015fu sat\u0131rlar\u0131 ekleyelim.<\/p>\n
default-lease-time 600; max-lease-time 7200;<\/code>\r\noption subnet-mask 255.255.255.0;\r\noption broadcast-address 192.168.2.255;\r\noption routers 192.168.2.200;\r\noption domain-name-servers 192.168.1.1, 8.8.8.8;\r\noption domain-name \u201ccakiroglu.local\u201d;\r\nsubnet 192.168.2.0 netmask 255.255.255.0 {\r\nrange 192.168.2.10 192.168.2.99; \u00a0\r\n}<\/pre>\n
Evet dhcp servisimizi yeniden ba\u015flatabiliriz art\u0131k. A\u015fa\u011f\u0131daki komutlar yard\u0131m\u0131yla servisimizi durdurup yeni ayarlar\u0131 ile yeniden ba\u015flatal\u0131m<\/p>\n
 service isc-dhcp-server stop\r\n service isc-dhcp-server start<\/pre>\n
\u015eu anda eth1 taraf\u0131na yani switche baglad\u0131g\u0131n\u0131z herhangi bir bilgisayar dhcp’den ip adresi alabiliyor olmal\u0131. Yukar\u0131daki konfigurasyon ile dhcp sunucumuzun ilk verece\u011fi ip olan 192.168.2.10 adresi ilk takt\u0131\u011f\u0131n\u0131z pc’ye verilmi\u015f olmal\u0131. Ayn\u0131 \u015fekilde bu ip adresinin alm\u0131\u015f bilgisayar ile 192.168.1.1 adresini pingleyebiliyor olmal\u0131s\u0131n\u0131z ve hatta internete de \u00e7\u0131kabiliyor olmal\u0131s\u0131n\u0131z.<\/p>\n
Belirli bir bilgisayara yani mac adresine hep ayn\u0131 ip adresini atamak istiyorsan\u0131z \/etc\/dhcp3\/dhcpd.conf dosyas\u0131na \u015fu sat\u0131rlar\u0131 da eklemelisiniz. Yaln\u0131z burada dikkat etmeniz gereken konu dhcp sunucunuzun verece\u011fi aral\u0131kta olmayan adresler i\u00e7in bunu uyguluyor olman\u0131z.<\/p>\n
host pc1 \u00a0<\/code>\r\n{\r\nhardware ethernet 01:1b:b3:bf:db:56;\r\nfixed-address 192.168.2.110;\r\n}<\/pre>\n
 host pc2\r\n{\r\n\u00a0hardware ethernet 00:0a:95:b4:b4:bb;\r\nfixed-address 192.168.2.111;\r\n}<\/pre>\n
Dhcp server taraf\u0131ndan verilmi\u015f ip adreslerinin bir listesini gormek isterseniz a\u015fa\u011f\u0131daki komutu kullanabilrisiniz.<\/p>\n
cat \/var\/lib\/dhcp\/dhcpd.leases<\/pre>\n
Evet \u015fu anki konfigurasyon ile sunucumuz internet payla\u015f\u0131m\u0131na haz\u0131r. Bandwidth y\u00f6netimi i\u00e7in tek yapmam\u0131z gereken wondershaper uygulamas\u0131 ile eth1 \u00fczerinden ge\u00e7en trafi\u011fi limitlendirmek.<\/p>\n
tcpdump uygulamas\u0131 ile eth1 \u00fczerinden akan trafi\u011fi g\u00f6zlemlemek isterseniz \u015fu komutu kullanabilirsiniz.<\/p>\n
sudo tcpdump -n -s0 -i eth1<\/p>\n
Wondershaper ile Bandwidth Limitleme<\/strong><\/p>\n
wondershaper uygulamas\u0131n\u0131 kurmak i\u00e7in \u015fu komutu kullanal\u0131m<\/p>\n
sudo apt-get install wondershaper<\/pre>\n
wondershaper uygulamas\u0131n\u0131n genel kullan\u0131m\u0131 \u015fu \u015fekildedir<\/p>\n
wondershaper <interface> <download h\u0131z\u0131> <uplaod h\u0131z\u0131><\/pre>\n
Fakat biz eth1’i i\u00e7eride kulland\u0131\u011f\u0131m\u0131zdan asl\u0131nda download upload, upload da downloada d\u00f6n\u00fc\u015fm\u00fc\u015f oluyor.<\/p>\n
Yani eth1 i\u00e7in 100kB\/s download ve 10kB\/s h\u0131zlar\u0131nda limit uygulamak i\u00e7in \u015fu komutu vermek yeterli olacakt\u0131r.<\/p>\n
Byte’\u0131 bite \u00e7evirerek yazd\u0131g\u0131mzda;<\/p>\n
sudo wondershaper eth1 80 800<\/pre>\n
Evet\u00a0 bundan sonras\u0131n\u0131 internetinizi payla\u015ft\u0131\u011f\u0131n\u0131z ki\u015filer d\u00fc\u015f\u00fcns\u00fcn \ud83d\ude42<\/p>\n
Umar\u0131m faydal\u0131 bir payla\u015f\u0131m olmu\u015ftur, yeni bir yazuda yeniden g\u00f6r\u00fc\u015fmek dile\u011fiyle….<\/p>\n
 <\/p>\n
Kaynaklar :<\/p>\n
https:\/\/help.ubuntu.com\/community\/Internet\/ConnectionSharing<\/p>\n
https:\/\/help.ubuntu.com\/community\/dhcp3-server<\/p>\n
http:\/\/www.basicconfig.com\/linuxnetwork\/configure_dhcp_server_ubuntu<\/p>\n
http:\/\/forum.ubuntu-tr.net\/index.php?topic=13768.0<\/p>\n
 <\/p>\n
 <\/p>\n","protected":false},"excerpt":{"rendered":"
Evinizde interneti sizin haricinizde payla\u015ft\u0131\u011f\u0131n\u0131z ba\u015fkalar\u0131 da varsa ve siz bu payla\u015ft\u0131\u011f\u0131n\u0131z internetin h\u0131z\u0131n\u0131 deli olmamak i\u00e7in\u00a0 y\u00f6netmek istiyorsan\u0131z s\u00fcrekli a\u00e7\u0131k kalacak 2 ethernet giri\u015fi olan eski bir bilgisayar ve en ucuzundan bir switch i\u015finizi g\u00f6recektir \ud83d\ude42 E\u011fer kablosuz ba\u011flant\u0131lar\u0131n da h\u0131zlar\u0131n\u0131 limitlendirmek isterseniz bir de access pointe ihtiyac\u0131n\u0131z olacak. (Bu AP’yi switch’e ba\u011flayarak)<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[4,18],"tags":[],"_links":{"self":[{"href":"https:\/\/www.hakancakiroglu.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/683"}],"collection":[{"href":"https:\/\/www.hakancakiroglu.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hakancakiroglu.com\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hakancakiroglu.com\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hakancakiroglu.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=683"}],"version-history":[{"count":46,"href":"https:\/\/www.hakancakiroglu.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/683\/revisions"}],"predecessor-version":[{"id":771,"href":"https:\/\/www.hakancakiroglu.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/683\/revisions\/771"}],"wp:attachment":[{"href":"https:\/\/www.hakancakiroglu.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=683"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hakancakiroglu.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=683"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hakancakiroglu.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=683"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}