Fritzbox 7340 iptables

Geekzone Status | Geekzone User IP information | NZ Cell Sites Map | Amazon order page (Kindle, books, electronics)

Welcome Guest.

You haven't logged in yet. If you don't have an account you can register now.

Forums › Snap › Fritzbox 7340 iptables

mappu

2 posts

Wannabe Geek

Topic # 113769 27-Jan-2013 20:57
Hi! I'm trying to count vdsl traffic on a per-user basis for everyone on my lan. Has anyone managed to get iptables running on the Fritzbox 7340/7390? I have freetz-trunk installed on my 7340 with the iptables binary, but ip_tables.ko doesn't seem to get built into the firmware image / doesn't appear in lsmod... The iptables binary appears to work correctly, but the counts it gives are inaccurate, far too small, and nothing ever counts on the vdsl interface. The counts in ifconfig seem realistic however. From a brief chat auf deutsch on ##fritzbox i understand the ikanos fusiv chip in the fritzbox does some hardware accelerated routing that bypasses the kernel stack, but no specific fusiv iptables module exists to make this work properly.. Any ideas? Worst-case scenario is i have to disable wifi on the fritzbox and put another linux machine (with working iptables) and another wifi router inbetween the vdsl and my lan.. which seems like a lot of hassle..

mercutio

777 posts

Ultimate Geek

Reply # 751776 28-Jan-2013 10:00
maybe just use the fritzbox as a bridge, then you just need a linux box, set it up as dhcp server, and have all the traffic go through it and forward to the fritzbox. hardware accelerated routing, and small counters makes me think you're going to struggle to do anything on the router itself, whether you use wifi, ethernet, or vdsl interfaces to monitor, but you should be able to continue to use the wifi on the fritzbox.

frizianz

96 posts

Master Geek

Reply # 752966 29-Jan-2013 22:51
Could always full bridge it back to a linux box then hack together vlan tagging and use wifi on a different vlan back in? Haven't tried it myself but im sure its possible.

SamF

815 posts

Ultimate Geek

Trusted

Reply # 752993 29-Jan-2013 23:59
Save yourself a lot of time and trouble mate, bridge / double NAT it and use another firewall product between the Fritz and the LAN. I use Astaro (now Sophos) which has the best per-IP traffic accounting out there in a free product (& believe you me, I've looked at EVERYTHING). The only down-side is that you won't be able to use the wireless on the fritz unless you do some fancy configuration, but I've looked at this extensively in the past and this is the best setup I've been able to come up with.

quakeguy

79 posts

Master Geek

Trusted

Reply # 753088 30-Jan-2013 09:45
I've built Freetz against the 7340 and iptables works, but loading ipt_nat.ko causes the box to lock up every time. I'm not even sure conntrack loads, so -m state is a no-go. I did manage to get mine to bridge the VDSL to Ethernet using Freetz, by killing AVM's dsld, unplugging eth1 from the default bridge, and adding both it and the 'vdsl' interface to a new bridge instance. So the 'vdsl' EFM interface is treated just like Ethernet, and you can even add vlans to it with vconfig; this leads me to believe that NAT is the only hurdle left and we're home and hosed. If someone donates to me, I might consider building an image to do easy bridging of VDSL to Ethernet on the 7340 :-) Bridging ADSL to Ethernet is not possible (without arcane wizardry). When connected to an ADSL line, the Fritz creates an ATM interface; when connected to VDSL, the Fritz creates an EFM interface (Ethernet-compatible). In the meantime, here's something useful for technical-types: ### YOU NEED THE FREETZ FIRMWARE, with vlan and bridge support compiled into the kernel ### ### THIS WON'T DIRECTLY WORK on the 7390 because the internal interface topology is different, there is a switch in the way! ### # get rid of AVM's 'dsld' proprietary software killall dsld # remove eth1 from the LAN bridge brctl delif lan eth1 # make a new bridge instance called 'dslbr' brctl addbr dslbr # add a subinterface representing VLAN 10-tagged traffic to the VDSL interface vconfig add vdsl 10 # bring both vdsl and vdsl.10 subinterface up ifconfig vdsl up ifconfig vdsl.10 up # add vdsl.10 subinterface and eth1 interface to bridge brctl addif dslbr vdsl.10 brctl addif dslbr eth1 # bring the bridge up ifconfig dslbr up Now you should be able to connect to LAN 2 on the Fritz and see your ISP's PPPoE concentrator. #todo: replace usage of vconfig and ifconfig with ip to make the elitists happy Tim.

sidefx

1054 posts

Uber Geek

Reply # 753096 30-Jan-2013 09:56
quakeguy: If someone donates to me, I might consider building an image to do easy bridging of VDSL to Ethernet on the 7340 :-) Oh yes please! Do you accept digital chocolate fish donations?? :P

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:

Follow @geekzonenzforum

Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:

Follow @geekz1

Follow us to receive Twitter updates when new jobs are posted to our jobs board:

Follow @geekzonenzjobs

Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:

Follow @geekzoneprices

News »

Philips introduces its series of smart LED bulb in New Zealand
Posted 20-May-2013 11:05

Android and iOS combine for 92.3% of all smartphone OS shipment in the first 2013 quarter
Posted 17-May-2013 08:38

Apple’s App Store marks 50 billionth download
Posted 17-May-2013 08:25

Gen-i divests Davanti Consulting through management buyout
Posted 16-May-2013 14:02

Huawei G510 bring big-screen mobile entertainment for Android users
Posted 16-May-2013 11:49

BlackBerry BBM goes multiplatform: iOS and Android versions
Posted 15-May-2013 11:28

Trending now »

Hot discussions in our forums right now:

A reason not to shop at dick smith
Created by dsnz1, last reply by AKLWestie on 17-May-2013 22:45 (82 replies)

... 4 5 6

A new project coming to Geekzone
Created by freitasm, last reply by gundar on 20-May-2013 10:53 (209 replies)

... 12 13 14

HTC One (2013) owners' discussion
Created by Dingbatt, last reply by bradstewart on 20-May-2013 13:24 (1453 replies)

... 95 96 97

Sitting on a boring conference call
Created by SaltyNZ, last reply by SepticSceptic on 17-May-2013 16:52 (14 replies)

$200 Smart Phone!? Ideas..
Created by antaeusa, last reply by paulmilbank on 20-May-2013 12:30 (13 replies)

any cyclists on the forum? (question about parts suppliers...)
Created by Lykho, last reply by marmel on 20-May-2013 12:10 (12 replies)

Samsung Galaxy SIII Discussion and Owners Thread
Created by networkn, last reply by Johnk on 19-May-2013 16:32 (5523 replies)

... 367 368 369

ATI Sapphire graphics card
Created by ronw, last reply by xpd on 20-May-2013 12:54 (9 replies)

Geekzone Jobs »

Most recent NZ jobs in technology:

BW Functional Consultant
Posted 20-May-2013 13:27

Exceptional Recruitment Consultant
Posted 20-May-2013 13:27

Senior .NET Developer
Posted 20-May-2013 13:27

Online Producer
Posted 20-May-2013 13:27

Lead UX/UI Designer
Posted 20-May-2013 13:27

Applications Support Analyst
Posted 20-May-2013 13:27

Business Development - Sales
Posted 20-May-2013 12:27

Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.

RSS feeds: Main feed; Forums feed; Tech Jobs feed; All RSS feeds

Site features: Geekzone Mobile; @GeekzoneMail; Geekzone Badges; Geekzone on Twitter

Geekzone offers: Amazon orders (Kindle, books, everything); MightyApe orders; Free technology white papers

Site Information: Subscribe to Geekzone; Privacy Statement; Forum Usage Guidelines (FUG); Advertising on Geekzone; Trademark and copyright

©2002-2013 Geekzone®