Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.



2 posts

Wannabe Geek


Topic # 113769 27-Jan-2013 20:57 Send private message

Hi! I'm trying to count vdsl traffic on a per-user basis for everyone on my lan.

Has anyone managed to get iptables running on the Fritzbox 7340/7390?



I have freetz-trunk installed on my 7340 with the iptables binary, but ip_tables.ko doesn't seem to get built into the firmware image / doesn't appear in lsmod... The iptables binary appears to work correctly, but the counts it gives are inaccurate, far too small, and nothing ever counts on the vdsl interface. The counts in ifconfig seem realistic however.

From a brief chat auf deutsch on ##fritzbox i understand the ikanos fusiv chip in the fritzbox does some hardware accelerated routing that bypasses the kernel stack, but no specific fusiv iptables module exists to make this work properly..

Any ideas?



Worst-case scenario is i have to disable wifi on the fritzbox and put another linux machine (with working iptables) and another wifi router inbetween the vdsl and my lan.. which seems like a lot of hassle..

Create new topic
1036 posts

Uber Geek
+1 received by user: 39


  Reply # 751776 28-Jan-2013 10:00 Send private message

maybe just use the fritzbox as a bridge, then you just need a linux box, set it up as dhcp server, and have all the traffic go through it and forward to the fritzbox.

hardware accelerated routing, and small counters makes me think you're going to struggle to do anything on the router itself, whether you use wifi, ethernet, or vdsl interfaces to monitor, but you should be able to continue to use the wifi on the fritzbox.


103 posts

Master Geek


  Reply # 752966 29-Jan-2013 22:51 Send private message

Could always full bridge it back to a linux box then hack together vlan tagging and use wifi on a different vlan back in?

Haven't tried it myself but im sure its possible.

1213 posts

Uber Geek
+1 received by user: 105

Trusted

  Reply # 752993 29-Jan-2013 23:59 Send private message

Save yourself a lot of time and trouble mate, bridge / double NAT it and use another firewall product between the Fritz and the LAN.  I use Astaro (now Sophos) which has the best per-IP traffic accounting out there in a free product (& believe you me, I've looked at EVERYTHING).  The only down-side is that you won't be able to use the wireless on the fritz unless you do some fancy configuration, but I've looked at this extensively in the past and this is the best setup I've been able to come up with.

104 posts

Master Geek
+1 received by user: 17

Trusted
Snap Internet

  Reply # 753088 30-Jan-2013 09:45 Send private message

I've built Freetz against the 7340 and iptables works, but loading ipt_nat.ko causes the box to lock up every time.

I'm not even sure conntrack loads, so -m state is a no-go.

I did manage to get mine to bridge the VDSL to Ethernet using Freetz, by killing AVM's dsld, unplugging eth1 from the default bridge, and adding both it and the 'vdsl' interface to a new bridge instance.
So the 'vdsl' EFM interface is treated just like Ethernet, and you can even add vlans to it with vconfig; this leads me to believe that NAT is the only hurdle left and we're home and hosed.

If someone donates to me, I might consider building an image to do easy bridging of VDSL to Ethernet on the 7340 :-)

Bridging ADSL to Ethernet is not possible (without arcane wizardry). When connected to an ADSL line, the Fritz creates an ATM interface; when connected to VDSL, the Fritz creates an EFM interface (Ethernet-compatible).

In the meantime, here's something useful for technical-types:

### YOU NEED THE FREETZ FIRMWARE, with vlan and bridge support compiled into the kernel ###
### THIS WON'T DIRECTLY WORK on the 7390 because the internal interface topology is different, there is a switch in the way! ###

# get rid of AVM's 'dsld' proprietary software
killall dsld

# remove eth1 from the LAN bridge
brctl delif lan eth1

# make a new bridge instance called 'dslbr'
brctl addbr dslbr

# add a subinterface representing VLAN 10-tagged traffic to the VDSL interface
vconfig add vdsl 10

# bring both vdsl and vdsl.10 subinterface up
ifconfig vdsl up
ifconfig vdsl.10 up

# add vdsl.10 subinterface and eth1 interface to bridge
brctl addif dslbr vdsl.10
brctl addif dslbr eth1

# bring the bridge up
ifconfig dslbr up


Now you should be able to connect to LAN 2 on the Fritz and see your ISP's PPPoE concentrator.

#todo: replace usage of vconfig and ifconfig with ip to make the elitists happy




“I do not think there is any thrill that can go through the human heart like that felt by the inventor as he sees some creation of the brain unfolding to success... Such emotions make a man forget food, sleep, friends, love, everything.” - Nikola Tesla

Disclaimer: Views expressed in my posts do not necessarily reflect those views of my employer.

1674 posts

Uber Geek
+1 received by user: 142


  Reply # 753096 30-Jan-2013 09:56 Send private message

quakeguy:
If someone donates to me, I might consider building an image to do easy bridging of VDSL to Ethernet on the 7340 :-)


Oh yes please!  Do you accept digital chocolate fish donations?? :P

266 posts

Ultimate Geek
+1 received by user: 1


  Reply # 983786 10-Feb-2014 23:11 Send private message

I've also managed to build Freetz against my 7340, using a base 05.51 image.  Had to remove several packages to ensure the compiled image size remained small enough.
I requested this thread unlocked as I had an issue trying to add the VDSL sub interface with VLAN 10 tagged traffic.  However I have managed to solve it. 

Thanks to Tim for the original steps.

First you need to ensure VDSL sync is up or the interface won't exist.
I also had to change the order of, getting rid of AVM's 'dsld', if I killed it first the VDSL interface would state it is down.

# remove eth1 from the LAN bridge
brctl delif lan eth1

# make a new bridge instance called 'dslbr'
brctl addbr dslbr

# get rid of AVM's 'dsld' proprietary software
killall dsld

# add a subinterface representing VLAN 10-tagged traffic to the VDSL interface 
vconfig add vdsl 10

# bring both vdsl and vdsl.10 subinterface up
ifconfig vdsl up
ifconfig vdsl.10 up

# add vdsl.10 subinterface and eth1 interface to bridge
brctl addif dslbr vdsl.10
brctl addif dslbr eth1

# bring the bridge up
ifconfig dslbr up


Tim any progress is making this persistent across a reset/reboot of the Fritzbox?
My next steps will be to try create a startup script and see if it can be added to the boot process.







My opinions and ideas expressed in posts are solely my own and do not reflect the views of my employer in any way..

Create new topic





Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when new jobs are posted to our jobs board:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:




News »

Trending now »
Hot discussions in our forums right now:

Telecom introduces unlimited broadband data plan
Created by freitasm, last reply by josephhinvest on 25-Apr-2014 14:41 (112 replies)
Pages... 6 7 8


Stonedine
Created by Lizard1977, last reply by mattwnz on 24-Apr-2014 15:45 (67 replies)
Pages... 3 4 5


Windows 8 System Mechanics
Created by eme, last reply by eme on 24-Apr-2014 21:10 (20 replies)
Pages... 2


Using my Mac to ring family in the UK
Created by Geektastic, last reply by nakedmolerat on 24-Apr-2014 11:28 (19 replies)
Pages... 2


Telecom has started metering their TiVo customers' broadband usage (WITHOUT PRENOTIFICATION)
Created by Peteriv, last reply by mattwnz on 24-Apr-2014 15:11 (74 replies)
Pages... 3 4 5


Parallel imported product
Created by Wills1, last reply by joker97 on 23-Apr-2014 21:01 (53 replies)
Pages... 2 3 4


Forms of government for New Zealand
Created by charsleysa, last reply by gzt on 25-Apr-2014 14:22 (181 replies)
Pages... 11 12 13


MH370 - Call for Search & Rescue Help
Created by DS248, last reply by Technofreak on 25-Apr-2014 12:43 (751 replies)
Pages... 49 50 51



Geekzone Live »
Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.