Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.

ForumsSnapFritzbox 7340 iptables


2 posts

Wannabe Geek
Topic # 113769 27-Jan-2013 20:57 Send private message

Hi! I'm trying to count vdsl traffic on a per-user basis for everyone on my lan.

Has anyone managed to get iptables running on the Fritzbox 7340/7390?



I have freetz-trunk installed on my 7340 with the iptables binary, but ip_tables.ko doesn't seem to get built into the firmware image / doesn't appear in lsmod... The iptables binary appears to work correctly, but the counts it gives are inaccurate, far too small, and nothing ever counts on the vdsl interface. The counts in ifconfig seem realistic however.

From a brief chat auf deutsch on ##fritzbox i understand the ikanos fusiv chip in the fritzbox does some hardware accelerated routing that bypasses the kernel stack, but no specific fusiv iptables module exists to make this work properly..

Any ideas?



Worst-case scenario is i have to disable wifi on the fritzbox and put another linux machine (with working iptables) and another wifi router inbetween the vdsl and my lan.. which seems like a lot of hassle..

Create new topic
870 posts

Ultimate Geek
  Reply # 751776 28-Jan-2013 10:00 Send private message

maybe just use the fritzbox as a bridge, then you just need a linux box, set it up as dhcp server, and have all the traffic go through it and forward to the fritzbox.

hardware accelerated routing, and small counters makes me think you're going to struggle to do anything on the router itself, whether you use wifi, ethernet, or vdsl interfaces to monitor, but you should be able to continue to use the wifi on the fritzbox.

96 posts

Master Geek
  Reply # 752966 29-Jan-2013 22:51 Send private message

Could always full bridge it back to a linux box then hack together vlan tagging and use wifi on a different vlan back in?

Haven't tried it myself but im sure its possible.

917 posts

Ultimate Geek

Trusted
  Reply # 752993 29-Jan-2013 23:59 Send private message

Save yourself a lot of time and trouble mate, bridge / double NAT it and use another firewall product between the Fritz and the LAN.  I use Astaro (now Sophos) which has the best per-IP traffic accounting out there in a free product (& believe you me, I've looked at EVERYTHING).  The only down-side is that you won't be able to use the wireless on the fritz unless you do some fancy configuration, but I've looked at this extensively in the past and this is the best setup I've been able to come up with.

80 posts

Master Geek

Trusted
  Reply # 753088 30-Jan-2013 09:45 Send private message

I've built Freetz against the 7340 and iptables works, but loading ipt_nat.ko causes the box to lock up every time.

I'm not even sure conntrack loads, so -m state is a no-go.

I did manage to get mine to bridge the VDSL to Ethernet using Freetz, by killing AVM's dsld, unplugging eth1 from the default bridge, and adding both it and the 'vdsl' interface to a new bridge instance.
So the 'vdsl' EFM interface is treated just like Ethernet, and you can even add vlans to it with vconfig; this leads me to believe that NAT is the only hurdle left and we're home and hosed.

If someone donates to me, I might consider building an image to do easy bridging of VDSL to Ethernet on the 7340 :-)

Bridging ADSL to Ethernet is not possible (without arcane wizardry). When connected to an ADSL line, the Fritz creates an ATM interface; when connected to VDSL, the Fritz creates an EFM interface (Ethernet-compatible).

In the meantime, here's something useful for technical-types:

### YOU NEED THE FREETZ FIRMWARE, with vlan and bridge support compiled into the kernel ###
### THIS WON'T DIRECTLY WORK on the 7390 because the internal interface topology is different, there is a switch in the way! ###

# get rid of AVM's 'dsld' proprietary software
killall dsld

# remove eth1 from the LAN bridge
brctl delif lan eth1

# make a new bridge instance called 'dslbr'
brctl addbr dslbr

# add a subinterface representing VLAN 10-tagged traffic to the VDSL interface
vconfig add vdsl 10

# bring both vdsl and vdsl.10 subinterface up
ifconfig vdsl up
ifconfig vdsl.10 up

# add vdsl.10 subinterface and eth1 interface to bridge
brctl addif dslbr vdsl.10
brctl addif dslbr eth1

# bring the bridge up
ifconfig dslbr up


Now you should be able to connect to LAN 2 on the Fritz and see your ISP's PPPoE concentrator.

#todo: replace usage of vconfig and ifconfig with ip to make the elitists happy




Tim.

1137 posts

Uber Geek
  Reply # 753096 30-Jan-2013 09:56 Send private message

quakeguy:
If someone donates to me, I might consider building an image to do easy bridging of VDSL to Ethernet on the 7340 :-)


Oh yes please!  Do you accept digital chocolate fish donations?? :P

Create new topic
Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when new jobs are posted to our jobs board:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:




News »
IBM supports business success with Unitec scholarships
Posted 18-Jun-2013 14:47

Dell simplifies delivery and implementation of end-to-end desktop virtualization solutions
Posted 18-Jun-2013 14:12

2degrees secures finance with BNZ and plans for 4G network in 2014
Posted 18-Jun-2013 14:06

New Zealanders hold organisations and government responsible for securing data collected by mobile apps
Posted 18-Jun-2013 13:39

Wellington City Council taps Snapper for contactless payment for parking (with video)
Posted 18-Jun-2013 12:00

Kiwi company introduces physics-based puzzles for iOS devices
Posted 18-Jun-2013 11:38


Trending now »
Hot discussions in our forums right now:

Condenser Dryer: anyone has one?
Created by joker97, last reply by graemew on 18-Jun-2013 21:08 (31 replies)
Pages... 2 3

Slow YouTube Response
Created by SneakerPimps, last reply by mercutio on 18-Jun-2013 21:34 (23 replies)
Pages... 2

sky outbid for EPL rights
Created by JonnyCam, last reply by stuzzo on 19-Jun-2013 09:08 (45 replies)
Pages... 2 3

Calling all mazda 3/Axela owners in NZ
Created by coolcat21, last reply by nickb800 on 19-Jun-2013 09:16 (32 replies)
Pages... 2 3

Stationary Vehicle Infringement Notice Has Wrong Details
Created by Wheelbarrow01, last reply by Dratsab on 18-Jun-2013 23:46 (33 replies)
Pages... 2 3

Finding strongest carrier signal in a given location
Created by timmmay, last reply by timmmay on 16-Jun-2013 14:51 (16 replies)
Pages... 2

HTC One (2013) owners' discussion
Created by Dingbatt, last reply by bradstewart on 18-Jun-2013 23:28 (1818 replies)
Pages... 120 121 122

Anyone else watching paint dry?
Created by gnfb, last reply by Slingshot on 19-Jun-2013 08:51 (28 replies)
Pages... 2


Geekzone Jobs »
Most recent NZ jobs in technology:

Senior Unity Game Engine Developer Required
Posted 19-Jun-2013 08:38

Software Tester - $75-85k - Ellerslie
Posted 19-Jun-2013 08:38

Senior C++ Developer $90k-$120k
Posted 19-Jun-2013 08:37

MySql DBA required - contract Role - 3 mths
Posted 19-Jun-2013 08:37

C#, ASP.net Developers. $75-120k neg.
Posted 19-Jun-2013 08:37

Android Mobile Apps Developer reqd -$70-85K
Posted 19-Jun-2013 08:37

Presales Role with Microsoft tool exp - $100-120K
Posted 19-Jun-2013 08:37


Geekzone Live »
Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Updates »
Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.