Igmpproxy настройка на шлюзе Linux Debian
Материал из support.qbpro.ru
Версия от 15:32, 10 сентября 2022; imported>Vix (Новая страница: «* Установка на системе '''Debian 10''' и настройка '''igmpproxy''' поэтапно: * Скачиваем igmpproxy: wget -c https:/...»)
- Установка на системе Debian 10 и настройка igmpproxy поэтапно:
- Скачиваем igmpproxy:
wget -c https://github.com/pali/igmpproxy/archive/refs/heads/master.zip
или
git clone https://github.com/pali/igmpproxy.git
- Сборка пакета:
cd igmpproxy ./autogen.sh ./configure --prefix=/ --sbindir=/usr/sbin/ --sysconfdir=/etc/ make -j2 sudo checkinstall -D -y --pkgname=igmpproxy --pkgversion=0.3 --install=no
- Установка:
sudo dpkg -i igmpproxy_0.3-1_amd64.deb
- Настройка:
Так как к сожалению нет в исходниках готовой поддержки deb, скрипт запуска делаем сами:
touch /etc/init.d/igmpproxy mcedit /etc/init.d/igmpproxy
Вставляем:
#!/bin/sh ### BEGIN INIT INFO # Provides: igmpproxy # Required-Start: $local_fs $network $remote_fs $syslog # Required-Stop: $local_fs $network $remote_fs $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: IGMP multicast routing daemon # Description: IGMPproxy is a simple dynamic Multicast Routing Daemon # using only IGMP signalling. It's intended for simple # forwarding of Multicast traffic between networks. ### END INIT INFO # Author: Pali Rohár <pali.rohar@gmail.com> # Do NOT "set -e" # PATH should only include /usr/* if it runs after the mountnfs.sh script PATH=/sbin:/usr/sbin:/bin:/usr/bin DESC="igmpproxy" NAME=igmpproxy DAEMON=/usr/sbin/igmpproxy DAEMON_ARGS="-n /etc/igmpproxy.conf" PIDFILE=/var/run/$NAME.pid SCRIPTNAME=/etc/init.d/$NAME # Exit if the package is not installed [ -x "$DAEMON" ] || exit 0 # Read configuration variable file if it is present [ -r /etc/default/$NAME ] && . /etc/default/$NAME # Load the VERBOSE setting and other rcS variables . /lib/init/vars.sh # Define LSB log_* functions. # Depend on lsb-base (>= 3.2-14) to ensure that this file is present # and status_of_proc is working. . /lib/lsb/init-functions # # Function that starts the daemon/service # do_start() { # Return # 0 if daemon has been started # 1 if daemon was already running # 2 if daemon could not be started start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ || return 1 start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -b -m -- \ $DAEMON_OPTS $DAEMON_ARGS \ || return 2 # The above code will not work for interpreted scripts, use the next # six lines below instead (Ref: #643337, start-stop-daemon(8) ) #start-stop-daemon --start --quiet --pidfile $PIDFILE --startas $DAEMON \ # --name $NAME --test > /dev/null \ # || return 1 #start-stop-daemon --start --quiet --pidfile $PIDFILE --startas $DAEMON \ # --name $NAME -- $DAEMON_ARGS \ # || return 2 # Add code here, if necessary, that waits for the process to be ready # to handle requests from services started subsequently which depend # on this one. As a last resort, sleep for some time. } # # Function that stops the daemon/service # do_stop() { # Return # 0 if daemon has been stopped # 1 if daemon was already stopped # 2 if daemon could not be stopped # other if a failure occurred start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME RETVAL="$?" [ "$RETVAL" = 2 ] && return 2 # Wait for children to finish too if this is a daemon that forks # and if the daemon is only ever run from this initscript. # If the above conditions are not satisfied then add some other code # that waits for the process to drop all resources that could be # needed by services started subsequently. A last resort is to # sleep for some time. start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON [ "$?" = 2 ] && return 2 # Many daemons don't delete their pidfiles when they exit. rm -f $PIDFILE return "$RETVAL" } # # Function that sends a SIGHUP to the daemon/service # do_reload() { # # If the daemon can reload its configuration without # restarting (for example, when it is sent a SIGHUP), # then implement that here. # start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME return 0 } case "$1" in start) [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC " "$NAME" do_start case "$?" in 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; esac ;; stop) [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" do_stop case "$?" in 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; esac ;; status) status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? ;; #reload|force-reload) # # If do_reload() is not implemented then leave this commented out # and leave 'force-reload' as an alias for 'restart'. # #log_daemon_msg "Reloading $DESC" "$NAME" #do_reload #log_end_msg $? #;; restart|force-reload) # # If the "reload" option is implemented then remove the # 'force-reload' alias # log_daemon_msg "Restarting $DESC" "$NAME" do_stop case "$?" in 0|1) do_start case "$?" in 0) log_end_msg 0 ;; 1) log_end_msg 1 ;; # Old process is still running *) log_end_msg 1 ;; # Failed to start esac ;; *) # Failed to stop log_end_msg 1 ;; esac ;; *) #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 exit 3 ;; esac :
и сохраняем.
присваиваем права на запуск:
chmod 0755 /etc/init.d/igmpproxy chown root:root /etc/init.d/igmpproxy
устанавливаем автозапуск:
update-rc.d igmpproxy defaults
Пояснение: эти настройки для init.d для systemd требуется иное.
теперь пример конфига:
######################################################## # # Example configuration file for the IgmpProxy # -------------------------------------------- # # The configuration file must define one upstream # interface, and one or more downstream interfaces. # # If multicast traffic originates outside the # upstream subnet, the "altnet" option can be # used in order to define legal multicast sources. # (Se example...) # # The "quickleave" should be used to avoid saturation # of the upstream link. The option should only # be used if it's absolutely nessecary to # accurately imitate just one Client. # ######################################################## ##------------------------------------------------------ ## Enable Quickleave mode (Sends Leave instantly) ##------------------------------------------------------ quickleave ##------------------------------------------------------ ## Configuration for eth0 (Upstream Interface) - интерфейс который смотрит наружу ##------------------------------------------------------ phyint enp1s0 upstream ratelimit 0 threshold 1 altnet 213.183.34.0/24 # Узнаем из вывода tcpdump или igmpproxy -vd /etc/igmpproxy.conf altnet 224.0.0.0/24 altnet 5.61.54.61/32 altnet 239.255.255.0/24 ##------------------------------------------------------ ## Configuration for eth1 (Downstream Interface) интерфейс который смотрит в локальную сеть. ##------------------------------------------------------ phyint enp2s0 downstream ratelimit 0 threshold 1 ##------------------------------------------------------ ## Configuration for eth2 (Disabled Interface) ##------------------------------------------------------ phyint eth2 disabled