Master Shaper


Mastershaper is a composite tool designed to filter and control ip traffic of all types.  It is composed of five primary tools:  a specially compiled 2.6 kernel, l7-filter, iptables, ipp2p, and mastershaper.  This document walks through the integration and configuration of each of these tools.

The installation is based upon the Debian Etch 2 installation with Apache 2.

Kernel Preparation

Make sure you've got the latest and most appropriate kernel for your machine, by using the appropriate base build documentation.

Install tools:

apt-get install yaird
apt-get install kernel-package libncurses5-dev fakeroot wget bzip2
cd /usr/src
tar -xjf linux-source-2.6.15.tar.bz2
cd linux-source-2.6.15
make menuconfig
general: append version info

In the menu, load the alternate configuration file from /boot/config-2.6.15-1-686, or which ever is appropriate for the kernel you have loaded.  Make any appropriate adjustments to the configuration.  Exit the menu.  By leaving all defaults as they were, you can rebuld the kernel in its default configuration.  We'll then make further modifications.

make-kpkg clean
fakeroot make-kpkg --initrd --revision=mastershaper.1.0 kernel_image
cd ..
dpkg -i linux-image-2.6.15_mastershaper.1.0_i386.deb

When the image comes back up (you may need to manully select the new image, as well as update /boot/, run 'uname -a' to check the build date to confirm it is your new basic rebuild.

Obtain and install the l7-filter and related patches:

cd /usr/src
tar -zxvf netfilter-layer7-v2.2.tar.gz
cd linux-source-2.6.15
patch -p1 < ../netfilter-layer7-v2.2/kernel-2.6.13-2.6.16-layer7-2.2.patch

After patching the kernel, install the patterns:

cd /usr/src

tar -zxvf l7-protocols-2006-06-03.tar.gz
cd l7-protocols-2006-06-03
make install

Some changes are required to iptables before compiling the kernel.

apt-get remove iptables 
cd /usr/src
cd pub/iptables
get iptables-1.3.5.tar.bz2
bzip2 -d iptables-1.3.5.tar.bz2 
tar -xvf iptables-1.3.5.tar
cd iptables-1.3.5
patch -p1 < ../netfilter-layer7-v2.2/iptables-layer7-2.2.patch
chmod +x extensions/.layer7-test
cd /usr/src
cd pub/patch-o-matic-ng/snapshot
get patch-o-matic-ng-20060626.tar.bz2
tar -xjvf patch-o-matic-ng-20040621.tar.bz2
cd patch-o-matic-ng-20060626
export KERNEL_DIR=/usr/src/linux-source-2.6.15
export IPTABLES_DIR=/usr/src/iptables-1.3.5
./runme extra
** add the 'time', 'ipp2p', 'route' modules
cd ../iptables-1.3.5
make KERNEL_DIR=/usr/src/linux-source-2.6.15
make install KERNEL_DIR=/usr/src/linux-source-2.6.15

Build the kernel again:

make-kpkg --initrd --revision=mastershaper.1.1 kernel_image


Install MasterShaper

MasterShaper is the web site front end for controlling and monitoring the kernel tools just installed. 

apt-get install mysql-server

Create the database and assign privileges:

create database shaper;
grant all privileges on shaper.* to 'shaper'@'localhost' identified by 'shaper' with grant option;

Download and install MasterShaper:

cd /usr/src

tar -xjvf mastershaper_0.44.tar.bz2
cd MasterShaper-0.44
mkdir /var/www/shaper
cp -R htdocs/* /var/www/shaper/
chown -R www-data.www-data /var/www/shaper
cd /usr/src

Install some libraries:

apt-get install iproute

apt-get install libphp-jpgraph
apt-get install php-pear
apt-get install sudo
apt-get install php-db
apt-get install php4-mysql
apt-get install libphp-phplayersmenu
pear install DB Net_IPv4
cd /var/www/shaper
ln -s /usr/share/php/libphp-phplayersmenu phplayersmenu
ln -s /usr/share/jpgraph jpgraph


Usage Notes

To get help on the IPP2P IPTables plugin:

iptables -m ipp2p --help

To run the GUI:


On the first configuration screen, iptables should be set to '/usr/local/sbin/iptables'.

