In the world of computer networking and computer science, the word bandwidth (also known as network bandwidth or data bandwidth) is a term used to refer various bit-rate measures, representing the available or consumed data communication resource. The measurement is expressed in unit bits per seconds or multiples of it (bit/s, kbit/s, Mbit/s, Gbit/s, etc).
In a simpler words, we can treat bandwidth as a road connecting internet, connecting a computer to computer. The road may broad, and also can be narrow. Broader the road, more vehicles or carriage can pass through, and vice versa. In this term, the capacity of vehicles is determined by the road. And so the network bandwidth. A broader network means larger data can pass. Increasing in bandwidth will increase rate of data to pass.
Widely, the data transfer is divided into two mode: transmit and receive. We can call these as upload and download.
A network administrator could have a headache when dealing with bandwidth management. In some limited bandwidth place, usage of download manager can cut or even take all bandwidth available. Yes, they can use all the bandwidth on network. In that term we should manage the bandwidth and use it efficiently. One of tools to do that is WebHTB.
In this article we will discuss about how to use WebHTB to control the traffic and limit the bandwidth on network. For that purpose, I use followings:
- Slackware64 14.0
- bandwidth limitation using public IP addresses, using the two configuration files for upload and download
- bandwidth limitation using private IP address (SNAT), using a single configuration file
- match mark
- match mark in u32
- match MAC address in u16 adn u32 for both download and upload
- metropolitan/external limitation
- can ignore upload when mark is set
Obtaining the Material
- iproute with tc
- SSH2 server accepting root logins from localhost
- modules compiled into kernel like: sch_sfg, cls_u32, sch_htb, sch_ingress, act_police, and optionally sch_esfg
WebHTB use SSL Certificate to operate. Thus you need to create proper SSL certificate. Make sure you have OpenSSL installed. You can check whether you have OpenSSL or not by invoke openssl command. If a prompt appear like this:
Then you have one. Otherwise, you should install OpenSSL for Slackware first.
Once you have install it, create a certificate. This procedure is similar to creating SSL certificate on FreeBSD. In these commands, we will generate keys for the Certificate Signing Request (CSR). At first attempt we create secure one with passphrase. The next one we create key which doesn’t use passphrase (we call it insecure one). After the CSR is created, we create the Self Signed Certificate. In the last stage, we install them on special folder /etc/ssl/. Followings are the actual commands:
openssl genrsa -des3 -out server.key 1024 openssl rsa -in server.key -out server.key.insecure mv server.key server.key.secure mv server.key.insecure server.key openssl req -new -key server.key -out server.csr openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt cp server.crt /etc/ssl/certs cp server.key /etc/ssl/private
Next we need to alter some configuration on /etc/httpd/httpd.conf. On that file, make sure the mod_ssl.so is loaded. Thus you will have a line like this (change lib64 with lib if you have Slackware 32 bit): LoadModule ssl_module lib64/httpd/modules/mod_ssl.so
And make sure you have activated Include /etc/httpd/extra/httpd-ssl.conf on it.
Now adjust the location of SSL certificate described on httpd.conf. Make sure you point the location to our newly created certificate. You may alter SSLCertificate “/etc/httpd/server.crt” to SSLCertificate “/etc/ssl/cert/server.crt”, and SSLCertificateKeyFile “/etc/httpd/server.key” to SSLCertificateKeyFile “/etc/ssl/private/server.key”.
Restart the apache server and check directory on apache’s mod-config. These commands:
/etc/rc.d/rc.httpd restart nano /etc/httpd/extra/httpd-ssl.conf
Now go to /var and extract the WebHTB source file using:
tar -jxf WebHTB_V2.9.bz2
Now you should have /var/webhtb directory. Then change the ownership so apache can access it:
chown -R apache.apache /var/webhtb
Now edit /etc/httpd/extra/httpd-vhosts.conf and add following lines before end of file:
Alias /webhtb /var/webhtb <Directory "/var/webhtb"> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory>
Restart apache. Once you have passed this stage, then you have successfully install WebHTB.
To access WebHTB, open browser (firefox, chrome, konquer, etc) then write down following to url bar:
If it is successful, then something like this will be printed to your display. Fill the field which has red color:
Once we pass the download process and finish configuring, we don’t need the installer anymore. Therefore, we have to remove it so it won’t be problem. To do so do following:
cd /var/webhtb rm -rf install
Now you should see something like this when you want to access WebHTB:
Now, here is the important part, the configuration. In this section we will discuss about a simple scenario.
Here we want to add classes: segment name which will be limited. Moreover, we also needed to limit bandwidth allocation and amount of limitation.
Login to WebHTB and choose tab Classes then something similar here:
Then choose add client tab and write down IP address which will be limited.
The configuration won’t be activated unless we change the QoS status and activate it. Thus:
Another thing we should monitor is WebHTB’s performance, as seen here:
Happy hackingbandwidth, linux, network