This C daemon was developed to aid management of your services. It's responsible for starting appropriate modules, each performing specific task. Each module makes configuration files based on its template and data from LMS database and manages (restarting) selected services on a server. Modules can also collect statistics, check hosts activity, account payments or notify debtors about their charges. LMS Daemon requires: LMS user interface installation libmysqlclient shared library (included in full MySQL installation or respective "devel" package) or libpq shared library in case of PostgreSQL database use. libdl shared library (present in every modern distribution) C compiler (gcc-2.95.x or higher) ggnotify module needs libgadu library and header files parser module needs flex and bison (version 1.875 or newer). You have to setup some configure options prior to compilation, that can be listed with --help flag of ./configure script (default values shown in brackets): --help help --enable-debug0 SQL queries logging (disabled) --enable-debug1 events logging (disabled) --with-pgsql enables using of PostgreSQL database (disabled) --with-mysql enables using of MySQL database (enabled) --prefix=PREFIX program and modules install directory (/usr/local) --lmsbindir=DIR sets location of target LMS binaries (PREFIX/lms/bin) --lmslibdir=DIR sets location of target LMS modules (PREFIX/lms/lib) --libdir=DIR location of database libraries (/usr/lib) --incdir=DIR location of database header files (/usr/include) --inifile=FILE configuration file - disables online configuration It's required to choose one database which you will use (--with-mysql or --with-pgsql) and location of libraries supplied with database (--incdir, --libdir). You can use only one database. If you change database, you have to recompile your daemon. It's also possible to force daemon to use configuration files instead of database. It can't use both files and db at the same time, you'll need to choose either before compilation. # ./configure --with-pgsql --libdir=/usr/local/pgsql/lib --incdir=/usr/local/pgsql/include After that you can compile and install (put daemon in directory given with --prefix option): # make && make install Compiled modules (files with .so extension), found in directory modules/module_name will be moved to directory PREFIX/lms/lib. Main program goes to PREFIX/lms/bin. Configuration for daemon and modules configuration can be edited through Configuration -> Daemon menu in LMS-UI. Modules configuration is described later, in separate chapters concerning each module. Basic daemon parameters and data for connection to database should be specified as command line options, according to following listing: --dbhost -h host host database is available (default: localhost) --dbname -d db_name database name (default: lms) --dbuser -u user database username (default: lms) --dbpass -p password database password (default: empty) --hostname -H hostname host name where daemon runs; name returned by hostname command is taken as default but it can be overwritten; that name must correspond to the one specified in hosts configuration in UI --pidfile -P pid_file pidfile where daemon write pid (default: none) --ssl -s use SSL connection (default: disabled) --command -c command shell command to execute before every database connection (default: empty) --instance -i "instance[ ...]" list of instances to reload; other instances will be ignored --reload -q do reload and exit --reload-all -r do reload of all instances (including those with specified crontab) and exit --foreground -f run in foreground (don't fork) --version -v prints version and copyright info Database connection options can be also read from enviroment variables: LMSDBPASS, LMSDBNAME, LMSDBUSER, LMSDBHOST, LMSDBPORT. List of instances should contain instance names separated with spaces. Spaces in instance name should be replaced by '\s' sequence, i.e. lmsd -i "my\sinstance". Daemon configuration is divided into hosts (which makes possible to configure and reload several different daemons installed on numerous hosts/routers) and configuration sections called as instances. Instance configuration, besides config modules params, have to contain the following primary options: Name Instance name, unique for each daemon (host where daemon is running). Example: system Priority Priority number, which defines instances reload sequence. Example: 10 Module Module name (with or without .so extension). If path is not specified daemon will search module in PREFIX/lms/lib directory, where modules are being placed after "make install". Example: /usr/lib/system.so Crontab Module execution time specified in crontab style. All data must be numeric. Following example executes instance each 5 minutes between 8 and 18 hour every day. If crontab is empty, instance will be reloaded only with UI reload. Default: empty. Example: */5 8-18 * * * Configuration changes does not require restarting daemon. By default program runs in daemon mode. In this mode configuration and services reload is performed on demand using 'Reload' menu in LMS-UI. Reload order and configuration checks (especially instances list and configuration of them) is done each minute. When daemon detects reload order, it runs all enabled instances. Instances with crontab specified will be executed at scheduled time. Other way to run daemon is disposable reload using '-q' command line option. This is useful for tests, and in conjunction with '-i' option allows to run selected instances regardless of crontab entries for the rest of instances. As we stated before daemon can only run modules and they are doing all the job. Most modules are designed to specific application, only 'hostfile' can be used to create many different configs (and manage numerous services), ie. various firewall types. Module configuration parameters MUST be placed in appropriate instance section. Name Description Shell commands execution Universal T-Script scripts parser Configuration of DHCP server Disconnection of indebted users Configuration of DNS server /etc/ethers file creation Universal module (eg. making iptables rules) Email notify about payments Gadu-Gadu (polish internet messenger) notify about payments Payments accounting Configuration of oident daemon Making HTB rules Internet link usage statistics Users activity (online) scanning This module does only one thing: it runs given Linux shell command or/and SQL query. It can be useful if you want to execute some command or run external script while configuration is being reload, eg. one of scripts in LMS /bin directory. SQL command is executed first. You can define command strings or SQL queries. Commands will be executed via shell, separated by semicolons: sql SQL command. Default: empty. Example: command = 'DELETE FROM stats WHERE dt < %NOW% - 365*86400' command Shell command(s). Default: empty. Example: command = 'echo -n "hello "; echo "world"' Module calculates subscription and solid fees for customers, basing on current date. It should be executed once a day. Payments are calculated basing on customers liabilities and written to database with description filled in 'comment' field. If appropriate, invoices are created. Description of solid payment is a combination of liability and creditor name. At the end outdated liabilities are being removed from database. You can use following options for this module: comment Description of operation. '%period' will be replaced by start and end date of subscription, e.g. '2003/10/10 - 2003/11/09', '%tariff' by name of liability, %month by full name of current month and %year by current year, %next_mon by next month in YYYY/MM format. Default: 'Subscription: '%tariff' for period: %period'. Example: comment = 'Subscription %tariff' settlement_comment Description of settlement operation. '%period' will be replaced by start and end date of settlement period, e.g. '2003/10/20 - 2003/11/09', and '%tariff' by name of liability. Defaults to comment option. Example: settlement_comment = 'Settlement of subscription %tariff'. up_payments How should period in comment be counted - forward or backward relatively to date of write out. Default: yes. Example: up_payments = no expiry_days Defines number of days from date of liability expiration, after which that liability will be removed from database. When you set '0' data will be removed immediately after date of the write out. Default: 30. Example: expiry_days = 365 deadline Payment deadline in days. Default: 14. Example: deadline = 21 paytype Payment type identifier (1-cash, 2-transfer, 3-transfer/cash, 4-card, 5-compensation, 6-barter, 7-contract). Default: 2 (transfer). Example: paytype = 1 numberplan ID of invoices numbering plan defined in Configuration -> Numbering Plans. Default: 0 (default plan). Example: numberplan = 1 check_invoices Enables checking of invoices as accounted for customers with balance equal or greater than zero. Default: false. Example: check_invoices = 1 networks List of network names to restrinct customers for accounting. Default: empty (all networks). Example: networks = "lan1 lan2" excluded_networks List of excluded network names to restrinct customers for accounting. Default: empty (none). Example: excluded_networks = "lan3 lan4" customergroups List of customers groups to restrict customers for accounting. Default: empty (all groups). Example: customergroups = "group1 group2" excluded_customergroups List of excluded customers groups to restrict customers for accounting. Default: empty (none). Example: excluded_customergroups = "group3 group4" Module 'notify' is designed to inform customers about their debt using electronic mail. Current customer balance is compared to 'limit' option, if it's beneath that limit - message will be sent. Message content is taken from template, which may include the following variables: %saldo - current customer balance (also %b) %B - absolute value of current customer balance %pin - customer PIN %name - customer forename %lastname - company name or customer lastname %last_10_in_a_table - last 10 operations on customer account Configuration options for 'notify' module are presented below: template Location of message template file. Default: empty. Example: template = modules/notify/sample/mailtemplate file Location of temporary file. Default: /tmp/mail Example: file = /tmp/mail.txt command Shell command for sending an e-mail. '%address' will be replaced by customer e-mail address. Default: 'mail -s "Liabilities Information" %address < /tmp/mail'. Example: command = 'mail -s "You must pay or ..." $address < /tmp/mail.txt' limit Message is sent when customer balance will decrease below value defined in this option. Default: 0 Example: limit = -20 debug_mail If set, all messages goes to this address, instead of sending them to customers. Useful for testing. Default: empty. Example: debug_mail = tester@my.net Equivalent of 'notify' module developed to send gadu-gadu instant messages. Gadu-Gadu is most popular polish internet messenger. Module require libgadu shared library and sources of ekg program. Appropriate paths for them must be present in modules/ggnotify/Makefile before module compilation. Options similar to 'notify' module might be also used here: template Location of message template file. Default: empty. Example: template = modules/notify/sample/mailtemplate uin Gadu-gadu identifier number of message sender. Default: empty. Example: uin = 1234567 password Password for account specified by 'uin'. Default: empty. Example: password = "my_HURD.password" limit Message is sent when customer balance will decrease below value defined in this option. Default: 0 Example: limit = -20 debug_uin If is set, all messages will go to that 'uin'. Default: empty. Example: debug_uin = 7654321 Cutoff do change nodes status to 'disconnected' and/or enable warnings for customers, which have debts greater than specified limit. Also, disables computers due to assignments expiration. This module does not doing actual blocking of network access. You can use following options for 'cutoff' module: limit Disconnection occurs when customer balance decreases below specified limit as numeric value or as percentage of sum of customer's monthly assignments (with '%' sign). Default: 0. Example: limit = -20 command Specifies system command, that is executed if at least one customer should be disconnected or warning should be enabled. Default: empty. Example: command = 'lmsd -qi firewall' warning Enable warning for disconnected customer and write him WWW browser message specified in this option. If empty, warning will be not enabled. Date in message is substituted providing '%time' variable. You can also use %B for real customer balance and %b for unsigned balance value. Default: 'Blocked automatically due to payment deadline override at %time". Example: warning = "" expired_warning Sets the message to customer when disabling his computers access due to all assignments expiration. If empty, warning will be not set. Date in message is substituted providing '%time' variable. Default: 'Blocked automatically due to tariff(s) expiration at %time'. Example: expired_warning = "" warnings_only Here you can to decide, if you want to use this module only for warnings or to actually cut people off. Works for customers with assignments. Default: false. Example: warnings_only = true setnodegroup_only Sets nodes group name. Module assigns to that group all computers of customer who exceeds value or invoice limit. Customer's status isn't changed. Default: none. Example: setnodegroup_only = blocked_nodes disable_suspended Use this option to disable customers with suspended all current assignments. Default: false. Example: disable_suspended = true use_nodeassignments You should enable this option only if you are using nodes with tariffs assignments. In other way tariffs assignments with customers are checked. Default: false. Example: use_nodeassignments = true use_customerassignments You should disable this option only if you don't want to check assignments (or node assignments are used). Default: true. Example: use_customerassignments = false check_invoices This option enables additional checking if customer has unpayed invoices with deadline date older than date specified in 'deadline' option. Default: false. Example: check_invoices = true deadline Sets period in days (from invoice deadline date), after which unpayed invoice is considered for 'check_invoices' check. By default, customer would be blocked just after deadline. Default: 0. Example: deadline = 30 customergroups List of customers groups to restrict customers for accounting. Default: empty (all groups). Example: customergroups = "group1 group2" excluded_customergroups List of excluded customers groups to restrict customers for accounting. Default: empty (none). Example: excluded_customergroups = "group3 group4" networks List of network names to get into consideration. Default: empty (all networks). Example: networks = 'lan1 lan2' excluded_networks List of network names to exclude. Default: empty (none). Example: excluded_networks = 'lan3 lan4' Module responsible for management of DHCP server, creates configuration file and restarts service. It's possible to execute other functions (programs) with 'command' option. Most of configuration parameters match with parts of DHCP configuration file, and in typical environment doesn't need any changes: file Location of DHCP server configuration file. Default: /etc/dhcpd.conf. Example: file = /etc/dhcp/dhcpd.conf command Shell command executed after config file creation. Default: 'killall dhcpd; /usr/sbin/dhcpd'. Example: command = '/etc/rc.d/rc.dhcpd restart' begin File header. Default: empty. Example: begin = "authoritative;" end File footer. Default: empty. Example: end = "" subnet_start Subnet header. '%a' - name, '%m' - mask, %b - broadcast address. Default: "subnet %a netmask %m {\ndefault-lease-time 86400;\nmax-lease-time 86400;". Example: subnet_start = "subnet %a netmask %m {default-lease-time 3600;" subnet_end Subnet footer. Default: "}". Example: subnet_end = '\t}' subnet_gateway Subnet gateway. '%i' will be changed to IP address. Default: "option routers %i;". Example: subnet_gateway = "option routers %i" subnet_dns Subnet DNS servers. '%i - dns addresses. Default: "option domain-name-servers %i;". Example: subnet_dns = "option domain-name-servers 192.168.0.1" subnet_domain Subnet domain name. '%n' - name. Default: 'option domain-name "%n";'. Example: subnet_domain = 'option domain-name "test.%n";' subnet_wins WINS servers. '%i' - server IP address. Default: "option netbios-name-servers %i;". Example: subnet_wins = "" subnet_range Subnet address range. '%s' - initial address, '%e' - end of range. Default: "range %s %e;". Example: subnet_range = "range %s %e;" host Hosts parameters, where '%n' - host name, '%m' - MAC, '%i' - IP address. Default: "\thost %n {\n\t\thardware ethernet %m; fixed-address %i; \n\t}". Example: host = "host %n {hardware ethernet %m; fixed-address %i;}" networks List of network names that should be included in configuration (case insensitive). Default: empty (all networks). Example: networks = "lan1 lan2" customergroups List of customers groups that should be included in configuration (case insensitive). Default: empty (all groups). Example: customergroups = "group1 group2" Module 'hostfile' is a multipurpose tool. It performs loop on all hosts (nodes and network devices addresses) from database fetching their connection and warnings status, private and public addresses, network that they are connected to and groups of they owners. Because of that it is possible to create any set of firewall rules, or /etc/hosts file. Data is written to file and after that specified shell command can be executed. The following replacement variables can be used in host rule options: %i - IP address, %ipub - public IP address, %id - node ID, %m - MAC address, %ms - comma-separated list of node MACs %n - host name, %p - node (computer) password, %port - device's port to which computer is connected, %l - host location, %devl - location of device to which node is connected, %info - node description, %domain - domain, %net - network name, %gw - gateway address of network, %if - network's interface, %mask - network mask, %addr - network's address, %prefix - network mask CIDR-style prefix, %dns, %dns2 - DNS server addresses, %dhcps, %dhcpe - start and end of DHCP range, %wins - WINS server address, %i16 - IP's last octet in hex, %i16pub - public IP's last octet in hex. %domainpub - domain name of public network, %netpub - public network name, %gwpub - gateway address of public network, %ifpub - public network's interface, %maskpub - public network mask, %addrpub - public network's address, %prefixpub - public network mask CIDR-style prefix, %dnspub, %dns2pub - DNS server addresses in public network, %dhcpspub, %dhcpepub - start and end of DHCP range in public network, %winspub - WINS server address in public network, %customer - node owner's name, %cid - node owner's ID, This module has following options: file Location of generated file. Default: /tmp/hostfile Example: file = /etc/rc.d/rc.firewall command Shell command(s) executed after 'file' creation. Default: empty Example: command = '/bin/sh /etc/rc.d/rc.firewall' begin File header. Default: "/usr/sbin/iptables -F FORWARD\n" Example: begin = "IPT=/usr/sbin/iptables \n$IPT -F FORWARD\n" end File footer. Default: "/usr/sbin/iptables -A FORWARD -J REJECT\n" Example: end = "$IPT -A FORWARD -J REJECT\n" host_begin Host rule header. Default: "" Example: host_begin = "#%n\n" host_end Host rule footer. Default: "" Example: host_end = "\n" grantedhost Line with rule(s) for connected node. Default: "/usr/sbin/iptables -A FORWARD -s %i -m mac --mac-source %m -j ACCEPT\n" Example: grantedhost = "$IPT -A FORWARD -s %i -m mac --mac-source %m -j ACCEPT\n" deniedhost Line with rule(s) for disconnected node. Default: "/usr/sbin/iptables -A FORWARD -s %i -m mac --mac-source %m -j REJECT\n" Example: deniedhost = "$IPT -A FORWARD -s %i -m mac --mac-source %m -j REJECT\n" public_grantedhost Line with rule(s) for connected node with specified public IP. By default rule specified in 'grantedhost' option. Example: public_grantedhost = "$IPT -A FORWARD -s %i -m mac --mac-source %m -j ACCEPT\n$IPT -t nat -A PREROUTING -p tcp -d %ipub -j DNAT --to-destination %i\n$IPT -t nat -A POSTROUTING -s %i -j SNAT --to-source %ipub\n" public_deniedhost Line with rule(s) for disconnected node with specified public IP. By default rule specified in 'deniedhost' option. Example: public_deniedhost = "" warnedhost Line with rule(s) for node with set warnings flag. Example: warnedhost = "$IPT -A PREROUTING -s %i --dport 80 -p tcp -j REDIRECT --to-port 82\n" public_warnedhost Line with rule(s) for node with set warnings flag and specified public IP. By default rule specified in 'warnedhost' option. Example: public_warnedhost = "" public_replace Specify that rules for public addresses would overwrite main rules or be added to them. Default: enabled. Przykład: public_replace = false warn_replace Specify that rules for nodes with warnings would replace main rules or be added to them. Default: disabled. Przykład: warn_replace = true networks List of network names which members should be included in config (case insensitive). Default: empty (all networks). Example: networks = "lan1 lan2" customergroups List of customer groups names which members should be included in config (case insensitive). Default: empty (all groups). Example: customergroups = "group1 group2" nodegroups List of node groups names which members should be included in config (case insensitive). Default: empty (all groups). Example: nodegroups = "group1 group2" excluded_networks List of network names which members should be excluded from config (case insensitive). Default: empty (none). Example: excluded_networks = "lan3 lan4" excluded_customergroups List of customer groups names which members should be excluded from config (case insensitive). Default: empty (none). Example: excluded_customergroups = "group1 group2" excluded_nodegroups List of node groups names which members should be excluded from config (case insensitive). Default: empty (none). Example: excluded_nodegroups = "group1 group2" skip_dev_ips If enabled (yes, true) network devices (devices that does not belong to customers) will be ignored (omitted). Default: yes Example: skip_dev_ips = no skip_host_ips If enabled (yes, true) hosts IPs (customers nodes) will be ignored (omitted). Default: no Example: skip_host_ips = yes multi_mac If enabled (yes, true) each IP-MAC pair will be listed. Default: no Example: multi_mac = yes 'Traffic' is an equivalent of 'lms-traffic' Perl script,which loads internet link stats to database, from file created by user. That file must have format: host_IP upload download. More information (including how to make such file) can be found in chapter with lms-traffic description. There is only one available option and it's mandatory: file Location of file with firewall stats. Default: /var/log/traffic.log Example: file = /tmp/log Generate script containing iptables and tc rules for traffic control ie. band and customer connections limits. Rules for nodes can be freely defined and used not only for traffic control. Principle of operation of this module is following: First of all all customers data is being retrieved. Totals for limitations (uprate, downrate, upceil, downceil, connection limit) are being calculated for each customer. Then, loop is performed to check networks and groups (if specified). If limit values are not zeroes rules are written to file with variables replacement. The following variables can be used in rules: %name - host name, %i - IP address, %m - MAC, %if - network interface, %uprate, %downrate, %upceil, %downceil, %plimit, %climit, %o1, %o2, %o3, %o4 - IP's octets, %h1, %h2, %h3, %h4 - IP's octets in hex and %x - integer counter with initial value of 100 incremented by one for each node (or customer). Default policy for creating HTB class is one class per all nodes belonging to each customer. It can be changed with 'one_class_per_host' option. Default configuration assumes that your system supports HTB and iptables with modules limit, connlimit, mark and ipp2p. You can patch kernel or use sources available at www.inet.one.pl (polish project, site in PL). There are basic options like groups of customers, file, command, networks and extra options which are define tc and firewall rules available to use. Default config is designed for 512/128 kbit limits and 100mbit links. file Location of file. Default: /etc/rc.d/rc.htb. Example: file = /tmp/rc.htb command Shell command executed after file creation. Default: "sh /etc/rc.d/rc.htb start". Example: command = "chmod 700 /tmp/rc.htb; /tmp/rc.htb start" begin Script header. Default: "#!/bin/sh IPT=/usr/sbin/iptables TC=/sbin/tc LAN=eth0 WAN=eth1 BURST="burst 30k" stop () { $IPT -t mangle -D FORWARD -i $WAN -j LIMITS >/dev/null 2>&1 $IPT -t mangle -D FORWARD -o $WAN -j LIMITS >/dev/null 2>&1 $IPT -t mangle -F LIMITS >/dev/null 2>&1 $IPT -t mangle -X LIMITS >/dev/null 2>&1 $IPT -t mangle -F OUTPUT $IPT -t filter -F FORWARD $TC qdisc del dev $LAN root 2> /dev/null $TC qdisc del dev $WAN root 2> /dev/null } start () { stop $IPT -t mangle -N LIMITS $IPT -t mangle -I FORWARD -i $WAN -j LIMITS $IPT -t mangle -I FORWARD -o $WAN -j LIMITS # incoming traffic $IPT -t mangle -A OUTPUT -j MARK --set-mark 1 $TC qdisc add dev $LAN root handle 1:0 htb default 3 r2q 1 $TC class add dev $LAN parent 1:0 classid 1:1 htb rate 99000kbit ceil 99000kbit quantum 1500 $TC class add dev $LAN parent 1:1 classid 1:2 htb rate 500kbit ceil 500kbit $TC class add dev $LAN parent 1:1 classid 1:3 htb rate 98500kbit ceil 98500kbit prio 9 quantum 1500 $TC qdisc add dev $LAN parent 1:3 esfq perturb 10 hash dst # priorities for ICMP, TOS 0x10 and ports 22 and 53 $TC class add dev $LAN parent 1:2 classid 1:20 htb rate 50kbit ceil 500kbit $BURST prio 1 quantum 1500 $TC qdisc add dev $LAN parent 1:20 esfq perturb 10 hash dst $TC filter add dev $LAN parent 1:0 protocol ip prio 2 u32 match ip sport 22 0xffff flowid 1:20 $TC filter add dev $LAN parent 1:0 protocol ip prio 2 u32 match ip sport 53 0xffff flowid 1:20 $TC filter add dev $LAN parent 1:0 protocol ip prio 1 u32 match ip tos 0x10 0xff flowid 1:20 $TC filter add dev $LAN parent 1:0 protocol ip prio 1 u32 match ip protocol 1 0xff flowid 1:20 # server -> LAN $TC filter add dev $LAN parent 1:0 protocol ip prio 4 handle 1 fw flowid 1:3 # outgoing traffic $TC qdisc add dev $WAN root handle 2:0 htb default 11 r2q 1 $TC class add dev $WAN parent 2:0 classid 2:1 htb rate 120kbit ceil 120kbit # priorities for ACK, ICMP, TOS 0x10, ports 22 and 53 $TC class add dev $WAN parent 2:1 classid 2:10 htb rate 60kbit ceil 120kbit prio 1 quantum 1500 $TC qdisc add dev $WAN parent 2:10 esfq perturb 10 hash dst $TC filter add dev $WAN parent 2:0 protocol ip prio 1 u32 match ip protocol 6 0xff \ match u8 0x05 0x0f at 0 match u16 0x0000 0xffc0 at 1 match u8 0x10 0xff at 33 flowid 2:10 $TC filter add dev $WAN parent 2:0 protocol ip prio 1 u32 match ip dport 22 0xffff flowid 2:10 $TC filter add dev $WAN parent 2:0 protocol ip prio 1 u32 match ip dport 53 0xffff flowid 2:10 $TC filter add dev $WAN parent 2:0 protocol ip prio 1 u32 match ip tos 0x10 0xff flowid 2:10 $TC filter add dev $WAN parent 2:0 protocol ip prio 1 u32 match ip protocol 1 0xff flowid 2:10 # server -> Internet $TC class add dev $WAN parent 2:1 classid 2:11 htb rate 30kbit ceil 120kbit prio 2 quantum 1500 $TC qdisc add dev $WAN parent 2:11 esfq perturb 10 hash dst $TC filter add dev $WAN parent 2:0 protocol ip prio 3 handle 1 fw flowid 2:11 $TC filter add dev $WAN parent 2:0 protocol ip prio 9 u32 match ip dst 0/0 flowid 2:11 Example: begin = "#!/bin/bash\n$TC=/usr/local/sbin/tc\n" end Script footer. Default: } case "$1" in 'start') start ;; 'stop') stop ;; 'status') echo "WAN Interface" echo "=============" $TC class show dev $WAN | grep root $TC class show dev $WAN | grep -v root | sort | nl echo "LAN Interface" echo "=============" $TC class show dev $LAN | grep root $TC class show dev $LAN | grep -v root | sort | nl ;; *) echo -e "\nUsage: rc.htb start|stop|status" ;; esac Example: end = "" one_class_per_host Specify htb class creation policy. By default all computers of customer will be placed in one class. Setting it to 'true' will effect in that rules specified in host_htb_up and host_htb_down will be generated for all customer's computers (with different value of '%x'). Rules host_mark_down, host_mark_up, host_plimit and host_climit are generated for each node regardless of this option setting. Default: false Example: one_class_per_host = 1 host_mark_up Mark rule for each computer. Default: # %n $IPT -t mangle -A LIMITS -s %i -j MARK --set-mark %x Example: host_mark_up = "" host_mark_down Mark rule for each offline computer. Default: $IPT -t mangle -A LIMITS -d %i -j MARK --set-mark %x Example: host_mark_down = "" host_htb_down Rules for each computer executed when uprate and downrate value is above zero. Default: $TC class add dev $LAN parent 1:2 classid 1:%x htb rate %downratekbit ceil %downceilkbit $BURST prio 2 quantum 1500 $TC qdisc add dev $LAN parent 1:%x esfq perturb 10 hash dst $TC filter add dev $LAN parent 1:0 protocol ip prio 5 handle %x fw flowid 1:%x Example: host_htb_down = "" host_htb_up Rules for each computer executed when uprate and downrate value is above zero. Default: $TC class add dev $WAN parent 2:1 classid 2:%x htb rate %upratekbit ceil %upceilkbit $BURST prio 2 quantum 1500 $TC qdisc add dev $WAN parent 2:%x esfq perturb 10 hash dst $TC filter add dev $WAN parent 2:0 protocol ip prio 5 handle %x fw flowid 2:%x Example: host_htb_up = "" host_climit Rule with simultaneous TCP connections limit. Executed when climit value is above zero. Default: $IPT -t filter -I FORWARD -p tcp -s %i -m connlimit --connlimit-above %climit -m ipp2p --ipp2p -j REJECT Example: host_climit = "$IPT -t filter -I FORWARD -p tcp -s %i -m connlimit --connlimit-above -j REJECT" host_plimit Rule with limiting of packets in time unit (here second). Executed when plimit value is above zero. Default: $IPT -t filter -I FORWARD -p tcp -d %i -m limit --limit %plimit/s -m ipp2p --ipp2p -j ACCEPT $IPT -t filter -I FORWARD -p tcp -s %i -m limit --limit %plimit/s -m ipp2p --ipp2p -j ACCEPT Example: host_plimit = "" networks List of network names that should be included in configuration (case insensitive). Default: empty (all networks). Example: networks = "lan1 lan2" customergroups List of customer groups that should be included in configuration (case insensitive). Default: empty (all groups). Example: customergroups = "group1 group2" Configuration of named zones. This is one of most complicated modules to setup. It creates zone files for each network and zone definition entries in named.conf on the basis of template files. Example templates are placed in /modules/dns/sample directory. forward-patterns Directory with zone templates. Default: forward. Example: forward-patterns = /dns/patterns/forward reverse-patterns Directory with reverse zone templates. Default: reverse. Example: reverse-patterns = /dns/patterns/revers generic-forward Default template. It will be used if directory specified by 'forward-patterns' doesn't contain a file with name corresponding to network domain name. Default: modules/dns/sample/forward/generic. Example: generic-forward = /dns/patterns/forward generic-reverse Default template. It will be used if directory specified by 'reverse-patterns' doesn't contain a file with name corresponding to network IP address. Default: modules/dns/sample/reverse/generic. Example: generic-reverse = /dns/patterns/forward forward-zones Directory for generated zone files. Default: modules/dns/sample/out/forward. Example: forward-zones = /dns/forward reverse-zones Directory for generated reverse zone files. Default: modules/dns/sample/out/reverse. Example: reverse-zones = /dns/reverse host-reverse Line in reverse zone file for each computer of given network. Default: "%n IN A %i\n". Example: host-reverse = "\t %n IN A %i\n" host-forward Line in zone file for each computer of given network. Default: "%c IN PTR %n.%d.\n". Example: host-forward = "\t %c IN PTR %n.%d.\n" conf-pattern Location of main template for server configuration file. Default: modules/dns/sample/named.conf. Example: conf-pattern = /dns/patterns/named.conf conf-output Location of main configuration file. Default: /tmp/named.conf. Example: conf-output = /etc/named.conf conf-forward-entry Entry for each zone in main configuration file. Default: 'zone "%n" {\ntype master;\n file "forward/%n"; \nnotify yes; \n}; \n'. Example: conf-forward-entry = 'zone "%n" { \n\ttype master; \n\tfile "forward/%n"; \n\tnotify yes; \n}; \n' conf-reverse-entry Entry for each reverse zone in main configuration file. Default: 'zone "%c.in-addr.arpa" { \ntype master; \nfile "reverse/%c"; \nnotify yes; \n}; \n'. Example: conf-revers-entry = 'zone "%c.in-addr.arpa" { \n\ttype master; \n\tfile "reverse/%c"; \n\tnotify yes; \n}; \n' command Shell command executed after files creation. Default: empty. Example: command = "killall -HUP named" networks List of network names that should be included in configuration (case insensitive). Default: empty (all networks). Example: networks = "lan1 lan2" customergroups List of customer (user) groups that should be included in configuration (case insensitive). Default: empty (all groups). Example: customergroups = "group1 group2" This module creates configuration for system ARP table. Setting option 'dummy_macs' will put mac address 00:00:00:00:00:00 for all disconnected computers. Basic options: file Location of output file. Default: /etc/ethers. Example: file = /tmp/ethers command Shell command to execute after config file creation. Default: 'arp -f /etc/ethers'. Example: command = "" dummy_macs If you set to 'yes', disconnected computers will get MAC '00:00:00:00:00:00'. Default: "no". Example: dummy_macs = yes networks List of network names that should be included in configuration (case insensitive). Default: empty (all networks). Example: networks = "lan1 lan2" customergroups List of customer groups names that should be included in configuration (case insensitive). Default: empty (all groups). Example: customergroups = "group1 group2" Module for oidentd configuration. Basically it can be created with hostfile module, but here you have ready-made default settings for this purpose. And here are the options of oident: begin Text inserted on the beginning of file. Default: empty. Example: begin = "#Auto-generated\n" end Text inserted on the end of file. Default: empty. Example: end = "" host Line of text for each of computers. Default: "%i\t%n\tUNIX". Example: host = "%i %n WINDOWS" file Configuration file. Default: /etc/oidentd.conf. Example: file = /tmp/identd.conf networks List of networks. Default: empty (all networks). Example: networks = 'lan1 lan2' command Shell command(s) to execute after file creation. Default: empty. Example: command = "killall -HUP oidentd" Module pinger is an equivalent of lms-fping Perl script, however it has some fundamental differences. It doesn't need external program to check hosts availability and work with use of ARP protocol and thus it can perform network scanning about 2 times faster. Also there are no problems with hosts with ping response disabled or firewalled. After scanning, last-seen time is set for all online hosts in database used to illustrate hosts activity on nodes list and network map. Pinger for work use interface names, so (e.g. if you are using ip command) you'll need to label interfaces in your system (ip addr add ... label ...). Also remember, don't use a dots or dashes in interface names (ip allows that, but such a name is not usable for pinger). Pinger has only one config option: networks List of network names. Default: empty (all networks). Example: networks = 'lan1 lan2' Parser module is based on a scripting language T-Script which primary purpose is to generate text files. It can be useful for processing templates with some additional data retrieved from data sources like SQL databases or text files. In lmsd's module contents of scripts are stored in database, so they can be edited via LMS-UI. In the future parser should replace almost all lmsd modules. T-Script language is described in section . Before compilation ensure that you have in your system packages bison (at least 1.875 version) and flex. Parser has following options: script Contents of script. Default: empty. Example: script = '{var=1}variable var={var}' file Location of output file. Default: empty. Example: file = /tmp/parser.out command Shell command to execute after script compilation. Default: empty Example: command = "sh /tmp/parser.out" &tscript;