BPFire With XDP

[Eykalzz]

anyone have ipfire iso with xdp ?

[vincentmli]

@Eykalzz your problem is not the ISO, but your hyper v for some reason has problem with the ISO, try the ISO with real physical server, but I suspect you may hit https://github.com/vincentmli/FireBeeOS/issues/1 even if you can install the ISO, I will investigate that issue too. so for now, your best chance to try IPFire DDoS is to use the flash image in Linux KVM hypervisor which is tested working

[vincentmli]

@Eykalzz I made some progress, I think it could be one of my changes to ipfire causing the ISO installation problem, the upstream ipfire ISO has no such issue after I build the ipfire ISO myself

[Eykalzz]

I made some progress, I think it could be one of my changes to ipfire causing the ISO installation problem, the upstream ipfire ISO has no such issue after I build the ipfire ISO myself

okay noted... what estimated time can finish build new iso ?

i am waiting for good news

[vincentmli]

@Eykalzz can you try this iso https://drive.google.com/file/d/1oMRKFPa8--tJfFbE9ZyXMKUBldds6s9q/view?usp=drive_link, no XDP feature yet, but it will tell me if your hyper v support the iso build or not

[Eykalzz]

@Eykalzz can you try this iso https://drive.google.com/file/d/1oMRKFPa8--tJfFbE9ZyXMKUBldds6s9q/view?usp=drive_link, no XDP feature yet, but it will tell me if your hyper v support the iso build or not

can u change to public .. when i want download need request access from u

[vincentmli]

@Eykalzz I added you access, this is only a test iso, once it is proven good, I will publish as public access https://drive.google.com/file/d/1oMRKFPa8--tJfFbE9ZyXMKUBldds6s9q/view?usp=sharing

[Eykalzz]

@Eykalzz I added you access, this is only a test iso, once it is proven good, I will publish as public access https://drive.google.com/file/d/1oMRKFPa8--tJfFbE9ZyXMKUBldds6s9q/view?usp=sharing

same got problem

[Eykalzz]

ohh okay its work at proxmox ... hyper V got problem .. i try set with public ip later .. now i just try in local ip.. u can try add XDP in this iso see how the result

[vincentmli]

ok, so looks for some reason hyper v is not supported by the iso, I wonder why ipfire iso is supported by hyper v. I will release iso with XDP support

[Eykalzz]

ok, so looks for some reason hyper v is not supported by the iso, I wonder why ipfire iso is supported by hyper v. I will release iso with XDP support

yeahh .. work for proxmox only .. hyper V can't .. u can try add XDP this iso ... how long u can add XDP ? 1 week ?

[vincentmli]

I don't know, I have about 28 commits required to be added to the iso, to make sure each commit working for the iso, I need to build iso for each commit and each clean iso build takes at least 8 hours on my slow old build machine :). I probably could build iso for 2 or 3 commits to save time, but still it takes time.

[Eykalzz]

I don't know, I have about 28 commits required to be added to the iso, to make sure each commit working for the iso, I need to build iso for each commit and each clean iso build takes at least 8 hours on my slow old build machine :). I probably could build iso for 2 or 3 commits to save time, but still it takes time.

ohh okay .,, i waiting for this .. anything update here sir ..

[vincentmli]

IPFire with XDP DDoS ISO build is fixed in https://github.com/vincentmli/FireBeeOS/issues/1#issuecomment-2034968972

[Eykalzz]

IPFire with XDP DDoS ISO build is fixed in #1 (comment)

Nice .. only work for proxmox .. hyper V still can't .. let me try again later .. i update u again

[vincentmli]

I think there is something else going on with hyper v, I can't think of any of my changes that would cause it fail for hyper v but upstream ipfire doesn't. I also wonder if XDP is supported for hyper v even the installation completes ok, is the guest driver in hyper v supported by XDP ? I don't know about that. I suggest you use proxmox if possible

[Eykalzz]

I think there is something else going on with hyper v, I can't think of any of my changes that would cause it fail for hyper v but upstream ipfire doesn't. I also wonder if XDP is supported for hyper v even the installation completes ok, is the guest driver in hyper v supported by XDP ? I don't know about that. I suggest you use proxmox if possible

its okay brother .. atleast i can use at proxmox .. i need reinstall back my service to proxmox .. thanks for your time ..

[Eykalzz]

I think there is something else going on with hyper v, I can't think of any of my changes that would cause it fail for hyper v but upstream ipfire doesn't. I also wonder if XDP is supported for hyper v even the installation completes ok, is the guest driver in hyper v supported by XDP ? I don't know about that. I suggest you use proxmox if possible

its okay brother .. atleast i can use at proxmox .. i need reinstall back my service to proxmox .. thanks for your time ..

where can i add my port at here ?

[vincentmli]

what are your ports? these ports are pre-defined here

cat /var/ipfire/ddos/tcp_ports 
ssh              22/tcp     # The Secure Shell (SSH) Protocol
smtp             25/tcp     # Simple Mail Transfer
http             80/tcp     # World Wide Web HTTP
https            443/tcp    # http protocol over TLS/SSL
domain           53/tcp     # Domain Name Server
httpalt         8080/tcp   # HTTP Alternate (see port 80)
opsmessaging     8090/tcp   # Vehicle to station messaging
userdefined     5555/tcp   # Vehicle to station messaging

you can modify tcp_ports file with your ports, then the WebUI will show your ports, I did not add feature in WebUI to add port to reduce the WebUI code complex, if you are not comfortable manually editing /var/ipfire/ddos/tcp_ports, you can tell me your ports and I can edit for you, it is always good to have some basic linux command line skills so you do not rely on WebUI always :), also make sure the tcp_ports file permission is -rw-r--r-- 1 nobody nobody 444 Apr 3 08:20 tcp_ports by chmod 644 tcp_ports and chown nobody.nobody tcp_ports after manually editing the file

[Eykalzz]

what are your ports? these ports are pre-defined here

cat /var/ipfire/ddos/tcp_ports 
ssh              22/tcp     # The Secure Shell (SSH) Protocol
smtp             25/tcp     # Simple Mail Transfer
http             80/tcp     # World Wide Web HTTP
https            443/tcp    # http protocol over TLS/SSL
domain           53/tcp     # Domain Name Server
httpalt         8080/tcp   # HTTP Alternate (see port 80)
opsmessaging     8090/tcp   # Vehicle to station messaging
userdefined     5555/tcp   # Vehicle to station messaging

you can modify tcp_ports file with your ports, then the WebUI will show your ports, I did not add feature in WebUI to add port to reduce the WebUI code complex, if you are not comfortable manually editing /var/ipfire/ddos/tcp_ports, you can tell me your ports and I can edit for you, it is always good to have some basic linux command line skills so you do not rely on WebUI always :), also make sure the tcp_ports file permission is -rw-r--r-- 1 nobody nobody 444 Apr 3 08:20 tcp_ports by chmod 644 tcp_ports and chown nobody.nobody tcp_ports after manually editing the file

some game different port .. can u teach me how to add port ?

[vincentmli]

no, you don't execute /var/ipfire/ddos/tcp_ports file, you need to use file editor program like vim editor to change the content of /var/ipfire/ddos/tcp_ports, for example vim /var/ipfire/ddos/tcp_ports to change the port content, you need to learn basic vim editor though, or I can edit for you, just let me know what are the game ports.

[Eykalzz]

no, you don't execute /var/ipfire/ddos/tcp_ports file, you need to use file editor program like vim editor to change the content of /var/ipfire/ddos/tcp_ports, you can tell me what your game ports are, I can edit for you

To many bro huhuhu

ROW Port TCP

10101 10210 10408 10409 10429 10416

RYL2 TCP Port 10101 13765 14784 10110 24916 21111 10208 10212 10216 11208 11212 11216

RYL1 TCP 10103 10110 10208 11208 20110 10408 UDP

[vincentmli]

can you reduce the number of tcp port? right now the XDP code program max port number is 8, I could change the max port number in the code, but it requires recompile the XDP program code and rebuild the iso, also now UDP is not supported, need to add UDP support.

[Eykalzz]

i see ..so 8 port for 1 iso right ??

80 Web HTTP 10101 Login All Version 10103 Chat RYL1 10210 Auth ROW 10110 Auth RYL2 13765 Auth RYL2 21111 Auth rSec RYL2 24916 Auth rSec RYL2

10408 UDP if u can add UDP function its very nice .. if cant just skip this port

if can add udp .. u can remove port 80

[vincentmli]

ok now you can login your ipfire and run command below (copy and paste at the command line and enter)

cd /var/ipfire/ddos; rm -rf tcp_ports ; wget http://www.99os.org/download/tcp_ports; chmod 644 tcp_ports; chown nobody.nobody tcp_ports

[Eykalzz]

ok now you can login your ipfire and run command below (copy and paste at the command line and enter)

cd /var/ipfire/ddos; rm -rf tcp_ports ; wget http://www.99os.org/download/tcp_ports; chmod 644 tcp_ports; chown nobody.nobody tcp_ports

thanks brother .. i test later .. now i just test in offline pc ... later i test at my dedicated server .. thank you so much ..

[Eykalzz]

ok now you can login your ipfire and run command below (copy and paste at the command line and enter)

cd /var/ipfire/ddos; rm -rf tcp_ports ; wget http://www.99os.org/download/tcp_ports; chmod 644 tcp_ports; chown nobody.nobody tcp_ports

btw .. after run this command need reboot ?

[vincentmli]

no need to reboot. when you open WebUI, it will re-read the tcp_ports file and show you the port

[Eykalzz]

no need to reboot. when you open WebUI, it will re-read the tcp_ports file and show you the port

Ok let say i want change another port .. i just edit tcp_ports using vim only ? Then update tcp with command u give just change host name only right ?

[vincentmli]

if you know how to use vim, you can vim /var/ipfire/ddos/tcp_ports directly, after vim is done, run chown and chmod command above to make sure the permission and user owner is set correct, that is it.

[vincentmli]

oh, also remember when you go to WebUI to setup firewall rules, when choose tcp protocol, there is destination port and external port (NAT), is the port on ipfire same on your backend game server? if so just fill in the destination port, if not, the external port (NAT) should be the port in tcp_ports file, the destination port should be the port on the backend game server

[vincentmli]

@Eykalzz have you deployed the new ISO? I am adding UDP based rate limit protection to stop UDP DDoS, maybe you can try?

[Eykalzz]

@Eykalzz have you deployed the new ISO? I am adding UDP based rate limit protection to stop UDP DDoS, maybe you can try?

Sure bro i can try .. maybe this week i will tranfers all server use your ipfire with xdp ..

[Eykalzz]

@Eykalzz have you deployed the new ISO? I am adding UDP based rate limit protection to stop UDP DDoS, maybe you can try?

hello .. i start use your iso now .. btw need tick Use XDP SYNPROXY acceleration or not for enable XDP

[vincentmli]

Hi @Eykalzz sorry missed your note, I have also extended the XDP UDP rate limit support, and the ISO image size is also largely decreased, could you try this new ISO release? https://drive.google.com/drive/u/1/folders/1HPJTWP6wi5gPd5gyiiKvIhWipqguptzZ

yes, you need to check Use XDP SYNPROXY acceleration option for XDP

[vincentmli]

sorry I need to rebuild the iso since I forgot something, should be done in a hour

[Eykalzz]

Only 4xxmb ?

[vincentmli]

yep, previous iso has kernel build with debug symbols, now the debug symbols are stripped to save disk space

[Eykalzz]

Okay i try first anything i update

[Eykalzz]

brother .. can i update to 185 ? i have try to update 185 but interface for XDP missing

[Eykalzz]

yep, previous iso has kernel build with debug symbols, now the debug symbols are stripped to save disk space

ohh yaa .. got problem in proxmox :) error like before

[vincentmli]

ok, I will try myself, I may included the original bug in the iso, you can't upgrade to 185 because the iso is my fork build, ipfire does not have XDP feature. I think you don't need upgrade unless there is serious security issue that requires upgrade, if that is the case, I will upgrade my fork and then add XDP.

[vincentmli]

@Eykalzz I just tried the new iso myself, no problem, I have removed the old one from google drive, and re-uploaded the new one, please try again.

[Eykalzz]

@Eykalzz I just tried the new iso myself, no problem, I have removed the old one from google drive, and re-uploaded the new one, please try again.

same bro got error ..

[vincentmli]

ah, I forgot the issue is stuck after iso installation, I mistakenly remember it is stuck before iso installation, I will rebuild the iso

[vincentmli]

this time I completed the installation and then reboot, I do not see the same issue, please make sure you downloaded the new iso and md5sum matches

root@r210:/mnt/iso# cat md5sum.txt 
a0e3145dbb5026b7a151af096ecdeb91  ./EFI/BOOT/grub.cfg
7b3f9debfc3844aa98b076c5e5fda5cf  ./doc/packages-list.txt
7f53c99d38086d8383ea3f8c6989bedb  ./doc/ChangeLog
d32239bcb673463ab874e80d47fae504  ./COPYING
545c0d0b1c9837631f1135e4b19e51d5  ./README.txt
d41d8cd98f00b204e9800998ecf8427e  ./ipfire-2.29-core184.media
1b1db80ed872eda629dd1001620d0e98  ./distro.img
root@r210:/mnt/iso# md5sum distro.img 
1b1db80ed872eda629dd1001620d0e98  distro.img

[vincentmli]

@Eykalzz can you show the md5sum as I have shown and try the iso? it is up and running in my local installation and everything works fine.

[Eykalzz]

@Eykalzz can you show the md5sum as I have shown and try the iso? it is up and running in my local installation and everything works fine.

amazing bro .. now work in hyper V ..

[vincentmli]

can you show some screen picture, it amazes me it works even for hyper v :)

[Eykalzz]

can you show some screen picture, it amazes me it works even for hyper v :)

very nice bro .. now work fully in hyper V ..

[Eykalzz]

can you show some screen picture, it amazes me it works even for hyper v :)

btw what command for change this port