Menu

Configure lightwrapper.

Grigoriy Bilichenko

First time setup.

Install and configure all desired dependencies. You must change some options in config file. If you install lightwrapper from deb then config file is /etc/lightwrapper/cfg otherwise /usr/local/etc/lightwrapper/cfg. At least you must change:

  • in_if - name of local network interface
  • out_if - name of internet network interface

Next option is disabled by default
show_not_users = false
If you enable this then network statistics will be collected for ip-adresses which not belongs for any user. If you use lw-geniprules then it useless since traffic from this adresses is dropped and you will see outbound requests and inbound "access denied" statistics. If you not use lw-geniprules then it may be useful.

Other default options are commented for explanation.

Start lightwrapper daemon:
/etc/init.d/lw-daemon start
if you use debian-compatible init system. Otherwise read "Linux distribution without debian compatible init system."

All done! Try to use web interface through
http://ip-addr-of-web-server/admin

Language selection.

Language may be choosed by changing $lang variable in lightsquid.cfg file.
Currently supported languages is:

  • english (correspond to 'lw-eng')
  • russian (correspond to 'lw-ru')

If your language is not supported, you may translate one of the supported language files to your language and use it. Language files resides in dir defined by $langpath variable in lightsquid.cfg file. Send it to me for include in future releases. Lightwrapper language file must be in UTF-8 charset. Next string is mandatory: MSG_CODEPAGE=UTF-8. Also you may simply convert lightsquid *.lng file into UTF-8, add missing values and change MSG_CODEPAGE.

More detailed statistics configuration.

If you have dig utility installed then lightwrapper automatically will try to map ip adresses to names through dig with reverse lookup if squid lookup is failed or not performed. If lookup is succesfull then name adds to end of the address like this: https:23.64.211.172(akamaitechnologies.com)
If you want to disable this lookups you may set next option in config file:
dig = false

If you have squid installed then lightwrapper automatically will try to resolve ip addresses to names through squid access.log for users with 'squid' flag enabled.
For disable squid lookups you may set next option in config file:
squid_request = false

WARNING!
Lightwrapper not count any stats with squid access.log since web proxy and netflow works at various OSI levels. Log file access.log used only for ip-to-name mapping. For technical reasons that mapping is not 100% accurate. Lightwrapper defines 3 types of accuracy:

  • [accuracy:A]
    User 100% visited web-site at that ip address at that time. Since ip address may have more than one virtualhost user may visited more than 1 web site at same time.
    Practically this means 99% of accuracy.
  • [accuracy:B]
    User 100% visited web site at that ip address but in time window more than 10 minutes.
  • [accuracy:C]
    Other user visited web site at that ip. Set if you want to resolve adresses for users with disabled 'squid' flag.

If you set some accuracy value in config file then all requests with higher accuracy is applied. You may set squid mapping accuracy through option (default is B):
squid_accuracy = B
For see accuracy for every request set next option:
squid_show_accuracy = true

Advanced options.

If option is not set in config file then it has default value as described below:

  • thresh = 512*1024
    Threshold for small flows. Flows smaller than thresh option merged if mergesmall option is true. Also flows less than thresh not resolve ip adresses through dig independently of mergesmall option.
  • squid_logpath =
    Directory where squid saves his logs. If not set then lightwrapper try to find it automatically.
  • squid_log_template = access.log
    Default squid log file name.
  • httpd_user =
    With rights of this user run you www server. If not set then lightwrapper trying to find value automatically.
  • iptables_dir = '/etc/iptables'
    Directory to store iptables rules.
  • auto_expire = true
    Auto expire all flows before export netflow statistics. Works only with softflowd. By default inactive tcp flows expires after 3600s in softflowd.

Linux distribution without debian compatible init system.

If installer not found debian-compatible init system then it not copy inint scripts lw-daemon and ipset-persistent in /etc/init.d.
You must start /usr/local/sbin/lw-daemon at system startup by any other way than using /etc/inid.d/lw-daemon init script. Option supported_flags = ipblock will not work for you. In case to use iptables next option in config file must be set (installer must do it automatically):
custom_init = true
Iptables rules will be restored from rules.v4 file which resides in iptables_dir option every time when lw-daemon or lw-refresh is started.

Related

Wiki: Home

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.