Lan Management System (LMS) On Debian Squeeze – Router Howto

LMS (Lan Management System) is a good system for small
ISPs made in Poland. Documentation for LMS GUI is available in english here. But installation, configuration and integration
with firewall or traffic shaping mechanisms could take a lot of time.
Here you can try my scripts for express-installation of LMS. The scripts were
tested in several companies.

First download and install
Debian Squeeze in netinstall version i386 or amd64. Install it with
basic system only (no X GUI, no services except ssh). Choose eth0 for
your primary interface and configure network settings (IP address,
netmask, gateway and DNS servers). Make sure you have a second interface
described as eth1. Next log into your root account (via ssh by PuTTY or
directly on the console) and type the magic three lines for i386 architecture:eval(ez_write_tag([[580,400],’howtoforge_com-medrectangle-3′,’ezslot_2′,121,’0′,’0′]));

chmod +x

and for amd64 architecture:

chmod +x

The scripts will download necessary packages from debian repositories and my deb packages:

  • linux kernel 2.6.32 with patches: layer-7, imq, esfq
  • iptables 1.4.8 with patches: layer-7 and imq
  • iproute 20101221 with esfq patch
  • ppp 2.4.3 with mppe and mppc
  • pppoe 3.10 with mppe, mppc and kernel plugin
  • pptpd 1.3.4 with mppe and mppc

All the packages are available for independent download from:

You may view the scripts before executing to see what they exactly do. You
have to write down the MySQL root password and type it when the install script
ask for. After reboot you can go to the router GUI via browser. Simply open the router IP address in the browser. First time LMS will ask you for creating an admin
account. Don’t forget to check full access option for admin. Example
configuration is available for view after installation. You have to set
up your WAN bandwidth in the /router/router.conf file in
kilobits-per-second. Default is 10Mbps.

How does it work? Network
administrator adds clients, computers and tariffs (download and upload speed)
into LMS. There is my daemon running in the background which checks if
something was changed in the GUI configuration. If so, the daemon will update
the configuration file for the firewall (/router/lms.conf) and reload firewall,
NAT and traffic shaping. Firewall scripts and configs are in the /router directory. LMS GUI is installed in the /var/www directory. Other stuff (messages, daemon, etc.) are in /var/v-smart directory. Network configuration you can find in /etc/rc.local script.

Installed LMS is pure and unmodified. In the database there is vsmart table with to-do records that are read by the daemon in 3-second period. I added MySQL triggers to follow changes in the LMS tables. The triggers will update to-do records when something is changed in customers’ devices configuration. Then the daemon makes a decision about reloading firewall, traffic shaper and NAT. Finally – changes in LMS GUI are set in the router almost instantly. This is the main idea of my project.

In the crontab there are periodicaly run some LMS scripts (stats, payments, host alive checking and other). Feel free to view or adjust /etc/cron.d/vsmart file.

List of router main functions:

– Dynamic traffic shaping on WAN port using IMQ with HTB/esfq and service priority,
– Static traffic shaping on LAN port (LMS tariffs),
– MAC + IP authorization for clients,
– DHCP server,
– DNS server,
– PPPoE server,
– PPtP server (Windows VPN),
– Messages: payment reminder, total block, no authorization,
– LMS GUI – see manual,
– LMS functions: customers, computers, networks, network devices, network map, tariffs, invoices, helpdesk, calendar,
– LMS USERPANEL – access via http://router_ip/userpanel,
– Night tarrifs for LAN and WAN,
– Port forward (/router/forward.conf)

Technical solutions

1. How to add new network(s) to my LAN?

Let us
consider new LAN network: with gateway address
on the
eth1 interface. In LMS GUI (IP
Networks -> New network) we add:

  • Network name:

  • Network
    addres/mask: / 24 (256-addresses)

  • Interface:

  • Gateway:

  • DNS servers:,

In the file
/etc/rc.local we add before /usr/sbin/ip link set eth1 up:

a a brd dev eth1

In the file
/etc/rc.local we add on the bottom:

-I eth1 -L -N 1000 -k

In the file
/router/router.conf we add  variable with


In the file
/router/scripts/ and /router/scripts/ we find all lines that
$INTNET1 variable and we copy
them bellow changing
$INTNET1 for $INTNET2. For example:

-A INPUT -s $INTNET1 -m state –state NEW -p tcp –sport 1024: –dport 53 -j
–state NEW -p udp –sport 1024: –dport 53 -j ACCEPT


Tip: If you
want to use public subnet on LAN you have to comment MASQUERADE for this subnet


After reboot everything should work fine.

About the Author

Leave a Reply