1175 lines
31 KiB
HTML
1175 lines
31 KiB
HTML
<HTML
|
|
><HEAD
|
|
><TITLE
|
|
>Configuring Linux</TITLE
|
|
><META
|
|
NAME="GENERATOR"
|
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
|
|
"><LINK
|
|
REL="HOME"
|
|
TITLE="DSL HOWTO for Linux"
|
|
HREF="index.html"><LINK
|
|
REL="PREVIOUS"
|
|
TITLE="Installation"
|
|
HREF="installation.html"><LINK
|
|
REL="NEXT"
|
|
TITLE="Securing Your Connection"
|
|
HREF="secure.html"></HEAD
|
|
><BODY
|
|
CLASS="SECT1"
|
|
BGCOLOR="#FFFFFF"
|
|
TEXT="#000000"
|
|
LINK="#0000FF"
|
|
VLINK="#840084"
|
|
ALINK="#0000FF"
|
|
><DIV
|
|
CLASS="NAVHEADER"
|
|
><TABLE
|
|
SUMMARY="Header navigation table"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TH
|
|
COLSPAN="3"
|
|
ALIGN="center"
|
|
>DSL HOWTO for Linux</TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="left"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="installation.html"
|
|
ACCESSKEY="P"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="80%"
|
|
ALIGN="center"
|
|
VALIGN="bottom"
|
|
></TD
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="right"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="secure.html"
|
|
ACCESSKEY="N"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"></DIV
|
|
><DIV
|
|
CLASS="SECT1"
|
|
><H1
|
|
CLASS="SECT1"
|
|
><A
|
|
NAME="CONFIGURE">3. Configuring Linux</H1
|
|
><P
|
|
> After you have connected the modem and it's getting sync, then you're ready
|
|
to configure Linux and verify your connection to your ISP. Although I will
|
|
refer to a Linux System, you could conceivably connect any type of 10baseT
|
|
device to the modem. This includes a router, hub, switch, PC, or any other
|
|
system that you wish to use. We'll just cover the Linux aspects here. </P
|
|
><DIV
|
|
CLASS="WARNING"
|
|
><P
|
|
></P
|
|
><TABLE
|
|
CLASS="WARNING"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="25"
|
|
ALIGN="CENTER"
|
|
VALIGN="TOP"
|
|
><IMG
|
|
SRC="../images/warning.gif"
|
|
HSPACE="5"
|
|
ALT="Warning"></TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><P
|
|
> <EM
|
|
>Before you connect to your ISP</EM
|
|
>, make sure you understand
|
|
all security issues of having a direct connection to the Internet via DSL.
|
|
Depending on your ISP, most outside users can access your system, and you
|
|
should setup any firewalls, deactivate ports/services, and setup any
|
|
passwords prior to connecting your machine to the world. See the <A
|
|
HREF="secure.html"
|
|
>Security section below</A
|
|
>, and the <A
|
|
HREF="appendix.html#LINKS"
|
|
>links section</A
|
|
> for more on this <EM
|
|
>very
|
|
important</EM
|
|
> topic. Do not make this an afterthought! Be ready.
|
|
|
|
</P
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
><DIV
|
|
CLASS="SECT2"
|
|
><H2
|
|
CLASS="SECT2"
|
|
><A
|
|
NAME="BRIDGEVSPPP">3.1. Bridged vs PPPoX Networks</H2
|
|
><P
|
|
> Before we get too far into the final stages of installing and
|
|
configuring our system, let's look at how various DSL ISPs set up
|
|
their networks. It will be very important for you to know how your ISP does
|
|
this, as there is more than one possibility and the steps involved are quite
|
|
different for each. This may not be the kind of thing the ISP is advertising,
|
|
and since you are not using Windows, you may not have access to the setup
|
|
disk that the ISP provides. If you're not sure, ask the ISP's tech support
|
|
staff, or better, find other knowledgable users of the same service. </P
|
|
><P
|
|
> To muddy the waters even more, some ISPs may be offering more than one kind
|
|
of service (over and above the various bit rate plans). Example: Verizon
|
|
(formerly Bell Atlantic) originally offered static IPs with a Bridged
|
|
connection. Now all new installs use PPPoE with dynamic IPs. For installation
|
|
and configuration purposes, this is very different. </P
|
|
><P
|
|
> The two most common DSL network implementations are Bridged/DHCP and PPPoX.
|
|
Both have mechanisms for obtaining an IP address and other related networking
|
|
configuration details so we shouldn't have to worry about this. But there are
|
|
indeed other, less common, means of connecting. Our job will be finding the
|
|
right client, and doing what we have to, to get it up and running. The most
|
|
common ones are discussed below.
|
|
</P
|
|
><P
|
|
> <EM
|
|
>Important!</EM
|
|
> You need to know beforehand how your ISP is
|
|
setup for connecting to his network. To re-iterate, the two main
|
|
possibilities are Bridged/DHCP and PPPoE. These are mutually exclusive
|
|
implementations. And there are indeed other possibilities as well. So you will
|
|
need to know exactly what this is beforehand. And it must be the right one or
|
|
you will waste a lot of time and effort. You cannot choose which one either.
|
|
It is a matter of how the ISP is doing his network. Note that PPPoE can run
|
|
over Bridged networks, so just knowing whether you are Bridged or not, is not
|
|
necessarily good enough. If your provider is giving you a router, there is a
|
|
good chance that the router's firmware will handle all of this for you. </P
|
|
><P
|
|
> If you are subscribing with one of the Baby Bells in the U.S., you can
|
|
count on that being PPPoE, and thus you will need a PPPoE client.
|
|
</P
|
|
><P
|
|
> There are a few provider specific FAQs and HOWTOs in the <A
|
|
HREF="appendix.html#LINKS"
|
|
>Links section</A
|
|
> below.
|
|
</P
|
|
><DIV
|
|
CLASS="SECT3"
|
|
><H3
|
|
CLASS="SECT3"
|
|
><A
|
|
NAME="AEN448">3.1.1. Bridged/DHCP</H3
|
|
><P
|
|
> In the good old days of a year or two ago, purely <SPAN
|
|
CLASS="QUOTE"
|
|
>"Bridged"</SPAN
|
|
>
|
|
connections were the norm. PPPoE had not been invented yet. This type of
|
|
network puts you on a local subnet just like a big LAN. You are exposed to
|
|
much of the local subnet traffic, especially ARP and broadcast traffic. The
|
|
typical means of authenticating in this set up, is via DHCP. </P
|
|
><P
|
|
> DHCP is a standard, established networking protocol for obtaining an IP
|
|
address and other important network parameters (e.g. nameservers). This is a
|
|
standard, well documented networking scheme and is very easy to set up
|
|
from the end user's perspective. It is also a very stable connection. You
|
|
can actually unplug the modem for say 10 minutes, plug it back in, let it
|
|
re-sync, and the connection is still there -- same IP and everything. </P
|
|
></DIV
|
|
><DIV
|
|
CLASS="SECT3"
|
|
><H3
|
|
CLASS="SECT3"
|
|
><A
|
|
NAME="AEN453">3.1.2. PPPoX</H3
|
|
><P
|
|
> The main alternative now is PPPoX, meaning either PPPoE (PPP over Ethernet)
|
|
or PPPoA (PPP over ATM, aka PPPoATM). Both of these related protocols are
|
|
currently being deployed, but at the moment, PPPoE seems to be the more
|
|
common of the two. PPPoX is a relative newcomer, and, as the name implies, is
|
|
a variation of Point-to-Point Protocol that has been adapted specifically for
|
|
DSL networks.</P
|
|
><P
|
|
> There are several PPPoE clients for Linux (<A
|
|
HREF="configure.html#PPPOE"
|
|
>see
|
|
below</A
|
|
>). PPPoX simulates a dialup type environment. The user is
|
|
authenticated by user id and password which is passed to a RADIUS server,
|
|
just like good ol' dialup PPP. A routable IP address, and other related
|
|
information, is returned to the client. Of course, no actual dialing takes
|
|
place. The mechanics of how this is handled, will vary from client to client,
|
|
so best to RTFM closely. Typically you will set up configuration files like
|
|
<TT
|
|
CLASS="FILENAME"
|
|
>pap-secrets</TT
|
|
>, etc.
|
|
</P
|
|
><P
|
|
> It is worth noting that PPPoE will also work on non-ethernet devices like USB,
|
|
provided the correct drivers are installed.
|
|
</P
|
|
><P
|
|
> From the ISPs perspective, PPP is much easier to maintain and troubleshoot.
|
|
From the end user's perspective, it is often more work to set up, often uses
|
|
more CPU, and the connection is maybe not as stable. So anyway, this seems to
|
|
be the coming trend. Many of the large telcos around the world, especially
|
|
the RBOCs (Baby Bells) in the U.S., have committed to PPPoX already. Setting
|
|
up a PPPoX connection is completely different from setting up a bridged/DHCP
|
|
connection.
|
|
</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="SECT3"
|
|
><H3
|
|
CLASS="SECT3"
|
|
><A
|
|
NAME="AEN461">3.1.3. ATM</H3
|
|
><P
|
|
> Since the traffic on the wire from the DSLAM to the modem is typically ATM, a
|
|
raw ATM connection would seem to make sense. While possible, this is rare, if
|
|
it exists at all in the U.S, and would require a modem in addition to a PCI
|
|
ATM card, such as the Efficient Networks 3010. Recent 2.4 kernels
|
|
do have ATM support. (See the <A
|
|
HREF="appendix.html#LINKS"
|
|
>Links section</A
|
|
> for
|
|
more information.)
|
|
</P
|
|
><P
|
|
> This may be a viable solution at some point, but it is just not
|
|
<SPAN
|
|
CLASS="QUOTE"
|
|
>"there"</SPAN
|
|
> yet, mostly because this is more costly to implement. </P
|
|
></DIV
|
|
></DIV
|
|
><DIV
|
|
CLASS="SECT2"
|
|
><H2
|
|
CLASS="SECT2"
|
|
><A
|
|
NAME="AEN467">3.2. Configuring the WAN Interface</H2
|
|
><P
|
|
> The most common configuration is a DSL modem in <SPAN
|
|
CLASS="QUOTE"
|
|
>"bridging"</SPAN
|
|
> mode.
|
|
Both PPPoX and DHCP can use this setup. In this scenario, the WAN interface
|
|
typically means your NIC. This is where your system meets the outside world.
|
|
(If you have a router see <A
|
|
HREF="configure.html#ROUTER"
|
|
>below</A
|
|
> for router
|
|
specific instructions.) So essentially we will be configuring the NIC,
|
|
typically <SPAN
|
|
CLASS="QUOTE"
|
|
>"eth0"</SPAN
|
|
> since it is an ethernet interface.
|
|
</P
|
|
><P
|
|
> With PPPoX, once the connection comes up, there will be a
|
|
<SPAN
|
|
CLASS="QUOTE"
|
|
>"ppp0"</SPAN
|
|
>, or similar, interface, just like dialup. This will
|
|
become the WAN interface once the connection to the PPP server is up, but for
|
|
configuration purposes we will we be concerned with <SPAN
|
|
CLASS="QUOTE"
|
|
>"eth0"</SPAN
|
|
>
|
|
initially. </P
|
|
><P
|
|
> There are various ways an ISP may set up your IP connection:</P
|
|
><P
|
|
> <P
|
|
></P
|
|
><UL
|
|
><LI
|
|
><P
|
|
> Static IP.
|
|
|
|
</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> Dynamic IP on Bridged Network via DHCP.
|
|
|
|
</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> Dynamic IP via PPPoX.
|
|
|
|
</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> Static IP via PPPoX.
|
|
|
|
</P
|
|
></LI
|
|
></UL
|
|
></P
|
|
><P
|
|
> Let's look at these individually.
|
|
</P
|
|
><DIV
|
|
CLASS="SECT3"
|
|
><H3
|
|
CLASS="SECT3"
|
|
><A
|
|
NAME="AEN488">3.2.1. Static IP Configuration</H3
|
|
><P
|
|
> A <SPAN
|
|
CLASS="QUOTE"
|
|
>"static"</SPAN
|
|
> IP address is an IP that is guaranteed not to change.
|
|
This is the preferred way to go for those wanting to host a domain or run
|
|
some type of public server, but is not available from all ISPs. Note that
|
|
while there are some noteworthy benefits to having a static IP, the
|
|
disadvantage is that is more difficult to remain <SPAN
|
|
CLASS="QUOTE"
|
|
>"invisible"</SPAN
|
|
>. It
|
|
is harder to hide from those with malicious intentions. Skip this section if
|
|
you do not have a static IP, or if you have a router, and the router will be
|
|
assigned the static IP. </P
|
|
><P
|
|
> Configure the IP address, subnet mask, default gateway, and DNS server
|
|
information as provided by the ISP. Each Linux Distribution (Redhat, Debian,
|
|
Slackware, SuSE, etc.) has a different way of doing this, so check on your
|
|
distro's docs on this. Each may have their own tools for this. Redhat has
|
|
<B
|
|
CLASS="COMMAND"
|
|
>netcfg</B
|
|
> for example. You can also do this manually using
|
|
the <B
|
|
CLASS="COMMAND"
|
|
>ifconfig </B
|
|
> and <B
|
|
CLASS="COMMAND"
|
|
>route</B
|
|
> commands. See
|
|
the man pages on these or the <A
|
|
HREF="http://www.tldp.org/HOWTO/Net-HOWTO"
|
|
TARGET="_top"
|
|
>Net HOWTO</A
|
|
> for more
|
|
information and specifics. A quick command line example with bogus IPs: </P
|
|
><P
|
|
> <TABLE
|
|
BORDER="1"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
> # ifconfig eth0 111.222.333.444 up netmask 255.255.255.0
|
|
# route add default gw 111.222.333.1 dev eth0
|
|
|
|
</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></P
|
|
><P
|
|
> Be sure to add the correct nameservers in <TT
|
|
CLASS="FILENAME"
|
|
>/etc/resolv.conf</TT
|
|
>.
|
|
</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="SECT3"
|
|
><H3
|
|
CLASS="SECT3"
|
|
><A
|
|
NAME="AEN502">3.2.2. Bridged/DHCP Configuration</H3
|
|
><P
|
|
> ISPs that have Bridged networks typically use DHCP to assign an IP addresses,
|
|
and authenticate the user. All distributions come with one or more DHCP
|
|
clients. <B
|
|
CLASS="COMMAND"
|
|
>dhcpcd</B
|
|
> seems to be the most common.
|
|
<B
|
|
CLASS="COMMAND"
|
|
>pump</B
|
|
> comes with Redhat based distributions as of Redhat
|
|
6.0. The DHCP client will obtain an IP <SPAN
|
|
CLASS="QUOTE"
|
|
>"lease"</SPAN
|
|
> from the ISP's
|
|
server as well as other related information: gateway address, DNS servers,
|
|
and network mask. The lease will be <SPAN
|
|
CLASS="QUOTE"
|
|
>"renewed"</SPAN
|
|
> at regular
|
|
intervals according to the ISP's configuration. </P
|
|
><P
|
|
> You will want the DHCP client started on boot, so use your distribution's
|
|
means of doing this. There generally is little to configure with DHCP as it
|
|
is fairly straightforward and easy to use. You may need to tell it which
|
|
interface to listen on if the NIC is something other than
|
|
<SPAN
|
|
CLASS="QUOTE"
|
|
>"eth0"</SPAN
|
|
>. You can also start it from the command line to get
|
|
started. See the respective man pages for more.
|
|
</P
|
|
><P
|
|
> Unless you have a static IP, the ISP will need some way to know who you are
|
|
when you connect. There are two ways this authentication process is
|
|
accomplished with DHCP. The first and most common method is via the MAC (or
|
|
hardware) address of the network device. Typically this would be the NIC. The
|
|
MAC address is a unique identifier and can be found among the boot messages,
|
|
or with <B
|
|
CLASS="COMMAND"
|
|
>ifconfig</B
|
|
>, and looks something like
|
|
<TT
|
|
CLASS="LITERAL"
|
|
>00:50:04:C2:19:BC</TT
|
|
>. You will need to give the ISP the MAC
|
|
address before your first connection. </P
|
|
><P
|
|
>
|
|
The other DHCP authentication method is via an assigned hostname. In this
|
|
case, the ISP will have provided you with this information. Your DHCP client
|
|
will need to pass this information to the server in order for you to connect.
|
|
Both <B
|
|
CLASS="COMMAND"
|
|
>dhcpcd</B
|
|
> and <B
|
|
CLASS="COMMAND"
|
|
>pump</B
|
|
> accept the
|
|
<SPAN
|
|
CLASS="QUOTE"
|
|
>"-h"</SPAN
|
|
> command line option for this purpose. See the client's man
|
|
page, or your distribution's documentation, for specifics. </P
|
|
><DIV
|
|
CLASS="NOTE"
|
|
><P
|
|
></P
|
|
><TABLE
|
|
CLASS="NOTE"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="25"
|
|
ALIGN="CENTER"
|
|
VALIGN="TOP"
|
|
><IMG
|
|
SRC="../images/note.gif"
|
|
HSPACE="5"
|
|
ALT="Note"></TD
|
|
><TH
|
|
ALIGN="LEFT"
|
|
VALIGN="CENTER"
|
|
><B
|
|
>Note</B
|
|
></TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
> </TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><P
|
|
>
|
|
If your ISP uses MAC address authentication, and you change your network
|
|
device (e.g. NIC), you will need to register the new address with the ISP or
|
|
you won't be able to connect.
|
|
|
|
</P
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></DIV
|
|
><DIV
|
|
CLASS="SECT3"
|
|
><H3
|
|
CLASS="SECT3"
|
|
><A
|
|
NAME="PPPOE">3.2.3. PPPoE Configuration</H3
|
|
><P
|
|
> PPPoE (PPP over Ethernet) is an alternate way for ISPs to control your
|
|
connection, and is becoming increasingly popular with ISPs. Setting this up
|
|
is quite different, and may be a little more work than with static IPs or
|
|
DHCP above. Recent distro releases are now shipping PPPoE clients. If this is
|
|
not the case for you, then you will have to download one. Check any Linux
|
|
archive site like <A
|
|
HREF="http://freshmeat.net"
|
|
TARGET="_top"
|
|
>http://freshmeat.net</A
|
|
>, etc. or look below. </P
|
|
><P
|
|
> Some of the current GPL PPPoE clients available:
|
|
</P
|
|
><P
|
|
> <P
|
|
></P
|
|
><UL
|
|
><LI
|
|
><P
|
|
> The Roaring Penguin (rp-pppoe): <A
|
|
HREF="http://www.roaringpenguin.com/pppoe/"
|
|
TARGET="_top"
|
|
>http://www.roaringpenguin.com/pppoe/</A
|
|
>,
|
|
by David F. Skoll. Reportedly very easy to set up, and get started with.
|
|
This is a popular Linux PPPoE clients due to it's reputation for ease of
|
|
installation, and is now being bundled with some distributions. rp-pppoe
|
|
works as a user-mode client on 2.0 and 2.2 kernels, and in kernel-mode
|
|
on 2.4 kernels.
|
|
|
|
</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> PPPoEd: <A
|
|
HREF="http://www.davin.ottawa.on.ca/pppoe/"
|
|
TARGET="_top"
|
|
> http://www.davin.ottawa.on.ca/pppoe/</A
|
|
> by Jamal Hadi Salim is
|
|
another popular Linux client and is also bundled with some
|
|
distros. This is a kernel based implementation for 2.2 kernels. A setup
|
|
script is now included so no patching is required, making installation
|
|
quick and easy. Also, less CPU intensive than user space alternatives like
|
|
rp-pppoe (2.0/2.2 kernels).
|
|
|
|
|
|
|
|
</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> PPPoE Redirector: <A
|
|
HREF="http://www.ecf.toronto.edu/~stras/pppoe.html"
|
|
TARGET="_top"
|
|
> http://www.ecf.toronto.edu/~stras/pppoe.html</A
|
|
>. This is a redirector
|
|
which allows the use of PPPoE with pppd-2.3.7 or later. No recompiling of
|
|
other system components are required. It is meant as an interim solution
|
|
until the 2.4.x series, which will include kernel support of PPPoE/A. (Does
|
|
not seem to be under active development at this time.)
|
|
|
|
</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> 2.4.x kernels include native PPPoE support. The PPPoE for 2.4 page is
|
|
<A
|
|
HREF="http://www.shoshin.uwaterloo.ca/~mostrows/"
|
|
TARGET="_top"
|
|
>http://www.shoshin.uwaterloo.ca/~mostrows</A
|
|
>
|
|
[link is dead, sorry, can't find new page] and is by Michal Ostrowski, the maintainer for kernel PPPoE. This
|
|
includes detailed instructions for installing and configuring kernel
|
|
mode PPPoE.
|
|
|
|
</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> EnterNet is a non-GPL'd PPPoE client from NTS, <A
|
|
HREF="http://www.nts.com"
|
|
TARGET="_top"
|
|
>http://www.nts.com</A
|
|
>, that is being
|
|
distributed by some ISPs as the Linux client. It does come with
|
|
source code but the it is not available for free download. (I haven't
|
|
found anyone that is impressed by this one.)
|
|
|
|
</P
|
|
></LI
|
|
></UL
|
|
></P
|
|
><P
|
|
> Depending on which client you have chosen, just follow the
|
|
<TT
|
|
CLASS="FILENAME"
|
|
>INSTALL</TT
|
|
> instructions and other documentation included
|
|
with that package (<TT
|
|
CLASS="FILENAME"
|
|
>README</TT
|
|
>, <TT
|
|
CLASS="FILENAME"
|
|
>FAQ</TT
|
|
>, etc.). </P
|
|
><P
|
|
> Once a PPPoE client connects, your connection should look something like the
|
|
below example from Roaring Penguin, where <SPAN
|
|
CLASS="QUOTE"
|
|
>"eth0"</SPAN
|
|
> is connected to
|
|
the modem: </P
|
|
><P
|
|
> <TABLE
|
|
BORDER="1"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
> $ route -n
|
|
|
|
Kernel IP routing table
|
|
Destination Gateway Genmask Flags Metric Ref Use Iface
|
|
192.168.0.254 * 255.255.255.255 UH 0 0 0 eth1
|
|
208.61.124.1 * 255.255.255.255 UH 0 0 0 ppp0
|
|
192.168.0.0 * 255.255.255.0 U 0 0 0 eth1
|
|
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
|
|
default 208.61.124.1 0.0.0.0 UG 0 0 0 ppp0
|
|
|
|
|
|
$ ifconfig
|
|
|
|
eth0 Link encap:Ethernet HWaddr 00:A0:CC:33:74:EB
|
|
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
|
|
RX packets:297581 errors:0 dropped:0 overruns:0 frame:0
|
|
TX packets:266104 errors:1 dropped:0 overruns:0 carrier:2
|
|
collisions:79 txqueuelen:100
|
|
Interrupt:10 Base address:0x1300
|
|
|
|
eth1 Link encap:Ethernet HWaddr 00:A0:CC:33:8E:84
|
|
inet addr:192.168.0.254 Bcast:192.168.0.255 Mask:255.255.255.0
|
|
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
|
|
RX packets:608075 errors:0 dropped:0 overruns:0 frame:0
|
|
TX packets:578065 errors:0 dropped:0 overruns:0 carrier:0
|
|
collisions:105408 txqueuelen:100
|
|
Interrupt:9 Base address:0x1200
|
|
|
|
lo Link encap:Local Loopback
|
|
inet addr:127.0.0.1 Mask:255.0.0.0
|
|
UP LOOPBACK RUNNING MTU:3924 Metric:1
|
|
RX packets:1855 errors:0 dropped:0 overruns:0 frame:0
|
|
TX packets:1855 errors:0 dropped:0 overruns:0 carrier:0
|
|
collisions:0 txqueuelen:0
|
|
|
|
ppp0 Link encap:Point-to-Point Protocol
|
|
inet addr:208.61.124.28 P-t-P:208.61.124.1 Mask:255.255.255.255
|
|
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
|
|
RX packets:297579 errors:0 dropped:0 overruns:0 frame:0
|
|
TX packets:266102 errors:0 dropped:0 overruns:0 carrier:0
|
|
collisions:0 txqueuelen:10
|
|
|
|
</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></P
|
|
><DIV
|
|
CLASS="NOTE"
|
|
><P
|
|
></P
|
|
><TABLE
|
|
CLASS="NOTE"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="25"
|
|
ALIGN="CENTER"
|
|
VALIGN="TOP"
|
|
><IMG
|
|
SRC="../images/note.gif"
|
|
HSPACE="5"
|
|
ALT="Note"></TD
|
|
><TH
|
|
ALIGN="LEFT"
|
|
VALIGN="CENTER"
|
|
><B
|
|
>Note</B
|
|
></TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
> </TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><P
|
|
> PPPoE adds 8 bytes of extra overhead to the ethernet frames and the correct
|
|
initial maximum setting for the ppp0 interface MTU is 1492. If the MTU is
|
|
set too high, it may cause a fubar packet fragmentation scenario, known as
|
|
the Path MTU Discovery blackhole where the two ends of the connection fail
|
|
to communicate. A typical symptom would be the failure of some web pages to
|
|
load properly, and possibly other annoying problems. You may need to also
|
|
set the MTU for interfaces on any masqueraded LAN connections MTU to 1452.
|
|
This does not apply to PPPoA, bridged, or routed configurations, just PPPoE!
|
|
See rfc2923 for a technical explanation.
|
|
</P
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
><P
|
|
> Actually, for PPPoE the real setting should be at least 8 bytes less (the
|
|
extra PPPoE protocol overhead) than any interface between you and the
|
|
ultimate destination. All routers normally would be set to 1500, thus 1492 is
|
|
correct from your end. But, it may happen that somewhere a router is
|
|
configured at a lower setting, and this can cause problems, especially
|
|
with web pages loading, and other traffic failures. The way to test this is
|
|
to keep dropping the MTU until things 'work'.
|
|
</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="SECT3"
|
|
><H3
|
|
CLASS="SECT3"
|
|
><A
|
|
NAME="PPPOA">3.2.4. PPPoA</H3
|
|
><P
|
|
> PPPoA (PPPoATM, or PPP over ATM) is a cleaner solution than PPPoE since most
|
|
of the work is done in hardware, and since the raw DSL traffic is ATM. There
|
|
is no user space client necessary to manage the connection as with PPPoE, and
|
|
the additional ethernet protocol layer is not required. Authentication is
|
|
still the same: user id and password to connect, but the mechanics are
|
|
different since no ethernet encapsulation takes place. </P
|
|
><P
|
|
> PPPoA is either done completely in hardware or is implemented as a device
|
|
specific driver. There is no such thing as a generic PPPoA software client
|
|
like there is for PPPoE. There is an ATM patch for 2.2 kernels, support for
|
|
ATM in the 2.4.x kernel, and a project based on the Efficient Networks 3010,
|
|
as well as other ATM cards. The ATM on Linux homepage is here: <A
|
|
HREF="http://linux-atm.sourceforge.net/"
|
|
TARGET="_top"
|
|
> http://linux-atm.sourceforge.net/</A
|
|
>. And even more info is at <A
|
|
HREF="http://www.sfgoth.com/~mitch/linux/atm/pppoatm/"
|
|
TARGET="_top"
|
|
> http://www.sfgoth.com/~mitch/linux/atm/pppoatm/</A
|
|
> from the kernel
|
|
developer of this project. Existing PPPoA implementations are hardware/driver
|
|
based, and Linux PPPoA modem drivers are scarce as hen's
|
|
teeth at this time. The above modem does not seem to be available through
|
|
normal retail channels. This may be a problem, if this is the only protocol
|
|
an ISP delivers, and an external modem that supports PPPoA is not available. </P
|
|
><P
|
|
> If PPPoA is your ISP's only option, you might consider one of the
|
|
router/modems that can handle PPPoA connections, and let the hardware handle
|
|
everything. </P
|
|
></DIV
|
|
><DIV
|
|
CLASS="SECT3"
|
|
><H3
|
|
CLASS="SECT3"
|
|
><A
|
|
NAME="PPTP">3.2.5. PPTP/PPPoA with Alcatel Ethernet Modems</H3
|
|
><P
|
|
> Alcatel SpeedTouch Home ethernet modems (supersedes the Alcatel 1000)
|
|
support both bridged and PPPoA connections. The modem itself handles the
|
|
PPPoA protocol internally. When in PPTP/PPPoA mode (as opposed to RFC1483 bridging
|
|
mode), Linux will connect to the modem via PPTP (MS VPN). The Linux PPTP
|
|
homepage is <A
|
|
HREF="http://cag.lcs.mit.edu/~cananian/Projects/PPTP/"
|
|
TARGET="_top"
|
|
>http://cag.lcs.mit.edu/~cananian/Projects/PPTP/</A
|
|
>,
|
|
and works well with this modem.
|
|
|
|
In addition to installing pptp, your kernel must also have support for PPP.</P
|
|
><P
|
|
> The modem has internal configuration pages than can be reached by pointing
|
|
a browser to the default IP address of http://10.0.0.138. (You will of course
|
|
have to have your NIC set up for a 10.0.0.0 network with similar IP such
|
|
as 10.0.0.1, in order to reach the modem's configuration pages.) For PPPoA,
|
|
the connection type is 'PPTP'. You will have to get the other settings from
|
|
your provider if the defaults do not work. Settings such as 'VPI/VCI' and
|
|
'encapsulation' can vary from provider to provider. Of course, if the modem
|
|
is coming from your provider, all this should be already configured. </P
|
|
><P
|
|
> The next step is to configure <B
|
|
CLASS="COMMAND"
|
|
>pptp</B
|
|
>, which is done by
|
|
configuring the <B
|
|
CLASS="COMMAND"
|
|
>pppd </B
|
|
>files
|
|
<TT
|
|
CLASS="FILENAME"
|
|
>/etc/ppp/pap-secrets</TT
|
|
> (or
|
|
<TT
|
|
CLASS="FILENAME"
|
|
>chap-secrets</TT
|
|
>) and <TT
|
|
CLASS="FILENAME"
|
|
>/etc/ppp/options</TT
|
|
>.
|
|
This is where the username and password is entered. For example: </P
|
|
><P
|
|
> <TT
|
|
CLASS="FILENAME"
|
|
>/etc/ppp/pap-secrets</TT
|
|
>:
|
|
</P
|
|
><P
|
|
> <TT
|
|
CLASS="LITERAL"
|
|
> <P
|
|
CLASS="LITERALLAYOUT"
|
|
><br>
|
|
# client secret server IP address <br>
|
|
login@isp.com * my_password_here *<br>
|
|
<br>
|
|
</P
|
|
>
|
|
</TT
|
|
></P
|
|
><P
|
|
>and <TT
|
|
CLASS="FILENAME"
|
|
>/etc/ppp/options</TT
|
|
>:
|
|
</P
|
|
><P
|
|
> <TT
|
|
CLASS="LITERAL"
|
|
> <P
|
|
CLASS="LITERALLAYOUT"
|
|
> <br>
|
|
name "login@isp.com"<br>
|
|
noauth<br>
|
|
noipdefault<br>
|
|
defaultroute<br>
|
|
<br>
|
|
</P
|
|
>
|
|
</TT
|
|
></P
|
|
><P
|
|
> Once everything is configured properly, it should be just a matter of
|
|
starting pptp, pointing it to the modem's address:
|
|
</P
|
|
><P
|
|
> <TABLE
|
|
BORDER="1"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
> #pptp 10.0.0.138
|
|
|
|
</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></P
|
|
><DIV
|
|
CLASS="NOTE"
|
|
><P
|
|
></P
|
|
><TABLE
|
|
CLASS="NOTE"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="25"
|
|
ALIGN="CENTER"
|
|
VALIGN="TOP"
|
|
><IMG
|
|
SRC="../images/note.gif"
|
|
HSPACE="5"
|
|
ALT="Note"></TD
|
|
><TH
|
|
ALIGN="LEFT"
|
|
VALIGN="CENTER"
|
|
><B
|
|
>Note</B
|
|
></TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
> </TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><P
|
|
>
|
|
Alcatel supplies many sub-models of these modems. These features may not be
|
|
available on all models, or may be altered from the defaults. This is
|
|
something to be aware of, if buying a used modem.
|
|
|
|
</P
|
|
><P
|
|
> This modem only supports one concurrent PPTP connection.
|
|
|
|
</P
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></DIV
|
|
><DIV
|
|
CLASS="SECT3"
|
|
><H3
|
|
CLASS="SECT3"
|
|
><A
|
|
NAME="ROUTER">3.2.6. Modem/Router Configuration</H3
|
|
><P
|
|
> Some ISPs are providing <SPAN
|
|
CLASS="QUOTE"
|
|
>"routers"</SPAN
|
|
> as the connection device.
|
|
Essentially these are mini routers with built in modems. These are all
|
|
ethernet based devices too, so Linux should be good to go here as well.
|
|
Again, a compatible, working NIC should be all that is required to make this
|
|
work. </P
|
|
><P
|
|
>
|
|
A <SPAN
|
|
CLASS="QUOTE"
|
|
>"router"</SPAN
|
|
> has many advantages. The better ones can handle the
|
|
connection management, IP encapsulation, and authentication, as well as
|
|
providing a means of segregating your LAN from outside traffic, and possibly
|
|
other features too. In short they can do it all. One big advantage is that
|
|
they can handle whatever protocols your ISP requires in order to connect. </P
|
|
><P
|
|
> If the ISP is requiring PPPoX, then this makes life a little easier since you
|
|
will not have to install or configure any additional software just to use
|
|
their network. The modem's firmware will handle this. The downside is that
|
|
most of these do not have the flexibility of a Linux router, or other
|
|
software solution. Of course, you could set up a Linux router behind the
|
|
router, and have the best of both worlds. The ones with more and better
|
|
features are also going to cost significantly more. </P
|
|
><P
|
|
> While the physical installation of a router is very similar to the modem
|
|
installation (see above), the router configuration itself is different
|
|
since your first <SPAN
|
|
CLASS="QUOTE"
|
|
>"hop"</SPAN
|
|
> will be the router's interface and not
|
|
the ISP's gateway. Routers will actually have two interfaces -- one that you
|
|
connect to from the LAN side, and one that connects to your ISP on the WAN
|
|
side. Your point of exposure here is the WAN interface of the router. </P
|
|
><P
|
|
>
|
|
The router will also have a pre-configured, private IP address that you will
|
|
connect to from the LAN side. This will be your gateway. The public IP
|
|
address will be assigned to the WAN side interface. Typically these devices
|
|
also act as DHCP servers for the LAN side as well. So possibly all you have
|
|
to do is to start a DHCP client such as <B
|
|
CLASS="COMMAND"
|
|
>dhcpcd</B
|
|
> or
|
|
<B
|
|
CLASS="COMMAND"
|
|
>pump</B
|
|
> (Redhat based distros) to get up and running. Just
|
|
make sure the modem/router is syncing first. The appropriate steps and
|
|
configuration should be in the owner's manual, or available from your
|
|
provider. </P
|
|
><P
|
|
> If you are a PPPoX customer, and the router is handling this part of the
|
|
connection, then you will have to configure at least your user id and
|
|
password before connecting. If a Bridged/DHCP customer, you should just have
|
|
to activate DHCP on the router, and possibly register the MAC (hardware
|
|
address) of the router with your provider. Some routers have <SPAN
|
|
CLASS="QUOTE"
|
|
>"MAC
|
|
cloning"</SPAN
|
|
> which means that they will report the MAC address of the
|
|
attached NIC. If static IP, then you will have to configure this as well. </P
|
|
><P
|
|
> If you need to access the router directly, you will need to know the
|
|
manufacturer's default setting for its IP address. See the owner's manual, or
|
|
ask your provider. You will then have to set your NIC's interface to the same
|
|
network as the router. For instance, if the router has an IP of 10.0.0.1, set
|
|
your interface's address to 10.0.0.2 (typically eth0), and netmask to
|
|
255.0.0.0. </P
|
|
><P
|
|
> <TABLE
|
|
BORDER="1"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
> # ifconfig eth0 10.0.0.2 up netmask 255.0.0.0
|
|
# route add -net 10.0.0.0
|
|
$ ping 10.0.0.1
|
|
|
|
</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></P
|
|
><P
|
|
>
|
|
If everything is in working order, the router should respond to pings. How to
|
|
configure this permanently will vary from distro to distro. So check your
|
|
distribution's documentation. Now you should be able to ping the
|
|
modem/router, and, if all is well, beyond. Then use telnet or a web browser
|
|
to do any further configuration of the router.
|
|
</P
|
|
><P
|
|
> Even if the ISP is not offering any router options, there are quite a few
|
|
available from third party manufacturers such as Netgear, Linksys, Cisco,
|
|
Zyxel, Cayman, Alcatel and others. These will have all the features already
|
|
mentioned and maybe more. Just make sure it matches your provider's DSL. This
|
|
is one good way around the PPPoX bugaboo.
|
|
</P
|
|
><DIV
|
|
CLASS="CAUTION"
|
|
><P
|
|
></P
|
|
><TABLE
|
|
CLASS="CAUTION"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="25"
|
|
ALIGN="CENTER"
|
|
VALIGN="TOP"
|
|
><IMG
|
|
SRC="../images/caution.gif"
|
|
HSPACE="5"
|
|
ALT="Caution"></TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><P
|
|
> Some manufacturers may be marketing these as having <SPAN
|
|
CLASS="QUOTE"
|
|
>"firewall"</SPAN
|
|
>
|
|
capabilities. In some cases, this amounts to nothing more than basic NAT
|
|
(Network Address Translation or masquerading). Not a full, true firewall by
|
|
most measures. Be sure to read the fine print before buying and make sure you
|
|
know how much real firewalling is included.
|
|
|
|
</P
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></DIV
|
|
></DIV
|
|
><DIV
|
|
CLASS="SECT2"
|
|
><H2
|
|
CLASS="SECT2"
|
|
><A
|
|
NAME="CONNECT">3.3. Connect</H2
|
|
><P
|
|
> Everything should be in place now. You probably have already tested your
|
|
connection. You should be seeing ping roundtrip times of 10-75 ms to the ISP's
|
|
gateway. If something has gone wrong, and you cannot connect, either
|
|
retrace the above steps, or see the <A
|
|
HREF="tuning.html#TROUBLE"
|
|
>Troubleshooting
|
|
Section</A
|
|
> below.
|
|
</P
|
|
></DIV
|
|
></DIV
|
|
><DIV
|
|
CLASS="NAVFOOTER"
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"><TABLE
|
|
SUMMARY="Footer navigation table"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="installation.html"
|
|
ACCESSKEY="P"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="index.html"
|
|
ACCESSKEY="H"
|
|
>Home</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="secure.html"
|
|
ACCESSKEY="N"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
>Installation</TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
> </TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
>Securing Your Connection</TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></BODY
|
|
></HTML
|
|
> |