Hi!
Here it is. Hope it is clear enough. Your input is welcome.
Dani
-- Attached file included as plaintext by Listar --
-- File: HOWTO-ADSL-BEZEQ
HOWTO-ADSL-BEZEQ
----------------
Originally written and still maintained by Dr. Daniel Arbel
([EMAIL PROTECTED])
Additions and clarifications by mulix <[EMAIL PROTECTED]>
The most recent version of this document can be found at
http://www.pointer.co.il/~mulix/adsl-howto.txt
ver 1.0 Aug 2000
ver 1.0.1 Sep 2000 - corrections for pap authentication and stopping
sessions.
ver 1.0.2 Jan 2001 - changes after the beginning of commercial service.
Ver 1.1 Jan 2001 - additions and clarifications by mulix
added "note about different ADSL modems"
added "where to get more help" (mulix)
Ver 1.1.1 Jan 2001 - added note about pppd patch (mulix)
Ver 1.1.2 Jan 2001 - note on how to get the modem version string (mulix)
Ver 1.1.3 Jan 2001 - added note on modem names (ATUR2 and ATUR3) (mulix)
ver 1.1.4 Feb 2001 - adds info about Alcatel modems, a patch to pptp to
support Alcatel ISDN ADSL modem.
Ver 1.1.5 Feb 2001 - adds info about the patched pppd (mulix)
Ver 1.2 Feb 2001 - Orckit ATUR3 modem now working! (mulix)
Note about different mtu's for eth0 and ppp0(mulix)
Ver 1.2.1 Feb 2001 - fixed wrong 'ifconfig eth0' command (mulix)
Ver 2.0.0 Feb 2001 - New version to celebrate the last bug fix and general
availability of ADSL to Linux community. General cleanup
Ver 2.1.0 Feb 2001 - Added ip masqurade instructions. Typo fixes.
DISCLAIMER: The info in this doc is based mostly on our own
experiences. Use it at your own risk, and if you find any omissions or
mistakes, please don't hesitate to let us know.
Table of contents
-----------------
1) A NOTE ABOUT THE DIFFERENT ADSL MODEMS - read first!
2) INTRODUCTION
3) LINUX INSTALLATION
4) DEBUGING
5) IP MASQURADING AND THE ADSL SETUP
6) WHERE TO GO FOR HELP
A NOTE ABOUT THE DIFFERENT ADSL MODEMS - read first!
----------------------------------------------------
Orkit modems
There are at least three different Orckit ADSL modems. You can
differentiate between them by examining the version string the modem
gives. So far, we know of the following modems:
The modem known by bezeq technical support as "ATUR2":
"Modem version 5.00.0.3 Orckit Release 2.0 , Version 4 (16:00 June 1
1999)"
and the modem known (by us) as "ATUR3":
"Orckit ATUR3 version: Adsl 4.0.0.34, Data 4.9 (ATM), Based on Virata
6.3.0.9-full release (Jun 27 2000)"
To find out your modem version string, simply telnet to the modem
'telnet 10.0.0.138'. The password is 'password'. Once you are logged
in to the modem, type 'version'.
Alcatel modems
There are four Alcatel modem types: one for ISDN lines, two ethernet modems
for analog lines, and one USB modem.
The USB model was not tested with Linux yet.
All three ethernet modems work with Linux.
The ISDN model needs a patch to the dialing s/w , see details later.
INTRODUCTION
------------
This introduction describes the mechanism and specifics of the windows
installation of the ADSL service. Bezeq do not officially support linux
(although it is rumored that they might, in the yet-to-be-determined
future) and therefore can provide no clue about how to connect a Linux
box. Digging in Bezeq installation and reading this introduction will
help you make the conclusions needed when connecting your Linux box.
We describe here the details of the Orckit equipment. If you have
ALcatel gear and it looks a bit different, try to use intuition... (I
did not have the privilege to use Alcatel ADSL ..).
1) The communication between the ADSL unit and the computer is done by
ethernet NIC (a regular network card. Bezeq will supply one to you,
for an additional charge, or you can buy and install it
yourself. Installing a network card is not covered by this ADSL-HOWTO,
but is covered extensively elsewhere. TODO: add pointer to installing
a NIC documentation) and it uses the following setup:
network 10.0.0.0 mask 255.0.0.0 host: 10.200.1.1 adsl: 10.0.0.138 no
dns, no domain , no gateway. (i did not try to move the host to
10.0.0.x and increase the mask).
2) Bezeq will install a peace of (junk?) software that connects
automatically to their ADSL portal and activates your browser to show
the main page. From there you can surf to the service selection and
connect to your ISP. This is the front end hiding the things that
actually take place:
3) A connection is established by dialing (yes, dial up just like with
a "regular" modem) using the private network mechanism (VPN). If you
want to set this up yourself, here are the steps:
1) Install ms virtual private network adapter (it might already be
installed if Bezeq installed the ADSL in your computer).
2) Go to dial up networking and start the wizard to create a new
connection.
3) For this connection, use Microsoft VPN adapter.
4) host name is "10.0.0.138 RELAY_PPP1". Don't write the quotes, and
yes, it really is a space between '138' and 'RELAY'.
5) Once the connection icon is created, go to its properties and
disable netbeui, ipx etc (these are various net protocols which you do
not need for this type of connection)
6) Start the connection. the username is <your userid>@<ISP> (for
guest access this will be guest@OXxxxxx where Xxxxx is your chosen ISP
with its first character in upercase (i.e. Actcom ) the letter after
the '@' is NOT zero . Note that guest access is not free of charge,
and in fact VERY expensive. For non guest access to actcom, the
username is username@IActcom. 'username' is obviously your actcom user
name, notice the upper case 'I' and 'A' and lower case 'ctcom'.
7) If you receive a connection and are able to use it, you may go on
to Linux installation. If not, try to search in the registry (search
for 'wow') whether some details have been changed by Bezeq (most likely
to change are the username and ISP strings).
LINUX INSTALLATION (finally ...
------------------------------
You should have no problem installing a NIC for ADSL. Reduce the MTU
on eth0 to 1500 (run the command 'ifconfig eth0 10.200.1.1 netmask 255.0.0.0 mtu
1500').
Use a kernel with ppp support and latest pppd. The latest pppd version
(currently 2.3.11) can be downloaded from
ftp://cs.anu.edu.au/pub/software/ppp/
The equivalent of Microsoft VPN adapter is just the pptp program. get
it from http://cag.lcs.mit.edu/~cananian/Projects/PPTP/
The current version is 1.02.
Since pptp does not receive all the options as a command line parameter,
you have to enter the RELAY_PPP1 parameter (see the introduction) into the source
file. (is anyone out there willing to enhance this pptp s/w ? (i did- mulix)) :
change line 212 in pptp_ctrl.c to:
hton16(PPTP_WINDOW), 0, 0, 0, {"RELAY_PPP1"}, {0}
If you have Orkit modem "ATUR3" you also have to add this patch:
in pptp_gre.c, function pptp_gre_copy(),
change "pptp_gre_call_id = call_id" to "pptp_gre_call_id = peer_call_id"
(thanks to Haim Gelfenbeyn for this patch)
if you hapen to have the ISDN ADSL modem from Alcatel, locate, in
pptp_ctrl.c the line:
if (ntoh8(packet->result_code)!=1) { /* some problem with start */
and change it to:
if ((ntoh8(packet->result_code)!=1) && (ntoh8(packet->result_code)!=0))
{ /*some problem with start */
(Alternatively, you can download an already patched
pptp, with several more enhancements from http://www.pointer.co.il/~mulix/. I
make no promises of keeping this pptp synchronized with the main pptp
distribution, so use at your own risk ;) - mulix)
Compile pptp. Read the pptp docs to see that you have pppd in the proper
place.
The authentication method is forced by the server. In order to cover
both options (pap and chap) create 2 identical files:
edit /etc/ppp/chap-secrets and /etc/ppp/pap-secrets to include proper
lines like:
"<username>@I<ISP>" "10.0.0.138 RELAY_PPP1" "<your password>
In case you are not a registered user of any of the ISP you may select
one of the guest accesses (which are VERY expensive!):
"guest@OActcom" "10.0.0.138 RELAY_PPP1" "Bezeq"
and finally, start a call:
pptp 10.0.0.138 debug user xxx@ISP remotename "10.0.0.138 RELAY_PPP1"
defaultroute netmask 255.0.0.0 mtu 1452 mru 1452 noauth
If everything goes well you should be connected, and your networking
will look something like that:
# netstat -r -n
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.200.1.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
213.8.120.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 213.8.120.1 0.0.0.0 UG 0 0 0 ppp0
# ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:50:BF:0E:F6:A8
inet addr:10.200.1.1 Bcast:10.255.255.255 Mask:255.0.0.0
UP BROADCAST RUNNING MULTICAST MTU:1452 Metric:1
RX packets:51825 errors:0 dropped:0 overruns:0 frame:0
TX packets:56376 errors:0 dropped:0 overruns:0 carrier:0
collisions:109 txqueuelen:100
Interrupt:9 Base address:0xb000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:3924 Metric:1
RX packets:61 errors:0 dropped:0 overruns:0 frame:0
TX packets:61 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
ppp0 Link encap:Point-to-Point Protocol
inet addr:213.8.120.98 P-t-P:213.8.120.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1452 Metric:1
RX packets:49753 errors:0 dropped:0 overruns:0 frame:0
TX packets:26973 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
Stopping a session should be done as follows:
1) down the ppp0 interface:
ifconfig ppp0 down
2) kill the pptp process:
killall pptp
Comments about the command line dialing
---------------------------------------
The parameters in the command line after "pptp 10.0.0.138" are passed to pppd.
You may put them in /etc/ppp/options instead. In this case, any dialing will
use them, not only the adsl one.
Important options are:
mtu 1452 # to overcome an Orkit bug ?
mru 1452 # to overcome an Orkit bug ?
defaultroute # this makes the ppp connection your default gateway. probably
# what you want.
usepeerdns # this option will cause pppd to receive an address of the ISP dns
# server and put it in your /etc/resolv.conf . This is a good idea,
# but the file tends to grow with time ..
DEBUGING
--------
If you have problems, some debuging is possible:
1) debug messages apear on the window that runs the pptp command.
2) more debug messages go to /var/log/messages
3) you may increase the debug level of pppd (see the man page ).
4) to see what is going on between your Linux box and the ADSL system, install
tcpdump or ethereal and record the lan traffic.
IP MASQURADING AND THE ADSL SETUP
---------------------------------
If you have more than one pc you would most probably want to share the
adsl connection with all them. here comes the ip masqurading for your
help.
This topic is covered in the ip masqurade howto
http://www.linuxdoc.org/HOWTO/IP-Masquerade-HOWTO.html
so I will outline what has to be done and be detailed in the points
special to the adsl setup.
preparastions:
1) You have to boot a Linux kernel with ipchains support, and with
specific modules you need (most common the ftp masqurade, but there are
others). Your kernel may alreaedy be prepared for that, depending on your
distribution. For details see the ip masqurade howto.
2) You have to physicaly connect the adsl modem to the local
network. There are basicaly two options here:
a) Add a second network card to the Linux box. One for the adsl modem and
one to connect the other computer, or hub/switch if you have one.
b) Use the same network card for all. connect all the pc's and adsl modem
to hub/switch and put the all in the 10 network.
Although option b looks strange at the begining, with security problem,
this is not the case: The internet is connected through a ppp interface in
your Linux box, and the ethernet segment on ip network 10.0.0.0 ends at
your adsl's ethernet port. From bandwidt point of view, the adsl is
limited to about 2 Mbs so the 10 Mbs of ethernet hub can handle this with
no problem. Option b saves you a slot in the Linux box.
Note that to connect 2 PC directly with ethernet cable, you need a cross
wired cable, and not a straight cable like you have between your adsl
modem and PC. The same goes to connecting the adsl modem to a hub: you
need a cross wired cable here as well.
(an ethernet cable consists of 2 twisted pairs of copper wires. Each pair
has its own color, with one of the two being white + color, the other just
the color. the wiring is as follows: pair a pin 1 to pin 1 , pin 2 to pin
2. pair b: 3 to 3 , 6 to 6 . A cross connect will be 1 to 3 , 2 to 6, 3 to
1 , 6 to 2).
setup:
If you have chosen to use option a, assign the second ethernet card a
network number in the 192.168.0.0 range, e.g. 192.168.1.1 , with mask
255.255.255.0
Assign the other PCs with addresses at the same segment (192.168.1.x
) with the same mask. make their default gateway the ip of the Linux
box: 192.168.1.1 in this example.
reduce the PCs MTU of the ethernet card to 1452 (if your PC run windoze
see remark bellow).
set up the PCs with a DNS server. You can run a caching DNS server on the
Linux box, and set the Linux box to be the PCs DNS server.
Now run the ipchains rules that enable the ip masqurading. Something like
this (again, refer to the ip masqurade howto for complete description):
#!/bin/sh
# to load the modules needed:
/sbin/depmod -a
/sbin/modprobe ip_masq_ftp
#CRITICAL: Enable IP forwarding since it is disabled by default since
#
# Redhat Users: you may try changing the options in
# /etc/sysconfig/network from:
#
# FORWARD_IPV4=false
# to
# FORWARD_IPV4=true
#
echo "1" > /proc/sys/net/ipv4/ip_forward
#CRITICAL: Enable automatic IP defragmenting since it is disabled by default
# in 2.2.x kernels. This used to be a compile-time option but the
# behavior was changed in 2.2.12
#
echo "1" > /proc/sys/net/ipv4/ip_always_defrag
# Dynamic IP users:
#
# If you get your IP address dynamically from SLIP, PPP, or DHCP, enable
# this following option. This enables dynamic-ip address hacking
# in IP MASQ,
# making the life with Diald and similar programs much easier.
#
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
# MASQ timeouts
#
# 2 hrs timeout for TCP session timeouts
# 10 sec timeout for traffic after the TCP/IP "FIN" packet is
# received
# 160 sec timeout for UDP traffic (Important for MASQ'ed ICQ users)
#
/sbin/ipchains -M -S 7200 10 160
# Enable simple IP forwarding and Masquerading
#
# NOTE: The following is an example for an internal LAN address in
# the 192.168.1.x network with a 255.255.255.0 or a "24" bit
# subnet mask
#
# ** Please change this network number, subnet mask, and your
# Internet
# ** connection interface name to match your internal LAN setup
#
# this line prevents masqurading services for foreighn hosts.
/sbin/ipchains -P forward DENY
# This line causes the actual masqurading and forwarding of your
# 192.168.1.0 segment:
/sbin/ipchains -A forward -s 192.168.1.0/24 -j MASQ
# You may replace this with specific ip number for each host you have:
/sbin/ipchains -A forward -s 192.168.1.2/32 -j MASQ
and thats all...
Now, if you chose option b (using only one ethernet card on the Linux
box) all that changes is the internal ip numbers.
reducing the Windoze MTU
------------------------
This requires playing with the registry. Do it carefuly and at your own
risk. If there are mistakes here, please let me know so others will not
suffer...
For win9x, run regedit and find the object:
My Computer\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Class\NetTrans\000x
(there may be 0001, 0002 etc , so find the one with the ip number assigned
to the ethernet card)
add a new string valu named MAXMtu with 1452 as the string .
Win2k is similar (find the correct instance of ethernet card by the ip
number), but you have to add a dword object .
WHERE TO GO FOR HELP
--------------------
good luck, and if you have any problems, feel free to ask for support
on linux-il, the mailing list dedicated to all things linux in
israel. To learn more about linux-il, go to http://www.linux.org.il.
You can also try asking on #iglu, on the efnet irc network.
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
