Hi! Here it is. Hope it is clear enough. Your input is welcome. Dani -- Attached file included as plaintext by Listar -- -- File: HOWTO-ADSL-BEZEQ HOWTO-ADSL-BEZEQ ---------------- Originally written and still maintained by Dr. Daniel Arbel ([EMAIL PROTECTED]) Additions and clarifications by mulix <[EMAIL PROTECTED]> The most recent version of this document can be found at http://www.pointer.co.il/~mulix/adsl-howto.txt ver 1.0 Aug 2000 ver 1.0.1 Sep 2000 - corrections for pap authentication and stopping sessions. ver 1.0.2 Jan 2001 - changes after the beginning of commercial service. Ver 1.1 Jan 2001 - additions and clarifications by mulix added "note about different ADSL modems" added "where to get more help" (mulix) Ver 1.1.1 Jan 2001 - added note about pppd patch (mulix) Ver 1.1.2 Jan 2001 - note on how to get the modem version string (mulix) Ver 1.1.3 Jan 2001 - added note on modem names (ATUR2 and ATUR3) (mulix) ver 1.1.4 Feb 2001 - adds info about Alcatel modems, a patch to pptp to support Alcatel ISDN ADSL modem. Ver 1.1.5 Feb 2001 - adds info about the patched pppd (mulix) Ver 1.2 Feb 2001 - Orckit ATUR3 modem now working! (mulix) Note about different mtu's for eth0 and ppp0(mulix) Ver 1.2.1 Feb 2001 - fixed wrong 'ifconfig eth0' command (mulix) Ver 2.0.0 Feb 2001 - New version to celebrate the last bug fix and general availability of ADSL to Linux community. General cleanup Ver 2.1.0 Feb 2001 - Added ip masqurade instructions. Typo fixes. DISCLAIMER: The info in this doc is based mostly on our own experiences. Use it at your own risk, and if you find any omissions or mistakes, please don't hesitate to let us know. Table of contents ----------------- 1) A NOTE ABOUT THE DIFFERENT ADSL MODEMS - read first! 2) INTRODUCTION 3) LINUX INSTALLATION 4) DEBUGING 5) IP MASQURADING AND THE ADSL SETUP 6) WHERE TO GO FOR HELP A NOTE ABOUT THE DIFFERENT ADSL MODEMS - read first! ---------------------------------------------------- Orkit modems There are at least three different Orckit ADSL modems. You can differentiate between them by examining the version string the modem gives. So far, we know of the following modems: The modem known by bezeq technical support as "ATUR2": "Modem version 5.00.0.3 Orckit Release 2.0 , Version 4 (16:00 June 1 1999)" and the modem known (by us) as "ATUR3": "Orckit ATUR3 version: Adsl 4.0.0.34, Data 4.9 (ATM), Based on Virata 6.3.0.9-full release (Jun 27 2000)" To find out your modem version string, simply telnet to the modem 'telnet 10.0.0.138'. The password is 'password'. Once you are logged in to the modem, type 'version'. Alcatel modems There are four Alcatel modem types: one for ISDN lines, two ethernet modems for analog lines, and one USB modem. The USB model was not tested with Linux yet. All three ethernet modems work with Linux. The ISDN model needs a patch to the dialing s/w , see details later. INTRODUCTION ------------ This introduction describes the mechanism and specifics of the windows installation of the ADSL service. Bezeq do not officially support linux (although it is rumored that they might, in the yet-to-be-determined future) and therefore can provide no clue about how to connect a Linux box. Digging in Bezeq installation and reading this introduction will help you make the conclusions needed when connecting your Linux box. We describe here the details of the Orckit equipment. If you have ALcatel gear and it looks a bit different, try to use intuition... (I did not have the privilege to use Alcatel ADSL ..). 1) The communication between the ADSL unit and the computer is done by ethernet NIC (a regular network card. Bezeq will supply one to you, for an additional charge, or you can buy and install it yourself. Installing a network card is not covered by this ADSL-HOWTO, but is covered extensively elsewhere. TODO: add pointer to installing a NIC documentation) and it uses the following setup: network 10.0.0.0 mask 255.0.0.0 host: 10.200.1.1 adsl: 10.0.0.138 no dns, no domain , no gateway. (i did not try to move the host to 10.0.0.x and increase the mask). 2) Bezeq will install a peace of (junk?) software that connects automatically to their ADSL portal and activates your browser to show the main page. From there you can surf to the service selection and connect to your ISP. This is the front end hiding the things that actually take place: 3) A connection is established by dialing (yes, dial up just like with a "regular" modem) using the private network mechanism (VPN). If you want to set this up yourself, here are the steps: 1) Install ms virtual private network adapter (it might already be installed if Bezeq installed the ADSL in your computer). 2) Go to dial up networking and start the wizard to create a new connection. 3) For this connection, use Microsoft VPN adapter. 4) host name is "10.0.0.138 RELAY_PPP1". Don't write the quotes, and yes, it really is a space between '138' and 'RELAY'. 5) Once the connection icon is created, go to its properties and disable netbeui, ipx etc (these are various net protocols which you do not need for this type of connection) 6) Start the connection. the username is <your userid>@<ISP> (for guest access this will be guest@OXxxxxx where Xxxxx is your chosen ISP with its first character in upercase (i.e. Actcom ) the letter after the '@' is NOT zero . Note that guest access is not free of charge, and in fact VERY expensive. For non guest access to actcom, the username is username@IActcom. 'username' is obviously your actcom user name, notice the upper case 'I' and 'A' and lower case 'ctcom'. 7) If you receive a connection and are able to use it, you may go on to Linux installation. If not, try to search in the registry (search for 'wow') whether some details have been changed by Bezeq (most likely to change are the username and ISP strings). LINUX INSTALLATION (finally ... ------------------------------ You should have no problem installing a NIC for ADSL. Reduce the MTU on eth0 to 1500 (run the command 'ifconfig eth0 10.200.1.1 netmask 255.0.0.0 mtu 1500'). Use a kernel with ppp support and latest pppd. The latest pppd version (currently 2.3.11) can be downloaded from ftp://cs.anu.edu.au/pub/software/ppp/ The equivalent of Microsoft VPN adapter is just the pptp program. get it from http://cag.lcs.mit.edu/~cananian/Projects/PPTP/ The current version is 1.02. Since pptp does not receive all the options as a command line parameter, you have to enter the RELAY_PPP1 parameter (see the introduction) into the source file. (is anyone out there willing to enhance this pptp s/w ? (i did- mulix)) : change line 212 in pptp_ctrl.c to: hton16(PPTP_WINDOW), 0, 0, 0, {"RELAY_PPP1"}, {0} If you have Orkit modem "ATUR3" you also have to add this patch: in pptp_gre.c, function pptp_gre_copy(), change "pptp_gre_call_id = call_id" to "pptp_gre_call_id = peer_call_id" (thanks to Haim Gelfenbeyn for this patch) if you hapen to have the ISDN ADSL modem from Alcatel, locate, in pptp_ctrl.c the line: if (ntoh8(packet->result_code)!=1) { /* some problem with start */ and change it to: if ((ntoh8(packet->result_code)!=1) && (ntoh8(packet->result_code)!=0)) { /*some problem with start */ (Alternatively, you can download an already patched pptp, with several more enhancements from http://www.pointer.co.il/~mulix/. I make no promises of keeping this pptp synchronized with the main pptp distribution, so use at your own risk ;) - mulix) Compile pptp. Read the pptp docs to see that you have pppd in the proper place. The authentication method is forced by the server. In order to cover both options (pap and chap) create 2 identical files: edit /etc/ppp/chap-secrets and /etc/ppp/pap-secrets to include proper lines like: "<username>@I<ISP>" "10.0.0.138 RELAY_PPP1" "<your password> In case you are not a registered user of any of the ISP you may select one of the guest accesses (which are VERY expensive!): "guest@OActcom" "10.0.0.138 RELAY_PPP1" "Bezeq" and finally, start a call: pptp 10.0.0.138 debug user xxx@ISP remotename "10.0.0.138 RELAY_PPP1" defaultroute netmask 255.0.0.0 mtu 1452 mru 1452 noauth If everything goes well you should be connected, and your networking will look something like that: # netstat -r -n Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 10.200.1.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 213.8.120.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 213.8.120.1 0.0.0.0 UG 0 0 0 ppp0 # ifconfig -a eth0 Link encap:Ethernet HWaddr 00:50:BF:0E:F6:A8 inet addr:10.200.1.1 Bcast:10.255.255.255 Mask:255.0.0.0 UP BROADCAST RUNNING MULTICAST MTU:1452 Metric:1 RX packets:51825 errors:0 dropped:0 overruns:0 frame:0 TX packets:56376 errors:0 dropped:0 overruns:0 carrier:0 collisions:109 txqueuelen:100 Interrupt:9 Base address:0xb000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:3924 Metric:1 RX packets:61 errors:0 dropped:0 overruns:0 frame:0 TX packets:61 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 ppp0 Link encap:Point-to-Point Protocol inet addr:213.8.120.98 P-t-P:213.8.120.1 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1452 Metric:1 RX packets:49753 errors:0 dropped:0 overruns:0 frame:0 TX packets:26973 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:10 Stopping a session should be done as follows: 1) down the ppp0 interface: ifconfig ppp0 down 2) kill the pptp process: killall pptp Comments about the command line dialing --------------------------------------- The parameters in the command line after "pptp 10.0.0.138" are passed to pppd. You may put them in /etc/ppp/options instead. In this case, any dialing will use them, not only the adsl one. Important options are: mtu 1452 # to overcome an Orkit bug ? mru 1452 # to overcome an Orkit bug ? defaultroute # this makes the ppp connection your default gateway. probably # what you want. usepeerdns # this option will cause pppd to receive an address of the ISP dns # server and put it in your /etc/resolv.conf . This is a good idea, # but the file tends to grow with time .. DEBUGING -------- If you have problems, some debuging is possible: 1) debug messages apear on the window that runs the pptp command. 2) more debug messages go to /var/log/messages 3) you may increase the debug level of pppd (see the man page ). 4) to see what is going on between your Linux box and the ADSL system, install tcpdump or ethereal and record the lan traffic. IP MASQURADING AND THE ADSL SETUP --------------------------------- If you have more than one pc you would most probably want to share the adsl connection with all them. here comes the ip masqurading for your help. This topic is covered in the ip masqurade howto http://www.linuxdoc.org/HOWTO/IP-Masquerade-HOWTO.html so I will outline what has to be done and be detailed in the points special to the adsl setup. preparastions: 1) You have to boot a Linux kernel with ipchains support, and with specific modules you need (most common the ftp masqurade, but there are others). Your kernel may alreaedy be prepared for that, depending on your distribution. For details see the ip masqurade howto. 2) You have to physicaly connect the adsl modem to the local network. There are basicaly two options here: a) Add a second network card to the Linux box. One for the adsl modem and one to connect the other computer, or hub/switch if you have one. b) Use the same network card for all. connect all the pc's and adsl modem to hub/switch and put the all in the 10 network. Although option b looks strange at the begining, with security problem, this is not the case: The internet is connected through a ppp interface in your Linux box, and the ethernet segment on ip network 10.0.0.0 ends at your adsl's ethernet port. From bandwidt point of view, the adsl is limited to about 2 Mbs so the 10 Mbs of ethernet hub can handle this with no problem. Option b saves you a slot in the Linux box. Note that to connect 2 PC directly with ethernet cable, you need a cross wired cable, and not a straight cable like you have between your adsl modem and PC. The same goes to connecting the adsl modem to a hub: you need a cross wired cable here as well. (an ethernet cable consists of 2 twisted pairs of copper wires. Each pair has its own color, with one of the two being white + color, the other just the color. the wiring is as follows: pair a pin 1 to pin 1 , pin 2 to pin 2. pair b: 3 to 3 , 6 to 6 . A cross connect will be 1 to 3 , 2 to 6, 3 to 1 , 6 to 2). setup: If you have chosen to use option a, assign the second ethernet card a network number in the 192.168.0.0 range, e.g. 192.168.1.1 , with mask 255.255.255.0 Assign the other PCs with addresses at the same segment (192.168.1.x ) with the same mask. make their default gateway the ip of the Linux box: 192.168.1.1 in this example. reduce the PCs MTU of the ethernet card to 1452 (if your PC run windoze see remark bellow). set up the PCs with a DNS server. You can run a caching DNS server on the Linux box, and set the Linux box to be the PCs DNS server. Now run the ipchains rules that enable the ip masqurading. Something like this (again, refer to the ip masqurade howto for complete description): #!/bin/sh # to load the modules needed: /sbin/depmod -a /sbin/modprobe ip_masq_ftp #CRITICAL: Enable IP forwarding since it is disabled by default since # # Redhat Users: you may try changing the options in # /etc/sysconfig/network from: # # FORWARD_IPV4=false # to # FORWARD_IPV4=true # echo "1" > /proc/sys/net/ipv4/ip_forward #CRITICAL: Enable automatic IP defragmenting since it is disabled by default # in 2.2.x kernels. This used to be a compile-time option but the # behavior was changed in 2.2.12 # echo "1" > /proc/sys/net/ipv4/ip_always_defrag # Dynamic IP users: # # If you get your IP address dynamically from SLIP, PPP, or DHCP, enable # this following option. This enables dynamic-ip address hacking # in IP MASQ, # making the life with Diald and similar programs much easier. # echo "1" > /proc/sys/net/ipv4/ip_dynaddr # MASQ timeouts # # 2 hrs timeout for TCP session timeouts # 10 sec timeout for traffic after the TCP/IP "FIN" packet is # received # 160 sec timeout for UDP traffic (Important for MASQ'ed ICQ users) # /sbin/ipchains -M -S 7200 10 160 # Enable simple IP forwarding and Masquerading # # NOTE: The following is an example for an internal LAN address in # the 192.168.1.x network with a 255.255.255.0 or a "24" bit # subnet mask # # ** Please change this network number, subnet mask, and your # Internet # ** connection interface name to match your internal LAN setup # # this line prevents masqurading services for foreighn hosts. /sbin/ipchains -P forward DENY # This line causes the actual masqurading and forwarding of your # 192.168.1.0 segment: /sbin/ipchains -A forward -s 192.168.1.0/24 -j MASQ # You may replace this with specific ip number for each host you have: /sbin/ipchains -A forward -s 192.168.1.2/32 -j MASQ and thats all... Now, if you chose option b (using only one ethernet card on the Linux box) all that changes is the internal ip numbers. reducing the Windoze MTU ------------------------ This requires playing with the registry. Do it carefuly and at your own risk. If there are mistakes here, please let me know so others will not suffer... For win9x, run regedit and find the object: My Computer\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Class\NetTrans\000x (there may be 0001, 0002 etc , so find the one with the ip number assigned to the ethernet card) add a new string valu named MAXMtu with 1452 as the string . Win2k is similar (find the correct instance of ethernet card by the ip number), but you have to add a dword object . WHERE TO GO FOR HELP -------------------- good luck, and if you have any problems, feel free to ask for support on linux-il, the mailing list dedicated to all things linux in israel. To learn more about linux-il, go to http://www.linux.org.il. You can also try asking on #iglu, on the efnet irc network. ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]