Ver 2.1.3 May 2001 - Additions of some provider codes, misc fixes,
tcp-mss-clamp with kernel 2.4.4, alcatel security
vulnerability and contributors section (mulix).
thanks to everyone that sent us comments and patches!
since the howto is upwards of 20kb, i'm not posting it. it's available
as always at http://www.pointer.co.il/~mulix/adsl-howto.txt
[attached: diff file]
--
mulix
http://www.advogato.com/person/mulix
linux/reboot.h: #define LINUX_REBOOT_MAGIC1 0xfee1dead
-- Attached file included as plaintext by Listar --
-- File: adsl-howto.txt.diff
--- adsl-howto.2.1.2.txt Fri Apr 6 19:57:36 2001
+++ adsl-howto.2.1.3.txt Thu May 3 17:21:38 2001
@@ -29,9 +29,12 @@
Ver 2.1.1 Mar 2001 - Added ip masquerade with kernel
2.4. Cleanup. (mulix)
Ver 2.1.2 Apr 2001 - Edited pptp command line, ifconfig eth0 example (mulix)
+Ver 2.1.3 May 2001 - Additions of some provider codes, misc fixes,
+ tcp-mss-clamp with kernel 2.4.4, alcatel security
+ vulnerability and contributors section (mulix).
-DISCLAIMER: The info in this doc is based mostly on our own
+DISCLAIMER: The info in this document is based mostly on our own
experiences. Use it at your own risk, and if you find any omissions or
mistakes, please don't hesitate to let us know.
@@ -44,12 +47,13 @@
4) DEBUGGING
5) IP MASQUERADING AND THE ADSL SETUP
6) WHERE TO GO FOR HELP
+7) CONTRIBUTORS
A NOTE ABOUT THE DIFFERENT ADSL MODEMS - read first!
----------------------------------------------------
-Orckit modems
+_Orckit modems_
There are at least three different Orckit ADSL modems. You can
differentiate between them by examining the version string the modem
@@ -69,14 +73,17 @@
'telnet 10.0.0.138'. The password is 'password'. Once you are logged
in to the modem, type 'version'.
-
-Alcatel modems
+_Alcatel modems_
There are four Alcatel modem types: one for ISDN lines, two ethernet modems
for analog lines, and one USB modem.
The USB model was not tested with Linux yet.
All three ethernet modems work with Linux.
-The ISDN model needs a patch to the dialing software , see details later.
+The ISDN model needs a patch to the dialing software, see details
+later.
+Some Alcatel modems of the Speed Touch family have a serious security
+vulnerability. You can find more details about it at
+http://www.securityfocus.com/archive/1/175229.
INTRODUCTION
------------
@@ -88,7 +95,7 @@
help you make the conclusions needed when connecting your Linux box.
We describe here the details of the Orckit equipment. If you have
-ALcatel gear and it looks a bit different, try to use intuition... (I
+Alcatel gear and it looks a bit different, try to use intuition... (I
did not have the privilege to use Alcatel ADSL...).
1) The communication between the ADSL unit and the computer is done by
@@ -99,8 +106,9 @@
a NIC documentation) and it uses the following setup:
network 10.0.0.0 mask 255.0.0.0 host: 10.200.1.1 adsl: 10.0.0.138 no
-dns, no domain , no gateway. (i did not try to move the host to
-10.0.0.x and increase the mask).
+dns, no domain , no gateway. It is possible to use an address other
+than 10.200.1.1 for the host side of the pptp connection, such as
+192.168.*.*, but doing it is not covered in this howto.
2) Bezeq will install a peace of (junk?) software that connects
automatically to their ADSL portal and activates your browser to show
@@ -125,7 +133,7 @@
5) Once the connection icon is created, go to its properties and
disable netbeui, ipx etc (these are various net protocols which you do
-not need for this type of connection)
+not need for this type of connection).
6) Start the connection. the username is <your userid>@<ISP> (for
guest access this will be guest@OXxxxxx where Xxxxx is your chosen ISP
@@ -140,6 +148,17 @@
for 'wow') whether some details have been changed by Bezeq (most likely
to change are the username and ISP strings).
+ISP NAMES
+---------
+
+The known ISP strings are:
+
+ISP ISP String
+=== ==========
+Actcom Actcom
+Bezeq International Bezint
+
+
LINUX INSTALLATION (finally ...)
--------------------------------
@@ -158,39 +177,43 @@
the patched pptp from http://www.pointer.co.il/~mulix/. The patched
pptp contains all of these patches and is known to work with all modem
types. The website also has a diff file between this patched pptp and the
-original pptp.
+original pptp. Since some modems do not require patching 'pptp' and some
+do, and since the patches have no effect on those modems that do not
+require them, we recommend you use the patched pptp.
Instructions for patching the original pptp:
Since pptp does not receive all the options as a command line parameter,
-you have to enter the RELAY_PPP1 parameter (see the introduction) into the source
-file.
+you have to enter the RELAY_PPP1 parameter (see the introduction) into
+the source file.
+
change line 212 in pptp_ctrl.c to:
hton16(PPTP_WINDOW), 0, 0, 0, {"RELAY_PPP1"}, {0}
If you have Orckit modem "ATUR3" you also have to add this patch:
-in pptp_gre.c, function pptp_gre_copy(),
-change "pptp_gre_call_id = call_id" to "pptp_gre_call_id = peer_call_id"
+in pptp_gre.c, function pptp_gre_copy(), change
+ "pptp_gre_call_id = call_id" to "pptp_gre_call_id = peer_call_id"
(thanks to Haim Gelfenbeyn for this patch)
if you happen to have the ISDN ADSL modem from Alcatel, locate, in
pptp_ctrl.c the line:
-if (ntoh8(packet->result_code)!=1) { /* some problem with start */
+ if (ntoh8(packet->result_code)!=1) { /* some problem with start */
and change it to:
-if ((ntoh8(packet->result_code)!=1) && (ntoh8(packet->result_code)!=0))
-{ /*some problem with start */
+ if ((ntoh8(packet->result_code)!=1) && (ntoh8(packet->result_code)!=0))
+ { /*some problem with start */
Compile pptp. Read the pptp docs to see that you have pppd in the proper
place.
The authentication method is forced by the server. In order to cover
-both options (pap and chap) create 2 identical files:
-edit /etc/ppp/chap-secrets and /etc/ppp/pap-secrets to include proper
+both options (pap and chap), edit or create 2 identical files
+(/etc/ppp/chap-secrets and /etc/ppp/pap-secrets) to include proper
lines like:
+
"<username>@I<ISP>" "10.0.0.138 RELAY_PPP1" "<your password>"
In case you are not a registered user of any of the ISPs you may select
@@ -250,23 +273,36 @@
You may put them in /etc/ppp/options instead. In this case, any dialing will
use them, not only the adsl one.
Important options are:
-mtu 1452 # to overcome an Orckit bug ?
-mru 1452 # to overcome an Orckit bug ?
-defaultroute # this makes the ppp connection your default gateway. probably
- # what you want.
-usepeerdns # this option will cause pppd to receive an address of the ISP dns
- # server and put it in your /etc/resolv.conf . This is a good idea,
- # but the file tends to grow with time ..
+mtu 1452 # to overcome an Orckit bug ?
+mru 1452 # to overcome an Orckit bug ?
+
+defaultroute # this makes the ppp connection your default gateway. probably
+ # what you want.
+
+usepeerdns # this option will cause pppd to receive an address of the ISP
+dns
+ # server and put it in your /etc/resolv.conf . This is a good
+idea,
+ # but the file tends to grow with time ..
+
+noipdefault # For some reason, pppd will propose the IP of my internal
+interface
+ # (e.g. 192.168.2.12), and I don't want anybody to know about
+it.
+
+lcp-echo-interval 60 # Without the next 2 lines, pppd won't detect loss of
+connection,
+lcp-echo-failure 3 # because pppd regularely uses modem DTR line to detect
+connection drop,
+ # and pptp doesn't have one.
+
DEBUGGING
--------
If you have problems, some debugging is possible:
-1) debug messages appear on the window that runs the pptp command.
-2) more debug messages go to /var/log/messages
-3) you may increase the debug level of pppd (see the man page).
-4) to see what is going on between your Linux box and the ADSL system, install
+
+1) Debug messages appear on the window that runs the pptp command.
+2) More debug messages go to /var/log/messages or /var/log/daemon.log
+3) You may increase the debug level of pppd (see the man page).
+4) To see what is going on between your Linux box and the ADSL system, install
tcpdump or ethereal and record the lan traffic.
+5) It is possible to add even MORE debugging information by adding
+ "kdebug 7" to the pppd invocation. This is a VERY wordy option.
IP MASQUERADING AND THE ADSL SETUP
---------------------------------
@@ -279,10 +315,10 @@
Preparations:
1) You have to boot a Linux kernel with ipchains support (2.2) or
-iptables support (2.4), and with
-specific modules you need (most common the ftp masquerade, but there are
-others). Your kernel may already be prepared for that, depending on your
-distribution. For details see the ip masquerade howto.
+iptables support (2.4), and with specific modules you need (most common
+the ftp masquerade, but there are others). Your kernel may already be
+prepared for that, depending on your distribution. For details see the
+ip masquerade howto.
2) You have to physically connect the adsl modem to the local
network. There are basically two options here:
a) Add a second network card to the Linux box. One for the adsl modem and
@@ -419,6 +455,19 @@
iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -o ppp0 -j MASQUERADE
+Note that Actcom provides a static IP by default (and does not charge
+for it) while Internet Zahav does NOT provide a static IP by default
+and charges US$100/month if one is requested.
+
+Static IP is preferable if you are running services.
+
+If you are using kernel 2.4.4, it is possible to use the following
+command line to avoid having to set the MTU manually on the
+masqueraded machines (very usefull if there are many such machines, or
+you do not have access to them)
+
+iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+
WHERE TO GO FOR HELP
--------------------
good luck, and if you have any problems, feel free to ask for support
@@ -427,3 +476,13 @@
You can also try asking on #iglu, on the efnet irc network. Make sure
to provide detailed error messages, we are not mind readers...
+CONTRIBUTORS
+------------
+Dani Arbel
+mulix
+Haim Gelfenbeym
+Marc A. Volovic
+Elad Tsur
+Tzahi Fadida
+Aviram Jenik
+Alex Shnitman
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
