Citing from the 'PPPoE FAQ':
Point to Point Protocol over Ethernet is a
proposal specifying how a host personal computer (PC) interacts with a broadband
modem (i.e. xDSL, cable, wireless, etc) to achieve access to the growing
number of High-speed data networks. Relying on two widely accepted standards,
Ethernet and the point-to-point protocol (PPP), the PPPoE implementation
requires virtually no more knowledge on the part of the end user other than
that required for standard Dial-up Internet access. In addition, PPPoE requires
no major changes in the operational model for Internet Service Providers
(ISPs) and carriers.
(tom)
section index top
Software:
- Mandrake-Linux 6.x or later
- RoaringPenguin's
PPPoE - (rp-pppoe RPMs
for Red Hat and ML)
- Pointman's
Firewall('pmfirewall')
Hardware:
- Cheapo Linux box to act as the Gateway/Router/Server.
- Two NICs (aka Ethernet cards) to put into Linux box.
- External xDSL modem w/ RJ-45 connection.
- Hub/Switch.
- A floppy on which to put 'rp-pppoe' and 'pmfirewall'.
Knowledge:
- Your Primary DNS (domain name server) IP address
- Your Secondary DNS IP address
- How to configure IP addresses / default gateway /
DNS on your LAN clients' operating systems.
section index top
Hardware
- Connect the Primary NIC (
eth0 ) to the
Internal/Private network (to your hub/switch).
- Connect the Secondary NIC (
eth1 ) to
the xDSL modem output port.
Most IBM clones seem to take the PCI/ISA slot as the
indicator of which NIC is eth0 or eth1 (e.g. my
eth0 is the NIC in the 2nd PCI slot and eth1
is the NIC in the 3rd slot).
Note: If you have a dedicated server box with Linux
already installed, skip to part II, 3.
Distribution
(If you've installed your distribution already, you
can of course skip this step. Just make sure, e.g. via 'Linuxconf', that
the Ethernet cards have no IPs assigned and that the network service isn't
started on boot. tom).
- During installation, setup the LAN.
- Choose not to boot network on boot up.
- Assign 192.168.x.1 and 255.255.255.0 to 'eth0'.
- Assign 10.x.x.1 and 255.255.255.0 to eth1.
- After initial boot, remove any old RP PPPoE (if there's
any):
- login as (or 'su' to) 'root'
- Issue the command
mv /etc/ppp/pppoe.conf
/etc/ppp/pppoe.conf.bak
- Use your preferred graphical network configuration
tool (e.g. 'netconf' or 'Linuxconf') to enable 'eth0' and to disable 'eth1'.
- Remove IP address and mask for 'eth1'.
- In the Gateway section, enable "routing", but
do not assign a default gateway unless given one by ISP
PPPoE Client Software
-
Login as (or 'su' to) 'root'
-
Transfer downloaded files from floppy to a directory
using these commands (if you've downloaded them to your hard disk, you can
of course skip this step. tom):
mkdir -p ~/Downloads/PPPoE
mkdir -p ~/Downloads/Firewall
cp /mnt/floppy/rp-pppoe-[...].rpm ~/Downloads/PPPoE
-
cp /mnt/floppy/pmfirewall-[...].tar.gz
~/Downloads/Firewall
-
Check NIC config:
- Issue
ifconfig eth0 , you should
see some hardware info
-
Issue ifconfig eth1 , ditto
-
Install via RPM:
- Change to the directory which has the rp-pppoe
RPM, e.g.
cd ~/Download/PPPoE
-
Issue rpm -ivh rp-pppoe-[...].rpm .
If you have a previous version of the client installed, replace i
withU .
-
Run the setup file:
-
/usr/sbin/adsl-setup
-
Setup RP PPPoE:
- Enter your provider's Primary and Secondary DNS
numbers.
- Make sure that eth1 is connected to ADSL modem
as default.
adsl-start starts the PPPoE client
(test if you connect).
ping an outside address (lycos.com)
and at least one internal address (192.168.x.2) to check setup.
- Run
adsl-stop to bring down the
connection while we put up the firewall.
Install PointMan's Firewall
- Change to directory that has the downloaded program
archive, e.g.
cd ~/Download/Firewall .
- Untar file with
tar -zxf pmfirewall-[...].tar.gz
- Change into new directory,
cd pmfirewall-[...]
- Run
sh install.sh
'PMFirewall' will not be able to "see" the external
interface ('eth1') since it has to be disabled for the PPPoE client to work
(needs to create a PPP emulation on that port), and therefore can not setup
a firewall on it.
In order to get PMFirewall to work, you'll have to claim that the external
interface is ppp0 and then start it up after the ADSL connection has been
established (see below). Follow the prompts and setup the rules for your firewall
and IP Masquerading as you like, making sure that you indicate that the external
connection is ppp0 (default is eth0) and that the internal connection is
eth0 (default is eth1).
You might as well not start PMFirewall on boot up since it won't do any good
anyway. If you plan on leaving any ports open (like 2401 for CVS), you'll
need to be aware that there is problem with it; read about it at the 'PMFirewall' website at "Known
Problems".
If you follow all of the rest of the defaults, your system will be very secure
but will still allow you all outward access from within the LAN (Napster,
UT/Quake, IRC, ICQ, FTP, RealAudio, etc.). I've found that Q2, Q3:A, and HL/TFC/CS
work better when adding ports=26000,27000,27910,27960 to the "quake" module
in '/usr/local/pmfirewall/pmfirewall-masq.rules'
In '/etc/rc.local', add the following two lines just
below the first set of comments
adsl-start
/etc/rc.d/init.d/pmfirewall start
When you reboot, your xDSL connection should come up
and then the firewall/IP Masquerading will be in effect.
section index top
Configure Linux box/server/gateway/router
eth0 should be assigned a private address/mask
(e.g.; 10.0.0.1 or 192.168.0.1 and 255.255.255.0).
eth1 should be enabled, but will not
be assigned an IP address.
Configure other clients connected to LAN
-
All other clients (PCs on LAN) should be given addresses
within the private IP area, with matching masks, having the IP address of
eth0 as the default gateway, and given
the Primary and Secondary DNS addresses used above (supplied by ISP).
-
MS-Windows boxes need to have same workgroup name
and shared drives in order to enable the features of "Networking Neighborhood".
NOTE: If you have xDSL/PPPoE software enabled on one
of the boxes you plan on putting on the LAN, you need to remove the TCP/IP
entry for the NIC that used the DSL connection. Upon re-booting, the system
will again see the NIC, then you can assign it the address you desire. I
would also recommend removing the PPPoE software on that machine.
Here is my configuration:
-
Switch: LinkSys 10/100 5-port autosensing switch
-
Linux Box: eth0 = 192.168.0.1 255.255.255.0
eth1 = enabled, but no address assigned
-
Win2000 Box: IP: 192.168.0.2 255.255.255.0
Default Gateway: 192.168.0.1
Pr. DNS: w.x.y.z
Sec. DNS: a.b.c.d
-
BeOS 5 box: IP: 192.168.0.3 255.255.255.0
Default GW: 192.168.0.1
Pr. DNS: same as above
Sec. DNS: same as above
-
Win98 box1: IP: 192.168.0.4 255.255.255.0
Default GW: 192.168.0.1
Pr. DNS: same as above
Sec. DNS: same as above
-
Win98 box2: IP: 192.168.0.4 255.255.255.0
Default GW: 192.168.0.1
Pr. DNS: same as above
Sec. DNS: same as above
section index top
|