DocIndex


 
 

* DocIndex - Connectivity

DSL Over PPPoE

* What Is PPPoE?
* Installation
* Configuration

Related Resources:

T-DSL mit pppoE (in German)
PPPoE FAQ (all operating systems)
Janou's PPPoE (ADSL) Guide
Roaring Penguin Software
PMFirewall

Revision / Modified: July 31 2001 / Jan 03, 2001
Author: Robert C. Pilkington
 

* What Is PPPoE?

Citing from the 'PPPoE FAQ':

Point to Point Protocol over Ethernet is a proposal specifying how a host personal computer (PC) interacts with a broadband modem (i.e. xDSL, cable, wireless, etc) to achieve access to the growing number of High-speed data networks. Relying on two widely accepted standards, Ethernet and the point-to-point protocol (PPP), the PPPoE implementation requires virtually no more knowledge on the part of the end user other than that required for standard Dial-up Internet access. In addition, PPPoE requires no major changes in the operational model for Internet Service Providers (ISPs) and carriers.
(tom)

* section index * top

* What's Needed For PPPoE

Software:

  1. Mandrake-Linux 6.x or later
  2. RoaringPenguin's PPPoE - (rp-pppoe RPMs for Red Hat and ML)
  3. Pointman's Firewall('pmfirewall')

Hardware:

  1. Cheapo Linux box to act as the Gateway/Router/Server.
  2. Two NICs (aka Ethernet cards) to put into Linux box.
  3. External xDSL modem w/ RJ-45 connection.
  4. Hub/Switch.
  5. A floppy on which to put 'rp-pppoe' and 'pmfirewall'.

Knowledge:

  1. Your Primary DNS (domain name server) IP address
  2. Your Secondary DNS IP address
  3. How to configure IP addresses / default gateway / DNS on your LAN clients' operating systems.

* section index * top

* Installation

Hardware

  1. Connect the Primary NIC (eth0) to the Internal/Private network (to your hub/switch).
  2. Connect the Secondary NIC (eth1) to the xDSL modem output port.

Most IBM clones seem to take the PCI/ISA slot as the indicator of which NIC is eth0 or eth1 (e.g. my eth0 is the NIC in the 2nd PCI slot and eth1 is the NIC in the 3rd slot).

Note: If you have a dedicated server box with Linux already installed, skip to part II, 3.

Distribution

(If you've installed your distribution already, you can of course skip this step. Just make sure, e.g. via 'Linuxconf', that the Ethernet cards have no IPs assigned and that the network service isn't started on boot. tom).

  1. During installation, setup the LAN.
  2. Choose not to boot network on boot up.
  3. Assign 192.168.x.1 and 255.255.255.0 to 'eth0'.
  4. Assign 10.x.x.1 and 255.255.255.0 to eth1.
  5. After initial boot, remove any old RP PPPoE (if there's any):
    1. login as (or 'su' to) 'root'
    2. Issue the command mv /etc/ppp/pppoe.conf /etc/ppp/pppoe.conf.bak
    3. Use your preferred graphical network configuration tool (e.g. 'netconf' or 'Linuxconf') to enable 'eth0' and to disable 'eth1'.
    4. Remove IP address and mask for 'eth1'.
    5. In the Gateway section, enable "routing", but do not assign a default gateway unless given one by ISP

PPPoE Client Software

  1. Login as (or 'su' to) 'root'

  2. Transfer downloaded files from floppy to a directory using these commands (if you've downloaded them to your hard disk, you can of course skip this step. tom):

    1. mkdir -p ~/Downloads/PPPoE
    2. mkdir -p ~/Downloads/Firewall
    3. cp /mnt/floppy/rp-pppoe-[...].rpm ~/Downloads/PPPoE

    4. cp /mnt/floppy/pmfirewall-[...].tar.gz ~/Downloads/Firewall

  3. Check NIC config:

    1. Issue ifconfig eth0, you should see some hardware info

    2. Issue ifconfig eth1, ditto

  4. Install via RPM:

    1. Change to the directory which has the rp-pppoe RPM, e.g. cd ~/Download/PPPoE

    2. Issue rpm -ivh rp-pppoe-[...].rpm. If you have a previous version of the client installed, replace i withU.

  5. Run the setup file:

    1. /usr/sbin/adsl-setup

  6. Setup RP PPPoE:

    1. Enter your provider's Primary and Secondary DNS numbers.
    2. Make sure that eth1 is connected to ADSL modem as default.
    3. adsl-start starts the PPPoE client (test if you connect).
    4. ping an outside address (lycos.com) and at least one internal address (192.168.x.2) to check setup.
    5. Run adsl-stop to bring down the connection while we put up the firewall.

Install PointMan's Firewall

  1. Change to directory that has the downloaded program archive, e.g. cd ~/Download/Firewall.
  2. Untar file with tar -zxf pmfirewall-[...].tar.gz
  3. Change into new directory, cd pmfirewall-[...]
  4. Run sh install.sh

'PMFirewall' will not be able to "see" the external interface ('eth1') since it has to be disabled for the PPPoE client to work (needs to create a PPP emulation on that port), and therefore can not setup a firewall on it.
In order to get PMFirewall to work, you'll have to claim that the external interface is ppp0 and then start it up after the ADSL connection has been established (see below). Follow the prompts and setup the rules for your firewall and IP Masquerading as you like, making sure that you indicate that the external connection is ppp0 (default is eth0) and that the internal connection is eth0 (default is eth1).
You might as well not start PMFirewall on boot up since it won't do any good anyway. If you plan on leaving any ports open (like 2401 for CVS), you'll need to be aware that there is problem with it; read about it at the 'PMFirewall' website at "Known Problems".
If you follow all of the rest of the defaults, your system will be very secure but will still allow you all outward access from within the LAN (Napster, UT/Quake, IRC, ICQ, FTP, RealAudio, etc.). I've found that Q2, Q3:A, and HL/TFC/CS work better when adding ports=26000,27000,27910,27960 to the "quake" module in '/usr/local/pmfirewall/pmfirewall-masq.rules'

In '/etc/rc.local', add the following two lines just below the first set of comments

adsl-start
/etc/rc.d/init.d/pmfirewall start

When you reboot, your xDSL connection should come up and then the firewall/IP Masquerading will be in effect.

* section index * top

* Configuration

Configure Linux box/server/gateway/router

  1. eth0 should be assigned a private address/mask (e.g.; 10.0.0.1 or 192.168.0.1 and 255.255.255.0).
  2. eth1 should be enabled, but will not be assigned an IP address.

Configure other clients connected to LAN

  1. All other clients (PCs on LAN) should be given addresses within the private IP area, with matching masks, having the IP address of eth0 as the default gateway, and given the Primary and Secondary DNS addresses used above (supplied by ISP).

  2. MS-Windows boxes need to have same workgroup name and shared drives in order to enable the features of "Networking Neighborhood".

NOTE: If you have xDSL/PPPoE software enabled on one of the boxes you plan on putting on the LAN, you need to remove the TCP/IP entry for the NIC that used the DSL connection. Upon re-booting, the system will again see the NIC, then you can assign it the address you desire. I would also recommend removing the PPPoE software on that machine.

Here is my configuration:

  • Switch: LinkSys 10/100 5-port autosensing switch

  • Linux Box: eth0 = 192.168.0.1 255.255.255.0
    eth1 = enabled, but no address assigned

  • Win2000 Box: IP: 192.168.0.2 255.255.255.0
    Default Gateway: 192.168.0.1
    Pr. DNS: w.x.y.z
    Sec. DNS: a.b.c.d

  • BeOS 5 box: IP: 192.168.0.3 255.255.255.0
    Default GW: 192.168.0.1
    Pr. DNS: same as above
    Sec. DNS: same as above

  • Win98 box1: IP: 192.168.0.4 255.255.255.0
    Default GW: 192.168.0.1
    Pr. DNS: same as above
    Sec. DNS: same as above

  • Win98 box2: IP: 192.168.0.4 255.255.255.0
    Default GW: 192.168.0.1
    Pr. DNS: same as above
    Sec. DNS: same as above

* section index * top
 
Legal: All texts on this site are covered by the GNU Free Documentation License. Standard disclaimers of warranty apply. Copyright LSTB (Tom Berger) and Mandrakesoft 1999-2002.