DSL Over PPPoE

Summary: This tutorial is getting quite old. It was written in 2001 for Mandrake-linux 6.x. Since then, getting an adsl connection to work has got much easier using drakconnect. Still, there may be some bits of information still useful in here…

• What Is PPPoE?
• Installation
• Configuration

What Is PPPoE?

Citing from the 'PPPoE FAQ':

Point to Point Protocol over Ethernet is a proposal specifying how a host personal computer (PC) interacts with a broadband modem (i.e. xDSL, cable, wireless, etc) to achieve access to the growing number of High-speed data networks. Relying on two widely accepted standards, Ethernet and the point-to-point protocol (PPP), the PPPoE implementation requires virtually no more knowledge on the part of the end user other than that required for standard Dial-up Internet access. In addition, PPPoE requires no major changes in the operational model for Internet Service Providers (ISPs) and carriers.

(tom)

section index

What's Needed For PPPoE

Software:

• Mandrake-Linux 6.x or later
• ~RoaringPenguin's PPPoE - (rp-pppoe RPMs for Red Hat and ML)
• Pointman's Firewall ('pmfirewall')

• Cheapo Linux box to act as the Gateway/Router/Server.
• Two NICs (aka Ethernet cards) to put into Linux box.
• External xDSL modem w/ RJ-45 connection.
• Hub/Switch.
• A floppy on which to put 'rp-pppoe' and 'pmfirewall'.

• Your Primary DNS (domain name server) IP address
• Your Secondary DNS IP address
• How to configure IP addresses / default gateway / DNS on your LAN clients' operating systems.

Installation

Hardware

• Connect the Primary NIC (

  eth0

  ) to the Internal/Private network (to your hub/switch).
• Connect the Secondary NIC (

  eth1

  ) to the xDSL modem output port.

eth0

eth1

eth0

eth1

Note: If you have a dedicated server box with Linux already installed, skip to part II, 3.

Distribution

(If you've installed your distribution already, you can of course skip this step. Just make sure, e.g. via 'Linuxconf', that the Ethernet cards have no IPs assigned and that the network service isn't started on boot. tom).

• During installation, setup the LAN.
• Choose not to boot network on boot up.
• Assign 192.168.x.1 and 255.255.255.0 to 'eth0'.
• Assign 10.x.x.1 and 255.255.255.0 to eth1.
• After initial boot, remove any old RP PPPoE (if there's any):

* login as (or 'su' to) 'root'
• Issue the command

  mv /etc/ppp/pppoe.conf /etc/ppp/pppoe.conf.bak

• Use your preferred graphical network configuration tool (e.g. 'netconf' or 'Linuxconf') to enable 'eth0' and to disable 'eth1'.
• Remove IP address and mask for 'eth1'.
• In the Gateway section, enable "routing", but do not assign a default gateway unless given one by ISP

PPPoE Client Software

• Login as (or 'su' to) 'root'
• Transfer downloaded files from floppy to a directory using these commands (if you've downloaded them to your hard disk, you can of course skip this step. tom):
*

mkdir -p ~/Downloads/PPPoE

• mkdir -p ~/Downloads/Firewall

• cp /mnt/floppy/rp-pppoe-{...}.rpm ~/Downloads/PPPoE

• cp /mnt/floppy/pmfirewall-{...}.tar.gz ~/Downloads/Firewall

• Check NIC config:
* Issue

ifconfig eth0

, you should see some hardware info
• Issue

  ifconfig eth1

  , ditto
• Install via RPM:
* Change to the directory which has the rp-pppoe RPM, e.g.

cd ~/Download/PPPoE

• Issue

  rpm -ivh rp-pppoe-{...}.rpm

  . If you have a previous version of the client installed, replace

  i

  with

  U

  .
• Run the setup file:

• /usr/sbin/adsl-setup

• Setup RP PPPoE:
* Enter your provider's Primary and Secondary DNS numbers.
• Make sure that eth1 is connected to ADSL modem as default.

• adsl-start

  starts the PPPoE client (test if you connect).

• ping

  an outside address (lycos.com) and at least one internal address (192.168.x.2) to check setup.
• Run

  adsl-stop

  to bring down the connection while we put up the firewall.

Install ~PointMan's Firewall

• Change to directory that has the downloaded program archive, e.g.

  cd ~/Download/Firewall

  .
• Untar file with

  tar -zxf pmfirewall-{...}.tar.gz

• Change into new directory,

  cd pmfirewall-{...}

• Run

  sh install.sh

'PMFirewall' will not be able to "see" the external interface ('eth1') since it has to be disabled for the PPPoE client to work (needs to create a PPP emulation on that port), and therefore can not setup a firewall on it.
In order to get PMFirewall to work, you'll have to claim that the external interface is ppp0 and then start it up after the ADSL connection has been established (see below). Follow the prompts and setup the rules for your firewall and IP Masquerading as you like, making sure that you indicate that the external connection is ppp0 (default is eth0) and that the internal connection is eth0 (default is eth1).
You might as well not start PMFirewall on boot up since it won't do any good anyway. If you plan on leaving any ports open (like 2401 for CVS), you'll need to be aware that there is problem with it; read about it at the 'PMFirewall' website at "Known Problems".
If you follow all of the rest of the defaults, your system will be very secure but will still allow you all outward access from within the LAN (Napster, UT/Quake, IRC, ICQ, FTP, ~RealAudio, etc.). I've found that Q2, Q3:A, and HL/TFC/CS work better when adding ports=26000,27000,27910,27960 to the "quake" module in '/usr/local/pmfirewall/pmfirewall-masq.rules'

In '/etc/rc.local', add the following two lines just below the first set of comments

adsl-start<br> /etc/rc.d/init.d/pmfirewall start

When you reboot, your xDSL connection should come up and then the firewall/IP Masquerading will be in effect.

section index

Configuration

Configure Linux box/server/gateway/router

• eth0

  should be assigned a private address/mask (e.g.; 10.0.0.1 or 192.168.0.1 and 255.255.255.0).

• eth1

  should be enabled, but will not be assigned an IP address.

Configure other clients connected to LAN

• All other clients (PCs on LAN) should be given addresses within the private IP area, with matching masks, having the IP address of

  eth0

  as the default gateway, and given the Primary and Secondary DNS addresses used above (supplied by ISP).
• MS-Windows boxes need to have same workgroup name and shared drives in order to enable the features of "Networking Neighborhood".
NOTE: If you have xDSL/PPPoE software enabled on one of the boxes you plan on putting on the LAN, you need to remove the TCP/IP entry for the NIC that used the DSL connection. Upon re-booting, the system will again see the NIC, then you can assign it the address you desire. I would also recommend removing the PPPoE software on that machine.

Here is my configuration:

• Switch: ~LinkSys 10/100 5-port autosensing switch
• Linux Box: eth0 = 192.168.0.1 255.255.255.0
  eth1 = enabled, but no address assigned
• Win2000 Box: IP: 192.168.0.2 255.255.255.0
  Default Gateway: 192.168.0.1
  Pr. DNS: w.x.y.z
  Sec. DNS: a.b.c.d
• ~BeOS 5 box: IP: 192.168.0.3 255.255.255.0
  Default GW: 192.168.0.1
  Pr. DNS: same as above
  Sec. DNS: same as above
• Win98 box1: IP: 192.168.0.4 255.255.255.0
  Default GW: 192.168.0.1
  Pr. DNS: same as above
  Sec. DNS: same as above
• Win98 box2: IP: 192.168.0.4 255.255.255.0
  Default GW: 192.168.0.1
  Pr. DNS: same as above
  Sec. DNS: same as above
section index

Related Resources:

T-DSL mit pppoE (in German)
PPPoE FAQ (all operating systems)
Janou's PPPoE (ADSL) Guide
Roaring Penguin Software
PMFirewall

Revision / Modified: July 31 2001 / Jan 03, 2001
Author: Robert C. Pilkington

Legal: This page is covered by the GNU Free Documentation License. Standard disclaimers of warranty apply. Copyright LSTB and Mandrakesoft.