[SLE] DSL, ppoe(d), DHCP, & Bell Atlantic?
Hi, I finally got my DSL hooked up. It screams! Kül! I know some of you have this working with Linux. I haven't done that yet. Figured I would learn to do this by the book the first time through. It looks like it could be a real PITA to get NT 4 to serve as a router when it is getting its DSL IP Address from DHCP. My guess is Linux will do this rather nicely. If anybody is using Linux as a DSL gateway to their LAN I could sure use some pointers. Are you using IP masquerading? Is it easy to configure? Are there any good howtos on this. Thanks, Steve -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
"Steven T. Hatton" wrote:
Hi,
I finally got my DSL hooked up. It screams! Kül! I know some of you have this working with Linux. I haven't done that yet. Figured I would learn to do this by the book the first time through. It looks like it could be a real PITA to get NT 4 to serve as a router when it is getting its DSL IP Address from DHCP. My guess is Linux will do this rather nicely. If anybody is using Linux as a DSL gateway to their LAN I could sure use some pointers. Are you using IP masquerading? Is it easy to configure? Are there any good howtos on this.
http://members.home.net/ipmasq/ From memory all I really did was tell Yast I wanted masquerading. Yast took care of a lot of it. I'm using a self compiled kernel so I need to make sure I picked the right things but the SuSE kernel may already have that. From behind the firewall make sure to lower the MTU on the client machines. The PPPoE overhead can cause problems if you don't. Give all the client machines static private IPs and that's about it I think. Nick -- -------------------------------------------------- Nick Zentena "Microsoft has unjustifiably jeopardized the stability and security of the operating system." U.S. District Judge Thomas Penfield Jackson Nov 5/1999 -------------------------------------------------- -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Nick and All, I am a bit confused as to what I do to patch the kernel for pppoed. I tried to patch the 2.2.13 kernel with the 2.2.12 patch and it indicated parts of the patch were already there. Am I to assume the 2.2.13 kernel has support for pppoed in the source tree? If I run xconfig should I see a pppoed option in the GUI? Do I have to manually edit the config file? Is the kernel space pppoed noticeably superior to the user space, rp pppoed? What's the latest version of pppoed that works with 2.2.13? Will SuSE make this easier in 6.4? This has really been a b!tch to configure. The 3c509s I am using were not straight forward to configure in a multi device system, etc. . . . I may be able to figure out the answers to my questions when I get home and start working on this again. A few pointers might save me some time. Any clarification or input would be appreciated. Steve Nick Zentena wrote:
"Steven T. Hatton" wrote:
Hi,
I finally got my DSL hooked up. It screams! Kül! I know some of you have this working with Linux. I haven't done that yet. Figured I would learn to do this by the book the first time through. It looks like it could be a real PITA to get NT 4 to serve as a router when it is getting its DSL IP Address from DHCP. My guess is Linux will do this rather nicely. If anybody is using Linux as a DSL gateway to their LAN I could sure use some pointers. Are you using IP masquerading? Is it easy to configure? Are there any good howtos on this.
http://members.home.net/ipmasq/
From memory all I really did was tell Yast I wanted masquerading. Yast took care of a lot of it. I'm using a self compiled kernel so I need to make sure I picked the right things but the SuSE kernel may already have that. From behind the firewall make sure to lower the MTU on the client machines. The PPPoE overhead can cause problems if you don't. Give all the client machines static private IPs and that's about it I think.
Nick
-- -------------------------------------------------- Nick Zentena "Microsoft has unjustifiably jeopardized the stability and security of the operating system." U.S. District Judge Thomas Penfield Jackson Nov 5/1999 --------------------------------------------------
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
"Steven T. Hatton" wrote:
Nick and All,
I am a bit confused as to what I do to patch the kernel for pppoed. I tried to patch the 2.2.13 kernel with the 2.2.12 patch and it indicated parts of the patch were already there.
Are you patching against the SuSE kernel src or a virgin src? The SuSE kernel may already have the patches applied. OTOH The impression I was given was to repatch with each new version of Jamal's client. Just in case. patch -r should remove the old patches.
Am I to assume the 2.2.13 kernel has support for pppoed in the source tree?
SuSE's may. The tarball straight from Linus doesn't. 2.4 may.
If I run xconfig should I see a pppoed option in the GUI?
From make menuconfig [my firewall is way to old to handle X well-)] under network devices I see tty support for PPP over X. I needed to build it into the kernel [no module] even though the readme claims modules are now supported. Thats with 2.2.14 and Jamal's 0.44. There are newer releases from Jamal but the system has been stable since I built 0.44 so I'm not changing until I need to.
Do I have to manually edit the config file?
Which config? If you mean the kernel config then everything shows up with menuconfig and should show up with the X client. If you mean the PPP options file then yes.
Is the kernel space pppoed noticeably superior to the user space, rp pppoed?
I've never used the roaring penguin client. Jamal's client has been pretty good for me. The only issue has been the odd disconnect [about every 3 weeks] Before that I used the kernel client for the 2.3.x series of kernels. If it wasn't for my distrust of development kernels I would have stuck with that. My understanding is the biggest draw of the RP client is it's easy to setup. It will use a little more resources but not enough to matter IMHO. The kernel clients are more effort to setup. Looking at the revision list for Jamal's 0.46 client it looks like they are trying to make it easier to setup.
What's the latest version of pppoed that works with 2.2.13?
They all should. Nick -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
On Sat, 11 Mar 2000, Nick Zentena wrote:
"Steven T. Hatton" wrote:
Nick and All,
I am a bit confused as to what I do to patch the kernel for pppoed. I tried to patch the 2.2.13 kernel with the 2.2.12 patch and it indicated parts of the patch were already there.
Are you patching against the SuSE kernel src or a virgin src? The SuSE kernel may already have the patches applied. OTOH The impression I was given was to repatch with each new version of Jamal's client. Just in case. patch -r should remove the old patches.
Am I to assume the 2.2.13 kernel has support for pppoed in the source tree?
SuSE's may. The tarball straight from Linus doesn't. 2.4 may.
If I run xconfig should I see a pppoed option in the GUI?
From make menuconfig [my firewall is way to old to handle X well-)] under network devices I see tty support for PPP over X. I needed to build it into the kernel [no module] even though the readme claims modules are now supported. Thats with 2.2.14 and Jamal's 0.44. There are newer releases from Jamal but the system has been stable since I built 0.44 so I'm not changing until I need to.
So this is where I am probably confused, the last time I compiled my kernel I said no to PPP over X because I didn't know what it was. I thought it had to do with X but I guess X just means PPP over anything? If I get this option in make config that means my kernel source has been patched, right? I'm currently using the PacBell supplied client. Greg -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Nick, Thanks for all the pointers. I still haven't gotten the kernel part working. I decided to use the rp_pppoe for now. I wanted to get someting working. I found it to be EXTREMLY difficult. I attempted to use SuSE's firewall defaluts and ended up hurting myself! I used the sample off http://members.home.net/ipmasq/ and got it working as soon as I ran it. The only problem was SuSE's script griped about not knowing what the external interface is. I put that in the rc.firewall from the above site and the SuSE script stopped complaining. Unfortunately it also stopped working. When I look at /var/log/messages I see that all the stuff from my traceroutes and etc., are being blocked by the firewall. I went over this and over this. I can't figure it out. I don't like running on a system that tells me the "firewall startup failed". Here's my ifconfig heimdall:~ # ifconfig eth0 Link encap:Ethernet HWaddr 00:20:AF:04:50:CD UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2533 errors:0 dropped:0 overruns:0 frame:0 TX packets:2578 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 Interrupt:7 Base address:0x310 eth1 Link encap:Ethernet HWaddr 00:20:AF:28:47:DC inet addr:192.168.0.4 Bcast:192.168.0.255 Mask:255.255.255.0 UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 RX packets:2557 errors:0 dropped:0 overruns:0 frame:0 TX packets:2226 errors:0 dropped:0 overruns:0 carrier:0 collisions:7 txqueuelen:100 Interrupt:10 Base address:0x300 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:3924 Metric:1 RX packets:270 errors:0 dropped:0 overruns:0 frame:0 TX packets:270 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 ppp0 Link encap:Point-to-Point Protocol inet addr:137.99.55.61 P-t-P:10.1.3.1 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1 RX packets:1054 errors:0 dropped:0 overruns:0 frame:0 TX packets:957 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:10 heimdall:~ # The problematic variable seems to be: FW_DEV_WORLD=ppp0. I've attempted to put several different values into this variable but none seem to work. Here's the doodoo from /var/log/messages: Mar 11 18:53:49 heimdall kernel: Packet log: input DENY ppp0 PROTO=17 207.217.77.82:53 138.88.44.31:61000 L=156 S=0x00 I=12029 F=0 x0000 T=240 (#3) Mar 11 18:53:50 heimdall kernel: Packet log: input DENY ppp0 PROTO=17 207.217.126.81:53 138.88.44.31:61000 L=156 S=0x00 I=48912 F= 0x0000 T=240 (#3) Mar 11 18:53:50 heimdall kernel: Packet log: input DENY ppp0 PROTO=17 207.217.77.82:53 138.88.44.31:61000 L=156 S=0x00 I=12030 F=0 x0000 T=240 (#3) Mar 11 18:53:54 heimdall kernel: Packet log: input DENY ppp0 PROTO=17 207.217.77.82:53 138.88.44.31:61000 L=156 S=0x00 I=12031 F=0 x0000 T=240 (#3) Mar 11 18:53:54 heimdall kernel: Packet log: input DENY ppp0 PROTO=17 207.217.126.81:53 138.88.44.31:61000 L=156 S=0x00 I=48913 F= 0x0000 T=240 (#3) Mar 11 18:54:04 heimdall kernel: Packet log: input DENY ppp0 PROTO=17 207.217.126.81:53 138.88.44.31:61001 L=156 S=0x00 I=48914 F= 0x0000 T=240 (#3) Mar 11 18:54:06 heimdall kernel: Packet log: input DENY ppp0 PROTO=17 207.217.77.82:53 138.88.44.31:61001 L=156 S=0x00 I=12032 F=0 x0000 T=240 (#3) Mar 11 18:54:07 heimdall kernel: Packet log: input DENY ppp0 PROTO=17 207.217.126.81:53 138.88.44.31:61001 L=156 S=0x00 I=48915 F= --More--(9%) Do you have any idea what is going on here? I went through the SuSE rc.firewall and opened that thing up to absolute vulnerablility on every port and still had the same problem. Thanks again for your help, Steve Nick Zentena wrote:
"Steven T. Hatton" wrote:
Nick and All,
I am a bit confused as to what I do to patch the kernel for pppoed. I tried to patch the 2.2.13 kernel with the 2.2.12 patch and it indicated parts of the patch were already there.
Are you patching against the SuSE kernel src or a virgin src? The SuSE kernel may already have the patches applied. OTOH The impression I was given was to repatch with each new version of Jamal's client. Just in case. patch -r should remove the old patches.
Am I to assume the 2.2.13 kernel has support for pppoed in the source tree?
SuSE's may. The tarball straight from Linus doesn't. 2.4 may.
If I run xconfig should I see a pppoed option in the GUI?
From make menuconfig [my firewall is way to old to handle X well-)] under network devices I see tty support for PPP over X. I needed to build it into the kernel [no module] even though the readme claims modules are now supported. Thats with 2.2.14 and Jamal's 0.44. There are newer releases from Jamal but the system has been stable since I built 0.44 so I'm not changing until I need to.
Do I have to manually edit the config file?
Which config? If you mean the kernel config then everything shows up with menuconfig and should show up with the X client. If you mean the PPP options file then yes.
Is the kernel space pppoed noticeably superior to the user space, rp pppoed?
I've never used the roaring penguin client. Jamal's client has been pretty good for me. The only issue has been the odd disconnect [about every 3 weeks] Before that I used the kernel client for the 2.3.x series of kernels. If it wasn't for my distrust of development kernels I would have stuck with that.
My understanding is the biggest draw of the RP client is it's easy to setup. It will use a little more resources but not enough to matter IMHO. The kernel clients are more effort to setup. Looking at the revision list for Jamal's 0.46 client it looks like they are trying to make it easier to setup.
What's the latest version of pppoed that works with 2.2.13?
They all should.
Nick
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
"Steven T. Hatton" wrote:
Nick,
Thanks for all the pointers. I still haven't gotten the kernel part working. I decided to use the rp_pppoe for now. I wanted to get someting working. I found it to be EXTREMLY difficult. I attempted to use SuSE's firewall defaluts and ended up hurting myself! I used the sample off http://members.home.net/ipmasq/ and got it working as soon as I ran it. The only problem was SuSE's script griped about not knowing what the external interface is. I put that in the rc.firewall from the above site and the SuSE script stopped complaining. Unfortunately it also stopped working. When I look at /var/log/messages I see that all the stuff from my traceroutes and etc., are being blocked by the firewall. I went over this and over this. I can't figure it out. I don't like running on a system that tells me the "firewall startup failed". Here's my ifconfig
Personally I'm not using the SuSE firewall scripts. I built one using: http://linux-firewall-tools.com/linux/firewall/index.html It's aimed at Redhat users so you need to do a little editing but it's actually easier then when I first used. Pick static IP and then add something like: EXTERNAL_INTERFACE="ppp0" export IPADDR=$(ifconfig ${EXTERNAL_INTERFACE}|sed -ne '/addr:/{s/.*addr:\([^ ]*\).*/\1/;p;}') echo $IPADDR I just looked at the website again and it's been updated to handle ppp0 connections so you won't need to change the interface line. I don't know if it's smart enough now to get the IPADDR on it's own. If so you won't need the IPADDR line either. The stuff you need to comment out should be at the bottom of the created script. I just added # and ignored it. If nothings changed then it's all the stuff after "echo done"
Here's the doodoo from /var/log/messages:
Mar 11 18:53:49 heimdall kernel: Packet log: input DENY ppp0 PROTO=17 207.217.77.82:53 138.88.44.31:61000 L=156 S=0x00 I=12029 F=0 x0000 T=240 (#3)
Do you have any idea what is going on here? I went through the SuSE rc.firewall and opened that thing up to absolute vulnerablility on every port and still had the same problem.
53 is DNS. It looks to me like the DNS server is trying to talk to you. Personally I get my ISPs newserver [port 119] doing the same thing. Since everything works I just ignore it. Nick -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Nick Zentena wrote:
need the IPADDR line either. The stuff you need to comment out should be at the bottom of the created script. I just added # and ignored it. If nothings changed then it's all the stuff after "echo done"
I just went and redid my firewall using the website. You don't really need to edit anything but the IPADDR Give it a try. Nick -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
participants (4)
-
ethant@earthlink.net
-
hattons@cpkwebser5.ncr.disa.mil
-
hattons@CPKWEBSER5.ncr.disa.mil
-
zentena@hophead.dyndns.org