DSL on Debian

Introduction

For many years, SDSU has provided a dial-up PPP service for faculty and staff. I've used that to maintain all of my Web pages here on mintaka. But on April 28, 2010, we got a notice that the modem bank would be closed on June 1. So it's time to find an ISP.

A quick check of local dial-up providers showed that they all have unattractive features, such as a 4-hour maximum session length, or 250 hours/month limitation on total usage. A Linux-friendly provider nearby suggested that it would be better to spend a little more to get what I need. That means a “high-speed” connection.

I'm not in Verizon's service area, so it's either AT&T or cable for the connection. I never watch TV, so I don't have cable; that means my only (cheap) choice is AT&T.

The AT&T techs who have occasionally come by to diagnose phone-line problems have suggested for years that I get DSL, as I'm only about a kilometer from the local central office. This seems to be the time to do that. AT&T has a $19.95/month el-cheapo deal for “Basic DSL” service that's already several times faster than a dial-up modem. This is only 5 bucks more than the local dial-up service, and actually cheaper than AT&T's dialup price.

Of course, there's the problem that I run Debian GNU/Linux on my boxes — an “unsupported” operating system, as far as the commercial ISPs are concerned. Linux users know that our systems are completely compatible with the ISPs' systems; it's just that we're too few to have enough clout with them to get official support. So I knew that some research would be required.

There is abundant information available on the Net about DSL and Linux and so forth; you just have to find it. Unfortunately, there's also lots of misinformation, and lots of just plain noise. So, in hopes of saving other people some of the work I've had to go through, I'm putting this record of my experience on the Web. Probably what I did will work for you if you use some Debian-based distribution like Ubuntu.


Please note: I'm an astronomer, not a networking guru. I never connected anything to the Ethernet card in my computer before this problem came up. Please don't write and ask me questions about how to solve your networking problem; I don't know the answer, and won't write back.

Overview

Before diving into the details, let's look at what's involved here:
  1. Planning
  2. Getting and installing modems and/or routers
  3. Wiring and physical connections
    1. computer to modem/router
    2. modem/router to phone line
  4. Configuring modem/router for security
  5. Software setup in Linux
    1. system security
    2. Ethernet setup
  6. DSL Configuration
    1. registration with ISP
    2. modem/router communication configuration
  7. Odds & Ends
You first have to decide what kind of hardware you want to use: separate ADSL modem and firewall and router, or one of the “all-in-one” appliances — or something in between? Where are the new pieces of hardware going to live? (If you want to have a wireless LAN, antenna placement is important.) Power outlets and phone jacks determine the length of cables needed….

Your pieces have to be physically connected, and talking to one another with TCP/IP, before the ADSL connection can be set up. Getting all the parts to play nicely with one another is possible, but you need to be prepared.

Remember that you will be dealing with two corporate entities here, not just one: the phone company provides your copper wires and the central office where your phone line terminates; but the actual ISP is the outfit that has its DSLAM (which is your real connection to the Net) in that central office. In my case, it's the AT&T/Yahoo combine that used to be the SBC/Yahoo Internet service; after several name changes, this is now called AT&T High Speed Internet. (If you buy your own modem from another supplier, you might have a third corporation to deal with, if you have problems connecting: the modem maker, or its tech help line.)

Most of their support staffs will claim Linux doesn't exist, and you are on your own; so be careful. For example, AT&T admits that you can install their DSL yourself, for free; but they only provide on-line help for Windows users, and for the few modems and routers that they supply.

Because of the security hazards of an “always-on” high-speed connection — hosts newly connected to the Net are often attacked within seconds of becoming available — it's important to harden all the pieces before making the DSL connection.

Decisions

Hardware

The AT&T websites show that they support a couple of simple DSL modems, and a 2Wire combination modem/router. Local retail stores sell the modems for $75, and the 2Wire combo for $100. These numbers seemed a little pricey for my budget — I'm a retiree on Social Security, so even the $20/month for the connection takes a significant bite out of my spending. So I took a close look at them, as well as alternatives.

If you read the discussions at DSL Reports, you'll find numerous complaints that the 2Wire gateway tends to be short-lived, and suffers from overheating problems. Likewise, some of the modems AT&T has provided have had overheating problems. So, as Linux isn't a “supported” system anyway, I figured it made sense to search the Web for opinions about reliable DSL hardware. Again, the DSL Reports site provided several leads.

I then searched for prices. Of course, many of the items people had found long-lived in the past have since vanished from the market; but a few are still being sold. Both Netgear and D-Link seemed to be well-regarded makers, and sell capable equipment at reasonable prices; unfortunately, more than one user has complained that D-Link refuses to support users of Linux systems, even to the extent of providing information about their own hardware to Linux users.

Netgear, on the other hand, actually uses Linux as the O/S in their routers. You can even telnet into their device and get a busybox shell, which is pretty tempting to somebody who likes to know what goes on inside things. Finally, I found that Amazon was selling the very reliable Netgear DG834G router/modem for about $45. This all added up to too much temptation for me to resist; I ordered one on May 4. (It was supposed to arrive on May 10; but it showed up on my front doorstep the morning the the 6th, apparently because the shipping point was somewhere else in San Diego, instead of the Netgear home office in San Jose.)

This is a wireless router as well as a modem and (sort of) a firewall. I don't have any wireless hardware, and consider wireless a security risk in any case; but it's possible to turn off that feature. The version I got is the v4 one, not the v5 (the new version with the on/off switch) that's offered on Netgear's website. (Wikipedia explains that the differences among the various hardware versions are different chipmakers' CPUs and networking chips.)

In retrospect, this was a good choice in many ways. Although I got a lot of features I don't need — I really don't need a router, as I just have the one computer, and I certainly don't need a wireless router, as I have no wireless hardware in the house — nevertheless, I saved a lot of hassle in setting up the system, because the DG834G handles the DHCP negotiations with the ISP's DSLAM. If I'd just gone with a bare modem, I'd have had to set up the PPPoE connection myself. This way, I don't have to worry about the details of the chat script, and the authentication problems that are well described elsewhere.

I'll just call the DG834G a “modem” in most of the narrative below, even though it has additional features.

Documents

Because of the possibility of being without a Net connection (if something goes wrong), it's advisable to download some of the essential information from the Net to your Linux box, so you can re-read the instructions if you need to. I made sure I had local copies of the HOWTO documents, for example. I also printed out hard copies of several of the more useful-looking DSL Reports, and some other info from the Web — including selected sections from some of the Netgear PDFs.

Procedure

Some of the steps I went through are specific to the Netgear DG834Gv4 router/modem unit. On the other hand, something like this will be necessary with any such combination; so I'll spell out what I did. Note that the Netgear website contains much useful information about networking, no matter what equipment you choose.

Security

Securing your computer

An overriding concern is security: high-speed connections are very attractive to the black hats. That means that the security holes have to be plugged before the ADSL connection is established. See the Linux Security HOWTO for information on securing your computer. In particular, make sure that remote logins as root are impossible. And turn off all services you don't really need.

There's a handy network-security checker on the website of Gibson Research Corporation, an outfit that offers a security check called ShieldsUP! to Windows users. A free demo of this vulnerability-tester is at https://www.grc.com/x/ne.dll?bh0bkyd2 — use it to check your exposure.

The router's password

Similarly, the router is itself a little computer with its own security problems. There has been some concern recently because of an attack against routers that run Embedded Linux; the problem isn't Linux per se, but the fact that these systems are shipped with default administrative accounts that have well-known login passwords.

So the first job is to get rid of the DSL modem's default password (namely, “password” — really, no kidding, that's the factory default!), which, on a scale from 1 to 10, has a strength of about, oh, say 10−6.

To do this, we need to have the modem turned on, and we have to be able to get at its administrative interface with a browser. We do not need to have the modem connected to the phone line — indeed, we should do this before it's ever connected to the line.

I'll describe in detail the procedure for the Netgear DG834Gv4 modem/router; but the procedure will be similar, apart from the details of the modem's own administrative interface, for other DSL hardware.

Make the physical connections:
So, we plug the power supply into the modem, and plug it into the wall. That makes the POWER light turn green.

Next, we plug an Ethernet cable into the modem (any of the four numbered sockets will do), and plug the other end of the Ethernet cable into the Network Interface Card (NIC) on the computer. You should be able to “hot-plug” this cable; if you're super-cautious, do it with the computer turned off. Then when the computer is on, the number on the front of the modem that corresponds to the socket you used on the back will light up green, indicating that the modem knows that it's connected to the computer.

The NIC should have been recognized when your computer booted; you can check by searching for it in the output of the dmesg command:

dmesg | grep eth0

This should show that the kernel found your Ethernet card, and assigned it the name eth0.

Make the logical connections:
But this doesn't yet allow the computer to talk to the modem, because the Ethernet interface isn't configured. The only thing that's tricky is that the NIC has to be given an IP address that belongs to the same subnet as the modem's administrative address of 192.168.0.1. To do that, we can use any address between 192.168.0.2 and 192.168.0.254. Let's use 192.168.0.99 for this example.

So, su to become root, and enter the command:

ifconfig eth0 192.168.0.99 up netmask 255.255.255.0

(You can now  ping 192.168.0.1 to show that the modem's IP is accessible.)

Connect to the modem, using a browser:
So, now you can enter  http://192.168.0.1  in the address window of a browser. (You don't need to be root to do this, by the way.) The browser will pop up a login window that asks for a username and password.

Type in the default user:    admin

and the default password:  password

and you'll see the administrative interface of the modem in the browser window.

Change the password for the admin user:
On the left side of the DG834G's main page, there's a panel that lists many items that can be edited, under headings like Setup, Content Filtering, Maintenance, and Advanced. About the middle of the Maintenance group is the item, Set Password. Click on that.

This brings up a new middle frame, asking for the old password (again), and then the new one (twice). Enter your new password in both spaces, and click on the Apply button. This changes the password to whatever you put in as the new one. (Pick a good, strong password; this is basically the root account on a Linux box, remember.)

Be careful to write down this new password and keep it in a safe place. If you ever forget it, you'll have to reset the modem to the factory defaults to get the original, unsafe password again, and go through the whole process from scratch — including re-setting any other changes you've ever made.

If you ever have to go back to the unsafe factory defaults, BE SURE you disconnect the modem from the phone line before pressing the reset button! And remember that upgrading the modem's firmware will probably reset those unsafe defaults, too.

Other precautions
While you're applying the initial security fixes, make sure the modem isn't set to allow remote administration, which would allow anyone on the Net to get at it. This is the Remote Management frame, under the Advanced options in the left-hand frame; you may have to scroll down in that frame to see it. Make sure Remote Management is turned OFF; and make sure to click on Apply, down at the bottom of that frame, to make your choice take effect.

A good set of security considerations is on the Broadband Report website. In particular, see the section called BEFORE Connecting to the Internet!

Log out of the modem's admin account:
Now you're ready to get out of the modem. Use the scrollbar on the extreme left frame to get down to the very last item, which is Logout. Click on that, and it shows a “Goodbye” screen. Now you can safely use the Back button on the browser, or even close the browser entirely; you're done.

If you take too long to go through these steps, you may exceed the 5-minute (default) time limit for the use of the admin account on the modem. Then it will ask you to re-enter the username and (new) password to continue using the administrative interface. (Sometimes it just asks for the password.) If this happens, give it what it wants, and continue.

Preparing for DSL

Registration

When you call AT&T to order your DSL service, they will tell you to register at their website. If you were a Windows user, you'd use a script on the AT&T installation CD to do this; but we can do it just as well without the CD.

ATT has a variety of URLs that all lead to the registration website. The one I used was   http://attreg.att.net   — but there are many others, such as http://helpme.att.net/register/ or its numerical equivalent, http://144.160.11.35/register/ .


Firefox problems?
You will find numerous complaints on the Web that this doesn't work with the Firefox browser. I've generally found that Firefox (or rather, Debian's re-branded “Iceweasel” equivalent) works a lot better with complicated corporate websites than the older Mozilla browser (rebranded by Debian as Iceape) that I used before Firefox came out; so I was puzzled by these complaints.

If you go to the registration website and look at the page source, you'll see a statement that Adobe Flash is required. But the Flash Player isn't part of Firefox/Iceweasel by default; you have to install the  flashplugin-nonfree  package to get it. I had already done this, for other reasons; so I figured I could probably register my phone line with the ISP even if I used the Firefox (i.e., Iceape) browser. I did; it worked just fine. Probably any browser will work, if it's Flash-enabled. (Adobe has a page where you can test your browser to see whether you have FlashPlayer installed, and which version you have as well.)

I find that Firefox/Iceweasel balks at rendering the Wireless Settings frame of the Netgear DG834G's administrative interface, adding an inconspicuous line at the bottom of the toolbar group at the top of the window that says “Iceweasel prevented this page from automatically redirecting to another page”. But there's an “Allow” button at the right-hand side of that added strip, which does indeed allow the frame to display correctly. Maybe other users have overlooked this subtle warning, just as I did at first, when using Firefox.


Though the people who favor the CD indicate that you have to have the official install kit to do this, and work through an AT&T-supported modem or router, in fact you can register perfectly well just by using a suitable browser from any machine; I used my old dial-up connection to do this. It's much like ordering something from Amazon: you go through a series of JavaScript-powered Web pages filling in blanks and ticking off buttons, until you get to the end. (As of May 2010, that's the home page of your newly-created Yahoo account.)

Once you're in the Yahoo homepage, be sure to click on the Member Center tab, so you can turn off the radio buttons that are pre-set to spam you (as nicely described in this page on the Broadband Reports site.)

Also, you probably will want to tell ATT/Yahoo to send mail to a different email address than the one at the account you've just registered. (This is under Contact Information in the Member Center.) After you specify a different e-mail address, they will send a test mail to it, with instructions on how to verify that it's really yours. Be sure this message isn't discarded as spam, and follow its instructions promptly, or you'll get error messages when your DSL modem/router tries to pass outgoing mail on to some SMTP relay. (If you start getting “Error 553” messages, there's a page that explains how to verify your external email address.)

It's convenient to register from a machine that allows you to print from the browser, because there are pages of on-line and off-line questions and answers that you may need to reproduce to identify yourself, if you have to talk to a support person, as well as the magical account name and password that you'll need to put into the modem; so it will be handy to have a printout of these things.

You can do it a day or two before your DSL service is due to be installed; they claim in the “Important Information” (on the back of the Order Confirmation that they mail out) that you “will not be able to complete the activation/registration portion of the installation” until the service is active — nominally, after 8 p.m. on the Service Activation Date. But I went through the registration process on the day before, and it all worked just fine. So I think what they mean is that you have to have the DSL line available to do the registration their way (i.e., with the CD, etc.)

Remember that the username is in the form of an e-mail address: it's something like JSmith@att.net, not  just JSmith. And don't forget that the username and password that you set up during the account-registration process are different from the username (admin) and password that you changed in the modem.

Setting up the modem for DSL

Now that you have your DSL account username and password, go back into the modem (as described above) and put them into its memory. Remember that you have changed the modem's password for its admin account; use your new password when the browser asks for it.

Once you're in the administrative page for the modem, click on Basic Settings under the Setup heading on the left. The changes the middle frame to one that offers Login and Password items, near the middle of your screen. These will be blank to begin with.

For Login, fill in the username you set up when you registered your account with the ISP. (That will be “Somebody@att.net” — but without the quotes, of course. It's important to remember the “@att.net” part.)

For Password, fill in the password you set up when you registered the account at the ISP website. (This username/password pair that you established during the registration process are actually used in the PPPoE handshaking between your modem and the ISP's DSLAM at the other end of your phone line; if you were using a simple modem, you'd have to set up this stuff in the PPPoE chatscript.) Leave everything else alone; Netgear's defaults are correct.

Scroll down to the bottom of that panel, and click on Apply. That makes the modem use your new values.

While we're here, go back to the left-hand panel and click on ADSL Settings (the item just below Basic Settings.) This brings up a little frame with the VPI and VCI items, whose default values were 8 and 35 when I got my modem. You need VPI set to 0, not 8, for AT&T; but 35 is right for their VCI. (There's a nice table of VPI/VCI pairs for common ISPs at http://www.dslreports.com/faq/1149). Leave everything else alone; the other defaults are correct.

Again, click Apply to fix the new values, and then scroll down to the bottom on the left to log out of the modem. It should now be set up correctly to sync with the DSLAM at the nearby central office.

Indeed, on May 10, I plugged the little splitter/filter unit that came with the modem into the phone outlet, and plugged the phone cord that came with the modem into the ADSL socket, and the “Internet” light on the modem lit up green. The modem quickly established its connection with the DSLAM, and I was about ready to use my DSL connection.

Linux  networking

Now we're almost done. You still need to make sure that the file etc/network/interfaces contains a line that says

iface eth0 inet dhcp

which tells your system that the Ethernet card is your connection to the Net, and that it gets your IP address by Dynamic Host Configuration Protocol. Once this line is in that file, you can bring up the network by entering the command (as root, of course)

ifup eth0

to set up the connection.

This saves a lot of fiddling around with  ifconfig  and  route. You can still use  route  to verify that the Ethernet link is set up, though.

Here's the output from  route -n :

# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use   Iface
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0   eth0
0.0.0.0         192.168.0.1     0.0.0.0         UG    0      0        0   eth0

That's it. You are now connected to the Net.

Final Tweaks

To make the connection come up automatically when you boot Linux, you'll need to add a line to etc/network/interfaces that says

auto eth0

— or, if there's already an auto line for other interfaces, just add eth0 to it. Once you have the connection made, you'll no longer need to use ifconfig when you want to adjust settings in the modem/router; you just launch a browser and type its IP address, as described above.

One of the first adjustments I made was to turn off the wireless broadcast of the DG834G, effectively converting it to a DG834. Log into its administrative interface, and click on Wireless Settings to shut off the Wireless Access Point. If you really need the wireless routing feature, at least select the strongest of the Security Options that's compatible with your local setup. Don't forget to scroll down to the bottom of the frame and click the “Apply” button to make your new settings take effect.

Another thing to do is to save the modified settings; Netgear has nicely provided a way to do that. You click on Backup Settings (the third item under Maintenance, in the left-hand panel), and the middle panel changes to a frame that offers to Save a Copy of Current Settings. Click on the Backup button, and the browser pops up the usual dialog box asking where to save a file.

The default name of the file is  netgear.cfg , but you can tell the browser to use a different name. Be very careful with the permissions and ownership of this file, as it contains the passwords of both the modem's admin account and  your AT&T/Yahoo account in plain text. I suggest keeping this file, with permissions set to 640 and owner:group set to root:root, in the /root directory.

A Few Loose Ends

I discovered that I couldn't log in to the Linux box on my desk at work after the changeover, though I could log in to mintaka just fine. That turned out to be due to the rather Draconian peripheral firewall that surrounds the sdsu.edu domain; mintaka is our Departmental server, so it gets a special dispensation, but my machine doesn't. But I can ssh into my box at work from mintaka; so that suffices for casual use from home. Anything that requires big, direct file transfers can be done by tunneling — a topic that's well covered elsewhere on the Web.

Similarly, I temporarily lost the ability to send mail directly from home, because of the ISP's anti-spam blockade of Port 25. Well, neither of these inconveniences is fatal; I can still send mail from mintaka. [And, in fact, the mail problem turned out to be solvable by using Port 587 instead of 25.] And neither problem is connected with either Linux, or DSL; it's just a side-effect of having to use an outside ISP.

On the plus side, I'm now networked at roughly ten times the speed I had with the old dial-up connection. (I could be yet another factor of 10 faster, if I wanted to pay more for the higher tiers of DSL service.) This makes system upgrades that used to take hours a matter of a few minutes.

Finally, on May 14, I got in the snail mail the Order Confirmation letter with the official instructions on how to install the AT&T-approved modem and register, using their (totally unnecessary) installation CD with their approved modem models and supported versions of Windows. (Fortunately, I never asked for, and never got, their CD.)

Conclusion

So, it Just Works. I never had to use the CD that came with the modem. I never got a CD from the ISP. I never had to use Windows in any form. I never had to call any technical support line, or pay AT&T's $99 fee for a tech to come out and install it for me.

This was a lot more painless than I expected! (There are some horror stories out there about installing AT&T's DSL service. In particular, note this one about billing and reconnection problems.)


General references

Terminology: Glossaries

If you're new to networking, you'll find many puzzling terms and acronyms that need explanation. Those specific to ADSL are explained in Section 1.7 of the DSL HOWTO for Linux; but a much fuller glossary of networking terms is available at the Netgear website.

Linux documentation

Of course, the first place to look is the Linux Documentation Project, which has current versions of the DSL HOWTO for Linux and the Linux Ethernet-Howto (for those of us who have never used their NIC — like me).

Debian users can install these HOWTO documents locally by installing either the doc-linux-text package (the plain-text version), or the doc-linux-html package — better, because the HTML version contains very helpful cross-references.

Very useful information on networking in general is now in Chapter 6 of the Debian Reference manual; formerly, this was in Chapter 5. Make sure you have installed the debian-reference-common package and the appropriate translation of the manual, such as debian-reference-en. You can bring up its Table of Contents with the debian-reference command.

The online version of the networking chapter of the manual is at http://www.debian.org/doc/manuals/reference/ch05.en.html. However, this is the old version (as of May, 2010); the English version in the debian-reference-en package is newer.

DSL information

The DSL Reports website is a gold-mine of information. You not only find horror stories from users, but professional advice from experts, some of whom actually work for the phone companies and know how things really work. I have links to particular items in their copious and informative pages above.

Netgear documentation

The Netgear website has lots of well-written documentation. Though most of it is specific to their own products, they also have useful manuals on networking in general, in convenient PDF format, with active cross-references.

Their DG834G page has links to the 176-page v5 reference manual (2008), by clicking on the Support link (and from there, the Documentation tab). However, the documents for earlier versions are available, too; e.g., the 168-page v4 reference manual (2007). There are links to all the various hardware models in this family at their common DG834G page, and each model has its own Documentation tab. It's encouraging to see that information is available for all the earlier models.

Wikipedia

Wikipedia has considerable useful background information on communications, hardware, and software standards. As usual, beware of errors; Wikipedia is notorious for being appreciably contaminated with mistakes and misinformation. But, if you know nothing, it can help get you started.

Other stuff out there

Of course Google (or your favorite search engine) will find lots of additional information scattered about the Web. Try to pose your search well enough to find what you need and exclude what you don't. A particular problem here is that DSL is not only an acronym for Digital Subscriber Line but also for Damn Small Linux; so, if you use DSL in the search string, be sure to add suitable additional terms like "modem" or "router" or "Ethernet", to avoid this ambiguity.

A couple of useful Web pages that really helped get me going were http://www.willlaw.org/blog/diy/how-to-install-sbcatt-yahoo-dsl-without-the-install-cd-in-5-easy-steps/ and this page on the Broadband Reports site.

I'll single out a particular site that's provided useful hardware reviews and information over the years: Tom's Hardware. Google always seems to lead me there when I'm checking out equipment issues, and the information has nearly always been useful.

 

Copyright © 2010, 2012 Andrew T. Young


Back to the . . .
LaTeX top page

or the website overview page