Other related documentation from the Linux Documentation Project:
More on the 2.4 kernel packet filtering from The Netfilter Project at http://netfilter.samba.org/.
Several good HOWTOs for the new features available with 2.4 kernels
and iptables.
Check your security and see what ports are open at
http://hackerwhacker.com/. This
is one of the better sites for this. Some only test a relatively few
ports.
SuSE's Linux PPPoE page is at http://www.suse.de/~bk/PPPoE-project.html.
Good information on most of the available Linux PPPoE implementations.
Bob Carrick's definitive PPPoE site is at http://www.carricksolutions.com/.
His Linux PPPoE page is at http://www.carricksolutions.com/linuxpppoe.htm.
It has some other DSL related information as well. All OSes are covered.
The NTS EnterNet for Linux documentation can be found at http://support.efficient.com/KB/NTS/Docs/ENLinux13rel.html. This is a
non-GPL'd PPPoE client that is distributed by some ISPs.
ATM on Linux: http://linux-atm.sourceforge.net/. Where to find the latest info on
PPPoA and raw ATM connections.
FreeSwan, http://www.freeswan.org, is an
IPSec and IKE VPN implementation for Linux.
VPN and Masquerading on Linux: http://www.tldp.org/HOWTO/VPN-Masquerade-HOWTO.html
PPTP-linux allows you to connect to a PPTP server with Linux. The home page is
http://cag.lcs.mit.edu/~cananian/Projects/PPTP/.
Justin Beech's
http://dslreports.com, a great
site for anything and everything related to DSL. If it's not there, then
there is a link to it. (Site runs on Linux.)
John Navas's Cable and DSL site, http://cable-dsl.home.att.net,
has good general info, tweaks, troubleshooting, hardware info, etc. for
all OSes.
TCP Performance Tuning tips: http://www.psc.edu/networking/perf_tune.html. Tips on Linux, and
other OSes.
A great Linux security site is http://linuxsecurity.com. Good
docs, and references for Linux. Another is http://linux-firewall-tools.com/linux/. Lots of info from Robert
L. Ziegler, author of Linux Firewalls. Many links
to other security related sites as well.
http://www.seifried.org/lasg/, The Linux Administrator's
Security Guide by Kurt Seifried. Good tutorials on a variety of
topics -- not just firewalls, but the big picture.
The Seattle firewall is a packet filtering firewall that can be used on a
dedicated masquerading firewall machine (including LRP), a multi-function
masquerade gateway/server or on a stand-alone Linux system. The
ipchains project is
located at http://seawall.sourceforge.net/.
And for iptables:
http://shorewall.sourceforge.net/.
Here a few pages dedicated to using Linux with specific providers. (I
could use some submissions for more please.)
Now that you have a full-time connection, want a routable hostname for
your computer? Dynamic DNS services can do this, even if your IP changes from
time to time. Just a few of the many available services:
ADSL
Deployment 'round the World Claims to have a complete list -
looked accurate for my area - gives providers, prices, speeds, etc.
comp.dcom.xdsl
FAQ. Actively maintained, and a great technical reference for DSL
technologies.
comp.dcom.xdsl, DSL discussions,
vents, and flames on Usenet. Good place to get technical questions answered
that your ISP can't.
A dictionary of some of the jargon used in this Document, and in the
telco and DSL industries. - ADSL
Asymmetric Digital Subscriber Loop. "Asymmetric" in that the
downstream potential is greater than the upstream. ADSL is capable of
sharing on a single telco wire pair. Maximum speed is 8 Mbps, though
typically is limited by the provider to lesser speeds. The most popular
DSL at this time.
- ANT
ADSL Network Termination (a.k.a. the ADSL modem).
- ARP
Address Resolution Protocol. Converts MAC addresses to IP addresses.
- ASAM
Alcatel's terminology for a DSLAM.
- ATM
Asynchronous Transfer Mode - provides high-speed packet switching from 155
Mbps to (currently) 2Gbps. Used to provide backbone switching for the
Internet, and by many telcos since it can carry both voice and data. This
is a common transport protocol for many telco DSL networks.
- ATMF-25Mbps
ATM Forum Interface - 25Mbps speed, provided by a PCI NIC card. One of the
interfaces used between the modem and PC.
- brouter
A combination DSL modem that can be configured to act as either a bridge
or a router.
- CAP
Carrierless Amplitude Phase. A proprietary ADSL line encoding technique,
that is (or was) in competition with "DMT". DMT has won the
standards battle. CAP and DMT modems are not compatible with each other.
- Central Office, or CO
Usually refers to one of two meanings: 1) The local Telco building that
houses telephone equipment, and where local loops terminate. 2) The Telco
voice switch that provides dial tone. Often referred to as just
"CO". Typically, the CO houses one or more DSLAMs that
make DSL possible. But, increasingly, DSLAMs are being deployed remotely.
- CLEC
Competitive Local Exchange Carrier. "Competitors" to the
ILECs. They do not own any lines, and must lease their lines from ILEC in
order to provide any service.
- CPE
Customer Premises Equipment - The Telco term for customer owned equipment
(i.e. the stuff you are responsible for fixing). Examples are analog
modems, fax machines, and your telephone.
- DHCP
Dynamic Host Configuration Protocol - A protocol used to distribute
dynamically assigned IP addresses and other important networking
parameters. The DHCP server "leases" an IP from its pool to
clients on request. The lease is renewed at regular intervals. This is a
common protocol on bridged DSL networks, and cable modem networks.
- DMT
Discrete Multitone Technology. This is a line encoding common among ADSL
deployments, and now is the standard. Sometimes referred to as
"Alcatel compatible". Most telcos in the U.S. are now
standardizing on DMT. The other, less common, ADSL encoding is
"CAP". CAP and DMT modems are incompatible with each other.
- DS0
The basic digital circuit for Telcos - offered at 56 Kbps or 64 Kbps. Can
support one analog voice channel.
- DSLAM
Digital Subscriber Loop Access Multiplexer - The Telco equipment installed
at the CO that concentrates and multiplexes the DSL lines. One end of the
copper loop connects to the DSLAM, the other to your modem. The DSLAM
is essentially what makes DSL work. Increasingly, smaller devices that
perform similar functions, are being deployed in remote locations in order
to extend the reach of DSL.
- DSL
Digital Subscriber Loop - A term describing a family of
DSL services, including ADSL, SDSL, IDSL, RADSL, HDSL, VDSL, SHDSL, etc.
that enable high speed Internet connections over standard copper
telephone lines. The main limitation is distance.
- G.DMT
Synonymous with "full rate" ADSL. Used to distinguish between
full rate ADSL, CAP based ADSL and G.Lite. See DSL
Family for more.
- G.Lite
A lesser version of ADSL that has lower maximum speeds, and requires no
splitter or filters. Not DMT compatible. See DSL
Family in this HOWTO for more. - HDSL
High bit rate DSL. See DSL Family in
this HOWTO for more.
- ILEC
Incumbent Local Exchange Carrier. The Regional phone company that
physically owns the lines. Examples: Bell Atlantic and Pacific Bell. FCC
regulations are forcing the ILECs to open up their networks to independent
providers. This is allowing an independents like Covad to
offer competitive services. This is a good thing for consumers IMHO.
- Interleaving
Interleaving is a tunable aspect of DMT/ADSL line encoding. It essential
controls the 'interleaving' of bits in the transmission, and is used
as a form of error correction. As interleaving increases, so does
stability of marginal lines. It also increases latency.
- IP
Internet Protocol. Also, often used to simply refer to an IP address.
- ISP
Internet Service Provider. Even full-time connections require an ISP to
provide basic Internet services and connectivity.
- LAN
Local Area Network. A network of computers that are segregated from the
WAN (Wide Area Network, i.e. the Internet). Often using private,
non-routable IP addressing, e.g. 192.168.1.1 or 10.0.0.1.
- LCP
Link Control Protocol, one of the sub-protocols used by PPP, and
derivative protocols like PPPoE. As the name sounds, it used by
both the client and server to determine if the connection is
viable. Either end may terminate the session if LCP indicates
the connection is not responsive.
- Loop
The two wire twisted pair from the telco Central Office that terminates at
a customer location. For DSL, a "clean" copper loop within
the distance limitations is required.
- MAC Address
Media Access Control Address. Sometimes also called
"hardware" address, it is a unique identifier of network
devices and is an important aspect of some network environments.
- mini-RAM
Remote Access Multiplexer, a mini DSLAM. Typically with very few
connections -- eight is common. Used for remote areas too far from a CO.
- MTU
Maximum Transmission Unit, the largest packet size, measured in bytes,
that a network can transmit. Any packets larger than the MTU are divided
into smaller packets, or "fragmented", before being transmitted.
- NAT
Network Address Translation is a means of allowing computers on a LAN to
access the WAN while "masquerading" with the IP address of a
host with a suitable address and configuration. With Linux this is called
"ip-masquerading". Often used to share one public, routable
IP address among hosts located on a LAN behind a masquerading proxy where
the local addresses are private and non-routable.
- NID
Network Interface Device - The telco housing on the side of your house.
Typically where the telco's responsibility ends, and the owner's begins.
Also, sometimes called the "SNI", "TNI" or
"ONI" or other descriptive acronyms.
- NIC
Network Interface Card - An internal PC card that supports the
required network interface. Often an ethernet 10/100baseT or an
ATMF-25Mbps card in this context.
- NSP
Network Service Provider. An ISP's upstream provider or backbone
provider.
- OC-3
A fiber optic line capable of 155 Mbps.
- POTS
Plain Old Telephone Service - The service that provides a single analog
voice line (i.e. a traditional phone line).
- PPPoA (PPPoATM)
Point-to-Point Protocol over ATM (RFC 2364) is one of the PPP
protocols being used by some DSL providers. This is really a device
specific driver, and in many respects quite different from PPPoE. A
hardware device, i.e. a combination modem/router, is one alternative if
this is the only option available to you.
- PPPoE
Point-to-Point Protocol over Ethernet (RFC 2516). Another PPP protocol in
use by providers. This one is more common, and there are several Linux
clients available. See the Links section for
more. Not to be confused with PPPoA (PPPoATM) since there are fundamental
differences.
- PPPoX
Used to refer to PPPoE and PPPoA collectively.
- RADSL
Rate Adaptive DSL. See DSL Family in
this HOWTO for more.
- RBOC
Regional Bell Operating Company. The "Baby Bells". The U.S.
phone companies that have had a state sponsored monopoly since the break
up of AT&T.
- RFI
Radio Frequency Interference. DSL is susceptible to RFI if in the right
frequency range, and if close enough to the DSL signal. This can
disrupt and consequently degrade the DSL signal. Unfortunately, DSL
seems to operate in the frequency range of quite a few potential
disrupting influences.
- RWIN
Shorthand for 'Receive Window', aka the TCP Receive Window, a tunable
aspect of TCP network stacks.
- SDSL
Single Line DSL. Or, sometimes also "Symmetric DSL".
See DSL Family for more.
- SNI
Subscriber Network Interface - The Telco term for the phone wiring housing
on the side of your house. It designates the point between the Telco side
and the Inside Wire. This is also called the Demarcation Point. Sometimes
called a "NID" also.
- Splitter
The passive device (low-pass filter) at or near the NID that
splits the DSL signal into separate voice and data channels. Filtering is
required for most DSLs that share a regular voice phone line (whether POTS
or ISDN).
- Splitterless
A DSL installation that does not require a splitter. For higher
speeds, a RJ11 filter (sometimes called microfilters) is placed on every
extension phone jack where an analog phone or other non-DSL device is
used, thus filtering the DSL signal at the jack, rather than at the
NID. For lower speeds, no filter is necessary. Without a filter or
splitter, the DSL signal tends to cause audible interference on voice
phones. G.Lite needs no splitter, nor filter, but this is the exception to
the rule.
- SOHO
Small Office HOme
- Sync Rate
The speed as negotiated by the DSL modem and the telco's DSLAM. This
represents the theoretical maximum speed of the connection before any
networking protocol overhead is taken into account. Real world throughput
is always something less than the modem's sync rate.
- T-DSL
German Telekom's ADSL implementation. See DSL
Family for more.
- T1
a.k.a DS1 - A digital dedicated line at 1.544 Mbps comprised of 24
channels, used for both voice (24 DS0s) and data.
- T3
a.k.a DS3 - T1's big brother, a digital dedicated line at 44.736 Mbps,
used for both voice (672 DS0s or 28 DS1s) and data.
- VPI/VCI
VPI is "Virtual PATH Identifier" and is part of an ATM
cell header. VCI is "Virtual Circuit Identifier", also part of
an ATM cell header which contains circuit information. Technically
speaking, these are really remote VPI and VCI (RVPI, RVCI). They are both
important configuration aspects for modems and routers attached to ATM
networks. They must match what the provider is
using. Frequently used VPI/VCI pairs include 0/32, 0/35 and 8/35.
- VDSL
Very high bit rate DSL. See DSL Family for
more.
- VoD
Video on Demand.
- VoDSL
Voice over DSL.
- WAN
Wide Area Network, a large publicly accessible network. For example, the
Internet.
- xDSL
Used to refer to the entire DSL family of related technologies: ADSL,
SDSL, IDSL, etc.
The Telcos see DSL as a competitor to the Cable Company's Cable
Modem, and as such, are providing competitive pricing and configuration
offerings. Although Cable Modems are advertised as having 10-30Mbps potential
bandwidth, they use a shared transmission medium with many other users on the
same line, and therefore performance may vary, sometimes greatly, with the amount
of traffic, time of day, and number of other users on the same node. But YMMV.
It is often heard that DSL has an advantage in that it is a private pipe to
the Internet, with dedicated bandwidth. This is mostly a myth. You do have a
private pipe to the DSLAM, but at that point, you enter the telco's ATM (or
frame relay) network, and start sharing bandwidth. You are at the mercy of
how well your DSL provider and ISP manage their networks. The consensus seems
to be that DSL providers and ISPs are mostly doing a better job of managing
bandwidth than the Cable companies. It is easier for them to add and adjust
bandwidth as needed to meet demand. You are less likely to have speed
fluctuations due to other users being on line at the same time. But, again,
this gets down to how well the specific network and bandwidth are managed.
DSL probably has a small security advantage too. With most Cable modem
networks, it is like being on a big LAN. You are sharing your connection (and
bandwidth) right at the point of connection. But if you are not doing
something to filter incoming connections already, you are asking for trouble
either way. And, the cable companies are addressing this now, with more
secure approaches. This should not now be a major deciding factor. There also seems to be a better chance of having ISP alternatives with DSL
than Cable. At least, in the U.S. this is true. Choice is a good thing, and
so is competition. It seems most Cable outfits give you just one choice for
an ISP. If you don't like it, you are out of luck. The number of options with
DSL probably varies greatly by geographic areas. Populous areas, like
Northeast U.S., seem to have many options. So which is better? The differences aren't as much with the technology, as they
are with the implementations. If you look around, you can find plenty of
horror stories on either. And plenty of happy customers too. The way
to know what may be the best for you, is to do comparative shopping based on
experiences of other users in your area. Don't base your choice on one
person's opinion. This is statistically invalid. Likewise, don't base your
choice on someone's opinion who has had a particular service for only a short
time. Again, statistically not worth much. Get as many opinions from those
that are using the exact same services that you are
looking at.
In some areas, newer neighborhoods are being built with fiber optic cable
instead of the traditional telco copper lines. While the fiber is a definite
problem for DSL services, it has it's own potential advantages. Existing
fiber is potentially capable of 100 Mbps, and it looks like this could easily
go up soon.
So while telco fiber customers are being shut out of the DSL market
(since DSL is a copper only technology), they may have much to look forward
to. Technologies are under development, and in some cases just now being
deployed, to take advantage of fiber telco phone loops. Known as
"FTTC" (Fiber To The Curb), or "IFITL" (Integrated
Fiber In The Loop), this technology is another high speed service that telcos
can offer. The speeds are sufficient for VoD (Video on Demand) and VoDSL
(Voice over DSL), and other high bandwidth services. One nice advantage here
is, that since there is no DSL signal on the wire, the only required CPE is a
network card. In other words, no modem -- just connect a NIC to the wall jack
and off you go! This will also allow the telco to provide other digital
services such digital TV.
FTTC is Fiber To The Curb. The last leg into the house is still copper. FTTH
(Fiber To The Home), on the other hand, is an all fiber loop with even higher
potential.
There is a lot of buzz about wireless technologies these days. Wireless would
certainly seem to have a place in the broadband market, especially for areas
that don't have ready access to cable or telco networks. There are still
some inherent problems with the current state of this technology that may prevent
it from becoming a major player in the near term however. Weather can still
impact the wireless signal -- heavy cloud cover or rain for instance. Also,
there is some pretty hefty latency if the uplink is via satellite. Surely
these drawbacks will improve over time. But how soon?
This list is limited to those modems and delivery systems that are readily
available, and should work with any current Linux distribution without having
to go to extraordinary lengths. Alpha and Beta projects are not included. All
modems listed are POTS (analog) modems at this time.
All external, ethernet based modems, and modem
combination devices, will work (provided they match the provider's DSL).
The only requirement is a compatible ethernet network card. This is the
preferred way to go.
Depending on your local setup, you should consider some other issues. These
include a firewall setup, and any associated configurations. For my setup,
shown in Figure 5 below, I use an old i486 machine configured as a
firewall/router between the DSL connection and the rest of my home network.
I use private IP addresses on my private LAN subnet, and have configured my
router to provide IP Masquerading and Firewalling between the LAN and
WAN connections.
See the IP
Masquerade HOWTO , and Firewall
HOWTO for more information. For 2.4 kernels see the Linux 2.4 Advanced Routing HOWTO. My experience is that Linux is more
flexible and provides superior routing/firewalling performance. It is
much less expensive than a commercial router -- if you find an old 486 machine
that you may be using as a doorstop somewhere. There any number of
brands of "DSL/Cable" routers on the market as well. These
might be the way to go for pure ease of use, but lack the sophistication
of what Linux can do.
<--Private Subnet/LAN-> Linux <-----ISP's Public Subnet----><--inet-->
192.168.1.0
X--+ --------
| | | -------- (eth0:0)---------
+--=| Hub/ | | Linux | +------=| DSL |=-DSL-> ISP's
X-----=|Switch|=-----=| System |=----+ | Modem | Gateway
+--=| | eth1 |(Router)| eth0 ---------
| -------- | -------- |
X--+ | IP_Masq |
| IP_Firewall |
| | Gateway |
| | |
| V V
V 192.168.1.1 Dynamic or
192.168.1.x LAN Gateway Static IP
LAN Addresses IP Address from ISP pool
What I did is setup a Linux router (Redhat Linux 5.0 on a i486) with two
ethernet interfaces. One interface routes to the ISP subnet/gateway (eth0 in
above example), and the other interface (eth1 above) goes to a hub (or switch)
and then connects the LAN with private network addresses (e.g. 192.168.1.x).
Using the private network addresses behind your router/firewall allows some
additional security because it is not directly addressable from outside. You
have to explicitly masquerade your private addresses in order to connect to
the Internet from the LAN. The LAN hosts will access the Internet via the
second NIC (eth1) in the Linux router. Just set their gateway to the IP
address of the second NIC, and assign them addresses on the same network.
Caution Make sure your kernel is complied
with IP forwarding and the IP forwarding is turned on. You can check this
with 'cat /proc/sys/net/ipv4/ip_forward'. The value is
"1" for on, and "0" for off. You can change this
value by echoing the desired value into this file:
# echo 1 > /proc/sys/net/ipv4/ip_forward
|
You will also need to set up "IP Masquerading" on the Linux
router. Depending on your kernel version, this is done with
ipfwadm (2.0), ipchains (2.2), or
iptables (2.4). See the documentation for specifics on
each. AND -- do not forget to have that firewall set up too!
There are also several projects that are devoted specifically to using Linux
as a router, just for this type of situation. These are all-in-one solutions,
that include security and various other features. Installation and
configuration, is reportedly very easy. And these will run on very minimal
hardware -- like a floppy drive only. The best known is http://www.linuxrouter.org. You
might also want to look at http://www.freesco.org and http://www.coyotelinux.com. There is
also http://www.clarkconnect.org/index.html,
which is a similar concept but more full-featured and is designed to be
monitored and configured with a set of Windows based utilities.
|
|