Wednesday, March 9, 2011

Add NTP to the router/gateway

This post is obsolete and has been superseded


NTP is useful to set the time of LAN devices. In addition, the 'adjtimex' package updates the hardware clock. (Slightly out-of-date instructions)

  1. Install NTP with the following command:
    apt-get install ntp adjtimex
  2. Edit the /etc/ntp.conf file to broadcast time to the LAN:
    ## Around Line 48
    # If you want to provide time to your local subnet, change the next line.
    # (Again, the address is an example only.)
    #broadcast 192.168.123.255
    broadcast 192.168.1.0
  3. Edit /etc/hosts.allow and /etc/hosts.deny to limit access to ntpd. Edit /etc/hosts.allow to look more like this:
    sshd:              192.168.1.0/26
    debtorrent-client: 192.168.1.0/26
    ntpd:              192.168.1.0/26
    ALL:               192.168.1.0/26
    # /26 creates the range .1.0 - .1.62
    
    And edit /etc/hosts.deny to look more like this:
    sshd:              ALL
    debtorrent-client: ALL
    ntpd:              ALL
    ALL:               ALL
    
  4. xinted and dnsmasq do not interact with ntpd, and no changes are required.
  5. Firewall rules to open those two listening ports. Edit the file /etc/network/if-up.d/00-firewall to add the following rules:
    # ALLOW INCOMING OPEN PORTS TO THE SERVER FROM OUTSIDE HERE
    #
    # Allow incoming debtorrent requests on TCP ports 9899-9990
    iptables -A INPUT -p tcp --dport 9899 -j ACCEPT
    iptables -A INPUT -p tcp --dport 9900 -j ACCEPT
    #
    # Allow NTP syncs on UDP port 123
    iptables -A INPUT -p udp --dport 123 -j ACCEPT 
    iptables -A OUTPUT -p udp --sport 123 -j ACCEPT
    #
    #
    
  6. Restart ntpd with these commands:
    sh /etc/network/if-up.d/00-firewall  # Reload the firewall
    service ntpd restart                 # Reload /etc/ntp.conf
    

Add a dynamic DNS client to the router/gateway

A ddns client will allow access to future SSH, VPN and other external services to access the server from the internet.

  1. Register for a dynamic DNS service. Any good search engine can point you to a good service.
  2. Install ddclient using the command apt-get install ddclient. The installer will ask questions about the newly-registered dynamic dns account. No further configuration seems needed.
  3. Find the dynamic dns address, which is the router's IP address a couple ways.
    route | awk '{ print $2 }' | sort | tail -n+4 | head -n+1    # If on the LAN
    dig +short myaccount.dyndns.org                              # Elsewhere on the internet
    nslookup myaccount.dyndns.org ns.dyndns.org                  # Another way from the internet
    http://www.dnscog.com/dig/myaccount.dyndns.org/              # As a web page

Saturday, March 5, 2011

Installing a Sangoma S518 DSL Modem card in a Dell Optiplex GX60 running Debian 6

This post is obsolete and has been superseded

Ebay provided a new-to-me used DSL PCI modem card to replace my 10-year-old DSL modem. The old modem still works; this is purely for fun.

The card is recognized, but no kernel module is associated with it.

lspci -vv
01:07.0 Network controller: Globespan Semiconductor Inc. Pulsar [PCI ADSL Card] (rev 01)
 Subsystem: Globespan Semiconductor Inc. Device d018
 Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping+ SERR+ FastB2B- DisINTx-
 Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=slow >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
 Latency: 64 (750ns min, 50000ns max)
 Interrupt: pin A routed to IRQ 16
 Region 0: Memory at ff8f0000 (32-bit, non-prefetchable) [size=64K]
 Capabilities: [40] Power Management version 2
  Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA PME(D0+,D1+,D2+,D3hot+,D3cold+)
  Status: D0 NoSoftRst- PME-Enable- DSel=0 DScale=0 PME-

Sangoma has a Linux driver, but it needs to be compiled, so it needs linux source code to refer to during compilation. The linux kernel itself does not need to be recompiled. It's annoying and time consuming, but it does work. Sangoma's information and downloads are at their wiki. Details of how to prepare the kernel source and headers is here.

Compatibility with networking and commands:

  • Do not make any changes to the /etc/network/interfaces file. The wanrouter program defines and brings up/down the dsl interface without using the file.
  • Ifup/ifdown does not work, because they rely on the interfaces file.
  • Ifconfig *does* work but only after a wanpipe is already active. Ifconfig up/down do work without restarting the wanpipe.

The nomenclature and order of events can be confusing:

wanrouter is the command that starts everything. It's just a bash script at usr/sbin/wanrouter. Don't be fooled by the name - it's not really a router. The wanrouter command turns on/off a wanpipe. A wanpipe is the low-level connection to the PCI card, and they create/destroy the dsl0 high-level network interface. Wanpipes are configured by the wancfg command.

pon/poff create a pppoe connection from the dsl0 interface to the upstream network provider. The pppoe connection, including dsl login/password, are configured by the pppoeconf command. pon/poff are actually just part of pppd, the ppp daemon, which creates another high-level interface, ppp0 to represent the actual live dsl link.

The upshot of all this is that wanrouter must create the dsl0 interface before pon can create the ppp0 connection (interface), and poff must terminate the ppp0 interface before wanrouter can destroy the dsl0 interface. Happily, wanpipes include a place to insert these commands so wanrouter appears to handle it all.


How to install the Sangoma wanpipe drivers, configure the card, configure the interface, and configure pppoe. The dsl line does not need to be plugged in until the final steps of configuring pppoe.

# Install the tools needed
apt-get install build-essential linux-source-2.6.32 linux-headers-2.6.32-5-686 libncurses5-dev bison libtool pppoe

# Get the Sangoma Wanpipe package. Unpack the linux-source and wanpipe packages 
cd /usr/src
wget ftp://ftp.sangoma.com/linux/current_wanpipe/wanpipe-3.5.18.tgz
tar zxvf wanpipe-3.5.18.tgz
tar xjf /usr/src/linux-source-2.6.32.tar.bz2

# Prepare the linux source for the wanpipe install script 
cd linux-source-2.6.32
cp /usr/src/linux-headers-2.6.32-5-686/Module.symvers ./
make oldconfig && make prepare && make modules_prepare

# Run the wanpipe install script
cd /usr/src/wanpipe-3.5.18
./Setup install
The script will ask for the linux source directory: /usr/src/linux-source-2.6.32. It will throw a lot of questions about using 2.6.32-5-686 instead, just answer yes and let the installer continue.
# When install is successfully completed
cd /home/USERNAME
wanrouter hwprobe  # Test if the card is detected
wancfg             # Ncurses tool to configure the wanpipe and interface
See the Sangoma Wiki for details, really all you need to choose is the interface name (for example, 'dsl0')
wanrouter start wanpipe1   # Test - should bring up interface
ifconfig                   # The interface should be on the list
ifconfig dsl0 down         # Test - should bring down interface
ifconfig                   # The interface should *not* be on the list
ifconfig dsl0 up           # Test - should bring up interface
ifconfig                   # The interface should be on the list
wanrouter stop wanpipe1    # Test - should being down interface
ifconfig                   # The interface should *not* be on the list
Plug in the dsl connection in order to configure pppoe. Then run the PPPoE configuration program (pppoeconf). You need your dsl login and password at this point.
ppoeconf
The pppoeconf program will ask two important questions:
  • Do you want to start PPPoE at each startup? NO, because it will fail - dsl0 will not be ready yet
  • Do you want to start PPPoE now? You can, but if there are any problems, the process will be orphaned. Kill it with the command 'poff -a'

You can see the PPPoE configuration (linking it to the dsl0 interface) in /etc/ppp/peers/dsl-provider. You can see your dsl username and password in /etc/ppp/pap-secrets.

To manually open/close the dsl connection:

wanrouter start     # To bring up the dsl0 interface. Doing this at boot is part of the Wanrouter install
pon dsl-provider    # To bring up the ppp0 interface, which is the real PPPoE connection 
                    # (with an IP address). We'll automate this in the next section
plog                # A handy debugging tool. Take a quick look at the log
ifconfig            # The dsl0 interface does not have an IP, and the new ppp0 interface does have an IP
poff                # To close the PPPoE connection, and bring down the ppp0 interface
wanrouter stop      # To bring down the dsl0 interface. Doing this at shutdown is part of the Wanrouter install

To automatically open/close the dsl connection: Go back into wancfg. Edit the wanpipe1 file --> Interface Setup --> Interface Configuration --> Advanced options. Insert a start script and a stop script as follows:

pon dsl-provider    # Append this to the bottom of the START script

poff -a             # Append this to the bottom of the STOP script
Save the wanpipe1 config file, and let's test automatic dsl connection/disconnection:
wanrouter stop      # In case it was on.
ifconfig            # Neither dsl0 nor ppp0 interfaces should be live.
wanrouter start     # Bring up dsl0. The script should then bring up ppp0
ifconfig            # ppp0 should be up, and have an IP address. If not, try again - ppp0 is often missing the first time I try.
wanrouter stop      # Bring down the intefaces
ifconfig            # Should be back to the normal down state. ppp0 and dsl0 should not be showing.
Finally, test with a reboot and a shutdown to see in the interfaces change properly. Success! Time to clean up using the following commands:
apt-get remove build-essential linux-source-2.6.32 linux-headers-2.6.32-5-686 libncurses5-dev bison libtool
apt-get autoremove
rm -r /usr/src/wanpipe-3.5.18
rm -r /usr/src/linux-source-2.6.32


BUG: missing LSB tags and overrides. When I tried to install something else later, I got the following warnings:

insserv: warning: script 'K01wanrouter' missing LSB tags and overrides
insserv: warning: script 'wanrouter' missing LSB tags and overrides
A quick search on the warnings gave an answer. LSB tags are used by init, and the tags are easily added to the beginning of the /etc/init.d/wanrouter script. Here is a sample script that eliminated the warning:
#! /bin/sh        # Just to show where we are in the file

### BEGIN INIT INFO
# Provides:             wanpipe
# Required-Start:       $syslog
# Required-Stop:        $syslog
# Default-Start:        2 3 4 5
# Default-Stop:         
# Short-Description:    kernal support to DSL modem
### END INIT INFO



Final notes:
  • Three elements of the Sangoma package failed to compile: LibSangoma API library, LibStelephony API library, and API Development Utilities. I have seen no effect from those failures.
  • To uninstall WANPIPE package run ./Setup remove
  • There is additional documentation at /usr/share/doc/wanpipe
  • A firmware update utility is included in /etc/wanpipe/util
  • 'wanpipemon' is an included diagnostic tool. The easiest way to use it is 'wanpipemon -g' for the ncurses gui.
  • Changing the default route to send packets across the dsl connection is beyond the scope of what I wanted to do. I just wanted to see if it worked.