Configuring your FreeBSD box for SBC DSL 5 Static IP addresses

  • Aug 6th, 2006
    • |
  • Uncategorized
    • |
  • Comments Off

    • Back in 1998, while working at Health Hero Network I was introduced to the power of FreeBSD. This was in a time before Linux had really taken off. 1998 was also the year that both cable and phone companies began testing to see if they could make money on the internet by improving on the connectivity options for the home. My first FreeBSD box was a collection of the cheapest parts I could find at Fry’s. One of the great things about FreeBSD was, and is, that you didn’t really need to invest a great deal of money in hardware to get started. After building my first box and installing FreeBSD over the internet at work, I decided that it was time for DSL at home.

    I chose the 5 Static IP address package from PacBell in ‘98 because I was starting a web business (who wasn’t back then), and I felt that a single IP address was just not going to be enough. The package from pacBell was $80/month and came with an Alcatel ADSL-1000. The Speed was 384K-1.5M down and 128K up. At the time, it was unfathomable that you might have more speed than that at home. I discovered that the 128K up was a bottleneck and soon moved the web business to a colo, but I kept the 5 static IP package at home.

    Times have changed. When I stared, I was running FreeBSD 2.2 on a 500 MHz Pentium. The hardware has migrated a few times and now lives on a Shuttle running a Pentium-2 at 1.7 GHz. Not a speed demon if you’re a gamer, but great for a general media server / firewall appliance for the house. The latest System is running FreeBSD 4.9, not really the cutting edge today, but also quite adequate for my needs.

    Over the last 8 years, technology for home connectivity has changed. DSL speeds are 2-4 times what they were when I started. I travel on business quite a bit and have adding iSight video camera’s to everyones home Powerbook. I routinely use Skype and iChat for business calls around the world. Speed of outbound connection and NAT had become an issue on the home network. It was time for a change.

    The basic requirements for the new system:

    1. No upgrade to the FreeBSD OS.
    2. The FreeBSD needed a static IP address.
    3. All laptops at home needed to have static IP addresses that would NAT to dedicated static IP addresses.
    4. All other system in the house as well as any guest laptops should NAT out on an address different from either that of the server or the other laptop systems.
    5. Faster outbound connection. If possible, add a faster inbound connection as well.

    In the end, I needed 6 static IP addresses and not 5. I explain how sometimes 5 can equal 6 later in the article.

    I disovered that my existing service was not eligable for upgrade since I live to far from the CO. I could, however, get faster service through a neighborhood hub by activating service on another phone line at the house. That option would cause the least disruption of service and was the approach I took. I ordered the new service, AT&T Yahoo! High Speed Internet Pro-S Package: 5 static IP addresses, 1.5 to 3.0 Mbps down and 384 to 608 Kbps up. The cost was about what I had been paying already, just faster service.

    When the new DSL modem arrived, I discovered that things were not to be so easy. My original ADSL-1000 modem has a dumb device. The IP addresses were assigned by PacBell and were all manged locally. The service existed prior to the rollout of PPPoE service. Much to my horror, the new service was PPPoE based.

    Making matters worse, the new modem, a Siemens SpeadStream 4100, had a built in DHCP server that could not be turned off. I have not had much experience with PPPoE so I searched for a recipe that would solve my problem, but I couldn’t find anything to help. I found many articles on PPPoE, but most only dealt with single dynamic IP address solutions. The following articles did help in completing the setup: Using PPP over Ethernet (PPPoE), PPPoE on FreeBSD mini How-To.

    Step 1. Set the DSL modem to Bridge Mode.

    By default, the DSL modem will have DHCP and PPPoE support enabled. This must be disabled before we can proceed. Follow the instructions provided by SBC to navigate the modem U/I and activate Bridge Mode. Once this is done, all advanced features on modem will be deactivated and it will expect PPPoE support to be handled by you. WARNING: Once you change to bridge mode, you’ll no longer get and IP address from the modem. Make sure to take note of the IP address used by the modem and on the PC you use when changing to Bridge Mode. If you want to change modes later, you’ll need to manually set the IP address on you PC.

    Step 2. Configure the kernel

    I was unable to determine whether the kernel in FreeBSD 4.9 would support PPP and PPPoE with out modification. I’ve always had custom kernels on my boxes. Mostly as a way of keeping them trimmed down, I don’t add support for any devices that I don’t need. Rather than spend lots of time figuring whether it was needed or not, I just decided to add in support. This is what needs to be done:

    Add the following lines to your kernel config file located in /usr/src/sys/i386/conf/

    options NETGRAPH
    options NETGRAPH_ETHER
    options NETGRAPH_PPPOE
    options NETGRAPH_SOCKET

    Also, if you have not already enabled firewall support, turn that on now as well:

    options IPFIREWALL # enable BSD firewall
    options IPFIREWALL_VERBOSE # log dropped packets

    Make sure DIVERT is turned on. That will enable support for NAT when we build out the firewall

    options IPDIVERT #divert sockets

    Finally, make sure that the Pseudo devices for PPP and TUN are defined. You’ll find them near the bottom of the defualt kernel config file:

    pseudo-device ppp 2 # Kernel PPP
    pseudo-device tun # Packet tunnel.

    Step 2. Build and install the Kernel

    This step should be familiar to most FreeBSD users. What follows is a quick guide to building and installing the kernel. For full documentation, see the FreeBSD guide.

    Assuming your configuratino file was named MYKERNEL, follow these steps. This will need to be modified if you’re kernel is named idfferently.

    1. Run config(8) to generate the kernel source code.
      # /usr/sbin/config MYKERNEL
    2. Change into the build directory. config(8) will print the name of this directory after being run as above.
      # cd ../compile/MYKERNEL
    3. Compile the kernel.
      # make depend # make
    4. Install the new kernel.
      # make install

    You’ll need to reboot after this step.

    Step 3. Configure PPP

    Much of what follows in this step came from The FreeBSD guide. Modify your the ppp.conf file located in /etc/ppp. Refer to the guide for a full description of all commands included.
    /etc/ppp/ppp.conf

    default:
    set timeout 0

    sbc:
    set device PPPoE:rl0 # replace rl0 with the ethernet device connected to the DSL modem
    set log phase Chat LCP IPCP CCP tun command
    set server /var/run/ppp-tun%d “” 0177

    enable lqr

    set mru 1492
    set mtu 1492

    set speed sync
    set dial
    set login
    set timeout 0

    set authname YOUR_LOGINNAME@sbcglobal.net
    set authkey YOUR_PASSWORD
    set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0

    add default HISADDR
    iface add 75.00.00.81/32 75.00.00.81
    iface add 75.00.00.82/32 75.00.00.82
    iface add 75.00.00.83/32 75.00.00.83
    iface add 75.00.00.84/32 75.00.00.84
    iface add 75.00.00.85/32 75.00.00.85

    Make sure to:

    1. Replace the interface on the line PPPoE:rl0 with your interface.
    2. Set the authname and authkey’s with those provided by your ISP.
    3. Replace the IP addresses with those supplied by your ISP.

    A note on TCP/IP addresses assigned for the 5 Static IP packages from SBC. The addresses assigned are not chosen at random. What has actually has been assigned is a /29 network. To find out more about TCP/IP and networks, check out this article. A /29 network is comprised of 8 seperate addresses. Consider the following example /29 network:

    75.0.0.80/29

    This specifies a network with the following 8 TCP/IP addresses:

    75.0.0.80 - In each subnet, the first host number (0) is reserved, and the resulting number is known as the network number.
    75.0.0.81
    75.0.0.82
    75.0.0.83
    75.0.0.84
    75.0.0.85
    75.0.0.86
    75.0.0.87 - This is the broadcast adress for this network. Packets sent to this address will go to all interfaces on this network

    This leaves a total of 6 usable addresses. As delivered, the Modem was acting as the router for the subnet, so it needed its own TCP/IP address. Since we’ve switched to bridged mode, the modem no longer needs it’s own address. The FreeBSD box will inherit the IP address the modem previously used which will still leave 5 additional addresses for you to use.

    Verifying your connection

    Open two different shell windows on the FreeBSD box. In the first window you’ll tail the output of ppp.log so we can follow the status of the PPP connection. In the second window, type the following as root:

    ppp -background sbc

    This will manually start the connection. You should see output in the window tailing the log file. Monitor the log file and look for the output like the following:

    Aug  6 12:04:49 borabora ppp[29636]: Phase: Using interface: tun0
Aug  6 12:04:49 borabora ppp[29636]: Phase: deflink: Created in closed state
Aug  6 12:04:49 borabora ppp[29636]: tun0: Phase: Listening at local socket /var/run/ppp-tun0.
Aug  6 12:04:49 borabora ppp[29637]: tun0: Phase: PPP Started (background mode).
Aug  6 12:04:49 borabora ppp[29637]: tun0: Phase: bundle: Establish
Aug  6 12:04:49 borabora ppp[29637]: tun0: Phase: deflink: closed -> opening
Aug  6 12:04:49 borabora ppp[29637]: tun0: Phase: deflink: Connected!
Aug  6 12:04:49 borabora ppp[29637]: tun0: Phase: deflink: opening -> dial
Aug  6 12:04:49 borabora ppp[29637]: tun0: Phase: deflink: dial -> carrier
Aug  6 12:04:50 borabora ppp[29637]: tun0: Phase: Received NGM_PPPOE_ACNAME (hook "90084090400332-")
Aug  6 12:04:50 borabora ppp[29637]: tun0: Phase: Received NGM_PPPOE_SESSIONID
Aug  6 12:04:50 borabora ppp[29637]: tun0: Phase: Received NGM_PPPOE_SUCCESS
Aug  6 12:04:50 borabora ppp[29637]: tun0: Phase: deflink: carrier -> login
Aug  6 12:04:50 borabora ppp[29637]: tun0: Phase: deflink: login -> lcp
Aug  6 12:04:50 borabora ppp[29637]: tun0: Phase: bundle: Authenticate
Aug  6 12:04:50 borabora ppp[29637]: tun0: Phase: deflink: his = PAP, mine = none
Aug  6 12:04:50 borabora ppp[29637]: tun0: Phase: Pap Output: YOUR_NAME@sbcglobal.net ********
Aug  6 12:04:52 borabora ppp[29637]: tun0: Phase: Pap Input: SUCCESS ()
Aug  6 12:04:52 borabora ppp[29637]: tun0: Phase: deflink: lcp -> open
Aug  6 12:04:52 borabora ppp[29637]: tun0: Phase: bundle: Network
Aug  6 12:04:52 borabora ppp[29636]: tun0: Phase: Parent: PPP enabled

    This will indicate the PPP has started successfully.
    Step 4. Configure the Firewall

    Step 5. Configure NAT