Setting up Bell Atlantic's Infospeed with Linux

This page includes a short how-to on setting up a Linux box to work with Bell Atlantic's Infospeed ADSL service. Apparently, there are different flavors of Infospeed in use. This page reflects the Manhattan WinPoet (PPPoE) flavor.

Last Update: $Date: 2000/05/04 19:29:24 $

1. ADSL Installation

Make sure to select the Westel Ethernet ADSL external modem when ordering your service. Follow the installation instructions provided with your package.

2. ADSL Account Setup

You will need a Windows (95/98/NT/2000) machine in order to set up your Infospeed account. You will need to follow their instructions carefully, including installation of a customized Netscape 4.5 browser (don't ask me why you can't just run their Java installation program with a Java JRE).

As part of the account setup, you will be asked to select a Global Service Providers (GSPs). The current choices are between GTEI and QWEST. You may want to do a traceroute from your favorite Internet destination to see if one or another is better (in my case they were about the same number of hops). Also, make sure to note your account name xxx@bellatlantic.net as well as your password !

3. Linux Installation

Now that you have ADSL running on Windows it is time to reboot to Linux. You will need a PPPoE (PPP over Ethernet) client. There are several available roughly divided between kernel and user-space implementations. I ended up using Roaring Penguin's PPPoE user space client, mostly because I was too lazy to compile my kernel again, and also because I was afraid of compromising system stability. In my dedicated Pentium 166 router box, the client uses less than 10% CPU.

Roaring Penguin's PPPoE client (user space)

Once you have downloaded and installed the PPPoE client you will need to set it up using the adsl-setup script. All that is left is to execute adsl-start and you should be all set ! To maintain connectivity across reboots, you can invoke the adsl-start script from your /etc/rc/rc.local script. [ This section will be expanded soon ]

4. Firewall Setup

Now that you're connected to the Internet over a semi-permanent (Infospeed shuts down your connection and gives you a new IP address every eight hours) Internet connection, you are vulnerable to hackers ! Given that most Linux installations default to offering a wealth of services (WWW, FTP, Ident, Finger, LinuxConf, Sendmail, etc.) you are likely to be very vulnerable. I strongly recommend that you read the IPCHAINS-HOWTO available at

5. Masquerading Setup

Unfortunately, Bell Atlantic does not support more than one host per ADSL line. If you would like to connect more than one machines to the Internet sharing the same ADSL line, then you'll need to use Linux IP Masquerading.

Most modern Linux distributions are already configured to support IP Masquerading.

6. Example Setup

The following example shows my current home configuration. Note that this information is provided as an example and no warranty is made on any properties such as security or correctness. Use at your own risk.

6.1 Topology

6.2 Hardware (Ethernet) Configuration

It is likely that you will need to configure the cards manually. Use the /sbin/ifconfig -a utility to find out if your kernel has recognized your Ethernet cards (look for eth0 and eth1). In my setup, I have two 3Com EtherLink III cards which I configured as follows :

Booted to DOS/Windows and executed the 3COM configuration utilities,
Used the configuration utility program to automatically set the IRQs and I/O addresses of the two cards (wrote that info down),

Rebooted to Linux and edited the /etc/conf.modules file, adding the following lines:

alias eth0 3c509
alias eth1 3c509
options eth0 3c509-0 io=0x210 irq=5
options eth1 3c509-1 io=0x300 irq=10

Rebooted (not necessary, but easiest)

Once you have both Ethernet cards recognized by the kernel, you need to configure one of them to the IP address of your internal network. In my case, I used the class A network 10.0.0.0/8, and chose to use eth1. In my RedHat 6.2 system I had to create the file /etc/sysconfig/network-scripts/ifcfg-eth1 containing :

DEVICE=eth1
IPADDR=10.0.0.1
NETMASK=255.0.0.0
NETWORK=10.0.0.0
BROADCAST=10.255.255.255
ONBOOT=yes
BOOTPROTO=static

You must leave the other Ethernet interface unconfigured ! The PPPoE client will handle its configuration.

6.3 OS/Service Configuration

RedHat 6.2 (custom installation including DNS server, DHCP server)
Two Ethernet interface cards.
Roaring Penguin's PPPoE client (user space)
Services enabled :
- dhcpd : DHCP server (see DHCP configuration information)
All other services disabled :
- removed /etc/rc.d/rc?.d/S??httpd, /etc/rc.d/rc?.d/S??ident, etc.
- commented out all services in /etc/inetd.conf

6.4 DHCP Daemon Configuration

Edit the file /etc/dhcpd.conf :

#
# File : /etc/dhcpd.conf
#
subnet 10.0.0.0 netmask 255.0.0.0 {
        option routers                  10.0.0.1;
        option subnet-mask              255.0.0.0;

        option domain-name              "bellatlantic.net";
        # The nameservers below are for NY customers :
        option domain-name-servers      151.198.0.38, 199.45.32.37;

        option time-offset              -5;     # Eastern Standard Time

        default-lease-time 2592000;
        max-lease-time 2592000;

        range 10.0.0.10 10.0.0.255;
}

Make sure that you are starting the DHCP daemon at boot time by creating soft links to the /etc/rc.d/init.d/dhcpd start up script from :

/etc/rc.d/rc2.d/S65dhcpd
/etc/rc.d/rc3.d/S65dhcpd
/etc/rc.d/rc4.d/S65dhcpd
/etc/rc.d/rc5.d/S65dhcpd

6.5 Firewall/IP Masquerading Configuration

The following lines are appended to the end of the /etc/rc.d/rc.local file (an alternative is to create an /etc/rc.d/init.d/firewall as described in the IPCHAINS-HOWTO) :

# Default forwarding policy is DENY
/sbin/ipchains -P forward DENY

# Deny packets arriving from the Internet claiming internal addresses
/sbin/ipchains -A input -i ppp0 -s 10.0.0.0/8 -l -j DENY

# Extend the timeouts for TCP, TCP after FIN, and UDP masquerading
/sbin/ipchains -M -S 7200 10 60

# Enable IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

# Masquerade for internal hosts
/sbin/ipchains -A forward -s 10.0.0.0/8 -j MASQ

# Load FTP module (enables active FTP sessions over the firewall)
/sbin/modprobe ip_masq_ftp

# Load Real Audio module
/sbin/modprobe ip_masq_raudio

#/sbin/modprobe ip_masq_cuseeme
#/sbin/modprobe ip_masq_irc
#/sbin/modprobe ip_masq_mfw
#/sbin/modprobe ip_masq_quake
#/sbin/modprobe ip_masq_vdolive
#/sbin/modprobe ip_masq_user
#/sbin/modprobe ip_masq_portfw

# Start Roaring Penguin ADSL PPPoE client
/usr/local/sbin/adsl-start

Connecting Clients

You should now be ready to connect clients to your Ethernet hub/switch. New clients should be configured to use DHCP (see masquerading HOWTO on specific details).

Please send comments/questions/corrections to Alexander V. Konstantinou (akonstan@cs.columbia.edu).