Connecting Linux Pc To Adsl

[simon43]

OK, I know a reasonable amount about Linux, but really do need some practical advice!

I have a newly-built Linux PC running Red Hat v9. I want to use this computer to connect to my ADSL internet service. The computer will be running some software that is accessed via SSH. So I can register with a dynamic DNS service so that my varibale IP address does not cause problems...

But how can I actually connect this single computer to the internet? I have an ADSL connection here in Phuket which provides internet for my single laptop, using a proprietary USB ADSL modem. Since my Red Hat computer also has an internet browser, I don't need to use my laptop for internet work.

So the big question is - how do I connect the Linux computer to my ADSL service??

Any help much appreciated!!

Simon

[francois]

OK, I know a reasonable amount about Linux, but really do need some practical advice!

I have a newly-built Linux PC running Red Hat v9.  I want to use this computer to connect to my ADSL internet service.  The computer will be running some software that is accessed via SSH.  So I can register with a dynamic DNS service so that my varibale IP address does not cause problems...

But how can I actually connect this single computer to the internet?  I have an ADSL connection here in Phuket which provides internet for my single laptop, using a proprietary USB ADSL modem.  Since my Red Hat computer also has an internet browser, I don't need to use my laptop for internet work.

So the big question is - how do I connect the Linux computer to my ADSL service??

Any help much appreciated!!

Simon

red hat ...

from memory ... go to the equivalent of yast on Suse, tools for networking,

erase everything that can have been set before.

reboot with cable plugged in (ethernet or usb), go back to net config and declare the new connection, everything is here to set it up properly.

be careful with a ddns stuff, not to mess around ...

there is a read me for this as for almost everything in Linux

francois

[autonomous_unit]

Depending on your budget (money and time), you either try to get the USB modem working, or you just go and buy an ADSL router to use instead and save yourself the headache. With the router, you would just connect via ethernet and use a normal DHCP or static addressing mode. Then, use the router's web interface to configure port-forwarding for the SSH connection.

Otherwise, you need to determine whether the USB modem is supported, and most likely then need to configure a PPPoE connection over it. I've never done this, but Linux certainly can (that's what most of the SOHO routers are running these days).

[greenway2005]

Hi there,

Getting a USB ADSL modem working on Red Hat is possible, however it can cause you a lot of headache and sleepless nights. I would go for autonomous_unit's solution. This because it's just the easiest way to go (furthermore, you can buy an ADSL Router for less then 3000 baht) and you will be able to expand your network in the future.

If you decide to connect your ADSL modem to your Rad Hat box, get ready for some serious forum browsing. Usually, all you need can be found.. It justs depends on how much effort you're willing to put in it!

Any which way you go, I would be happy to help you where I can.

goodluck

_greenway

[simon43]

Thanks for the advice. I bought an ADSL router modem with both usb and ethernet ports. Now I have got my usb laptop and linux ethernet connected to the internet!

But can you explain more how I can connect from a remote pc to my linux server? What actions do I need to take to make it 'visible' on my 'dynamic' ip adsl service?

Simon

[greenway2005]

Right, D(ynamic)DNS.... It has been a while but if remembering right, it should be something like this:

First register with a dynamic DNS service, there are plenty so this shouldn't cause ya any probs...

Then you should put a DDNS client on your Linux server, this client will inform your DDNS service when it receives a new IP from the DHCP server located at your ISP. Usually your DDNS service provider will inform you which client to use (last time I used it, about 2 years ago, there were a lot of clients available for Linux systems). Get yourself a domain name (or get a free one at your DDNS service provider, often they will offer you a subdomain of your own). This should be enough as far as letting your DHCP provided Linux server stick to it's assigned domain.

After this you should configure your router to forward SSH requests to your Linux server (port 22 unless to configure the SSH deamon to listen on another port).

Oh something else just came to mind, nowadays many SOHO routers are configures with a DDNS client which will work with the major DDNS service providers. Check up on this before you sign up with a DDNS service provider. It could make things a little easier for ya!

If the above is not the case, you will probably have to configre your DDNS client manually. If so and you need help, just let me know.

I hope you can some sort of a start with this post; I haven't slept for 24 hours and just dropkicked 3 large Singha's, so it might just be that this post is not as clear as it could be. Anyay, could luck!

[simon43]

The problem I have is that this linux pc can 'see' the public internet, but i cannot 'see' the pc from the public internet! The pc has been assigned a private address by the adsl router/modem of 10.0.0.3. The router sits at 10.0.0.2 on the LAN side. If I use my laptop on the lan-side of the router, and try to connect to the linux pc at 10.0.0.3, this works fine.

So I then opened port 22 on the router public side and configured inbound (SSH) traffic to port 22 of ip address 10.0.0.3. No joy! I assumed that if I tried to SSH to the WAN public address of the router, then my connection would be passed to port 22 of my linux pc....

So, are there any tests or configs that i can d to allow me to connect from a public ip address to port 22 and 8000 of my linux pc which is on its private address of 10.0.0.3?

Help appreciated!!

Simon

[Guest endure]

The problem I have is that this linux pc can 'see' the public internet, but i cannot 'see' the pc from the public internet!  The pc has been assigned a private address by the adsl router/modem of 10.0.0.3.  The router sits at 10.0.0.2 on the LAN side.  If I use my laptop on the lan-side of the router, and try to connect to the linux pc at 10.0.0.3, this works fine.

<{POST_SNAPBACK}>

I can't fix your problem for you but it might be an idea to give all your machines fixed IPs. There's no guarantee the router is going to assign them the same address every time.

[greenway2005]

So I then opened port 22 on the router public side and configured inbound (SSH) traffic to port 22 of ip address 10.0.0.3.  No joy!  I assumed that if I tried to SSH to the WAN public address of the router, then my connection would be passed to port 22 of my linux pc....

<{POST_SNAPBACK}>

This is never going to work; when on your LAN you are not able to reach the outside IP address of your router. And if your routers outside IP is provided by a DHCP server with ISP, you will not be reachable from the outside world for your IP adresses are dynamic. See my last post about the DDNS configuration.

Ones you have DDNS going or you have static IP assigned to your ADSL entrance, let me know and I will try to set up a SSH session between our boxes.

[simon43]

This is never going to work; when on your LAN you are not able to reach the outside IP address of your router.

That's the point! I CAN reach my router 'public' address from my linux pc, as well as any other public address. My problem is that i cannot connect 'the other way'.

I will firstly assign a static private address to my linux pc. As far as i can understand from my router manual, what im doing should work, since I've opened up port 22 on the router and configured the router to pass inbound traffic to port 22 of the linux pc...

[Simmo]

I will firstly assign a static private address to my linux pc.  As far as i can understand from my router manual, what im doing should work, since I've opened up port 22 on the router and configured the router to pass inbound traffic to port 22 of the linux pc...

<{POST_SNAPBACK}>

Yes , that will work. What your describing is a port forwarding setup. If you ssh to the public ip interface of your router (from the internet) it will pass it to the linux pc. Make sure that if your router has a built in firewall you setup a rule to allow the connection as well. If that work you can also setup SSH tunnelling if you want to access other services like X Windows & VNC.

Edited December 2, 2005 by Simmo

[greenway2005]

Simon43, first you said:

"The problem I have is that this linux pc can 'see' the public internet, but i cannot 'see' the pc from the public internet! "

Then in your last post you said:

"That's the point! I CAN reach my router 'public' address from my linux pc, as well as any other public address. My problem is that i cannot connect 'the other way'"

I am getting a little bit confused here. First of all, your Linux box will never be "seen" on the internet because it's behind a router who performs Network Address Translation on it. The only device in your home which might be found on the internet is your router. However, in one of your previous posts you stated you are being provided a dynamic IP by your ISP, so without a workaround there I find it hard to believe you are able to find your ADSL router on the internet. Even if you know your temporary IP, this usually does not resolve to your router but to a domain on your ISP's network.

If your are able to connect to your routers public address (not the ones like 10.0.0.1 or 192.168.1.23, these are the private ones) you should be able to track down the problem by looking at your routers log's, most keep several.

How are you sure you can reach your router from the internet?

[autonomous_unit]

... However, in one of your previous posts you stated you are being provided a dynamic IP by your ISP, so without a workaround there I find it hard to believe you are able to find your ADSL router on the internet. Even if you know your temporary IP, this usually does not resolve to your router but to a domain on your ISP's network.

...

<{POST_SNAPBACK}>

This doesn't make sense to me. If you know your current dynamic IP address and have access to an external host somewhere on the Internet, you can surely ping the IP address or attempt connecting to arbitrary ports using that public IP address. There is absolutely no need to have a DNS record anywhere in order to test IP connectivity.

It is just a convenience to avoid typing those "dotted numbers". For example, I can ssh from my laptop in BKK to a computer in California, check the IP address of the "remote" host according to the California machine, and then ssh back to that address and be logged into my laptop again, because I have port 22 on the router forwarded to my laptop. I am not using any DNS at all in this.

However, I am also confused by the statement that the original poster can reach the public address of his router from his PC on the LAN. Most SOHO routers would fail to do this, not because it is technically difficult but because the SOHO router producers seem to think that is weird...

To the original poster, I'd suggest:

1. Try putting the PC on static LAN address as you've said

2. Try setting the PC address as the "DMZ host" if that is an option in the router and you are not confident in the port-forwarding rules. This will forward all traffic to the DMZ host except that which is explicitly forwarded somewhere else with another rule, so make sure you disable those other rules if you try this.

3. Make sure you don't have a software firewall blocking incoming traffic on the PC. What Linux distribution are you using? Is it running iptables, and did you configure it to allow inbound SSH connections?

[simon43]

Hi Greenway205, what I said is correct for both my postings. (I'm saying the same thing..) I can use my linux pc on it's private address and can ping any public IP address, including that of my ADSL router. But I cannot ping or connect to my linux pc from the public internet, even though I have port-forwarding set up.

My adsl router is always assigning the same private address to this pc - 10.0.0.3, and that's the address that I have set up to receive inbound traffic from port 22 (SSH) on the public side of the router. But it doesn't seem to be working..

IMy router does allow the DMZ option, so let me try that!!

Thanks for all your help so far

[Guest endure]

Hi Greenway205, what I said is correct for both my postings.  (I'm saying the same thing..)  I can use my linux pc on it's private address and can ping any public IP address, including that of my ADSL router.  But I cannot ping or connect to my linux pc from the public internet, even though I have port-forwarding set up.

My adsl router is always assigning the same private address to this pc - 10.0.0.3, and that's the address that I have set up to receive inbound traffic from port 22 (SSH) on the public side of the router.  But it doesn't seem to be working..

<{POST_SNAPBACK}>

You won't be able to ping 10.0.0.3 from the public internet. Any attempt to ping a private address is dropped at the first router it hits.

[simon43]

Yes, I understand that! What i meant was that since I have port forwarding configured, if I try to connect to the router public port 22 (SSH), then my connection should be routed through to port 22 of the linux pc at 10.0.0.3 and I should connect to ssh on that pc. But it doesn't happen!

BTW, I tried changing the linux to a static private ip, and i tried setting the DMZ host on my router to the linux ip. The results are exactly the same! My pc can 'see' public ips, but public ip connections do not seem to get through to this pc. I think the problem lies with the router, not the pc.

Since i can see 'out' but not 'in' should i try setting up a manual route in my router for inbound traffic???

[simon43]

Excuse me for a moment . .

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHHHHHHH!!!!!

That's better, (not much, just a little bit.....)

[greenway2005]

@autonomous_unit

Then you're a lucky person (you've got it working and pour simon43 doesn't)! I know from experience that many ISP's don't allow direct inbound connections on home networking devices. Come to think of it; this applied (not sure how this situation is right now, been on satelite for a while now) to cable internet providers. So I might be wrong on this one as far as DSL providers go.

@simon43

Getting a little bit frustated are ya? Could imagine you are! Does your router keeps any logs? If so, these might give you a clue of what's going wrong. If there is a log, you should be able to find out if the SSH session is reaching the router.

What you also might try is setting up a SSH session with your router and make a tcpdump of on the local host, this way to could find out if your router is responding in any way (if your router is still blocking your requests it will often send a ICMP reply of some sort, you might even be able to configure your router to do so but it's often a default setting).

Hang in there!

Edited December 2, 2005 by greenway2005

[simon43]

Router log, good idea!! I know it keeps logs. Let me investigate and report back.....

[simon43]

OK, the system log doesn't log connections/attempted connections etc. It only logs start-up processes and shut-down processes. Looking at the log, everything looks ok...

But, there is an issue somewhere. If I run a diagostic test on the modem/router, it checks various connectivities for ethernet LAN, ADSL synchro etc. All pass except 'Test PPPoPvc 0 IP connect to PPP' which gives a FAIL. The help file for this failure says:

'Check IP Assignment

This test returns PASS if your DSL modem has been assigned a valid IP address by your service provider through DHCP or your DSL modem is assigned a valid IP address statically.

If this test returns FAIL, run this test again a few minutes after this test is completed. If this test returns FAIL consistently and DHCP client is enabled on your DSL modem, check with your service provider. If this test returns FAIL consistently and your DSL modem is statically assigned an IP address, make sure the IP address is the correct one assigned by your service provider'

Well, I don't understand why this gives FAIL, since I do get connectivity to the public internet and my router status indicates the public IP address assigned to the router....

Any suggestions? By the way, I have 2 different ADSL routers and they both give the same failure, (they both use the same Conexant chipset).

[greenway2005]

Hmm, starting to run out of idea's here. Did you try connecting another way to your router (ping, telnet, enz)? I know some ISPs block certain kinds of inbound connections to home networking devices, never heard of one blocking SSH connections though. Did you try traceroute to your assigned IP already? If you this trace stops at your ISP's ip, they are blocking ICMP requests and probably a lot more...

I am starting to get a feeling the problem is with your ISP, not with your home setup. Maybe give them a call.... Which one are you using anyway??

Edited December 3, 2005 by greenway2005

[greenway2005]

I just came across this thread on the Ubuntu forums:

http://www.ubuntuforums.org/showthread.php?t=97571

It sounds like a similar problem you're having; I don't have enough time to go through it but you might find a solution there. Also you might wanna look around on these forums, I know it is another distro but there is a lot of usefull stuff in there.

[autonomous_unit]

SImon43, who is your ADSL provider? True gives me a public but dynamic address. Maybe your ISP really is not giving you a public address?

Do you have a remote machine to use for testing? Can you connect from your Linux PC on the LAN to the remote machine and check the IP address of the incoming connection, from the point of view of the remote machine? This should match the IP address that your router obtained from your ISP, unless you are stuck behind a NAT device operated by the provider.

Your router's port-forwarding will only help if you can indeed get incoming connections all the way to the router...

If your ISP put you behind NAT, you might try asking them for an address that works "with a VPN" since this usually means they'll give you a public, non-NAT address even if it is a different address everytime your modem connects.

[simon43]

I'm using TT&T Maxnet...

I just connected to a remote web server using my laptop which is on my LAN using wi-fi. The server log correctly showed the public IP address of my router. I then connected to this web server from my Linux PC on my LAN. Again, the server log correctly showed a connection from my router public IP address.

Oh dear....

[autonomous_unit]

I'm running out of ideas too.

When you had the PC set as the DMZ host, did you try connecting to any other ports? What is the behavior? Connection refused, or just a hang or timeout?

Can you ping the router from outside? Are there any firewall modes you can try enabling and disabling on the router (including ICMP ping response)? At this point, I'd be trying to see if I can change any visible behavior for incoming packets by changing router settings.

[stumonster]

simon - what adsl modem/router have you got ?

can you post a screenshot of your port forwarding config page for us?

have you set up the modem/router for dynamic dns? - you can black out the actual personal bits , but post a screen grab of it also.

is the ssh daemon running on your linux box?

post a couple of screen shots of your modem router config so we can look , as so many problems are just simple mistakes - ( personal experience :-) )

[simon43]

Sorry for the slow reply!

The ADSL router uses the standard Conexant chip-set. I have tried 3 routers and have the same problem (all 3 routers use the Conexant chip-set).

The SSH daemon is running ok on the linux box because i can connect to it directly from my Windows xp laptop, which is connected to the ADSL router via its wi-fi interface.

The router is set up for dynamic dns. The router always assigns itself a private address of 10.0.0.2 and always assigns 10.0.0.3 to the linux pc (by always, I mean that there are no other ethernet connections, so it is always assigning the 1st private address from it's list). My laptop connects via wi-fi and is assigned an address of typically 10.0.0.7.

This is a copy of my port-forwarding set-up:

ID/Public Port - Start/Public Port - End/Private Port/Port Type/Host IP Address

1 22 22 22 TCP 10.0.0.3

2 22 22 22 UDP 10.0.0.3

Here is a copy of the router status page:

BootCode Version: BC_CX82xxx_4.1.0.28b

Firmware Version: CX82xxx_4.1.0.29_MW2

Customer Software Version: tactio_4.1.0.29_MW2c

--------------------------------------------------------------------------------

WAN

IP Address Subnet Mask MAC Address

58.147.4.127 255.0.0.0 00:05:B4:09:52:C2

--------------------------------------------------------------------------------

LAN

IP Address Subnet Mask MAC Address

10.0.0.2 255.0.0.0 00:05:B4:09:52:C1

Total Number of Lan Interfaces: 1

Number of ethernet devices connected to the DHCP server: 1

IP Address MAC Address

1 10.0.0.3 00:30:1B:B2:7D:9C

Ethernet Link Status: UP

USB Link Status: N/A

Any ideas?? I am determined, (with everyone's help) to get this working!!

Cheers - Simon

[simon43]

Some progress . . .maybe!

I found a useful little program at:

http://www.preinheimer.com/cgi-bin/connect...ectiontest2.cgi

This application test whether a specified port is open or blocked on your ADSL router. (I have no idea how it works...)

Anyway, I tested access to port 22 (SSH) on my router and the application confirmed that the port was open! I then reconfigured my ADSL router not to port-forward this port and retested. This time, the application reported that the port was blocked!!

So, if I am to believe this application, the port-forwarding is working ok on my router. So it is the actual linux pc itself that is blocking access on port 22.

Remember that the SSH daemon is running ok because I can connect using my Windows laptop which is connected to my LAN.

The firewall is disabled (temporarily) on the linux pc.

So, for what reasons would a linux server refuse inbound port 22 connections from a public ip address, as opposed to a private ip address, when it's firewall is disabled??

Thanks again for all the help!

Simon

[autonomous_unit]

...

So, if I am to believe this application, the port-forwarding is working ok on my router.  So it is the actual linux pc itself that is blocking access on port 22.

Remember that the SSH daemon is running ok because I can connect using my Windows laptop which is connected to my LAN.

The firewall is disabled (temporarily) on the linux pc.

So, for what reasons would a linux server refuse inbound port 22 connections from a public ip address, as opposed to a private ip address, when it's firewall is disabled??

That doesn't sound right. As root on the Linux PC, try running:

% tcpdump dst port 22

and then try to connect. It should show whether any packets are arriving. Kill it with CTL-C when you get bored.

If this is really happening that packets are arriving but it is acting like a firewall, maybe you didn't really turn off the firewall as you think? Did you check /var/log/messages and /var/log/secure for any ssh-related entries? Try "tail -f /var/log/secure" while doing the remote connection, to see any new entries that appear.

[simon43]

Success!! I have finally got this system to work! And the problem seems not to be what I thought it was!

Remember that I said that I could SSH from my laptop to the Linux private ip address, but that I couldn't SSH to the public ip address from my laptop? Well, what I failed to do was to check from another completely remote pc!! When I tried via a pc in the UK, I connected via SSH to the public ip address of the router, and then this was port-forwarded to the linux pc.

So, I was mislead because, for some reason, I cannot connect to the router public ip address from my windows laptop on the lan... (?) Not sure why, but all is working ok fine now.

Thanks for all the advice!!

Simon