For many years, SDSU has provided a dial-up PPP service for faculty and staff. I've used that to maintain all of my Web pages here on mintaka. But on April 28, 2010, we got a notice that the modem bank would be closed on June 1. So it's time to find an ISP.
A quick check of local dial-up providers showed that they all have unattractive features, such as a 4-hour maximum session length, or 250 hours/month limitation on total usage. A Linux-friendly provider nearby suggested that it would be better to spend a little more to get what I need. That means a “high-speed” connection.
I'm not in Verizon's service area, so it's either AT&T or cable for the connection. I never watch TV, so I don't have cable; that means my only (cheap) choice is AT&T.
The AT&T techs who have occasionally come by to diagnose phone-line problems have suggested for years that I get DSL, as I'm only about a kilometer from the local central office. This seems to be the time to do that. AT&T has a $19.95/month el-cheapo deal for “Basic DSL” service that's already several times faster than a dial-up modem. This is only 5 bucks more than the local dial-up service, and actually cheaper than AT&T's dialup price.
Of course, there's the problem that I run Debian GNU/Linux on my boxes — an “unsupported” operating system, as far as the commercial ISPs are concerned. Linux users know that our systems are completely compatible with the ISPs' systems; it's just that we're too few to have enough clout with them to get official support. So I knew that some research would be required.
There is abundant information available on the Net about DSL and Linux and so forth; you just have to find it. Unfortunately, there's also lots of misinformation, and lots of just plain noise. So, in hopes of saving other people some of the work I've had to go through, I'm putting this record of my experience on the Web. Probably what I did will work for you if you use some Debian-based distribution like Ubuntu.
Your pieces have to be physically connected, and talking to one another with TCP/IP, before the ADSL connection can be set up. Getting all the parts to play nicely with one another is possible, but you need to be prepared.
Remember that you will be dealing with two corporate entities here, not just one: the phone company provides your copper wires and the central office where your phone line terminates; but the actual ISP is the outfit that has its DSLAM (which is your real connection to the Net) in that central office. In my case, it's the AT&T/Yahoo combine that used to be the SBC/Yahoo Internet service; after several name changes, this is now called AT&T High Speed Internet. (If you buy your own modem from another supplier, you might have a third corporation to deal with, if you have problems connecting: the modem maker, or its tech help line.)
Most of their support staffs will claim Linux doesn't exist, and you are on your own; so be careful. For example, AT&T admits that you can install their DSL yourself, for free; but they only provide on-line help for Windows users, and for the few modems and routers that they supply.
Because of the security hazards of an “always-on” high-speed connection — hosts newly connected to the Net are often attacked within seconds of becoming available — it's important to harden all the pieces before making the DSL connection.
If you read the discussions at DSL Reports, you'll find numerous complaints that the 2Wire gateway tends to be short-lived, and suffers from overheating problems. Likewise, some of the modems AT&T has provided have had overheating problems. So, as Linux isn't a “supported” system anyway, I figured it made sense to search the Web for opinions about reliable DSL hardware. Again, the DSL Reports site provided several leads.
I then searched for prices. Of course, many of the items people had found long-lived in the past have since vanished from the market; but a few are still being sold. Both Netgear and D-Link seemed to be well-regarded makers, and sell capable equipment at reasonable prices; unfortunately, more than one user has complained that D-Link refuses to support users of Linux systems, even to the extent of providing information about their own hardware to Linux users.
Netgear, on the other hand, actually uses Linux as the O/S in their routers. You can even telnet into their device and get a busybox shell, which is pretty tempting to somebody who likes to know what goes on inside things. Finally, I found that Amazon was selling the very reliable Netgear DG834G router/modem for about $45. This all added up to too much temptation for me to resist; I ordered one on May 4. (It was supposed to arrive on May 10; but it showed up on my front doorstep the morning the the 6th, apparently because the shipping point was somewhere else in San Diego, instead of the Netgear home office in San Jose.)
This is a wireless router as well as a modem and (sort of) a firewall. I don't have any wireless hardware, and consider wireless a security risk in any case; but it's possible to turn off that feature. The version I got is the v4 one, not the v5 (the new version with the on/off switch) that's offered on Netgear's website. (Wikipedia explains that the differences among the various hardware versions are different chipmakers' CPUs and networking chips.)
In retrospect, this was a good choice in many ways. Although I got a lot of features I don't need — I really don't need a router, as I just have the one computer, and I certainly don't need a wireless router, as I have no wireless hardware in the house — nevertheless, I saved a lot of hassle in setting up the system, because the DG834G handles the DHCP negotiations with the ISP's DSLAM. If I'd just gone with a bare modem, I'd have had to set up the PPPoE connection myself. This way, I don't have to worry about the details of the chat script, and the authentication problems that are well described elsewhere.
I'll just call the DG834G a “modem” in most of the narrative below, even though it has additional features.
There's a handy network-security checker on the website of Gibson Research Corporation, an outfit that offers a security check called ShieldsUP! to Windows users. A free demo of this vulnerability-tester is at https://www.grc.com/x/ne.dll?bh0bkyd2 — use it to check your exposure.
So the first job is to get rid of the DSL modem's default password (namely, “password” — really, no kidding, that's the factory default!), which, on a scale from 1 to 10, has a strength of about, oh, say 10−6.
To do this, we need to have the modem turned on, and we have to be able to get at its administrative interface with a browser. We do not need to have the modem connected to the phone line — indeed, we should do this before it's ever connected to the line.
I'll describe in detail the procedure for the Netgear DG834Gv4 modem/router; but the procedure will be similar, apart from the details of the modem's own administrative interface, for other DSL hardware.
Next, we plug an Ethernet cable into the modem (any of the four numbered sockets will do), and plug the other end of the Ethernet cable into the Network Interface Card (NIC) on the computer. You should be able to “hot-plug” this cable; if you're super-cautious, do it with the computer turned off. Then when the computer is on, the number on the front of the modem that corresponds to the socket you used on the back will light up green, indicating that the modem knows that it's connected to the computer.
The NIC should have been recognized when your computer booted; you can check by searching for it in the output of the dmesg command:
dmesg | grep eth0
This should show that the kernel found your Ethernet card, and assigned it the name eth0.
So, su to become root, and enter the command:
ifconfig eth0 192.168.0.99 up netmask 255.255.255.0
(You can now ping 192.168.0.1 to show that the modem's IP is accessible.)
Type in the default user: admin
and the default password: password
and you'll see the administrative interface of the modem in the browser window.
This brings up a new middle frame, asking for the old password (again), and then the new one (twice). Enter your new password in both spaces, and click on the Apply button. This changes the password to whatever you put in as the new one. (Pick a good, strong password; this is basically the root account on a Linux box, remember.)
Be careful to write down this new password and keep it in a safe place. If you ever forget it, you'll have to reset the modem to the factory defaults to get the original, unsafe password again, and go through the whole process from scratch — including re-setting any other changes you've ever made.
If you ever have to go back to the unsafe factory defaults, BE SURE you disconnect the modem from the phone line before pressing the reset button! And remember that upgrading the modem's firmware will probably reset those unsafe defaults, too.
A good set of security considerations is on the Broadband Report website. In particular, see the section called BEFORE Connecting to the Internet!
If you take too long to go through these steps, you may exceed the 5-minute (default) time limit for the use of the admin account on the modem. Then it will ask you to re-enter the username and (new) password to continue using the administrative interface. (Sometimes it just asks for the password.) If this happens, give it what it wants, and continue.
ATT has a variety of URLs that all lead to the registration website. The one I used was http://attreg.att.net — but there are many others, such as http://helpme.att.net/register/ or its numerical equivalent, http://188.8.131.52/register/ .
If you go to the registration website and look at the page source, you'll see a statement that Adobe Flash is required. But the Flash Player isn't part of Firefox/Iceweasel by default; you have to install the flashplugin-nonfree package to get it. I had already done this, for other reasons; so I figured I could probably register my phone line with the ISP even if I used the Firefox (i.e., Iceape) browser. I did; it worked just fine. Probably any browser will work, if it's Flash-enabled. (Adobe has a page where you can test your browser to see whether you have FlashPlayer installed, and which version you have as well.)
I find that Firefox/Iceweasel balks at rendering the Wireless Settings frame of the Netgear DG834G's administrative interface, adding an inconspicuous line at the bottom of the toolbar group at the top of the window that says “Iceweasel prevented this page from automatically redirecting to another page”. But there's an “Allow” button at the right-hand side of that added strip, which does indeed allow the frame to display correctly. Maybe other users have overlooked this subtle warning, just as I did at first, when using Firefox.
Once you're in the Yahoo homepage, be sure to click on the Member Center tab, so you can turn off the radio buttons that are pre-set to spam you (as nicely described in this page on the Broadband Reports site.)
Also, you probably will want to tell ATT/Yahoo to send mail to a different email address than the one at the account you've just registered. (This is under Contact Information in the Member Center.) After you specify a different e-mail address, they will send a test mail to it, with instructions on how to verify that it's really yours. Be sure this message isn't discarded as spam, and follow its instructions promptly, or you'll get error messages when your DSL modem/router tries to pass outgoing mail on to some SMTP relay. (If you start getting “Error 553” messages, there's a page that explains how to verify your external email address.)
It's convenient to register from a machine that allows you to print from the browser, because there are pages of on-line and off-line questions and answers that you may need to reproduce to identify yourself, if you have to talk to a support person, as well as the magical account name and password that you'll need to put into the modem; so it will be handy to have a printout of these things.
You can do it a day or two before your DSL service is due to be installed; they claim in the “Important Information” (on the back of the Order Confirmation that they mail out) that you “will not be able to complete the activation/registration portion of the installation” until the service is active — nominally, after 8 p.m. on the Service Activation Date. But I went through the registration process on the day before, and it all worked just fine. So I think what they mean is that you have to have the DSL line available to do the registration their way (i.e., with the CD, etc.)
Remember that the username is in the form of an e-mail address: it's something like JSmith@att.net, not just JSmith. And don't forget that the username and password that you set up during the account-registration process are different from the username (admin) and password that you changed in the modem.
Once you're in the administrative page for the modem, click on Basic Settings under the Setup heading on the left. The changes the middle frame to one that offers Login and Password items, near the middle of your screen. These will be blank to begin with.
For Login, fill in the username you set up when you registered your account with the ISP. (That will be “Somebody@att.net” — but without the quotes, of course. It's important to remember the “@att.net” part.)
For Password, fill in the password you set up when you registered the account at the ISP website. (This username/password pair that you established during the registration process are actually used in the PPPoE handshaking between your modem and the ISP's DSLAM at the other end of your phone line; if you were using a simple modem, you'd have to set up this stuff in the PPPoE chatscript.) Leave everything else alone; Netgear's defaults are correct.
Scroll down to the bottom of that panel, and click on Apply. That makes the modem use your new values.
While we're here, go back to the left-hand panel and click on ADSL Settings (the item just below Basic Settings.) This brings up a little frame with the VPI and VCI items, whose default values were 8 and 35 when I got my modem. You need VPI set to 0, not 8, for AT&T; but 35 is right for their VCI. (There's a nice table of VPI/VCI pairs for common ISPs at http://www.dslreports.com/faq/1149). Leave everything else alone; the other defaults are correct.
Again, click Apply to fix the new values, and then scroll down to the bottom on the left to log out of the modem. It should now be set up correctly to sync with the DSLAM at the nearby central office.
Indeed, on May 10, I plugged the little splitter/filter unit that came with the modem into the phone outlet, and plugged the phone cord that came with the modem into the ADSL socket, and the “Internet” light on the modem lit up green. The modem quickly established its connection with the DSLAM, and I was about ready to use my DSL connection.
iface eth0 inet dhcp
which tells your system that the Ethernet card is your connection to the Net, and that it gets your IP address by Dynamic Host Configuration Protocol. Once this line is in that file, you can bring up the network by entering the command (as root, of course)
to set up the connection.
This saves a lot of fiddling around with ifconfig and route. You can still use route to verify that the Ethernet link is set up, though.
Here's the output from route -n :
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
That's it. You are now connected to the Net.
— or, if there's already an auto line for other interfaces, just add eth0 to it. Once you have the connection made, you'll no longer need to use ifconfig when you want to adjust settings in the modem/router; you just launch a browser and type its IP address, as described above.
One of the first adjustments I made was to turn off the wireless broadcast of the DG834G, effectively converting it to a DG834. Log into its administrative interface, and click on Wireless Settings to shut off the Wireless Access Point. If you really need the wireless routing feature, at least select the strongest of the Security Options that's compatible with your local setup. Don't forget to scroll down to the bottom of the frame and click the “Apply” button to make your new settings take effect.
Another thing to do is to save the modified settings; Netgear has nicely provided a way to do that. You click on Backup Settings (the third item under Maintenance, in the left-hand panel), and the middle panel changes to a frame that offers to Save a Copy of Current Settings. Click on the Backup button, and the browser pops up the usual dialog box asking where to save a file.
The default name of the file is netgear.cfg , but you can tell the browser to use a different name. Be very careful with the permissions and ownership of this file, as it contains the passwords of both the modem's admin account and your AT&T/Yahoo account in plain text. I suggest keeping this file, with permissions set to 640 and owner:group set to root:root, in the /root directory.
Similarly, I temporarily lost the ability to send mail directly from home, because of the ISP's anti-spam blockade of Port 25. Well, neither of these inconveniences is fatal; I can still send mail from mintaka. [And, in fact, the mail problem turned out to be solvable by using Port 587 instead of 25.] And neither problem is connected with either Linux, or DSL; it's just a side-effect of having to use an outside ISP.
On the plus side, I'm now networked at roughly ten times the speed I had with the old dial-up connection. (I could be yet another factor of 10 faster, if I wanted to pay more for the higher tiers of DSL service.) This makes system upgrades that used to take hours a matter of a few minutes.
Finally, on May 14, I got in the snail mail the Order Confirmation letter with the official instructions on how to install the AT&T-approved modem and register, using their (totally unnecessary) installation CD with their approved modem models and supported versions of Windows. (Fortunately, I never asked for, and never got, their CD.)
This was a lot more painless than I expected! (There are some horror stories out there about installing AT&T's DSL service. In particular, note this one about billing and reconnection problems.)
Debian users can install these HOWTO documents locally by installing either the doc-linux-text package (the plain-text version), or the doc-linux-html package — better, because the HTML version contains very helpful cross-references.
Very useful information on networking in general is now in Chapter 6 of the Debian Reference manual; formerly, this was in Chapter 5. Make sure you have installed the debian-reference-common package and the appropriate translation of the manual, such as debian-reference-en. You can bring up its Table of Contents with the debian-reference command.
The online version of the networking chapter of the manual is at http://www.debian.org/doc/manuals/reference/ch05.en.html. However, this is the old version (as of May, 2010); the English version in the debian-reference-en package is newer.
Their DG834G page has links to the 157-page v5 user manual (2008), by clicking on the Support link (and from there, the Documentation tab). However, the documents for earlier versions are available, too; e.g., the 168-page v4 reference manual (2007). (You can find reference manuals for these obsolete devices in the ``Downloads'' section of the Customer Support area.) There are links to all the various hardware models in this family at their common DG834G page, and each model has its own Documentation tab. It's encouraging to see that information is available for all the earlier models.
A couple of useful Web pages that really helped get me going were http://www.willlaw.org/blog/diy/how-to-install-sbcatt-yahoo-dsl-without-the-install-cd-in-5-easy-steps/ and this page on the Broadband Reports site.
I'll single out a particular site that's provided useful hardware reviews and information over the years: Tom's Hardware. Google always seems to lead me there when I'm checking out equipment issues, and the information has nearly always been useful.
Now it's 2017, and AT&T is getting rid of their copper cables as fast as possible. This means I got a letter from them saying I have to move from plain old DSL to their “U-Verse” — which turns out to be glorified ADSL (of a flavor often called ADSL2). So I called their 800 number and set up a time for the installation of the new service.
Actually, there are some added features. But there are also some missing features. Here's why: the new system replaced the wires from the Central Office that carried the regular DSL signal with fiber-optic cables. Near the house is a “node” where the signal on the fiber is converted to a wide-band electrical signal that comes into the house through the old subscriber line (local loop). Because the twisted-pair path between the node and the phone plug next to my computer is so short, the signal can have a much higher bandwidth than the old DSL connection from the Central Office could deliver.
Unfortunately, the old copper-wire connection also carried 48-volt power to operate the ringers on my old analog phones. That means that my old rotary-dial phone can't be made to ring with the weak signal delivered over the fiber line. Furthermore, the VOIP system that carries the voice signal over the new fiber lines can't use the pulse dialling signals from the rotary handset. So the rotary phone had to be replaced with newer hardware.
The AT&T installer and service reps kept telling me I needed a digital phone, i.e., an IP phone. That turned out not to be true; such phones are needed only if you want a wireless phone. As I'm allergic to the security problems of wireless systems, I wanted to stay as close to the old land-line stuff as possible.
If you start searching for telephones on the Net, you soon notice that IP phones always have a bigger plug than a regular land-line (analog) phone. So let's think about plugs for a minute.
The NVG589 manual does not explain this; but if you search for what FXS means, you will find that FXS is telephony jargon for Foreign eXchange Subscriber, an interface which is “the port that actually delivers the analog line to the subscriber”. In other words, the NVG589 Gateway presents an interface to your push-button analog phone that looks like an ordinary analog phone connection, both mechanically and electrically. It simulates an analog-phone Central Office connection, complete with dial tone, ringing signals, etc. And of course it also translates the analog voice channel to VOIP digital format, and vice versa.
I verified that this works by trying an old push-button analog FC2540 handset in the FXS connector. It instantly got dial tone, because I had already asked the installer to transfer the old phone connection to the new modem. (As I have only a single line at the computer, I didn't need the special AT&T splitter adapter to provide separate connections for two analog phones.)
I could have put the old rotary phone on the other land line, which I kept as the regular home phone (mostly to guarantee 911 service in case of a power outage); but so many places you call these days require the use of a touch-tone phone that I went to Fry's and bought an AT&T model 210 handset for $10. So we now have tone dialling on both lines.
This was a fairly painless conversion, once I figured out what kind of phone I needed to use.
Copyright © 2010, 2012, 2017 Andrew T. Young
or the website overview page