Version: 1.0
By: Lucien Wells.
Using: SmoothWall 0.9.8
Special thanks to Alex Webster for coauthoring the HTML
SmoothWall (aka. Smoothie): http://www.smoothwall.org
Telstra Bigpond (Advance) Cable: http://www.bigpond.com/broadband/
Update: It has come to my attention that there is an issue with Telstra Bigpond Cable and resolving internal IP addresses when trying to log in to SmoothWall via FTP and/or SSH. After a lot of help from Lawrence Manning (SmoothWall co-author) a fix was devised. This guide has been updated to include the fix - people who have already installed SmoothWall according to the original guide should check the "FTP/SSH Login Issues" update section.
As the availability of internet access, and in particular broadband connections, has spread, people have increasingly wanted to share the bandwidth available to them private LANs (local area networks). Furthermore, due to the permanent and semi-permanent nature of most speedy connections, the need for security has increased. Enter SmoothWall, a firewall and gateway Linux appliance.
While SmoothWall works straight out of the box for most broadband connections, a certain amount of customisation is needed to get SmoothWall to work with Telstra Bigpond Cable. Unlike most cable connections, Telstra requires the use of a login application with its cable product. This mini-HOWTO will describe the various steps required to have SmoothWall work effectively with Bigpond Cable.
Before proceeding with the rest of this mini-HOWTO, you will need the following:
I will assume that you have read and correctly followed the instructions provided by the SmoothWall team, have a working SmoothWall installation, and are able to access the admin interface from another PC (again, this is outlined in the documentation).
To transfer files to the SmoothWall installation, the FTP server on the SmoothWall box must be enabled. To do so, surf to the admin interface and select the "Remote access" option.
The SmoothWall login screen – select "Remote access" from the menu bar.
Once at the "Remote access" screen, place a check in the ‘Ftp’ checkbox and hit the save button. The ftp server is now enabled.
The remote access screen.
As outlined in the ‘before you begin’ section, you will need an ftp client, to have it installed, and have a basic understanding of its workings.
The first ‘issue’ one is likely to encountered with SmoothWall and Bigpond Cable is related to SmoothWall not identifying the DHCP (Dynamic Host Configuration Protocol – the system used be Bigpond Cable to assign IP addresses) settings correctly. I initially suspected this problem pertained only to my connection, but it has since been confirmed by other Bigpond cable users.
SmoothWall uses the dhcpcd client for obtaining DHCP configuration information on boot. So, the first step is to boot (or restart) your SmoothWall box ensuring that the connection to your cable modem is plugged in. Now, login to your SmoothWall ftp, go to the /etc/ directory of SmoothWall and look for a file called ‘resolv.conf’. If you ftp client supports it, view this file, otherwise download the file (in ascii/text) and open it in a text editor (eg. notepad in Windows).
Ideally, your ‘resolv.conf’ file should contain something similar to this:
nameserver 61.9.192.13
nameserver 61.9.192.16
nameserver 127.0.0.1
search nsw.bigpond.net.au
If it does, you are A-OK to proceed to ‘Installing a login client -- Bids2Login’. However, it is much more likely that your ‘resolv.conf’ will contain the following:
nameserver 127.0.0.1
This means that dhcpcd was unable to obtain the required DHCP information from Telstra’ DHCP server, and any attempt to login to Telstra’s cable service will not work.
The simplest way to fix this problem is to edit the ‘resolv.conf’ file so it contains the correct information, and the easiest way to get that information is to do the following:
1. Go to your SmoothWall box (or SSH in if you know how to).
2. At the command prompt, type the following: "dhcpcd ethX" where ‘ethX’ is the name of the network card that your cable connection is connected to.
EthX? What the…?:
If you are unsure what ‘ethX’ is on your system, type "ifconfig" at the command line. Assuming you have two network cards, you will see "eth0","eth1" and "lo". Ignore "lo". Look specifically at the information following the ‘inet addr’ field.
One network card will show the IP address for the ‘green adaptor’ address you entered during the SmoothWall installation – in my case that was ‘192.168.0.1’ – it is the other card, the ‘red adaptor’ we are after. Note the name of this card: replace ‘ethX’ with the name of that card.
Now return to your other machine running the FTP client. Refresh the directory and you should notice a new file: ‘resolv.conf.sw’. This is a backup file that will contain the old information, that is, "nameserver 127.0.0.1". Download the ‘resolv.conf’ file (ascii/text), open it in your text editor, and you should see something similar to this:
nameserver 61.9.192.13
nameserver 61.9.192.16
nameserver 24.192.1.30
search nsw.bigpond.net.au
The exact contents may vary somewhat, but it should be similar. If you still only see "nameserver 127.0.0.1", you have a problem of some sort – check that all your cables are connected properly, that your cable modem is on, and that you typed the dhcpcd command correctly.
You will need to make one change to the resolv.conf file. With your text editor, do the following:With your text editor go to the third 'nameserver' line (in my case "namerserver 24.192.1.30") and replace it with "nameserver 192.168.0.1". Save and upload 'resolv.conf' overwriting the original.
1. Go to the third 'nameserver' line, for example:
nameserver 24.192.1.302. Replace it with:
nameserver 192.168.0.13. Save and upload 'resolv.conf' (ascii/text) overwriting the original.
Now, bearing in mind that when the SmoothWall box is reset it will revert back to the ‘resolv.conf.sw’ file, we want to make the contents of ‘resolv.conf.sw’ to match that of the new ‘resolv.conf’ file. The easiest way to do this is to execute the following commands from the command line of the SmoothWall box:
1. Go to the /etc/ directory:
cd /etc/2. Copy the ‘resolv.conf’ file to the ‘resolv.conf.sw’ file:
cp resolv.conf resolv.conf.sw3. When prompted to overwrite, type:
‘y’ and press enter or return.
Ok, that’s half the battle won. At this point it is recommend that you restart your SmoothWall machine: your cable modem must be plugged into your SmoothWall machine during (and after) the restart, as the rest of this guide assumes it is. For those that don’t know the correct restart command, type the following at the SmoothWall command line:
shutdown –r now
This will immediately start the shutdown process, with the ‘-r’ flag indicating to the machine to reboot. Once the reboot is complete, login to your SmoothWall machine with the root account.
Due to issues
Since writing the original SmoothWall and Bigpond Cable guide, it came to my attention that there was a specific issue with DNS resolution and Bigpond Cable that meant it was nearly impossible to log in to your SmoothWall machine via FTP, and took much longer than it should via SSH. The following is a workaround for the problem thanks to Lawrence Manning (SmoothWall co-author).
The next ‘issue’ is not an issue with SmoothWall at all, rather it is a problem with the way that Telstra has setup its Bigpond Cable network. Unlike most cable networks (and like the RoadRunner cable service in the US), Telstra Bigpond Cable requires you to run a login application before you can access anything, and thoughtfully Telstra didn’t provide a *unix login client.
Thankfully, Bigpond users came to the rescue and programmed a number of unofficial login clients – this is where the bids2login script you downloaded earlier will come in handy.
Before going much further, I would like to point out that a lot of the following information is regurgitated from the accompanying bids2login help file and I recommend you read the help file if you want more information on bids2login, although its not strictly necessary.
The first step is to create a directory to house bids2login – using the directory the author of bids2login suggests (/usr/local/bpc) – so switch back to your SmoothWall machine for a second…:
To create the directory, type the following at the command line:
mkdir -p /usr/local/bpc
Now switch back to your other machine and open your FTP client again – log in to your SmoothWall server. Now switch to the directory you just created (eg. /usr/local/bpc) in your ftp client, and upload (in binary) the bids2login compressed file you downloaded earlier ("bids2login-1.00-x86-unknown-linux-elf.tar.gz" in this example). Again, switch back to your SmoothWall machine and do the following:
1. Go to the bids2login folder:
cd /usr/local/bpc (or the directory you created)2. Uncompress the gzip file:
gzip -d bids2login-1.00-x86-unknown-linux-elf.tar.gz3. Uncompress the resulting tar file:
tar xvf bids2login-1.00-x86-unknown-linux-elf.tar
Its now time to test out the bids2login script, and see if SmoothWall is finally hooked up to the ‘net via Bigpond. Issue the following commands from the SmoothWall command line:
1. Make sure you are in the bids2login folder:
cd /usr/local/bpc (or whatever directory you created)2. Execute the bids2login script
./bids2login -l <username> -p <password>Where <username> and <password> are your Bigpond Cable username and password respectively.
3. If all is successful you should get a message saying:
"Login at <current date> as <username> successful."
Great! Now we have net access! If you leave your SmoothWall machine alone for long enough (at almost exactly five (5) minute intervals) you will notice ‘heartbeat’ replies show up on the screen:
"Status Heartbeat for <username> responded to at <current date>."
Heartbeats are totally normal, so don’t go worry if you see one.
Now, hit Control-C to stop bids2login.
Right… that’s all great and fantastic, but who wants to have to type commands if they can avoid it…? So its time to automate the login sequence.
But first, lets get a little sidetracked: one of the neat features of bids2login is that it can read your password from file, which is much more secure than typing it at the command line, and it also helps to automate things. So open your text editor, and do the following:
1. Start a new file
2. Enter your password, and password only, into the file.
3. Save the file – you can call it anything, but ‘bpc.login.pw’ is recommended as per the instructions included with bids2login. Be careful here, because a lot of text editors will add a .txt extension to the file – if yours does, just rename the file to ‘bpc.login.pw’
4. Open your FTP client, and log into your SmoothWall machine. Go to the /etc/ directory on the SmoothWall machine and upload ‘bpa.login.pw’ (in ascii/text).
We are almost there; we just need to make one final change. Assuming you are still logged in to your SmoothWall machine via FTP, go to the /etc/rc.d/ directory, and do the following:
1. Download the ‘rc.sysinit’ file. This is the initial system file, run when the machine boots, and this is where you are going to add a few lines to have bids2login automatically log into the Bigpond network.
2. Open rc.sysinit in a text editor.
3. Scroll down to the lines reading:
echo "Starting sshd (if enabled)"
/usr/local/bin/restartssh4. Add the following after the above lines:
echo "logging onto big pond cable .."
/usr/local/bpc/bids2login -l <username> -f /etc/bpc.login.pw &Where <username> is your Bigpond Cable username, and /etc/bpc.login.pw is the password file you uploaded earlier.
5. Save, and upload rc.sysinit (in ascii/text).
For those interested, the ampersand (‘&’) at the end of the command merely tells SmoothWall to run this command in the background – you will however get heartbeats showing up on the command line.
Done! Restart your SmoothWall machine, and during the start-up process watch for "logging onto big pond cable". When the command prompt comes up, login as root, and try pinging a server (for example, telstra.com):
1. To ping telstra.com type the following at the command line:
ping –c 4 telstra.com2. You should get a readout similar to the following:
PING telstra.com (144.135.18.10) from 144.132.178.59 : 56(84) bytes of data.
64 bytes from 144.135.18.10: icmp_seq=0 ttl=251 time=9.4 ms
64 bytes from 144.135.18.10: icmp_seq=1 ttl=251 time=17.1 ms
64 bytes from 144.135.18.10: icmp_seq=2 ttl=251 time=14.8 ms
64 bytes from 144.135.18.10: icmp_seq=3 ttl=251 time=34.1 ms
--- telstra.com ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 9.4/18.8/34.1 ms
If you do not get a readout similar to the above, try pinging another server, say yahoo.com (just replace ‘telstra.com’ with ‘yahoo.com’ in the above command). If you still don’t get the appropriate output, you have done something incorrectly, so go back over the above instructions.
Now that your SmoothWall is setup just right, and its auto-logging in to Bigpond Cable, you might want to be able to log the heartbeats, rather than having them filling up your SmoothWall screen (if it has one).
Well, I had a quick email discussion with Lincoln Dale, the creator of bids2login, and he suggested the following:
To get rid of the heartbeats altogether:
1. FTP in to SmoothWall. Go to the /etc/rc.d/ directory and download the rc.sysinit file (in ascii/text)
2. Open it up in a text editor. Find the lines you added earlier:
echo "logging onto big pond cable .."
/usr/local/bpc/bids2login -l <username> -f /etc/bpc.login.pw &3. Edit the lines to read:
echo "logging onto big pond cable .."
/usr/local/bpc/bids2login -l <username> -f /etc/bpc.login.pw 2>&1 > /dev/null &
To have it log heartbeats to file:
1. FTP in to SmoothWall. Go to the /etc/rc.d/ directory and download the rc.sysinit file (in ascii/text)
2. Open it up in a text editor. Find the lines you added earlier:
echo "logging onto big pond cable .."
/usr/local/bpc/bids2login -l <username> -f /etc/bpc.login.pw &3. Edit the lines to read:
echo "logging onto big pond cable .."
/usr/local/bpc/bids2login -l <username> -f /etc/bpc.login.pw 2> <log> &Where <log> is the path and name of the file to log to, for example, "/usr/local/bpc/connection.log", which would put all heartbeats into a file called ‘connection.log’ in the ‘/usr/local/bpc’ directory.
One thing to be aware of – heartbeats come in every five (5) minutes, so you log will eventually grow to fairly large sizes… you have been warned.
There is, however, a solution in the form of logrotate, which as the name implies, rotates logs, and is part of the SmoothWall distribution. To setup logrotate, rotating logs weekly, and archiving those logs for four weeks (while also compressing them), do the following:
1. FTP in to SmoothWall. Go to the /etc/ directory and download the logrotate.conf file (in ascii/text).
2. Open it up in a text editor. Find the lines following line:
"# system-specific logs may be configured here"3. After the above line, add the following:
# Start Bigpond Cable logs
"/var/log/bpc.connection.log" {
# truncate the original log file in place (stops opening a new file)
copytruncate
# rotate logs weekly:
weekly
# keep 4 weeks worth of backlogs, before deleting
rotate 4
# compress old logs
compress
# Stop Bigpond Cable logs
}Where <"/var/log/bpc.connection.log"> is the output log you specified previously.
4. Save, and upload logrotate.conf (in ascii/text) overwriting the original.
All of the above lines should be fairly self-explanatory. If you would like to mess around with logrotate, I suggest you read the logrotate manual (by typing "man logrotate" at the SmoothWall console). More importantly, after awhile you will notice that files similar to the <log>.1.gz will begin to appear in your /var/log/ directory, where <log> is the name of the log file specified earlier.
Be aware that there are limitations to the above configuration – for instance, the current log is overwritten if the SmoothWall machine is rebooted – however, it does provide a convenient way of logging heartbeats, and the linux gurus amongst you probably can work out more advanced configurations.
There comes a time when you want get your SmoothWall box to logout of Bigpond Cable. You have two options – either shutdown the machine, or type the following from the command prompt, or via ssh:
kill $(cat /var/run/bids2login.pid)
Essentially, this will kill the bids2login script, so there will be no response to the heartbeats, and thus you will be logged out – this may take up to five minutes.
Whenever file uploads or downloads are mentioned in this mini-HOWTO you will notice either (ascii/text) or (binary) noted. The problem, without going into detail, relates to the different ways operating systems signal new lines in files.
The (ascii/text) or (binary) note is merely telling you which form or transfer to use for that file. Most FTP clients automatically recognise certain file types, and will adjust the transfer type accordingly, or you can manually adjust the transfer type. However some FTP clients are not particularly good in this regard, so be careful when transferring files.
The following is a list of people who helped me write this guide (in no particular order):
Stephen Johns
Alex Webster
Richard Morrell
Lawrence Manning
Lincoln Dale
‘Bill’, ‘Becky’ and ‘neuro’ from the SmoothWall IRC channel.
Numerous people on the ‘[users]’ mailing list.
SmoothWall:
SmoothWall is a trademark of Richard Morrell and Lawrence Manning and is
published under the GNU General Public License.
Telstra Bigpond Cable:
TELSTRA and BIG POND are trademarks of the Telstra Corporation Limited.
Since writing the original SmoothWall and Bigpond Cable guide, it came to my attention that there was a specific issue with DNS resolution and Bigpond Cable that meant it was nearly impossible to log in to your SmoothWall machine via FTP, and took much longer than it should via SSH. The following is a workaround for the problem thanks to Lawrence Manning (SmoothWall co-author).