Linux Setup

Home Page

Linux Notes

Samba

ISDN

E-mail

Firewall

Setting up an ISDN link

NOTE: As we now have ADSL - using the Pulsar PCI card in a Linux box, these details are unlikely to be updated.

This page describes setting up the BT Speedway (AVM Fritz PCI) card or Eicon Diva 2.01 internal PCI card with Definite Linux 7.0 or RedHat 6.0 or later. (Not the 'Eicon... Pro' card - see below). These cards use the hisax driver. If you are using a different card, you may need a different driver. Once you have got the driver for your card installed, then I think the scripts below should be useful for any card. NOTE: More recent version of 'isdn4k-utils' now provide some extra features for the 'active' Eicon cards, but do read the 'isdn4k-utils' details before you buy one.

If you have an external ISDN TA then you need to check what type of beast it is. One sort you treat just like a serial modem, and they work OK with Linux - if you have a fast serial port (atleast 230,400bps if you wish to do MPPP). The other type needs a CAPI driver, so check there is a driver for Linux before you buy one.

Kernel versions 2.2.12 and up have ISDN driver support built in. On earlier versions you have to download some mods and patch the kernel - all good fun. Definite Linux 7.0 comes with kernel 2.2.12, so no problems in that area. These pre-compiled kernels load ISDN as a module. You will also need the isdn4k-utils package. These are available as RPM's.

NOTE: These scripts worked quite happily with 2.4.xx kernels.

The target is to get a system that will do 'dial on demand' - allow automatic dial out to your ISP for any system on the network. This also needs IP Masquerading. I have included that as part of the Firewall script.

I also show how to set-up a dial in link via ISDN. This requires the option files to be set-up in a particular way.

The advantage of using `dial-on-demand' is that any user can browse when they wish, without someone having to access the Linux machine to bring up the link. However, if you do not set up your Windows machines or Samba correctly then you may find lots of calls being made when you don't expect it. Mail clients like Outlook and Netscape have settings to check for new mail every so often. If you don't have a local e-mail server, then this will cause the link to come up. Disable this feature or set the time to a very long period. When Netscape is closed this may also cause a dial-out. Using a local cache (Squid) on your server, and pointing Netscape at that for its Internet connection can stop this.
Another cause of unwanted dial-outs is Windows browsing. See the Samba configuration page for a suggested set up.

Definite Linux provide a set of scripts called 'rh-isdn'. They don't seem to set up the routes correctly for my purposes. I have more experience with 'isdn4net', but they only assist with the set up of one interface, and we need at least two, one for dial-out to an ISP, and the other for incoming connections. Therefore I am using my own simple scripts based on the 'isdnctrl' facility provided by the isdn4k-utils package.

I am assuming that you have installed the card, and have Definite Linux 7.0 or later installed. (RedHat 6.0 or later with kernel 2.2.12 should do as well)

Make sure you have installed isdn4k-utils. To check do 'rpm -q isdn4k-utils'. It is provided on the Definite Linux or RedHat CDROM. It is usually necessary to be logged in as root to install an rpm package.

NOTE: It is not necessary to have an 'isdn' script run from /etc/rc.d/init.d with this method. The 'isdn4k-utils' package provides the executable files that are called by these scripts as required.

The other assumptions are that the Linux box is set to forward IP packets. Check that /etc/sysconfig/network has the line FORWARD_IPV4=true. You can set this by editing this file directly, or using a GUI method. Also any Windows machine must have the Gateway value in Network Neighbourhood - TCP/IP set to the IP address of your Linux machine. NOTE: These two steps are not necessary if you are only connecting a single Linux machine to the Internet.

"Quick aside" - you need a directory where you can keep any scripts you create that is also in your path. Type 'echo $PATH' and you will see that /root/bin is already in your path statement, but the directory is not always created. Therefore 'mkdir /root/bin'. All the scripts I refer to will be stored in this directory.

To load the hisax driver module I use the following script.

# /root/bin/loadhisax - script to load the hisax module for ISDN.
# The hisax module is given an id - HiSax. This is required as we need to use the hisaxctrl command.
# Use type=11 for the Eicon card
# Use type=27 for the BT Speedway/AVM (Fritz) PCI card.
# Protocol=2 is the Euro ISDN protocol used in the UK etc.
modprobe hisax id=HiSax type=11 protocol=2

Make this script executable by 'chmod 700 loadhisax'.
Run this script to load the hisax driver - 'loadhisax'.
Look in the syslog to see if it has loaded correctly - 'tail -30 /var/log/messages'

"Quick aside" Create an alias for this command as you will use it frequently. Edit /root/.bashrc and add "alias tailsys='tail -30 /var/log/messages' " (without the double quotes). This won't have any affect until you start a new terminal, or unless you activate it using the bash '.' command.
Type '. .bashrc' will read and activate the commands in the .bashrc file.
Now typing 'tailsys' will display the last 30 lines of the syslog. You can add other short forms for common commands in the same way.

You should see in the syslog a number of lines regarding the hisax driver. The last few should be
......
Dec 19 14:47:43 weber kernel: HiSax: 2 channels added
Dec 19 14:47:43 weber kernel: HiSax: MAX_WAITING_CALLS added
Dec 19 14:47:43 weber kernel: isdn: Verbose-Level is 2

The driver has been loaded!

If you use 'lsmod' you can see the modules that are loaded. There should be 'hisax', 'isdn' and 'slhc' amongst others.

The other Hisax card 'types' are as below

1 Teles 16.0
2 Teles 8.0
3 Teles 16.3 (non PnP)
4 Creatix/Teles PnP
5 AVM A1 (Fritz)
6 ELSA PCC/PCF cards
7 ELSA Quickstep 1000
8 Teles 16.3 PCMCIA
9 ITK ix1-micro Rev.2
10 ELSA PCMCIA
11 Eicon.Diehl Diva ISA PnP
11 Eicon.Diehl Diva PCI
12 ASUS COM ISDNLink
13 HFC-2BS0 based cards
14 Teles 16.3c PnP
15 Sedlbauer Speed Card
15 Sedlbauer PC/104
15 Sedlbauer Speed PCI
16 USR Sportster internal
17 MIC card
18 ELSA Quickstep 1000PCI
19 Compaq ISDN S0 ISA card
20 NETjet PCI card
21 Teles PCI
22 Sedlbauer Speed Star (PCMCIA)
24 Dr. Neuhaus Niccy PnP
24 Dr. Neuhaus Niccy PCI
25 Teles S0Box
26 AVM A1 PCMCIA (Fritz!)
27 AVM PnP (Fritz!PnP)
27 AVM PCI (Fritz!PCI)
28 Sedlbauer Speed Fax+
29 Siemens I-Surf 1.0
30 ACER P10
31 HST Saphir
32 Telekom A4T
33 Scitel Quadro
34 Gazel ISDN cards (ISA)
34 Gazel ISDN cards (PCI)
35 HFC 2BDS0 PCI
36 W6692 based PCI cards
37 HFC 2BDS0 S+, SP/PCMCIA

Edit /etc/isdn/isdn.conf. This file comes as part of isdn4k-utils. Enter the country code - UK is 44; the area prefix should be 0, and enter your own area code without the leading 0.

Now set-up the pap-secrets file. Edit /etc/ppp/pap-secrets.
Add a line -
'client' 'server' 'secret'
where
'client' is your account or login name with your ISP
'server' - just use *
'secret' is the password for your ISP account. Don't include the quote marks.

Isdnctrl

The general set-up utility provided with isdn4k-utils (or isdn4linux) is `isdnctrl'. This command is used in the following scripts.

The first script is used with Demon Internet. They use 'static IP numbers' and you have to define the IP numbers to be used in your scripts.

# /root/bin/isdnup
# Set-up ippp0 to dial out to my ISP
export PATH=/sbin:/usr/sbin:/bin:/usr/bin
isdnctrl addif ippp0
isdnctrl addphone ippp0 out 08450798667    #This is the number for Demon Internet
isdnctrl secure ippp0 on
isdnctrl huptimeout ippp0 180     #Shut down after 180 seconds of inactivity
isdnctrl l2_prot ippp0 hdlc
isdnctrl l3_prot ippp0 trans
isdnctrl encap ippp0 syncppp
isdnctrl pppbind ippp0 0
hisaxctrl HiSax 1 4   #Enable isdnlog
isdnlog /dev/isdnctrl0 -D   #Start isdnlog
ifconfig ippp0 `your local IP number' pointopoint 158.152.1.222    #Replace `your local IP number' with the correct IP.
ipppd file /etc/ppp/ioptions.ippp0 pidfile /var/run/ipppd.pid    #This runs ipppd and tells it to read /etc/ppp/ioptions.ippp0, and use /var/run/ipppd.pid to store it's pid
isdnctrl dialmode ippp0 auto    #`auto' mode enables the `dial-on-demand' facility.
                                                        #Use `manual' if you don't want `dod'
sleep 2
route add default ippp0    #Route required for `dial-on-demand'.

More details for these commands are available by typing `man isdnctrl'.
Make this script executable - 'chmod 700 isdnup'.

Do not run this script yet as the option files have not been defined.

NOTE: You may find ipppd in /sbin or /usr/sbin depending on your version of isdn4linux etc. Use 'whereis ipppd' to find out.

Setting up the `ioptions' files

The daemon that links to the ISDN card is 'ipppd', and it communicates via interfaces 'ippp0', 'ippp1' etc. just like 'eth0' communicates with the Network adaptor. Several instances of ipppd can be running at the same time. The file /etc/ppp/ioptions is read by ipppd whenever it is loaded. To be able to dialout to an ISP, and allow external access to this host, or even dialout to a different host or ISP, you must run an ipppd for each interface you want active. As ipppd (see 'man ipppd') always reads /etc/ppp/ioptions, then only common values must be present in /etc/ppp/ioption. The values specific to an interface will be stored in /etc/ppp/ioption.ippp0, and /etc/ppp/ioptions.ippp1 etc.

The `ippp0' interface is added in the script above. Type `ifconfig' and you should see the interface details.
I will concentrate on the option files necessary to bring up the link to Demon Internet. Later I will cover accessing an ISP using dynamice IP's.

Create `/etc/ppp/ioptions'. It should contain -

#/etc/ppp/ioptions.
# Options file with common parameters.
debug
lock
-vj
-vjccomp
-bsdcomp
noccp
-ac
-pc

Now create the /etc/ppp/ioptions.ippp0 file with details for Demon Internet.

# /etc/ppp/ioptions.ippp0
/dev/ippp0
noauth
-chap    # Not using CHAP authentication
user xxxx    #Replace xxx with your account or login name
`your local IP number':158.152.1.222   #Enter your own local IP number provided by Demon.
netmask 255.255.255.0
mtu 1500

More details for these options are available in the ipppd man page (`man ipppd').

NOTE: The lines -vj, -ac -pc, etc disable various compression options. Using no compression has given the most reliable connection with some versions of isdn4k-utils, but it is worth checking with newer versions to see if compression options are now available.

Now create a script to remove the ISDN set-up.

# /root/bin/isdndown
# Script to remove the ISDN setup
kill `cat /var/run/ipppd.pid`
ifconfig ippp0 down
isdnctrl delif ippp0
kill `cat /var/run/isdnlog.isdnctrl0.pid`
#modprobe -r hisax

The last line removes the hisax driver, and is currently commented out. Note that the quote marks around the `cat` command on the kill lines are both open quote marks

Make this executable.

We have now created -
1) a script to load the hisax driver - `loadhisax'
2) a script to setup the ippp0 interface and isdnctrl parameters for ippp0 - `isdnup'
3) the option files to be used by `ipppd' - `/etc/ppp/ioptions' and `/etc/ppp/ioptions.ippp0'
4) and a script to remove this set-up - `isdndown'

Fiddly bits

It seems that some part of the system does not create routes correctly. On a RedHat 5.2 system with a 2.0.36 kernel and ISDN patches applied there are less problems with spurious routes being created than with the 2.2.12 & 2.2.13 kernels and ISDN4linux.

The routes direct the IP traffic to the correct place. For `dial-on-demand' you must have the default route set to ippp0 before the link comes up or nothing happens. We have added a default route as the last line of the `isdnup' script. However, once the link is up, this route goes away and other routes are added!!. Make sure you have only one default route. You can see this problem being discussed frequently on the isdn4linux newsgroup `de.alt.comp.isdn4linux', and in the FAQ that comes with isdn4linux.

My solution is to use /etc/ppp/ip-up.local, and /etc/ppp/ip-down.local. The ip-up.local script should be called from ip-up after the link to your ISP is brought up, whereas the ip-down.local script is called by ip-down when the link dies.

These files don't always exist, so create them. They must be executable, and have #!/bin/bash as the first line. (Yes, you must include the #)

Edit /etc/ppp/ip-up.local to include -

#!/bin/bash
INTERFACE_NAME=$1
if [ "$INTERFACE_NAME" = "ippp0" ] ; then
/sbin/route add default ippp0
fi

Make this file executable.

Because this script is run whenever the link is brought up using any of the interfaces, it is important to only add the default route for the interface that requires it. The ip-up.local and ip-down.local scripts are passed certain parameters when they are called. The first parameter is the interface. This script tests for ippp0 and only adds a default route if that is true. Make sure there are spaces either side of the square brackets and the = sign. These scripts do not have any knowledge of your path, so include the full path to the command. See `man ipppd' for more details.

When the link is disconnected you must remove the routes that were added when the link came up, otherwise the system will not be in the correct state to initiate the link again.

Edit /etc/ppp/ip-down.local to include -

#!/bin/bash
INTERFACE_NAME=$1
# Try to fix the routes for ISDN
if [ "$INTERFACE_NAME" = "ippp0" ] ; then
/sbin/ifconfig ippp0 down
/sbin/ifconfig ippp0 up
/sbin/route add default ippp0
fi

Make this file executable.

NOTE: Do make sure that when the link comes up you have only one default route.

To initiate the link

To start the link - load the driver with `loadhisax'. Once this is loaded it is not usually necessary to unload it.
Set-up the ippp0 interface by running `isdnup'. The ippp0 interface will be added, and if you have 'isdnctrl dialmode ippp0' set to auto, then opening a browser and selecting a webpage should cause the link to be created.

If `isdnctrl dialmode ippp0' is set to manual, type `isdnctrl dial ippp0', and the system will dial the number defined in the `isdnctrl addphone' statement.
To bring the link down use `isdnctrl hangup ippp0'.

Do make sure you have the IP numbers for your ISP's nameservers in /etc/resolv.conf.

Using ISDN and a dynamic IP

Loading the hisax driver is exactly the same.

The script /root/bin/isdnup changes slightly.

# /root/bin/isdnup # Setup ippp0 to dial out to Free-online
export PATH=/sbin:/usr/sbin:/bin:/usr/bin
isdnctrl addif ippp0
isdnctrl addphone ippp0 out 08451444222
isdnctrl secure ippp0 on
isdnctrl huptimeout ippp0 180
isdnctrl l2_prot ippp0 hdlc
isdnctrl l3_prot ippp0 trans
isdnctrl encap ippp0 syncppp
isdnctrl pppbind ippp0 0
hisaxctrl HiSax 1 4   #Enable isdnlog
isdnlog /dev/isdnctrl0 -D   #Start isdnlog
echo 1 > /proc/sys/net/ipv4/ip_dynaddr    #Required for use with dynamic IP's
ifconfig ippp0 192.168.1.5 pointopoint 192.168.1.10    #These are dummy numbers. They are replaced later.
ipppd file /etc/ppp/ioptions.ippp0
isdnctrl dialmode ippp0 auto
sleep 2
route add default ippp0

The same /etc/ppp/ioptions file should be used as above.

The /etc/ppp/ioptions.ippp0 will change as below -

# Options file to dial out to ISP that uses dynamic IP numbers.
/dev/ippp0
noauth
mtu 1500
user xxx    # Replace xxx with your login name.
ipcp-accept-local    #Accept local IP from ISP.
ipcp-accept-remote    #Accept remote IP from ISP.

The /etc/ppp/ip-up.local and ip-down.local file insertions are still required.

You should now be able to access an ISP who uses dynamic IP numbers.

NOTE: If you wish to use a firewall with a dynamic IP, add the firewall rules to the ip-up.local file. See our Firewall page for more details
Also if you need to use CHAP authentication, which I understand is required by BTInternet, change the 'user xxx' above to 'name xxx' .

Dial in configuration

The dial in configuration allows for remote users to access a server via ISDN. We use this set-up to provide remote support to customers systems. It can be used to provide e-mail and file access for remote users etc.
The dial-out channel will continue to work.

Set up ippp1 on the system that will answer the dial-in request. In this set-up the server allocates the IP number to be used by the remote user, so use a 'dynamic-IP' configuration on the remote system.

Create a file /root/bin/isdndialin.up -

# /root/bin/isdndialin.up
# Script to set up ippp1 to answer incoming calls.
export PATH=/sbin:/usr/sbin:/bin:/usr/bin
isdnctrl addif ippp1
isdnctrl eaz ippp1 xxxxxx    #Replace xxx with your MSN. See below
isdnctrl secure ippp1 off
isdnctrl l2_prot ippp1 hdlc
isdnctrl l3_prot ippp1 trans
isdnctrl encap ippp1 syncppp
isdnctrl dialmode ippp1 manual
isdnctrl huptimeout ippp1 300
isdnctrl pppbind ippp1 1
ifconfig ippp1 192.168.1.1 pointopoint 192.168.1.5   #These are dummy numbers. The IP numbers in the ioptions.ippp1 file allocate the numbers to be used
ipppd pidfile /var/run/ipppd.ippp1 file /etc/ppp/ioptions.ippp1    #This line runs ipppd, and defines the pid and options files to use

Make this script executable

The isdnctrl eaz option is interesting. For EAZ read MSN (Multi Subscriber Numbering). This is your local digital number. On BT Business Highway, I have found using the last 6 digits of our digital number works, even though BT say it should be 0. On an ISDN exchange using the last three digits of the number works (the extension no: perhaps). I think it is due to the checks carried out by isdn4linux. If you have problems try other options, unless you know the real MSN when use that. If you haven't set-up /etc/isdn/isdn.conf correctly then this will not work
NOTE: MSN is not available with Home Highway.

The /etc/ppp/ioptions file containing the common values will be read when ippp0 comes up for dial out to your ISP, and when ippp1 comes up for dial-in, so options specific to ippp1 are put in /etc/ppp/ioptions.ippp1.

# /etc/ppp/ioptions.ippp1
# To answer incoming dial-in request on ISDN line
/dev/ippp1
auth    # Requires remote system to authenticate using PAP
+pap
-ac
-pc
mru 1500
mtu 1500
192.168.1.1:192.168.1.5   # Use the servers local IP and allocate the remote IP.
netmask 255.255.255.255
proxyarp    #Enables remote computer to become part of network

Now to remove the set-up to allow restart etc.

# /root/bin/isdndialin.down
ifconfig ippp1 down
isdnctrl delif ippp1
kill `cat /var/run/ipppd.ippp1`

Make this script executable. Type 'isdndialin.up' start, and 'isdndialin-down' to disable.

NOTE: It is important to add some additional lines to /etc/ppp/ip-down.local to sort out the routes after the script has been run.
Add :

INTERFACE_NAME = $1
if [ "$INTERFACE_NAME" = "ippp1" ] ;then
/sbin/ifconfig $INTERFACE_NAME down
/sbin/ifconfig $INTERFACE_NAME up
fi

Loading ISDN on boot-up

Having created the scripts above, it is now a simple matter to automate the loading of your ISDN configuration on booting. For a RedHat system edit the /etc/rc.d/rc.local file and add:

# Load ISDN.
/root/bin/loadhisax
/root/bin/isdnup

to the end of the file.

For other Linux distributions, add the same lines to the relevant start-up file.

MPPP - Multi PPP or Channel Bundling.

This allows you to achieve 128 kbps with the two channels of an ISDN card, or greater with more cards in the same PC!.

Both the options file and the script containing all the isdnctrl commands need changing.

I have called the new file 'isdnMPPP.up'. The original 'isdndown' file removes the interface.

# /root/bin/isdnMPPP.up
export PATH=/sbin:/usr/sbin:/bin:/usr/bin
isdnctrl addif ippp0
isdnctrl addphone ippp0 out 08451444222
isdnctrl secure ippp0 on
isdnctrl huptimeout ippp0 400
isdnctrl l2_prot ippp0 hdlc
isdnctrl l3_prot ippp0 trans
isdnctrl encap ippp0 syncppp
isdnctrl pppbind ippp0 0
echo 1 > /proc/sys/net/ipv4/ip_dynaddr

isdnctrl addslave ippp0 ippp1
isdnctrl addphone ippp1 out 08451444222
isdnctrl secure ippp1 on
isdnctrl huptimeout ippp1 400
isdnctrl l2_prot ippp1 hdlc
isdnctrl l3_prot ippp1 trans
isdnctrl encap ippp1 syncppp
isdnctrl pppbind ippp1 1
ifconfig ippp0 192.168.1.1 pointopoint 192.168.1.10
ipppd file /etc/ppp/ioptions.ipppM pidfile /var/run/ipppd.pid
isdnctrl dialmode ippp0 auto
sleep 2
route add default ippp0
hisaxctrl HiSax 1 4 #enable isdnlog
isdnlog /dev/isdnctrl0 -D #run isdnlog

The options file '/etc/ppp/ioptions.ipppM' is as follows:

# /etc/ppp/ioptions.ipppM
/dev/ippp0 /dev/ippp1
noauth
user xxxx
-chap
# For MPPP
+mp
# For ISP providing dynamic IP numbers
ipcp-accept-local
ipcp-accept-remote
netmask 255.255.255.255

Start the first channel with 'isdnctrl dial ippp0', then add the second channel with 'isdnctrl dial ippp1'
It seems possible to add/remove the additional channel in the middle of a transfer, but I have NOT checked the file transferred!
The 'auto' bonding option does not work with the version of isdn4k-utils that I am using, which is certainly not the latest version.

PLEASE NOTE. I have not tested the MPPP set up very much, so if you find any improvements please let me know.
This configuration now seems to work well with Demon, on a regular basis. Happy browsing!