stocksy.co.uk
"the site for those who crave disappointment"

Sponsored Links

BT Infinity FTTC (and my own FreeBSD router)

13th Jan 2013, 17:22:17

By James Stocks

Since it was launched three years ago in 2010, BT Infinity with its 80Mb download and 20Mb upload has been a tempting prospect, but the idea of dealing with BT retail horrifies me. However, having just acquired a building with no phone line, my hand was forced. It seems BT is the only telecom operator who will install a PSTN line for free for new subscribers. This saving of £130.00 pushed me over the edge. How bad could it be?

BT HomeHub 3

Six weeks(!) after placing an order, BT scheduled an Infinity engineer in the same time slot as the PSTN engineer, but in a stroke of good fortune they turned up in the right order. I should have been sent a welcome pack and a Home Hub router before the arrival of the Infinity engineer, but none was delivered. Thankfully, the engineer had a spare Home Hub in his van, silly really, since I had no intention of using the BT-provided router anyway. Nevertheless, by lunchtime, I'd been left with an openreach modem and a BT Home Hub 3.0 connected to a working BT Infinity service.

BT FTTC install

I couldn't decipher what the Home Hub was doing based on its incredibly simplistic web interface, there certainly didn't seem to be any way to turn it into a bridge so I could use my own router and given the Home Hub's reputation for terrible reliability I had little inclination to pursue the matter. I'm not really one to trust telco-provided black boxes anyway. I decided it would be easier to just sniff the packets between the Home Hub and the openreach box. Lots of PPPoE traffic was what I saw. A quick web search revealed that a username of bthomehub@btbroadband.com and any password is sufficient to bring up a PPPoE connection. Good!

I disconnected the Home Hub and plugged in an Alix 2d3 running FreeBSD 9.

BT FTTC install

My FreeBSD box is on the other end of the network socket connected to the OpenReach box with the yellow-booted cable, which is just a straight patch cable.

With the openreach-provided Huawei HG612 already configured to act as a bridge, it's now quite straightforward to get FreeBSD to do the PPP connection:

# vi /etc/ppp/pppd.conf

infinity:
 # Replace vr2 with the interface connected to the VDSL2 modem
 set device PPPoE:vr2
 set speed sync
 set mru 1492
 set mtu 1492
 set ctsrts off
 enable echo
 set echoperiod 15
 enable lqr
 set lqrperiod 15
 set log Phase tun
 enable ipcp
 disable dns
 # Replace vr2 with the interface connected to the VDSL2 modem
 set server /tmp/pppoe-vr2 "" 0177
 set authname bthomehub@btbroadband.com
 set authkey BT
 # HISADDR is shorthand for the remote end of the link,
 # pppd will set this as the default route
 add! default HISADDR

The indenting is important and forms part of the config file syntax! A quick tweak to rc.conf is needed to bring up the PPP connection on boot:

# vi /etc/rc.conf

# Replace vr2 with the interface connected to the VDSL2 modem
ifconfig_vr2="up"
# PPPoE configuration
ppp_enable="YES"
ppp_program="/usr/sbin/ppp"
ppp_nat="NO"
ppp_user="root"
ppp_profile="infinity"
ppp_infinity_mode="ddial"
ppp_infinity_nat="NO"

Start pppd:

# service ppp start

All being well, pppd will create the interface tun0, which will be assigned your internet IP address. Let's adjust pf.conf to take account of this situation:

# vi /etc/pf.conf 

# VDSL modem on physical vr2, but pppoe creates tun0
ext_if="tun0"
# Inside network
int_if="vr1"

### End Macros

### Options

set skip on { lo0, enc0 }
set loginterface $ext_if
# set debug urgent
# set require-order yes
set block-policy drop
set state-policy if-bound
set fingerprints "/etc/pf.os"
# set ruleset-optimization none

### End Options

### Tables

### End Tables

### QoS goes here

### FTP stuff
# Proxy FTP connections for users on the internal network
# This needs ftpproxy_enable="YES" in /etc/rc.conf
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
rdr on $int_if inet proto tcp from $int_if:network to any port ftp -> lo0 port 8021

### END FTP

### NAT

nat on $ext_if inet from $int_if:network to any -> ($ext_if) port 1024:65535

### END NAT

### pass and block statements; connections we want
# If we don't specify otherwise later, block it and log it
block log all

## Use an FTP proxy on this box
anchor "ftp-proxy/*"
pass in on $int_if proto tcp from $int_if:network to lo0 port 8021

# Management
pass in on $ext_if inet proto tcp from any to ($ext_if) port ssh 
pass in on $int_if inet proto tcp from $int_if:network to $int_if port ssh

# Pass traffic from the local network to elsewhere
pass in on $int_if from $int_if:network to !(self)

# Permit all traffic going out of an interface (not the router as a whole)
pass out inet

# Allow ICMP types neccessary for MTU path discovery to work:
pass inet proto icmp all icmp-type unreach code needfrag

#Allow ICMP echo requests
icmp_types = "{ echoreq, unreach }"
pass inet proto icmp all icmp-type $icmp_types

### END pass and block rules

antispoof for $ext_if
antispoof for $int_if
antispoof for lo0
# pfctl -f /etc/pf.conf

An unscientific speedtest.net test shows 37Mb down and 9Mb up. Not bad.

New Comments

Some Rights Reserved