We assume here that you want to connect your LEAF router to the Internet via an Alcatel SpeedTouch home ADSL modem which supports both PPPoE and PPPoA connections. The PPPoE connection is covered in another section. For the PPPoA connection, we assume that your modem is connected to a dedicated NIC as eth0 and will communicate with your router through the pptp protocol. What is described here corresponds to section 3.2.5 of the DSL How-To document. The traffic to your internal network goes through eth0 while access to the Internet via PPPoA goes through ppp0.

The PPP-Howto, the PPTP-Client project and the DSL-Howto are two useful references for this section.

Thanks to Eric de Thouars who suggested the required adjustment to Shorewall for this setup to work properly. Comments on this section should be addressed to its maintainer: Eric Spakman <espakman at users.sourceforge.net>.

Boot a Bering-uClibc floppy image. Once the LEAF menu appears get access to the linux shell by (q)uitting the menu. Edit the lrpkg.cfg file and REPLACE the dhcpcd entry by ppp,pptp in the list of packages to be loaded at boot. Check the Bering-uClibc Installation Guide to learn how to do that.

Your lrpkg.cfg file will then look like (adjust to your tastes):

root,etc,local,modules,iptables,ppp,pptp,keyboard,shorwall,ulogd,dnscache,weblet

The ppp package is provided on the standard Bering-uClibc floppy. The pptp.lrp package is available here. http://leaf.sourceforge.net/doc/guide/buci-install.html

In order to have a PPTP/PPPoA connection working, you need to have ppp support enabled through the appropriate kernel modules. You also need to declare the driver(s) module(s) of your network card(s). In the following example, we assume that both ethernet interfaces are provided through a standard ne 2000 PCI card.

All the modules which are necessary for a PPTP/PPPoA connection are provided on the standard Bering floppy. You just need to "declare" them since they are not loaded by default. As far as your network cards are concerned, the most popular driver modules are provided in /lib/modules but you might need to download the one corresponding to your own hardware from the Bering modules CVS area. Refer to the Bering installation guide to learn how to do that.

To declare your modules, go to the LEAF Packages configuration menu and choose modules. Enter 1) to edit the /etc/modules file and enter the following information:

# 8390 based ethernet cards
8390
ne2k-pci

# Modules needed for PPTP/PPPoA connection
slhc
n_hdlc
ppp_generic
ppp_async

# Masquerading 'helper' modules
ip_conntrack_ftp
ip_conntrack_irc
ip_nat_ftp
ip_nat_irc

Backup the modules.lrp package.

Connection with your ISP will be handled by PPP. The PPP Howto document will give you very detailed information about this protocol and how to set-up its numerous parameters.

Through the LEAF packages configuration menu get access to ppp configuration. The following menu will show-up

                        ppp configuration files

        1) ISP pppd options
        2) ISP login script
        3) System wide pppd options
        4) chap secret
        5) pap secret
        
  q) quit
  ----------------------------------------------------------------------------
        Selection:

Enter 1) and 2) and empty out the corresponding files completely

Enter 3) allows you to adjust the parameter of your ppp connection through the /etc/ppp/options file. This file must contain:

debug
name "ISPUserID"
noauth
noipdefault
defaultroute

Edit either the CHAP (Entry 4) or PAP (Entry 5) option to set up how your system authenticates.

For PAP authentication, choose the PAP option and add a line saying "<ISPUserID> * <ISPUserPassword> to the bottom of the file. <ISPUserID> is the same entry that you made in Entry 3) - the "System wide pppd options" file. The <ISPUserPassword> entry is self-explanatory. The "*" can be replaced with the IP address or name of the server you are dialling into if you know it. Usually, an asterisk is sufficient.

If you want to authenticate using CHAP, add the same entry to the CHAP item instead.

Backup the ppp.lrp package.

Trough the LEAF configuration menu type 1 to access to the network configuration menu and 1 again to edit your /etc/network/interfaces file. Enter the following information:

auto lo eth0 eth1

iface lo inet loopback

iface eth0 inet static
	address 10.0.0.1
	netmask 255.255.255.0
	broadcast 10.0.0.255
	up pptp 10.0.0.138

iface eth1 inet static
	address 192.168.1.254
	masklen 255.255.255.0
	broadcast 192.168.1.255

In this /etc/network/interfaces file the lo, eth0 and eth1 interfaces are brought up automatically when the ifup -a statement is executed at boot time by the /etc/init.d/networking script.

The "iface eth0 inet static" section defines the external address of the router and says:

The "iface eth1 inet static" defines the internal address of the router.

Backup the etc.lrp package.

Through the LEAF packages configuration menu, choose shorwall and check the three following files:

A) The interfaces file (entry 3) defines your interfaces. Here connection to the net goes through ppp0. So we must set:

(...)
#ZONE   INTERFACE       BROADCAST       OPTIONS
net     ppp0            -	        routefilter
adsl	eth0		10.0.0.255
loc     eth1            detect          routestopped
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

B) Add the following line to /etc/shorewall/policy. Now the policy for traffic between the firewall and the adsl zone is set to ACCEPT:

(...)
fw      adsl    ACCEPT

C) The masq file (entry 8). With a dial-up modem setup it should look like:

(...)
#INTERFACE              SUBNET
ppp0                    eth1
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE

D) You may also need to edit the config file (entry 12) to adjust the CLAMPMSS variable to "yes":

(...)
# Set this variable to "Yes" or "yes" if you want the TCP "Clamp MSS to PMTU"
# option. This option is most commonly required when your internet
# interface is some variant of PPP (PPTP or PPPoE). Your kernel must
#
# If left blank, or set to "No" or "no", the option is not enabled.
#
CLAMPMSS="yes"
(...)

Backup the shorwall.lrp package.

Your modem connection should be established automatically. Type plog to check the login sequence with your ISP. If there is no output check the logs in /var/log/ to get a clue on potential problems.