Building an ISP Using Linux and an Intranet
I became the founder of a small ISP for the Baltimore, Maryland area by accident. My wife and I had been having trouble finding a cheap and reliable Internet access provider. After endless frustration with busy signals, we decided to get a dedicated 28.8 line and use it as our connection to the Internet. The connection would always be up and available, and we could both use it to surf the Internet. It seemed natural to take the next step and provide access to others. Beyond helping people get on the Internet and giving me technical experience with Linux, it could provide us with a source of revenue to recoup some of the costs. Before you decide to become an ISP and make lots of money, however, I should warn you competition is fierce and we are not yet profitable.
The Internet server setup we have is a simple one: a Linux machine with four incoming lines for dialup and one outgoing line to maintain the dedicated connection. We currently support about twenty users on the machine. Although simple, this setup could present a problem: if four users dialed in, each would receive (28.8/4) = 7.2Kbps for his or her connection. Most of the time, however, only one user is logged onto our machine, and he receives full bandwidth. In addition, when multiple users are logged on, one may be downloading or composing e-mail, another might be reading a web page and a third may have walked to the bathroom.
One of the first steps you need to take to build a Linux Internet server is to recompile the kernel with networking on, IP forwarding/gatewaying on and any additional drivers selected. We have a network card and a Cyclades Cyclom 16YeP card (a multiport serial card) on the Linux machines, so we have those options turned on. When you turn on the IP forwarding/gatewaying, it enables the Linux machine to forward packets it receives over your network to the Internet.
Another important step during setup is to get an account with your ISP that supports point-to-point protocol (PPP). You can get a dedicated 28.8 connection for about $100/month that will provide you with full access to the Internet for your network. It is also preferable that you sign up for a static IP address or a Class C address and a domain name. A static IP address lets you log on to the Internet with the same IP address all the time. We have a Class C address, so this discussion uses only the Class C address. A class C address gives you a block of addresses (255) you can use to set up your internal network (Intranet). If you don't have a Class C address but rather a static IP address, you'll have to use IP Masquerading to access the Internet from your LAN. [See “IP Masquerading with Linux” by Chris Kostick in the July 1996 issue of Linux Journal—Ed.]
We started building our Internet server by calling our ISP and signing up for a Class C address with a domain name and a dedicated 28.8 line. After we received our Class C address block (206.156.217.*), I picked one of the addresses for our host (220.127.116.11) and proceeded to set up our network using the netconfig utility bundled with Linux.
Your ISP should be able to maintain the Domain Name Server (DNS) entry for your machine. The DNS entry allows Internet surfers to access your IP address using your domain name. IP addresses like ours (18.104.22.168) are hard to remember and non-descriptive; the DNS entry allows surfers and customers to reach our machine using NetBrain.com without knowing the IP address.
In the resolv.conf file, there should be a listing of the domain name servers you'll be accessing. The file should look something like:
#resolv.conf Nameserver 22.214.171.124 nameserver 126.96.36.199
Using the ppp-on script (part of the pppd package), you establish how your want your PPP connection set up. The ppp-on script is shown in Listing 1. You use this list to set up parameters such as the IP address of your machine and the host machine, whether you're running pppd on a modem or through a network, and the device you're using to make the connection. The ppp-on script calls the ppp-on-dialer script which actually dials the modem to connect to your ISP. The ppp-on-dialer uses chat, which dials the modem and also handles getting past the ISP's startup screen (user name, password). (Passing the 0.0.0.0 as a parameter for the remote is another way of saying “we don't care.”) The important parameters in the ppp-on script include:
115200—serial port speed—this doesn't mean your modem is as fast, but with some compression, it might get close.
/dev/ttyC2—your modem'd port default route—specifies this connection is the default route out of the machine, if it can't find the address locally.
Note that the chat has the ogin my_login and assword: my_password lines. This is chat's way of saying, “If you see ogin: then type my_login; then when you see assword type my_password.” You'll have to dial in manually to your ISP using a terminal program to see how this login screen looks.
If you type ppp-on and hear the modem dial and connect, you've taken your first step to running an Internet server. When PPP is running, you should be able to ping one of your ISP's machines from the Linux shell. A good address to ping is your ISP's DNS machine.
If ping is successful, try to see if TELNET works. A simple check is to telnet to one of the MOO sites (telnet baymoo.org 8888). If that works, you are connected and being routed correctly. If you have an account on another machine, you can also test the incoming connection via TELNET. This is more a test to make sure your ISP has the correct DNS entry. If you get the Unknown host error, either your ISP didn't put the entry in or it hasn't made it out—sometimes it takes a few days to make it to all the other machines.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Ubuntu Online Summit
- Devuan Beta Release
- The Qt Company's Qt Start-Up
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- The US Government and Open-Source Software
- May 2016 Issue of Linux Journal
- The Death of RoboVM
- Open-Source Project Secretly Funded by CIA
- New Container Image Standard Promises More Portable Apps
- BitTorrent Inc.'s Sync
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide