BT Infinity FTTC (and my own FreeBSD router)
13th Jan 2013, 17:22:17
Since it was launched three years ago in 2010, BT Infinity with its 80Mb download and 20Mb upload has been a tempting prospect, but the idea of dealing with BT retail horrifies me. However, having just acquired a building with no phone line, my hand was forced. It seems BT is the only telecom operator who will install a PSTN line for free for new subscribers. This saving of £130.00 pushed me over the edge. How bad could it be?
Six weeks(!) after placing an order, BT scheduled an Infinity engineer in the same time slot as the PSTN engineer, but in a stroke of good fortune they turned up in the right order. I should have been sent a welcome pack and a Home Hub router before the arrival of the Infinity engineer, but none was delivered. Thankfully, the engineer had a spare Home Hub in his van, silly really, since I had no intention of using the BT-provided router anyway. Nevertheless, by lunchtime, I'd been left with an openreach modem and a BT Home Hub 3.0 connected to a working BT Infinity service.
I couldn't decipher what the Home Hub was doing based on its incredibly simplistic web interface, there certainly didn't seem to be any way to turn it into a bridge so I could use my own router and given the Home Hub's reputation for terrible reliability I had little inclination to pursue the matter. I'm not really one to trust telco-provided black boxes anyway. I decided it would be easier to just sniff the packets between the Home Hub and the openreach box. Lots of PPPoE traffic was what I saw. A quick web search revealed that a username of bthomehub@btbroadband.com and any password is sufficient to bring up a PPPoE connection. Good!
I disconnected the Home Hub and plugged in an Alix 2d3 running FreeBSD 9.
My FreeBSD box is on the other end of the network socket connected to the OpenReach box with the yellow-booted cable, which is just a straight patch cable.
With the openreach-provided Huawei HG612 already configured to act as a bridge, it's now quite straightforward to get FreeBSD to do the PPP connection:
# vi /etc/ppp/pppd.conf infinity: # Replace vr2 with the interface connected to the VDSL2 modem set device PPPoE:vr2 set speed sync set mru 1492 set mtu 1492 set ctsrts off enable echo set echoperiod 15 enable lqr set lqrperiod 15 set log Phase tun enable ipcp disable dns # Replace vr2 with the interface connected to the VDSL2 modem set server /tmp/pppoe-vr2 "" 0177 set authname bthomehub@btbroadband.com set authkey BT # HISADDR is shorthand for the remote end of the link, # pppd will set this as the default route add! default HISADDR
The indenting is important and forms part of the config file syntax! A quick tweak to
rc.conf is needed to bring up the PPP connection on boot:
# vi /etc/rc.conf # Replace vr2 with the interface connected to the VDSL2 modem ifconfig_vr2="up" # PPPoE configuration ppp_enable="YES" ppp_program="/usr/sbin/ppp" ppp_nat="NO" ppp_user="root" ppp_profile="infinity" ppp_infinity_mode="ddial" ppp_infinity_nat="NO"
Start pppd:
# service ppp start
All being well, pppd will create the interface tun0, which will be assigned your internet IP address. Let's adjust pf.conf to take account of this situation:
# vi /etc/pf.conf
# VDSL modem on physical vr2, but pppoe creates tun0
ext_if="tun0"
# Inside network
int_if="vr1"
### End Macros
### Options
set skip on { lo0, enc0 }
set loginterface $ext_if
# set debug urgent
# set require-order yes
set block-policy drop
set state-policy if-bound
set fingerprints "/etc/pf.os"
# set ruleset-optimization none
### End Options
### Tables
### End Tables
### QoS goes here
### FTP stuff
# Proxy FTP connections for users on the internal network
# This needs ftpproxy_enable="YES" in /etc/rc.conf
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
rdr on $int_if inet proto tcp from $int_if:network to any port ftp -> lo0 port 8021
### END FTP
### NAT
nat on $ext_if inet from $int_if:network to any -> ($ext_if) port 1024:65535
### END NAT
### pass and block statements; connections we want
# If we don't specify otherwise later, block it and log it
block log all
## Use an FTP proxy on this box
anchor "ftp-proxy/*"
pass in on $int_if proto tcp from $int_if:network to lo0 port 8021
# Management
pass in on $ext_if inet proto tcp from any to ($ext_if) port ssh
pass in on $int_if inet proto tcp from $int_if:network to $int_if port ssh
# Pass traffic from the local network to elsewhere
pass in on $int_if from $int_if:network to !(self)
# Permit all traffic going out of an interface (not the router as a whole)
pass out inet
# Allow ICMP types neccessary for MTU path discovery to work:
pass inet proto icmp all icmp-type unreach code needfrag
#Allow ICMP echo requests
icmp_types = "{ echoreq, unreach }"
pass inet proto icmp all icmp-type $icmp_types
### END pass and block rules
antispoof for $ext_if
antispoof for $int_if
antispoof for lo0
# pfctl -f /etc/pf.conf
An unscientific speedtest.net test shows 37Mb down and 9Mb up. Not bad.