Penguin
Recent Changes
Annotated edit history of DSL-302G version 35, including all changes. View license author blame.
Rev Author # Line
34 AristotlePagaltzis 1 The DLink DSL-302G [ADSL] modem is actually a router/[DHCP]-server. What this means is that it is extremely simple to make this modem work with Linux. The following information describes how to get everything set up using the DebianLinux Sarge distribution running [GNOME] 2.8, but should be applicable to most [LinuxDistribution]s.
2
3 !Connecting
4
5 # Connect up the system physically. If the DSL-302G is the only thing you wish to connect to a particular phone jack, then you can just connect the [ADSL] modem directly to the socket. If you wish to run some other device (e.g. a standard modem, phone or fax) via the same phone jack then use the provided filter device which has both "[ADSL]" and "phone" outputs. In addition, all other phones/faxes/etc. need to have a filter inserted between them and the existing phone jack in order to prevent the [ADSL] signal being audible to those devices.
6
7
8 # Connect the DSL-302G to your PC via an ethernet cable. The DSL-302G also provides a [USB] 1.1 connection; if you get this working then please add information on this to this page!
9
10
11 # Define an "eth0" network connection. You can do this using graphical desktop tools (eg "Applications|System Tools|Networking") or by editing /etc/network/interfaces (see "man 5 interfaces"). Simply select "[DHCP]" for this interface and ignore all other options.
12
13
14 # Start the "eth0" connection, by selecting "activate" in the networking GUI admin tool, or running "ifup eth0" (as the root user) from the command-line. Linux will broadcast a [DHCP] request using the eth0 network interface, and the DSL-302G will respond by providing a local address for Linux to use. Unless explicitly configured otherwise, the DSL-302G assigns itself the address of 10.1.1.1 and (typically) provides the (local) address of 10.1.1.3 for your system to use.
15
16 Note that you can arrange for the eth0 network interface to be started when your machine boots.
17
18 # Start a web browser (eg Mozilla) and go to "http://10.1.1.1" to access the modem's internal web server in order to configure the modem. When presented with a login page, enter "admin" for the user and "admin" for the password. Select the "Username and Password" link, and enter the username and password you arranged with your [ISP]. Finally select "ok" to reconfigure the modem.
19
20 Edit by Leslie Katz, Australia:
21 I was unable to access the modem's internal web server with the Firefox for Linux web browser. As I have a dual-booting system, I changed to Windows and tried Firefox for Windows. Again, I was unable to gain access. I then tried Internet Explorer, with which I was able to gain access. I found that any saved changes made while using Internet Explorer persisted when I booted into Linux, so that making any needed changes with Internet Explorer is an adequate substitute for those with a dual-booting machine who, like me, have no success with Firefox for Linux.
22 Further, in addition to typing in "http://10.1.1.1" in Internet Explorer, one can (at least with my firmware: r2.01m.b34.au(021206a/t93.3.44)) type in "http://10.1.1.1/mainpage?id=", followed by a number between one and thirty-one. One will then be prompted for one's user name and password and, after they are entered correctly, a page will open. In the case of pages ten (Routing Information Protocol Configuration), nineteen (IP Filter Configuration) and twenty (Firewall Configuration), the page is unhelpful.
23
24 Note that the DSL-302G appears to use some non-standards-compliant [HTML] in its admin interface, and so some of the pages look a little odd.
25 In particular, you must click on the "OK" text, NOT on the grey button that appears to the left of this text.
26
27
28 You should now have broadband access!
29
30 ! Security
31
32 Because the DSL-302G runs as a router providing [NAT] (Network Address Translation) it is effectively impossible for any computer elsewhere on the internet to initiate network connections to your machine. The only way other computers can transfer data to your PC is as ''response data'' to requests originating from your PC (e.g. sending back web pages you have requested). This provides excellent security; separate firewall software is therefore generally not needed.
33
34 The disadvantage of the use of [NAT] by the DSL-302G is that you can't run a webserver or other service on your PC and have other
35 people access it from the internet. Actually, you probably can by disabling [DHCP] on the DSL-302G, setting up a (private) static
36 address on your PC, then configuring the [NAT] rules in the DSL-302G via the webserver at 10.1.1.1. Anyone who manages to get that
37 running is invited to record the process here! Of course if you do this, then you should consider configuring a firewall on your PC to handle the new accessibility appropriately.
38
39 Edit: by Doug Hawkins (doug@lga.net.nz)
40 You can run a webserver off this modem because I have done so (also on a [ADSL] connection with a dynamic [IP] (thanks to http://no-ip.com). Search the Dlink site for a [PDF] manual called "DSL-302G_Open.ports_and_DMZ.pdf". (or email me and I will flick you the [PDF])
41 The open port connects to my Linux box (FedoraCore 3) that serves the webserver. I had to run through a proxy server to locally view the pages on my other PC.<br>
42 A link for the above is http://www.dlink.com.au/tech/drivers/files/modems/DSL-302G_Open.ports_DMZ.zip
43
44 Edit: by Ivo Keel
45 There is one thing missing, at least for xtra.co.nz users: Port forwarding or open ports does not work with Firefox. That is what I found out after hours of unsuccessful tries, all bounced with "Method not implemented". It has to be Internet Explorer. But that does not need to pose an impediment for Linux users. An easy way to install IE6 for such purposes is provided by http://www.tatanka.com.br/ies4linux/page/Installation
46
47 Edit: additional by Chris Emery, UK: [NAT] stops all incoming connections by default, but most routers, including this one, support a method called Port Forwarding ([NAPT]) which basically sets an instruction that certain ports are always referred to a certain machine (set a fixed [IP] address relative to the router for this to work!). Port Forwarding allows a firewall to be selectively opened up, so for example, remote admin ports wouldn't reach your PC but web serving ports (8080?) would.
48
49 Edit by Leslie Katz, Australia:
50 Following the instructions contained in the D-Link document referred to by Doug Hawkins (while using Internet Explorer) meant that I could open certain ports that I wanted to open. However, the document was a bit cryptic. Points four and five did not mention that it is necessary to do more than merely click on "Submit" when you've finished creating your NAT rule if you want it to be permanent. In that event, you must, after clicking on "Submit", go to "Admin", then to "Save & Reboot" and then click on "Save". Also, I wanted to open three contiguous ports and found that I could do so in a single rule by putting the number of the lowest port in "Destination Port From", the number of the highest port in "Destination Port To" and a zero in "Local Port".
51
52 Some routers are a bit flaky with port-forwarding but recent D-link, linksys' and US Robotics DSL routers are easily good enough.
53
54 Another way to do this is to use the modem in bridge mode, but you will probably need some type of PPPoA dialer on your PC. Here is an address for the manual to set up bridge mode on the modem. [http://www.dlink.com.au/tech/drivers/files/modems/DSL-302G_Bridge_Mode.zip]
55
56 ! CLI Interface
57 This modem has a fairly good command line interface that gives you access to many more features than are available via the web interface. Unfortunately documentation on this interface is hard to find, and it's not at all intuitive.
58
59 To access the CLI interface, telnet to the modem's ip address (telnet 10.1.1.1) and enter the administration userid and password when prompted.
60
61 The Solwise SAR110 Modem is based on the chipset and seems to have an identical CLI. Grab the manuals from http://www.solwise.co.uk/downloads/adsl.htm
62
63 Edit by Leslie Katz, Australia:
64 At least in my case, the DSL-302g is not based on the same chipset as the SAR110. I was able to get to the CLI by issuing the command "telnet 10.1.1.1" (both in Windows and in Linux). After entering the user name and password I had been prompted for ("admin", in each case), I got a screen that welcomed me to "Titanium". Some web searching established that "GlobespanVirata", a company afterwards acquired by Conexant, produced at least two chipsets for ADSL modems, "Viking" and "Titanium" (each of which appears still to be offered by Conexant). The Solwise manuals are for the Viking chipset, which offers certain features to which I was not able to gain access, either via the web interface or via telnet. For example, I was not able to access IP Filter Configuration or Firewall Configuration either via the web or via telnet. Further, at ftp://ftp.gentek.com/pub/gvc/adsl/BB0060/Manual/Viking%20and%20Viking%20II%20Chip%20Sets%20CLI%20Reference%20Manual%20DO-30017.pdf
65 one finds a (self-described "preliminary") CLI Reference Manual for the "Titanium Plus
66 TM Chipset Family for ADSL-Ethernet Bridges/Routers". How it compares to the CLI manual for the Viking chipset, I can't say.
67
68 Reasonable help is also available within CLI. Enter "?" at the command prompt or after commandline arguments for more detailed help.
69
70 For Example:
71 <verbatim>
72 $?
73
74 Command Description
75 ------- -----------
76 alias To Alias a command
77 apply Apply configuration/image file
78 commit Commit the active config to the flash
79 create Create a new entry of specified type
80 delete Delete the specified entry
81 download Download a file on to the Device
82 exit To exit the CLI shell
83 get Display info for the search
84 help Provides help
85 list List files
86 memset Memset
87 modify Modify information for specified entry
88 passwd To modify user password
89 ping The normal ping command
90 prompt Change the user prompt
91 rdf Read Flash
92 rdm Read Memory
93 reboot Reboot the device
94 remove Remove file
95 reset Reset info for the specified entry
96 size ATM Sizing Information
97 traceroute The normal traceroute command
98 trigger To set trigger
99 unalias To undefine previously defined alias
100 verbose Switch ON/OFF the verbose mode
101 wrm Write Memory
102
103
104 $create nat rule entry ?
105
106 Parameter Description
107 --------- -----------
108 ruleid <decvalue> Rule identifier
109 <rule type> Type:basic|filter|napt|bimap|rdr|pass
110 [ prot <ProtType> ] Vals:any|tcp|udp|icmp|[num <decvalue>]
111 [ ifname <name> ] Interface name
112 [ lcladdrfrom <ip addr> ] Start source address
113 [ lcladdrto <ip addr> ] End source address
114 [ glbaddrfrom <ip addr> ] Start global address
115 [ glbaddrto <ip addr> ] End global address
116 [ destaddrfrom <ip addr> ] Start dest address
117 [ destaddrto <ip addr> ] End dest address
118 [ destportfrom <Portval> ] Portval: as given below
119 [ destportto <Portval> ] Portval: as given below
120 [ lclport <Portval> ] Portval: as given below
121 _____________________________________________________________________________
122 Portval : {num <decvalue>}|echo|discard|chargen|ftp|telnet|smtp|dns|bootp
123 : |tftp|http|pop3|snmp
124
125 </verbatim>
126
127 Edit by Leslie Katz, Australia:
128 Before discovering how to create a permanent NAT rule via the web interface, I tried to create a NAT rule via the CLI. That failed. After discovering how to create a permanent NAT rule via the web interface, I read that, as appears immediately above, when creating a NAT rule via the CLI and using a decimal port value, one should precede the decimal value by "num". It was unnecessary for me to test that, since by then, I had succeeded via the web interface.
129
130 ! Half Bridge Mode (DHCP Spoofing)
131 In this mode the modem terminates the PPP connection from the ISP but acts as a bridge. This means that you get the real world IP address on your computer and there is no NAT between you and the ISP. To enable this enter telnet mode and type the following commands (assuming you have already configured the account details)
132
133 <verbatim>
134 modify ppp intf ifname ppp-0 startondata
135 modify nat global disable
136 modify zipb cfg enable
137 commit
138 reboot
139 </verbatim>
140
141 To configure half bridge mode via the [HTTP] interface:
142
143 # Point your web browser (e.g. Mozilla) to the "Network Address Translation ([NAT]) Configuration" page ([WAN] -> [NAT])
144 # Select Disable [NAT] and Click Submit
145 # Navigate to the Save and Reboot page and save the new configuration.
146
147 It is recommended to reset the 302g to default settings and re-enter your [ISP] login information before trying this or it may not work.
148
149 This mode does seem a little flaky in that once the [PPP] connection is up it doesn't seem to like it if you try to gain a second lease (even from the same computer). Renewing an existing lease is fine however. So for example if your computer turns off or reboots you may need to power cycle the [DSL] modem as well in order to get a lease again. [YMMV].
150
151 If you are having problems with the default lease expiry time of 1 minute being to short (a common problem with some broadband routers) or causing occasional drop outs on lease renewal, then to increase the lease time enter telnet mode and type the following commands:
152
153 <verbatim>
154 modify dhcp server pool poolid 0 dlease 1800
155 modify dhcp server pool poolid 0 mlease 3600
156 commit
157 reboot
158 </verbatim>
159
160 This example sets the DHCP lease to 30 minutes, with a Maximum lease of one hour. If your ISP changes your IP address frequently you may want to experiment with shorter values.
161
162 Please Also Note: If you purchased the modem in NZ chances are it will have an NZ firmware, modern NZ firmwares will not allow the modem to operate in half-bridge mode, it is possible to use the firmware from the [support page for the DSL-302G | http://www.dlink.com.au/tech/drivers/files/modems/dsl302g.htm] on the [Australian d-link site | http://dlink.com.au] and just change the VCI/VPI settings to 0/100 and half-bridge mode will work.
163
164 Edited by Franc Zabkar (fzabkar@internode.on.net):
165 The following Javascript routine synchronises a DSL-302G modem's date and time with system date and time:
166
167 http://www.users.on.net/~fzabkar/DSL-302G/Utilities/TimeSync.htm
168
169 The routine has been tested on an Optus supplied modem. Certain parameters such as timezone_combo may need to be customised by the user. Self explanatory instructions are included within the body of the code.
170
171 All corrections and improvements gratefully received.
172
173
174 ! How to keep the clock accurate using SNTP
35 SuadMusovich 175 (stolen from http://www.sarguide.co.uk/sntp.php) ... and added timezone setting
34 AristotlePagaltzis 176
177 ''You will probably find that if you turn off your router that it looses the time that you had set. Also, you may find that the router just looses time gradually, meaning that alarms etc are not really that accurate.
178 Thanks to Oliver Broad for this.
179 ''
180
181 ''You can keep the time accurate using SNTP (Simple Network Time Protocol). All you need to know is the address of an SNTP server. In this example i have used ntp2b.mcc.ac.uk
182 ''
183
184 ''Log into the CLI and put in the following commands, pressing enter after each line:
185 ''
186
187 <verbatim>
188 create sntp servaddr dname ntp2b.mcc.ac.uk
35 SuadMusovich 189 modify system timezone "NZST"
34 AristotlePagaltzis 190 modify sntp cfg enable
191 get sntp stats
192 </verbatim>
193
35 SuadMusovich 194 ''The first line creates an entry telling the router the address of the SNTP server. The second line sets the timezone. The third line enables SNTP on the router, and the fourth will give you the status of SNTP so you can check it has worked.
34 AristotlePagaltzis 195 ''
196
197 ''The router will then check periodically and update it's time so that it is always accurate. It checks every 15 minutes (I think!!)
198 ''
199
200 I have done the above on my 302G with success although after rebooting the time is as per the last SAVE operation until the link comes up and the time is automatically sync'd (however the UPTIME reported on the SYSTEM page is correct)
201
202 ! Changing HTTP and Telnet Ports
203 If in half-bridge mode (or full-bridge) any attempts on port 80 or 23 on the external IP address if you have external access disabled in the 302g will refuse the connection. This is troublesome if you want port 80 or 23 to be sent to the router like all the rest of the ports for a web server. Changing the ports is done in the CLI via Telnet using the following commands:
204
205 <verbatim>
206 modify nbsize httpport 61080
207 modify nbsize telnetport 61023
208 commit
209 reboot
210 </verbatim>
211 where 61080 is the port number 80 or a value between 61000 and 62000
212
213 where 61023 is the port number 23 or a value between 61000 and 62000
214
215 This information was originally found at http://martybugs.net/smoothwall/dsl300g_ports.cgi
216
217 This modem has caused me much pain, i use one at home without many problems. The fault lies with users who get given one for at home from their isps.. then are unable to make ipsec connections to their workplace.. have not found a solution.. upgrading to a 504G has resolved all these.. but seriously would recommend something better for most users.

PHP Warning

lib/blame.php:177: Warning: Invalid argument supplied for foreach() (...repeated 2 times)