I’ve spent the last week or so comparing options for how I could share the new shiny NextG connection between the various computers that Prue and I have. The wireless modem has a usb connection, so it doesn’t really work well for a LAN. However with a little patience you can easily configure a Linux gateway and firewall machine to dial up the modem and then perform NAT just like any ADSL router would. In fact this is how I shared ADSL way back in 2001 when routers were expensive.

Initially that is all I did, installed Ubuntu 7.04 and ran pppd manually, however that isn’t exactly a Prue friendly option. But it was a proof that one can connect Linux to the NextG network. I followed the instructions here, essentially you:

  1. Patch the airprime driver in the kernel source and compile a new kernel.
  2. Restart your machine and load the airprime module – I actually compiled it into the kernel and not as a module but feel free to do which ever way suits you.
  3. Configure a ppp dialing profile called NextGWireless (you can choose any name you like). I used pppconfig. It is all fairly straight forward just make sure you choose CHAP authentication and use /dev/ttyUSB3 as the device. PAP won’t finalise the connection and chat just doesn’t connect full stop.
  4. Issue the command: pon NextGWireless dump nodetach
  5. Your NextG connection should be up and running swap to another console login and test. Swap back to the original console and Ctrl+C the pon command to kill off the connection. Later you can connect with pon NextGWireless and then run poff to disconnect.

That worked and the speeds were reasonable. But as mentioned Prue isn’t exactly a Linux shell junkie. So I decided to investigate some of the packages that are browser interface driven. I have looked at four different options:

  1. Webmin – talking to the original Ubuntu install.
  2. eBox – a customised Debian distribution.
  3. Smoothwall – gateway and firewall distribution.
  4. IPCop – a fork of Smoothwall but essentially the same thing.

I can’t really pass judgment on Webmin as this was the first package I tried and always intended to blow it away to try the others. So if you are familiar with Webmin (which I am not) then it may suit your needs. I also needed to be able to invoke the ppp session from the browser interface, it was not immediately clear if I could do that with Webmin, but I wouldn’t be surprised if you can.

Each of the others I have “tried” and at the end of the day I am running SmoothWall Express 3.0-degu-i386. Note: Smoothwall 3 is beta. I am also running the Developer edition because the kernel needs to be recompiled after patching the airprime driver. I also needed to modify some of the Smoothwall interface code to recognise a USB modem.

IPCop was fairly promising – it and Smoothwall have a lot in common still – however IPCop only comes with a 2.4 version of the Linux kernel which supports neither the usbserial or airprime drivers nor were any compilers or development tools installed to build a 2.6 kernel. And that is not even touching the issues with migrating from 2.4 to 2.6 – which from memory were pretty weird , but that is going back to when 2.5 was being developed.

eBox was promising, the interface is very schmick and the usbserial driver works out of the box. Unfortunately eBox had issues I could not resolve. Firstly you have to manually dial the connection from the shell – at this stage I was willing to teach Prue how to do that. And secondly airprime needed to be patched and the kernel recompiled, which I did, but I could not get it to boot properly. Besides being stuck using the usbserial driver (which limits connection speed to 60KB/s due to the data transfer architecture used) I had problems with the eBox firewall and proxy. I could not access GMail and other random sites for example slashdot worked but digg.com didn’t, works website was accessible but not the Linux server running ssh (even from a console on the eBox machine). I tried disabling all the content filtering and proxying and then nothing worked.

If I was on a cabled connection and needed to filter content eBox would have been superb, but for my needs it is still a little kludgey. I intend to check back with eBox in a few years as it definitely shows promise.

Onto Smoothwall. I tried version 2 – its a no goer only has a 2.4 kernel and upgrades were pretty much out of the question. Which left me with using the version 3 beta. Personally I don’t mind using beta software and in this case I wouldn’t really call it beta as in “unstable” but beta as in “still being feature refined”. Anyway, as I said earlier I downloaded the Developer edition of Smoothwall Express (it’s free as opposed to the other versions), installed, and rebooted. Note: Choose GREEN (modem / ISDN is RED) as the network.

I already had a copy of the 2.6.22 kernel source code so I used WinSCP to copy the source tar ball to the new Smoothwall machine, logged in with ssh, performed the airprime patch, configured, compiled, updated lilo.conf, ran lilo (IMPORTANT: you must run lilo before rebooting when you update your lilo.conf file), and rebooted. Around 30 seconds later I had a working machine which recogised the wireless modem and I could dial using /dev/ttyUSB3 (as above).

Now the fun starts. Unfortunately after getting all of the above done I discovered that Smoothwall doesn’t really look for USB modems :( which almost made me cry, everything else worked wonderfully. Fortunately Smoothwall is more or less a GPL product and the web interface is perl cgi code. There are two modifications I made: 1) Updated pppsetup to allow for USB modems; and 2) Updated DHCP to be authoritative for the range.

Using the web interface enable ssh access and then ssh into the Smoothwall machine, remember to use port 222 when connecting.

1) Edit /httpd/cgi-bin/pppsetup.cgi – Everywhere you see ttyS3 put an identical line but use ttyUSB3. Except where you read $tr{‘modem on com*’} replace that with: NextG Modem

2) Edit /usr/bin/smoothwall/writedhcp.pl – Add the line: print FILE "\tauthoritative;\n"; after the line which prints out max-lease-time roughly line 130.

Now go back to your Smoothwall web interface and configure your connection to dial on the USB modem: Same settings as before and use PAP or CHAP as the authentication method. If you then go back to the control panel on the home page and hit connect it should dial and Smoothwall will manage the firewall changes and everything.

That’s all there is. Plug your Smoothwall box into a LAN switch and connect your other machines to it. Set the Smoothwall IP as the gateway address for your network and you should be able to access the internet from any machine. You can also enable the DHCP server on Smoothwall and it will tell machines automatically.

I know that the above is pretty raw, so if you are reading this and have questions please ask them.

I just completed a set of speed tests to include here
Download: 1510kbps average, 1913kbps peak (which is faster than the old wired connection)
Upload: 105kbps average, 175kbps peak (which is a little lower than the 384kbps specified but I don’t really mind, I’m not going to be uploading much since uploads are counted traffic)

Performance wise I’m happy and Prue has demonstrated herself capable of hitting the web interface, logging into Smoothwall as the dial user and clicking the connect button. So its a win win. And honestly I’ve enjoyed the new toy, it’s sad not having the cheap cabled competitive prices, but this is kind of fun too.