[IOML] Slightly OT: Summary of ADSL battles

Dylan Smith dyls at dylansmith.co.im
Fri Jun 20 09:35:01 2003

Greetings all,

Just a follow-on to my battles with the MT-supplied SpeedStream 5861.
I made a console cable (I found an old 9-pin RS-232 cable in a draw full
of cables, cut one end off, got out the trusty crimping tool and put an
RJ-45 connector on the end with the pin-out described by the WWW page that
Dan pointed out).
I probably shouldn't post the router's password on a public mailing list,
but let's just say, no one would have any trouble figuring it out! The
worrying thing is the router is listening on port 4000 for incoming telnet
connections, too. Fortunately, it's restricted to a range (hopefully) only
owned by MT. Before this all started, I had run 'nmap' against it to see
what it had open - port 80 was open, but the firmware is 'special' and all
you get on port 80 is a connection status page and the ability to change
the login.

You do get the full command-line interface via the console cable. The
serial port should be set to 9600 N81. I used 'minicom' (standard in most
Linux distros) to connect. The command line interface is fairly torturous
if you're used to something else, but it *is* powerful. The tragic thing
is that the standard configuration of this router is castrated, and the
router can do so much more. At least the default configuration from MT is
secure against random crackers. Howerer, I think MT should supply a
console cable with the device - a simple NAT set-up doesn't fit everyone
(it certainly doesn't fit us). Or if they don't want to give out console
cables for cost reasons, open up the telnet interface to the LAN.

I spent some time experimenting with various commands. You can, for
example, tell it to route *all* incoming traffic on the WAN interface to a
NATted internal address. (This isn't quite suitable for us, see later on).
It's actually a very good router once you get through to the command line
so you can configure it. It even can log to a remote syslogd, it has a
sntp client (to keep its clock synced). Bizarrely, it has a FAT filesystem
in flash memory!
I think someone in one mailing list referred to the BT standard
configuration of this router as "a Ferrari in wheelclamps". Well, consider
the console cable an angle-grinder :-)

"We don't offer this service" angle (i.e setting the router up so that the
WAN IP address can be had by the computer). I discovered that it's
actually not possible with this router - I wish the MT guy I was talking
to just told me that the router simply couldn't do it instead of "we don't
offer this service" as it'd would have saved me a lot of time and Google
searching. It appears the router may be able to do it with RFC-(the number
escapes me) bridging if you're using PPPoE, but we use PPPoA here. You can
at least forward all incoming traffic to the computer connected to the
router. However, this still mangles the packets, and some VPN software has
a problem with mangled packets (FreeS/WAN certainly can't take this, and I
suspect there are others too. On the other hand, CIPE works fine through
NAT). I have now thought of how I can use up 5 IP addresses, so we've just
decided to go down that route (I'll have 2 DNS servers on site, and maybe
wall off some services in a user-mode Linux instance with a separate IP

Dylan Smith, Castletown, Isle of Man      | Code fast, crash young and
Flying: http://www.dylansmith.net         | leave a beautiful core.
FFE/Elite Universe: http://www.alioth.net |             -- JK (#afe)