[Sderby] No joy with smooth wall

David Bottrill sderby at mailman.lug.org.uk
Sat Sep 28 10:20:01 2002


Tony,

With NTL you need to do a little bit of extra work with Smoothwall, or
in fact any other PC you connect to your cable modem.

NTL remembers the hardware (MAC) address of the first network card that
is attached to the cable modem, thereafter it will ONLY talk to that
network card. There are ways around this, firstly are you using a
separate cable modem? or are you connecting to the Ethernet port of a
digital TV receiver?

If you have a separate cable modem then the way most people say to get
round this is to power off the cable modem for at least 4 hours. The
default lease time for your dynamic IP address is 4 hours so the theory
has it that next time you power up it will accept the new network
card's  hardware (MAC) address. I've never proved this as I couldn't be
bothered to wait for 4 hours.

If you have a Digital TV box you are using as a cable modem then I
believe there is a web interface on the digital box, you may be able to
tell it to accept a new address here, I'm not sure as I haven't seen
this.

The third option, that I've been using for the last 2 1/2 years is to
clone the MAC address of the first PC that you connected to the cable
modem. To do this you need to find the MAC address of the PC that you
currently have connected to the cable modem. If you are running windows
9X or ME on that machine then click the start button, select run and
type in WINIPCFG and click OK. A window entitled IP configuration will
open, at the top of this is a a box to select you network card, if it
says PPP adapter then click on it and select your Ethernet card. Just
below this there is a box that says "adapter address" in the form of
00-50-56-40-42-AF, this is the hardware or MAC address of your network
card and is unique. If I remember the first 4 digits is the
manufacturers code the remaining 8 digits is the unique serial number of
the card. Write this entire string of numbers down, ignoring the dashes.
It is most important you keep this number safe otherwise you will have
grief if you try and attach any other PC to the modem. You would
probably have to spend a long time with NTL tech support to get the
address of the new card registered.

If you are using Windows 2000 or XP then bring up a command shell window
and issue the following command:

IPCONFIG /ALL

As I haven't got a 2K box here to look at the exact format of output I
can't tell you exactly where to look but you will see a similar 12 digit
hexadecimal string as above, make a note of this and keep it safe.

Now to configure SmoothWall.

You need to configure Smoothwall to use a REB - GREEN configuration with
RED being an Ethernet card, not a modem, ISDN or ADSL adapter. Configure
the RED interface to obtain an IP address dynamically using DHCP and
configure the GREEN interface to be suitable for your LAN. Are you using
a DHCP server on you LAN at the moment? or are you assigning IP
addresses manually?. You can Configure SmoothWall to be a DHCP server,
this is a good idea as it sends the correct addresses to your client
PCs, i.e. their IP address, subnet mask, default gateway and DNS server
address. If you are setting your PCs up manually to use the Smoothwall
box then you should set their default gateway and DNS addresses to the
IP address you have assigned to the GREEN interface on the SmoothWall.

Firstly you should test the LAN side of the SmoothWall from one of your
PCs. Point a web browser at the Smoothwall,
HTTP://IP-Address-of-Smoothie:81 the :81 is important as Smoothwall uses
a non-standard port for it's WEB interface, this is so that it can
provide transparent web-caching if required. If this now works, use the
Secure Shell facility on the web interface to obtain a text console
login to Smoothwall. You will first of all need to enable the SSH
service, I think this is on the services section of the Smoothie WEB
page, either that or login at the keyboard of the Smoothwall. You will
need to login as root.

Now you need to STOP the RED interface so you can change it's MAC
address. To do this type the following command:

ifconfig eth1 down

eth1 should be the RED interface, just check you can still connect via
the web browser to the GREEN interface.

Now we need to change the MAC address of eth1:

type the following command:

ifconfig eth1 hw ether aabbcddeeff 

(where aabbccddeeff is the MAC address of the PC you previously
connected to the cable modem)

You now need to restart the RED interface using the command:

ifconfig eth1 up

Hopefully the Smoothwall will now connect to NTL and get an IP address,
you can check this using the command:

ifconfig eth1

Providing the IP address is something other than 0.0.0.0 it should have
worked.

can can check further by trying to ping something on the web such as:

ping www.ntlworld.com 

If this gives you replies then you should are OK, you will need to type
ctrl-C (control C) to stop the ping command.

These changes are not persistent and next time you re-boot the
smoothwall the MAC address will have reverted back to the original
hardware address of the network card you have installed, so the above
sequence of commands will need to be entered again. 

The best way around this is to have a look at the startup scripts I
think there is a script called rc.netcard.up if you look at the script
you can see where the cards are initially configured (using ifconfig)
you need to add these three command somewhere here.If you choose the
point correctly you should just need to enter the single command to
change the MAC address as initially the cards will be down so providing
you issue this command before the interface it brought up then that
should be all you need.

I'm not using Smoothwall at the moment as I have a Linksys Cable modem
router. This too has a web interface and has the option to override the
MAC address of the external interface from the web interface. I
suggested to the Smoothwall crew about a year ago that the ability to
override the MAC address from the WEB interface would be very useful,
particularly for NTL subscribers, although this is by no means a problem
with NTL, I understand that around the world many cable providers place
the same restrictions on MAC addresses. I don't know if Smoothwall have
added this feature to V2.0.

I suggest that at the next meeting you bring along your Smoothwall box
and Mike and I will setup a test network to simulate the Internet on one
side and a PC behind the SmoothWall on the other, that way we can show
you what to do, if you bring the correct MAC address details with you we
can set the scripts on the box to automatically set the correct MAC
address so that it should just work when you take it home. It would also
be a good idea to explain how TCP/IP and Ethernet networks actually
works and explain some of the basic concepts of networking.

David






On Fri, 2002-09-27 at 22:32, Tony Martin wrote:
> Installed both .99 and the new beta 2, but can't seem to connect. It amy be
> something funny with NTL, but I could not even get to remote smoothwall.
> Shame, I have a nice P75 just waiting to do the job  8)
> 
> Tony
> 
> 
> _______________________________________________
> Sderby mailing list
> Sderby@mailman.lug.org.uk
> http://mailman.lug.org.uk/mailman/listinfo/sderby
> Web site: http://sderby.lug.org.uk/
> wiki: http://www.sderby.lug.org.uk/cgi-bin/wiki.pl