Background, especially for non-South Africa readers: Bandwidth in South Africa is ridiculously expensive, especially International bandwidth. The point of this exercise is that we can buy "local-only" DSL accounts which only connect to South African networks. E.g. I have an account that gives me 30GB of local traffic / month, for the same cost as 2.5GB of International traffic account. Normally you'd change your username and password on your router to switch account when you wanted to do something like an Debian apt-upgrade, but that's irritating. There's no reason why you can't have a Linux-based router concurrently connected to both accounts via the same ADSL line.
Firstly, we have a DSL modem. Doesn't matter what it is, it just has to support bridged mode. If it won't work without a DSL account, you can use the Telkom guest account. My recommendation for a modem is to buy a Telkom-branded Billion modem (because Telkom sells everything with really big chunky, well-surge-protected power supplies).
For the sake of this example, we have the modem (IP 10.0.0.2/24) plugged into eth0 on our server, which is running Debian or Ubuntu, doesn't really matter much - personal preference. The modem has DHCP turned off, and we have our PCs on the same ethernet segment as the modem. Obviously this is all trivial to change.
You need these packages installed:
You need ppp interfaces for your providers. I created /etc/ppp/peers/intl-dsl:
/etc/ppp/peer/local-dsl:
unit 1 makes a connection always bind to "ppp1". Everything else is pretty standard. Note that only the international connection forces a default route.
To /etc/ppp/pap-secrets I added my username and password combinations:
Now for some magic. I create /etc/ppp/ip-up.d/20routing to set up routes when a connection comes up:
That script loads routes from /etc/network/routes-intl-dsl and /etc/network/routes-local-dsl. It also sets up source routing so that incoming connections work as expected.
Now, we need those route files to exist and contain something useful. Create the script /etc/cron.daily/za-routes (and make it executable):
It downloads the routes file from alm.za.net and converts it to a suitable format. Run it now to seed that file.
Now some International-only routes. I use IS local DSL, so SAIX DNS queries should go through the SAIX connection even though the servers are local to ZA.
My /etc/network/routes-intl-dsl contains SAIX DNS servers and proxies:
Now we can tell /etc/network/interfaces about our connections so that they can get brought up automatically on bootup:
For DNS, I use dnsmasq, hardcoded to point to IS & SAIX upstreams. My machine's /etc/resolv.conf just points to this dnsmasq.
So something like /etc/resolv.conf:
/etc/dnsmasq.conf:
Finally, you'll need masquerading set up in your firewall. Here is a trivial example firewall, put it in /etc/network/if-up.d/firewall and make it executable. You should probably change it to suit your needs or use something else, but this should work:
Background, especially for non-South Africa readers: Bandwidth in South Africa is ridiculously expensive, especially International bandwidth. The point of this exercise is that we can buy "local-only" DSL accounts which only connect to South African networks. E.g. I have an account that gives me 30GB of local traffic / month, for the same cost as 2.5GB of International traffic account. Normally you'd change your username and password on your router to switch account when you wanted to do something like an Debian apt-upgrade, but that's irritating. There's no reason why you can't have a Linux-based router concurrently connected to both accounts via the same ADSL line.
Firstly, we have a DSL modem. Doesn't matter what it is, it just has to support bridged mode. If it won't work without a DSL account, you can use the Telkom guest account. My recommendation for a modem is to buy a Telkom-branded Billion modem (because Telkom sells everything with really big chunky, well-surge-protected power supplies).
For the sake of this example, we have the modem (IP 10.0.0.2/24) plugged into eth0 on our server, which is running Debian or Ubuntu, doesn't really matter much - personal preference. The modem has DHCP turned off, and we have our PCs on the same ethernet segment as the modem. Obviously this is all trivial to change.
You need these packages installed:
You need ppp interfaces for your providers. I created /etc/ppp/peers/intl-dsl:
/etc/ppp/peer/local-dsl:
unit 1 makes a connection always bind to "ppp1". Everything else is pretty standard. Note that only the international connection forces a default route.
To /etc/ppp/pap-secrets I added my username and password combinations:
Now for some magic. I create /etc/ppp/ip-up.d/20routing to set up routes when a connection comes up:
That script loads routes from /etc/network/routes-intl-dsl and /etc/network/routes-local-dsl. It also sets up source routing so that incoming connections work as expected.
Now, we need those route files to exist and contain something useful. Create the script /etc/cron.daily/za-routes (and make it executable):
It downloads the routes file from alm.za.net and converts it to a suitable format. Run it now to seed that file.
Now some International-only routes. I use IS local DSL, so SAIX DNS queries should go through the SAIX connection even though the servers are local to ZA.
My /etc/network/routes-intl-dsl contains SAIX DNS servers and proxies:
Now we can tell /etc/network/interfaces about our connections so that they can get brought up automatically on bootup:
For DNS, I use dnsmasq, hardcoded to point to IS & SAIX upstreams. My machine's /etc/resolv.conf just points to this dnsmasq.
So something like /etc/resolv.conf:
/etc/dnsmasq.conf:
Finally, you'll need masquerading set up in your firewall. Here is a trivial example firewall, put it in /etc/network/if-up.d/firewall and make it executable. You should probably change it to suit your needs or use something else, but this should work:
I remember once trying Google Reader, just after it launched, and very quickly deciding that I couldn’t stand it, and I’d stick to Liferea.
Recently, however, Liferea has been giving me trouble. It’s been incredibly unstable, and I’d often forgot to run a transparent proxy on my laptop when in restrictive environments, so it’d miss lots of posts and generally be un-happy. The instability I fixed by exporting an OPML list, wiping the configuration, and re-loading, but that was a ball-ache to do. While I was bitching about this, Vhata pushed me to try Google Reader again.
I was pleasantly surprised. It works well, and I didn’t find it oppressive. That doesn’t mean it’s perfect, I’d like to see the following things improved:
Some cool things it does that lifera doesn’t:
I’m converted. Google Reader really is good.
/me gets on with reading feeds…
]]>I remember once trying Google Reader, just after it launched, and very quickly deciding that I couldn’t stand it, and I’d stick to Liferea.
Recently, however, Liferea has been giving me trouble. It’s been incredibly unstable, and I’d often forgot to run a transparent proxy on my laptop when in restrictive environments, so it’d miss lots of posts and generally be un-happy. The instability I fixed by exporting an OPML list, wiping the configuration, and re-loading, but that was a ball-ache to do. While I was bitching about this, Vhata pushed me to try Google Reader again.
I was pleasantly surprised. It works well, and I didn’t find it oppressive. That doesn’t mean it’s perfect, I’d like to see the following things improved:
Some cool things it does that lifera doesn’t:
I’m converted. Google Reader really is good.
/me gets on with reading feeds…
]]>The event was really good. I haven’t been very involved in the organising, and didn’t come prepared with a talk (just equipment). At the start, it felt like there were never going to be enough talks to keep us going, but as soon as it started, it began rolling, and continued for 2 days. The talks were varied, from technical, to psychological, to practical. I was really impressed. The quality of the talks was quite high - I was rarely bored (although I did have IRC distractions).
As usual, I had Jonathan Carter’s camera, and videoed everything. I’m going to go home to around 8 hours of video that needs editing, synchronizing, encoding, and uploading to archive.org. It’ll take a while, guys, be patient.
Today, I got involved with setting up the lab for practical demos. We had 9 PCs lent, and needed Ubuntu on them. Of course, the natural approach is netinstall - I’m familiar with netinstalling Ubuntu, and it is a great way to set up a pile of computers. However, we ran into problem after problem.
router DHCP option. This seemed to break dnsmasq - PCs stopped accepting leases and DHCPDECLINED them. I’ve never seen that before. So I had to route through my laptop - no biggie.So, lesson for next time, test your netboot setup in advance, don’t assume that a mirror will be in working shape. We should have set up the lab on day one, for use on day 2.
The upshot of this is that I didn’t see any talks today (excepting a practical in the lab, on scribus, once it was up). I’ll have to watch the videos later.
Now, I’m going to enjoy a few days in Arniston, and then come home to graduate.
]]>The event was really good. I haven’t been very involved in the organising, and didn’t come prepared with a talk (just equipment). At the start, it felt like there were never going to be enough talks to keep us going, but as soon as it started, it began rolling, and continued for 2 days. The talks were varied, from technical, to psychological, to practical. I was really impressed. The quality of the talks was quite high - I was rarely bored (although I did have IRC distractions).
As usual, I had Jonathan Carter’s camera, and videoed everything. I’m going to go home to around 8 hours of video that needs editing, synchronizing, encoding, and uploading to archive.org. It’ll take a while, guys, be patient.
Today, I got involved with setting up the lab for practical demos. We had 9 PCs lent, and needed Ubuntu on them. Of course, the natural approach is netinstall - I’m familiar with netinstalling Ubuntu, and it is a great way to set up a pile of computers. However, we ran into problem after problem.
router DHCP option. This seemed to break dnsmasq - PCs stopped accepting leases and DHCPDECLINED them. I’ve never seen that before. So I had to route through my laptop - no biggie.So, lesson for next time, test your netboot setup in advance, don’t assume that a mirror will be in working shape. We should have set up the lab on day one, for use on day 2.
The upshot of this is that I didn’t see any talks today (excepting a practical in the lab, on scribus, once it was up). I’ll have to watch the videos later.
Now, I’m going to enjoy a few days in Arniston, and then come home to graduate.
]]>Currently the savvy users out there use hacks like mine to least-cost-route local traffic over cheaper IS “Local-Only” accounts (like these). Hell, even ISPs route their clients’ local traffic over the IS Local-Only accounts.
From what I’ve heard from the friendly frogs, Telkom are really just going to keep it simple, and implement the equivalent of IS DSL accounts, where after you get capped, you get another, local-only cap. This can be implemented with Radius only, and will (to some extent) prevent the service from being abused be everybody.
So yes, we all still need our separate IS Local-Only accounts, and do our own LCR.
Anybody who thinks Telkom is doing any good for South Africa, go and sit in a corner now!
]]>Currently the savvy users out there use hacks like mine to least-cost-route local traffic over cheaper IS “Local-Only” accounts (like these). Hell, even ISPs route their clients’ local traffic over the IS Local-Only accounts.
From what I’ve heard from the friendly frogs, Telkom are really just going to keep it simple, and implement the equivalent of IS DSL accounts, where after you get capped, you get another, local-only cap. This can be implemented with Radius only, and will (to some extent) prevent the service from being abused be everybody.
So yes, we all still need our separate IS Local-Only accounts, and do our own LCR.
Anybody who thinks Telkom is doing any good for South Africa, go and sit in a corner now!
]]>