TN0012: Setting up an ADSL connection using a D-Link DI-804 as a firewall/router
This technical note describes how to set up your system in order to access the Internet in Germany, using a D-Link DI-804 Ethernet Broadband Router, using Deutsche Telekom's ADSL offer (T-DSL) and the T-Online dsl flat plan with a Microsoft Windows XP Professional computer.
Before you start
Read whatever you can about the technology. The links at the bottom of this document are a good starting point. Also, talk to other people who already have DSL. Ask them about their configuration, and what problems they ran into.
Why use a router/firewall combination?
It's simple. If you connect your computer directly to the DSL modem, then you're directly connected to the hostile Internet environment. And it will take about ten minutes for you to get attacked. If your computer is not patched to the hilt, they'll get you. This is why you need a firewall, at the very least.
The splitter was sent to me by Deutsche Telekom. There really was no choice here; I had to install it. The box calls it a BBAE-CD, TAE-AsK. One end connects to the analog phone line and the other to the DSL modem.
For a DSL-modem, I picked Deutsche Telekom's Teledat 300 LAN. There are three reasons. (1) Competing models are sold at pretty much the same price. (2) It is known to work, so why should I get something else and risk having a component that doesn't work, (a variation on the "If it ain't broke, don't fix it" argument). (3) I could pick between a USB and a LAN version. I picked the LAN version since it can be connected to all kinds of computers (Mac, Linux, PC, etc.) because it uses the PPPoE protocol. The USB version only works with a computer that has the appropriate driver software installed, which excludes the Mac or old Linux computers. Installation was easy. I connected one end to the splitter and the other end to my D-Link DI-804 Cable/DSL Internet Gateway.
For a Firewall/Router, I picked the D-Link DI 804 Cable/DSL Internet Gateway. I connected the cable coming from the DSL-modem to WLAN port of the router and I connected my Windows XP PC to the first LAN port ("1X"). That was it, as far as the hardware and cables were concerned. I picked the D-Link brand because it was recommended on a mailing list by somebody whose posts I valued. There are other companies, for example SMC ("Barricade") or Linksys, that sell similar devices. The DI-804 is a nifty combination of a 4-Port Ethernet switch, a DHCP server (and client, when connected to a WAN), a DSL Router, NAT functionality, and a firewall. D-Link sells a whole assortment of similar devices with additional functionality. If you want to add a printer to your network or you want Wi-Fi, you can pick other models from their catalog.
Turning everything on the first time
These devices are pretty intelligent. In order to make maximum use of their built-in intelligence and in order to reduce your problems, turn them on in the following order:
If you haven't done it already, install drivers for your network card. In the network settings, you need to set everything to "Local Area Network". Activate DHCP (Dynamic Host Configuration Protocol). On Windows machines, you have to go to "TCP/IP Properties", select the tab labeled "IP Address" and activate "Obtain an IP address automatically". That's all.
This is the only tricky part.
Hackers mainly target Microsoft software with their worms and viruses, so in order to protect yourself, you should replace their programs by less risky alternatives. Here is what I like.
E-mail client: I like The Bat!. It comes with its own HTML renderer and in this way, is immune to MS Outlook worms.
Compuserve Classic Client: I have installed Virtual Access for this purpose. It's so old, that it doesn't know about HTML, which is great, from a security point of view.
Newsgroups: This is done by Virtual Access, too.
FTP: FTP Explorer is my personal favourite.
SSH: I use Putty for that.
Anti Virus Software: I prefer McAffee Virus Scan.
Browser: I haven't gotten around to replacing this, but I have set the security settings to "paranoid".
I learned a lot about DSL, T-DSL, and especially about the composition of the account name from these Linux- and BSD-related pages:
First Version: October 04, 2002
If you have any questions, please send e-mail to Carsten Kuckuk at .