Home
 
 Technical Notes
 
 DPSG-STR
 
Technical Abbreviations Database
 
 
 
TN0012: Setting up an ADSL connection using a D-Link DI-804 as a firewall/router
 
This technical note describes how to set up your system in order to access the Internet in Germany, using a D-Link DI-804 Ethernet Broadband Router, using Deutsche Telekom's ADSL offer (T-DSL) and the T-Online dsl flat plan with a Microsoft Windows XP Professional computer.
 
Before you start
 
Read whatever you can about the technology. The links at the bottom of this document are a good starting point. Also, talk to other people who already have DSL. Ask them about their configuration, and what problems they ran into.
 
Why use a router/firewall combination?
 
It's simple. If you connect your computer directly to the DSL modem, then you're directly connected to the hostile Internet environment. And it will take about ten minutes for you to get attacked. If your computer is not patched to the hilt, they'll get you. This is why you need a firewall, at the very least.
 
Hardware configuration
 
The splitter was sent to me by Deutsche Telekom. There really was no choice here; I had to install it. The box calls it a BBAE-CD, TAE-AsK. One end connects to the analog phone line and the other to the DSL modem.
 
For a DSL-modem, I picked Deutsche Telekom's Teledat 300 LAN. There are three reasons. (1) Competing models are sold at pretty much the same price. (2) It is known to work, so why should I get something else and risk having a component that doesn't work, (a variation on the "If it ain't broke, don't fix it" argument). (3) I could pick between a USB and a LAN version. I picked the LAN version since it can be connected to all kinds of computers (Mac, Linux, PC, etc.) because it uses the PPPoE protocol. The USB version only works with a computer that has the appropriate driver software installed, which excludes the Mac or old Linux computers. Installation was easy. I connected one end to the splitter and the other end to my D-Link DI-804 Cable/DSL Internet Gateway.
 
For a Firewall/Router, I picked the D-Link DI 804 Cable/DSL Internet Gateway. I connected the cable coming from the DSL-modem to WLAN port of the router and I connected my Windows XP PC to the first LAN port ("1X"). That was it, as far as the hardware and cables were concerned. I picked the D-Link brand because it was recommended on a mailing list by somebody whose posts I valued. There are other companies, for example SMC ("Barricade") or Linksys, that sell similar devices. The DI-804 is a nifty combination of a 4-Port Ethernet switch, a DHCP server (and client, when connected to a WAN), a DSL Router, NAT functionality, and a firewall. D-Link sells a whole assortment of similar devices with additional functionality. If you want to add a printer to your network or you want Wi-Fi, you can pick other models from their catalog.
 
Turning everything on the first time
 
These devices are pretty intelligent. In order to make maximum use of their built-in intelligence and in order to reduce your problems, turn them on in the following order:
  1. The splitter is a passive device and doesn't need to be turned on.
  2. Turn on the DSL modem. Watch the LEDs. The first time you turn it on, the device will perform a long self-test. Wait for the Power LED to turn green and stay green. The Sync LED will start out red, then start blinking. After a few minutes it will stop blinking and stay green. The manual says this might take as much as ten minutes, so be patient. If after ten minutes the LED is still red (or blinking), you have a physical problem with the line between your modem and Deutsche Telekom's computers, which you can't fix. Call Telekom. If the SYNC light stays green permanently, then T-DSL is working.
  3. Turn on the DI-804 Router. Now look at the DSL-modem. The LED labeled "10BaseT" should have turned green. If this is not the case, there is a problem with the cable between the DSL modem and the router. If it is green, then the connection to your router is working.
  4. Turn on your PC. On your DI-804 router, you should see LED #1 under "Ethernet" turn green.

 
Computer configuration
 
If you haven't done it already, install drivers for your network card. In the network settings, you need to set everything to "Local Area Network". Activate DHCP (Dynamic Host Configuration Protocol). On Windows machines, you have to go to "TCP/IP Properties", select the tab labeled "IP Address" and activate "Obtain an IP address automatically". That's all.
 
Router configuration
 
This is the only tricky part.
  1. Start up your browser. Point it to http://192.168.0.1/ . A dialog box will come up asking you for a user name and a password. As user name, use "admin". Leave the password field empty. These are the default factory settings for the DI-804.
  2. Select "Setup Wizzard".
  3. You will be asked if you have Cable, DSL Modem or Ethernet. Click on DSL modem.
  4. You will be asked if you connect to your DSL provider using PPPoE. Select "Yes".
  5. You will be asked for a Login Name and a Password. This is the only difficult part in the whole process. The account information from T-Online contains a 12 digit number labeled "Anschlußkennung". It looks something like "000123456789". This is the first part of your login name. Then look for the 12 digit number called "T-Online Nummer". This looks like "520098765432". This is the second part of your login name. Then look for a 4 digit number called "Mitbenutzernummer". This is almost always "0001". This is the third part of your login name. Then add "@t-online.de". You should end up with a string consisting of 28 digits, followed by "@t-online.de", such as in our example, "0001234567895200987654320001@t-online.de". This is the "Login Name" you have to enter. In the Password field, you have to enter the string that is designated as your "Persönliches Kennwort". Leave the "scheduler" field empty. For "Idle Timeout", I chose 180 seconds. Click on "Next".
  6. On the "Specific Application Support" page, disable all applications. Trust me. You don't want any of those. They're all just security risks. Press "Next".
  7. On the "System Password" page, you can change the password that is used for accessing the router setup pages. Leave the "old password" field empty, since this is the factory setting. Choose a new password and enter it. Press "Next".
  8. You'll get a "Congratulations" page with a "Finish" button on the bottom. Press this button, so that the router can reboot with the new settings in effect.
  9. Reboot your computer. That's it. Everything should work now.
  10. Start up your browser. Type in an Internet address, like http://www.wpkn.org/. Your computer will now try to contact www.wpkn.org. The router will, in turn, connect to the DSL modem and establish an Internet connection. It should only take a second or two to display the home page of a very good, non-commercial, radio station.

 
Recommended Software
 
Hackers mainly target Microsoft software with their worms and viruses, so in order to protect yourself, you should replace their programs by less risky alternatives. Here is what I like.
 
E-mail client: I like The Bat!. It comes with its own HTML renderer and in this way, is immune to MS Outlook worms.
 
Compuserve Classic Client: I have installed Virtual Access for this purpose. It's so old, that it doesn't know about HTML, which is great, from a security point of view.
 
Newsgroups: This is done by Virtual Access, too.
 
FTP: FTP Explorer is my personal favourite.
 
SSH: I use Putty for that.
 
Anti Virus Software: I prefer McAffee Virus Scan.
 
Browser: I haven't gotten around to replacing this, but I have set the security settings to "paranoid".
 

 
Useful links
 
I learned a lot about DSL, T-DSL, and especially about the composition of the account name from these Linux- and BSD-related pages:
 
http://www.beekay.de/4/linux/server/tdsl.html
 
http://www.adsl4linux.de/howtos/rp-pppoe.php?PROVIDER=T-Online&DIST=Deb30
 
http://www.smaximum.de/smaximum/vpn/doc/pppoe.htm
 

 
Document History
 
First Version: October 04, 2002

 
Questions?
 
If you have any questions, please send e-mail to Carsten Kuckuk at .