Setting up Satellite Internet Connection: Difference between revisions

From Alpine Linux
m (Article is obsolete.)
 
(50 intermediate revisions by 7 users not shown)
Line 1: Line 1:
{{Obsolete|Most satellite internet connections in modern times are using USB, 802.3 or 802.11-based connections to the computer meaning there's no need to use DVB-S related software... Also the linuxtv-dvb-apps is not in current versions of Alpine, can v4l-utils-dvbv5 be used instead???}}
[[Category:Networking]]
= Satellite Internet Connection HOW-TO =
= Satellite Internet Connection HOW-TO =


== Introduction ==
== Introduction ==


This document briefly explains Satellite technology, how it works, what do you need, configuration and how to sharing it between several clients. So the main focus is the Internet connection, satellite TV is not reviewed.
This document briefly explains Satellite technology, how it works, what you need, configuration, and how to share it between several clients. The main focus is an Internet connection, i.e. satellite TV is not covered.


== How does it work? ==
== How does it work? ==


So first we make the request (using land Internet connection) to the Sat-Server usually via a tunnel, after it will retrieve out info from Internet and it will send it to Satellite; in the end we would receive data from the it to our home using a parabolic antenna and a Sat Card.   
First we make the request (using a land Internet connection) to the Sat-Server usually via a tunnel. It will retrieve our info from the Internet and send it to the Satellite. Ultimately, we'll receive data from the satellite to our home using a parabolic antenna and a Sat Card.   


Satellite works very well with protocols, which have a little request data and a much bigger answer size. Although, a big time of answer is the biggest problem of satellite connection that may prevent using interactive services such as VoIP. The delay of answer may be considered basing on that a typical Sat distance is like 36.000 km, so an average overall delay time is 300-400 ms.   
Satellite works very well with protocols which have a small request data size and a much larger answer size. Large response delay is the biggest problem with satellite internet service. That may prevent using interactive services such as VoIP. The delay is caused by the distance the satellite is from the earth's surface,
typically 36000 km. Average overall delay time is 300-400 ms.   


To install the little satellite system we need:
To install the satellite system we need:


* DVB-S Card
* DVB-S Card
* Parabolic Antenna (Satellite Dish)
* Parabolic Antenna (Satellite Dish)
* LNB Digital Converter  
* LNB Digital Converter


== Technical Information ==
== Technical Information ==


A satellite link as a classical Wireless link is very different from Wired link. It may cause some additional problems to solve, such as reachability, privacy problems and so on. Also there could be weather problems, particularly in snow or rain conditions.   
A satellite link as is very different from Wired link. It may cause additional problems such as reachability, privacy, etc. There could also be weather related problems, particularly in snow or rain conditions.   


=== Antenna / Converter ===
=== Antenna / Converter ===
   
   
A parabolic antenna gives a very high gain in RX. A frequency that is being received from the satellite transponder is from 11GHz up to 12.7 GHz. The Digital Converter transforms it to 1-2 GHz and send signal to the DVB-S card receiver through the coax cable up to 30-40m. This documents assumes that your parabolic antenna is properly mounted and calibrated as well as proper converter (usually Ku-band) is used.
A parabolic antenna has a very high gain. The satellite transponder frequency is from 11 GHz to 12.7 GHz. The Digital Converter translates it to 1-2 GHz and sends the signal to a DVB-S card receiver through as much as 30-40 km of coaxial cable. This document assumes your parabolic antenna is properly mounted and boresighted as well as the proper converter (usually Ku-band) is used.


=== DVB-S Receiver Card ===   
=== DVB-S Receiver Card ===   


DVB-S card receives analog signals via coax cable and converts it to digital signals pretty like Ethernet card, after that the OS transforms it to a TCP/IP packets.
DVB-S card receives analog signals via coax cable and converts them to digital signals similar to those found on an Ethernet. After that, the OS transforms it to TCP/IP packets.


== DVB Setup ==
== DVB Setup ==


'''1. Install DVB-S Card and check if system recognized it'''
===Install DVB-S Card and check if system recognized it===


Please note, that in most cases you need PCI version 2.1 or higher (check DVB card specifications). In practice it is Pentium-III or later systems.
Note: in most cases you need PCI version 2.1 or later (check your DVB card specifications) i.e. a Pentium-III or newer system.


  # lspci | grep -i "multimedia controller"
{{Cmd|lspci | grep -i "multimedia controller"}}


'''2. Make sure that kernel modules are loaded'''
===Make sure that kernel modules are loaded===


You have to use Alpine 1.7.10 release and higher that should load appropriate kernel modules for DVB card on startup. You may check if DVB devices are installed.
You must use Alpine 1.7.10 release or newer that should load appropriate kernel modules for DVB card on startup. To check if DVB devices are installed, run:


  # ls -la /dev/dvb*
{{Cmd|ls -la /dev/dvb*}}


'''3. Install LinuxTV Applications'''
===Install LinuxTV Applications===
    
    
  # apk_add linuxtv-dvb-apps
{{Cmd|apk_add linuxtv-dvb-apps}}
 
===Create and edit file ''channels.conf''===
 
channels.conf contains settings for each Satellite you are using. For example the satellite ''Sirius-4 Nordic Beam'' has the following parameters:
 
* Freq - 12322Mhz
* Polarization - vertical
* Symbol Rate - 27.654711Ms/s
* FEC -7/8.
 
You'll need to get the parameters from your ISP or find them on the Internet.
The following example is for "Sirius-4 Nordic Beam":
 
{{Cmd|echo "Sirius4-Nord:12322:v:0:27500:0:0:0" >> /etc/channels.conf}}
 
===Tune DVB Receiver===


'''4. Create and edit file ''channels.conf'''''
Check configured channels:


This file contains settings for each Satellite you are using. For example the satellite ''Sirius-2 Nordic Beam'' has the following parameters: Freq - 12322Mhz, Polarization - vertical, Symbol Rate - 27.670213Ms/s. All parameters you have to receive from ISP or find in the Internet. Please look at [http://www.sat2k.com/ivs.htm Satellite Parameters] and [http://www.ses-sirius.com/english/ SES SIRIUS]. The following example is for Sirius-2 Nordic Beam:
{{Cmd|szap -c /etc/channels.conf -q}}


  # echo "Sirius2-Nord:12322:v:0:27670:0:0:0" >> /etc/channels.conf
Tune to channel number 001:


Please, note,that the satellite Sirius-2 will be off soon, Sirius-4 has been lunched instead.
{{Cmd|szap -c /etc/channels.conf -n 1}}


'''5. Tune DVB Receiver'''
In some cases you may need to run this command permanently in the background because of a bug in the kernel modules for some dvb cards.


  # szap -c /etc/channels.conf -n 0
* Option A:


In some cases you may need to run this command permanently in background because of a bug kernel modules for some dvb cards.
{{Cmd|szap -c /etc/channels.conf -n 1 > /dev/null 2>&1 &}}


  # szap -c /etc/channels.conf -n 0 > /dev/null 2>&1 &
* Option B:


'''6. Set up DVB network interface'''
{{Cmd|start-stop-daemon --start --background --exec /usr/bin/szap -- -c /etc/channels.conf -n 1}}


Your ISP provides you the PID, which is used for select a transmission between many signal from same frequency.
===Set up DVB network interface===


  # dvbnet -a 0 -p $PID
Your ISP provides you the PID, which is used for select a particular transmission from many signals on the same frequency.


  # ifconfig dvb0_0 hw ether $MAC
{{Cmd|dvbnet -a 0 -p $PID}}
  # ifconfig dvb0_0 $IP up


Here $IP is any IP address, which does not match with any other your network. The $MAC you specify here is usually the MAC address of your DVB card, in some cases ISP calculates MAC address for you. In any case ISP sends data only for registered MAC addresses.
{{Cmd|ifconfig dvb0_0 hw ether $MAC
ifconfig dvb0_0 $IP netmask 255.255.255.255 up}}


Due to nature of satellite connection, the dvb interface receives packets, which have been originated from other sources, actually ether land internet connection interface or, in most cases, from virtual tunnel device. So in order to allow receive such packets the source validation should be disabled on dvb0_0 interface.
Here $IP is any IP address, which does not match any address on your network. The $MAC you specify here is usually the MAC address of your DVB card, in some cases ISP supplies MAC address for you. In any case, the ISP sends data only for registered MAC addresses.


  # echo "0" > /proc/sys/net/ipv4/conf/dvb0_0/rp_filter  
Due to the nature of a satellite connection, the DVB interface receives packets, which have originated from other sources, usually from either a land internet connection or, in most cases, from a virtual tunnel device. In order receive such packets, the source validation should be disabled on the dvb0_0 interface.  


'''7. Test if Satellite is receiving data'''
{{Cmd|echo "0" > /proc/sys/net/ipv4/conf/dvb0_0/rp_filter}}
 
Another way to achieve that is to allow shorewall to control it using ROUTE_FILTER and routefilter parameters.
 
===Test if satellite interface is receiving data===


You should see many packets for other clients of your ISP.
You should see many packets for other clients of your ISP.


  # apk_add tcpdump
{{Cmd| apk add tcpdump}}
  # tcpdump -n -i dvb0_0
{{Cmd|tcpdump -n -i dvb0_0}}


== Authentication with ISP ==
== Authentication with ISP ==


Before you receive your data via satellite your ISP should authenticate you as their registered client. There are several common techniques could be used:
Before you receive your data via satellite, your ISP should authenticate you as their registered client. There are several common techniques in use:


* Some ISPs use the "Proxy Authentication", when you used their proxy, you also need to give login and password to continue the request. Once done, the ISP use your IP address to calculate your MAC address, to which send the answer.   
* Some ISPs use "Proxy Authentication." When you use their proxy, you also need to supply a login name and password to continue the request. Once done, the ISP uses your IP address to calculate your MAC address, to which it sends the answer.   


* Some other ISPs require you make a VPN connection (using your login and password) first, then they will control your registration account (where they retrieve your MAC address) and will send data to your card (your MAC address).   
* Other ISPs require you to make a VPN connection (using your login and password) first, then they will control your registration account (where they retrieve your MAC address) and will send data to your card (your MAC address).   


* If you have static public IP, perhaps, the most convenient way is when ISPs suggest making a GRE/IPIP tunnel, which is used to sent authenticated requests to ISP satellite server. Consequently ISP sends back answers via satellite you are connected to.
* If you have a static public IP, perhaps the most convenient way is when ISPs suggest making a GRE/IPIP tunnel which is used to send authenticated requests to the ISP's satellite server. Subsequently, the ISP sends replies via the satellite you are connected to.


Here is an example of setting up GRE tunnel with a ISP:
Here is an example of setting up GRE tunnel with an ISP:


'''1. Make static routes'''
===Make static routes===


All queries to DNS servers of your land ISP should go via land line.
All queries to DNS servers of your land ISP should go via land line.


  # route add $DNS1 gw $DEFAULT_LAND_GATEWAY
{{Cmd|route add $DNS1 gw $DEFAULT_LAND_GATEWAY}}
  # route add $DNS2 gw $DEFAULT_LAND_GATEWAY
{{Cmd|route add $DNS2 gw $DEFAULT_LAND_GATEWAY}}


GRE packets should always go via land default gateway.   
GRE packets should always go via land default gateway.   


  # route add $SAT_ISP_GRE_IP gw $DEFAULT_LAND_GATEWAY
{{Cmd|route add $SAT_ISP_GRE_IP gw $DEFAULT_LAND_GATEWAY}}
 
It is assumed that $DEFAULT_LAND_GATEWAY is the default gateway given by the land ISP, $DNSx are your DNS servers provided by the land ISP and $SAT_ISP_GRE_IP is the remote IP of the satellite ISP's GRE tunnel.


Make new default route that goes via tunnel interface. So most requests will go via GRE tunnel to satellite ISP with source IP as $LOCAL_TUN_IP. Answers expected via dvb interface for destination IP as $LOCAL_TUN_IP.
Changes of default route will be made after a tunnel interface is created.


  # route del default
===Make GRE tunnel and set up the tunnel interface===
  # route add default dev tun0


It is assumed that $DEFAULT_LAND_GATEWAY is default gateway given by the land ISP, $DNSx are your DNS servers provided by the land ISP and $SAT_ISP_GRE_IP is remote IP of GRE tunnel of the satellite ISP.
{{Cmd|apk_add iproute2}}


'''2. Make GRE tunnel and setup tunnel interface'''
{{Cmd|modprobe ip_gre}}
{{Cmd|modprobe tun}}


  # modprobe ip_gre
{{Cmd|ip tunnel add tun0 mode gre local $MY_STATIC_IP remote $SAT_ISP_GRE_IP ttl 250}}
  # modprobe tun
{{Cmd|ifconfig tun0 $LOCAL_TUN_IP pointopoint $REMOTE_TUN_IP up}}


  # ip tunnel add tun0 mode gre local $MY_STATIC_IP remote $SAT_ISP_GRE_IP ttl 250
Tunnel Parameters, such as $SAT_ISP_GRE_IP, $LOCAL_TUN_IP and $REMOTE_TUN_IP are provided by the satellite ISP.
  # ifconfig tun0 $LOCAL_TUN_IP pointopoint $REMOTE_TUN_IP


Parameters of a tunnel such as $SAT_ISP_GRE_IP, $LOCAL_TUN_IP, $REMOTE_TUN_IP are provided by the satellite ISP.
Now make a new default route that uses the tunnel interface. Most requests will go to the satellite ISP via the GRE tunnel with a source IP of $LOCAL_TUN_IP. Answers are expected via the DVB interface for the destination IP $LOCAL_TUN_IP.


'''3. Test Internet Connectivity
{{Cmd|route del default}}
{{Cmd|route add default dev tun0}}


  # ping wiki.alpinelinux.org
===Test satellite internet connectivity===


  # tcpdump -n -i tun0
{{Cmd|ping wiki.alpinelinux.org}}
  # tcpdump -n -i dvb0_0 host $LOCAL_TUN_IP


== Sharing Internet Connection ==
{{Cmd|tcpdump -n -i tun0}}
{{Cmd|tcpdump -n -i dvb0_0 host $LOCAL_TUN_IP}}


It is assumed that we need to share the satellite internet with clients in a local network that already is connected via second Ethernet interface to satellite internet machine. This requires enabling IP forwarding, set up simple SNAT masquerading and traffic filtering rules. The easiest way is to use Shorewall for that purpose.
== Sharing a Satellite Internet Connection ==


''' 1. Install shorewall'''
It is assumed we need to share the satellite internet with clients in a local network connected via a second Ethernet interface to a satellite internet machine. This requires enabling IP forwarding and setting up simple SNAT masquerading and traffic filtering rules. The easiest way is to use Shorewall for that purpose.
===Install shorewall===


  # apk_add shorewall
{{Cmd|apk add shorewall}}


'''2. Set up ''shorewall.conf'''''
===Set up ''shorewall.conf''===


   IP_FORWARDING=yes
   IP_FORWARDING=yes
Line 146: Line 173:
   CLAMPMSS=Yes # See '''RFC2923'''
   CLAMPMSS=Yes # See '''RFC2923'''


'''3. Set up ''zones'''''
===Set up ''zones''===


   inet ipv4
   inet ipv4
Line 153: Line 180:
   dvb  ipv4
   dvb  ipv4


'''4. Set up ''interfaces'''''
===Set up ''interfaces''===


   loc  eth1    detect  routefilter
   loc  eth1    detect  routefilter
Line 160: Line 187:
   dvb  dvb0_0  -     
   dvb  dvb0_0  -     


'''5. Set up ''policy'''''
===Set up ''policy''===


   loc  all  REJECT  info
   loc  all  REJECT  info
Line 166: Line 193:
   all  all  DROP    info
   all  all  DROP    info


'''6. Set up SNAT masquerading in ''masq'''''
===Set up SNAT masquerading in ''masq''===


   tun0  eth1
   tun0  eth1


'''7. Set up ''rules'''''
===Set up ''params''===
 
  #This IP address are provided by the satellite ISP
  SAT_ISP_GRE_IP=
  LOCAL_TUN_IP=
 
===Set up ''rules''===


   SECTION ESTABLISHED
   SECTION ESTABLISHED
Line 181: Line 214:
   DNS/ACCEPT    fw  inet
   DNS/ACCEPT    fw  inet
   Ping/ACCEPT  fw  inet
   Ping/ACCEPT  fw  inet


   #Allow Web/FTP queries via GRE tunnel to ISP
   #Allow Web/FTP queries via GRE tunnel to ISP
Line 191: Line 223:
   Ping/ACCEPT  fw  tun           
   Ping/ACCEPT  fw  tun           
   Ping/ACCEPT  pr  tun
   Ping/ACCEPT  pr  tun
 
===Set up ''tunnels''===
'''8. Set up ''tunnels'''''


   gre  inet  $SAT_ISP_GRE_IP
   gre  inet  $SAT_ISP_GRE_IP
Line 198: Line 229:
== Conclusion ==
== Conclusion ==


This document reviewed just basic ideas how to setup and share satellite internet connection. Further releases of Alpine Linux will include start up and configuration scripts.
This document reviewed just basic ideas how to setup and share satellite internet connection. Further releases of Alpine Linux will include start up and configuration scripts (see Mailing Lists). Note, that more advanced traffic routing is beyond of scope of this document.
 
Another advanced topic that is beyond of scope is how to use remote proxy/VPN services to protect/encrypt your Satellite traffic against grabbers. This configuration may protect HTTP/POP3 and other types of data against unauthorized grabbing with attempts to sniff personal mail, electronic addresses and other information.


== More information  ==
== More information  ==


[http://en.wikipedia.org/wiki/Satellite_dish Satellite Dish]
* [https://en.wikipedia.org/wiki/Satellite_dish Satellite Dish]
[http://en.wikipedia.org/wiki/Ku_band Ku-band]
* [https://en.wikipedia.org/wiki/Ku_band Ku-band]
[http://www.linuxtv.org/wiki LinuxTV Wiki]
* [https://www.linuxtv.org/wiki/index.php/Main_Page LinuxTV Wiki]
[http://www.hack-it.net/How-To/Sat-HOWTO.html Satellite HOW-TO]
* [https://web.archive.org/web/20080801052704/http://www.hack-it.net/How-To/Sat-HOWTO.html Satellite HOW-TO (via archive.org)]
[http://tier.cs.berkeley.edu/wiki/HOWTO:IPTunnelling IP Tunnelling HOW-TO]
* [https://web.archive.org/web/20100622001151/http://tier.cs.berkeley.edu/wiki/HOWTO:IPTunnelling TIER:HOWTO:IPTunnelling (via archive.org)]}
[http://www.sat2k.com/ivs.htm Satellite Parameters]
* [https://web.archive.org/web/20090831112216/http://www.ses-sirius.com/english/ SES SIRIUS (via archive.org)]
[http://www.ses-sirius.com/english/ SES SIRIUS]
* [https://shorewall.org/ Shorewall]
[http://www.shorewall.net Shorewall]
* [https://lartc.org/howto/ Linux Advanced Routing & Traffic Control HOWTO]
[http://http://lartc.org/howto Linux Advanced Routing & Traffic Control HOWTO]

Latest revision as of 06:01, 6 September 2023

This material is obsolete ...

Most satellite internet connections in modern times are using USB, 802.3 or 802.11-based connections to the computer meaning there's no need to use DVB-S related software... Also the linuxtv-dvb-apps is not in current versions of Alpine, can v4l-utils-dvbv5 be used instead??? (Discuss)

Satellite Internet Connection HOW-TO

Introduction

This document briefly explains Satellite technology, how it works, what you need, configuration, and how to share it between several clients. The main focus is an Internet connection, i.e. satellite TV is not covered.

How does it work?

First we make the request (using a land Internet connection) to the Sat-Server usually via a tunnel. It will retrieve our info from the Internet and send it to the Satellite. Ultimately, we'll receive data from the satellite to our home using a parabolic antenna and a Sat Card.

Satellite works very well with protocols which have a small request data size and a much larger answer size. Large response delay is the biggest problem with satellite internet service. That may prevent using interactive services such as VoIP. The delay is caused by the distance the satellite is from the earth's surface, typically 36000 km. Average overall delay time is 300-400 ms.

To install the satellite system we need:

  • DVB-S Card
  • Parabolic Antenna (Satellite Dish)
  • LNB Digital Converter

Technical Information

A satellite link as is very different from Wired link. It may cause additional problems such as reachability, privacy, etc. There could also be weather related problems, particularly in snow or rain conditions.

Antenna / Converter

A parabolic antenna has a very high gain. The satellite transponder frequency is from 11 GHz to 12.7 GHz. The Digital Converter translates it to 1-2 GHz and sends the signal to a DVB-S card receiver through as much as 30-40 km of coaxial cable. This document assumes your parabolic antenna is properly mounted and boresighted as well as the proper converter (usually Ku-band) is used.

DVB-S Receiver Card

DVB-S card receives analog signals via coax cable and converts them to digital signals similar to those found on an Ethernet. After that, the OS transforms it to TCP/IP packets.

DVB Setup

Install DVB-S Card and check if system recognized it

Note: in most cases you need PCI version 2.1 or later (check your DVB card specifications) i.e. a Pentium-III or newer system.

lspci

Make sure that kernel modules are loaded

You must use Alpine 1.7.10 release or newer that should load appropriate kernel modules for DVB card on startup. To check if DVB devices are installed, run:

ls -la /dev/dvb*

Install LinuxTV Applications

apk_add linuxtv-dvb-apps

Create and edit file channels.conf

channels.conf contains settings for each Satellite you are using. For example the satellite Sirius-4 Nordic Beam has the following parameters:

  • Freq - 12322Mhz
  • Polarization - vertical
  • Symbol Rate - 27.654711Ms/s
  • FEC -7/8.

You'll need to get the parameters from your ISP or find them on the Internet. The following example is for "Sirius-4 Nordic Beam":

echo "Sirius4-Nord:12322:v:0:27500:0:0:0" >> /etc/channels.conf

Tune DVB Receiver

Check configured channels:

szap -c /etc/channels.conf -q

Tune to channel number 001:

szap -c /etc/channels.conf -n 1

In some cases you may need to run this command permanently in the background because of a bug in the kernel modules for some dvb cards.

  • Option A:

szap -c /etc/channels.conf -n 1 > /dev/null 2>&1 &

  • Option B:

start-stop-daemon --start --background --exec /usr/bin/szap -- -c /etc/channels.conf -n 1

Set up DVB network interface

Your ISP provides you the PID, which is used for select a particular transmission from many signals on the same frequency.

dvbnet -a 0 -p $PID

ifconfig dvb0_0 hw ether $MAC ifconfig dvb0_0 $IP netmask 255.255.255.255 up

Here $IP is any IP address, which does not match any address on your network. The $MAC you specify here is usually the MAC address of your DVB card, in some cases ISP supplies MAC address for you. In any case, the ISP sends data only for registered MAC addresses.

Due to the nature of a satellite connection, the DVB interface receives packets, which have originated from other sources, usually from either a land internet connection or, in most cases, from a virtual tunnel device. In order receive such packets, the source validation should be disabled on the dvb0_0 interface.

echo "0" > /proc/sys/net/ipv4/conf/dvb0_0/rp_filter

Another way to achieve that is to allow shorewall to control it using ROUTE_FILTER and routefilter parameters.

Test if satellite interface is receiving data

You should see many packets for other clients of your ISP.

apk add tcpdump

tcpdump -n -i dvb0_0

Authentication with ISP

Before you receive your data via satellite, your ISP should authenticate you as their registered client. There are several common techniques in use:

  • Some ISPs use "Proxy Authentication." When you use their proxy, you also need to supply a login name and password to continue the request. Once done, the ISP uses your IP address to calculate your MAC address, to which it sends the answer.
  • Other ISPs require you to make a VPN connection (using your login and password) first, then they will control your registration account (where they retrieve your MAC address) and will send data to your card (your MAC address).
  • If you have a static public IP, perhaps the most convenient way is when ISPs suggest making a GRE/IPIP tunnel which is used to send authenticated requests to the ISP's satellite server. Subsequently, the ISP sends replies via the satellite you are connected to.

Here is an example of setting up GRE tunnel with an ISP:

Make static routes

All queries to DNS servers of your land ISP should go via land line.

route add $DNS1 gw $DEFAULT_LAND_GATEWAY

route add $DNS2 gw $DEFAULT_LAND_GATEWAY

GRE packets should always go via land default gateway.

route add $SAT_ISP_GRE_IP gw $DEFAULT_LAND_GATEWAY

It is assumed that $DEFAULT_LAND_GATEWAY is the default gateway given by the land ISP, $DNSx are your DNS servers provided by the land ISP and $SAT_ISP_GRE_IP is the remote IP of the satellite ISP's GRE tunnel.

Changes of default route will be made after a tunnel interface is created.

Make GRE tunnel and set up the tunnel interface

apk_add iproute2

modprobe ip_gre

modprobe tun

ip tunnel add tun0 mode gre local $MY_STATIC_IP remote $SAT_ISP_GRE_IP ttl 250

ifconfig tun0 $LOCAL_TUN_IP pointopoint $REMOTE_TUN_IP up

Tunnel Parameters, such as $SAT_ISP_GRE_IP, $LOCAL_TUN_IP and $REMOTE_TUN_IP are provided by the satellite ISP.

Now make a new default route that uses the tunnel interface. Most requests will go to the satellite ISP via the GRE tunnel with a source IP of $LOCAL_TUN_IP. Answers are expected via the DVB interface for the destination IP $LOCAL_TUN_IP.

route del default

route add default dev tun0

Test satellite internet connectivity

ping wiki.alpinelinux.org

tcpdump -n -i tun0

tcpdump -n -i dvb0_0 host $LOCAL_TUN_IP

Sharing a Satellite Internet Connection

It is assumed we need to share the satellite internet with clients in a local network connected via a second Ethernet interface to a satellite internet machine. This requires enabling IP forwarding and setting up simple SNAT masquerading and traffic filtering rules. The easiest way is to use Shorewall for that purpose.

Install shorewall

apk add shorewall

Set up shorewall.conf

 IP_FORWARDING=yes
 ROUTE_FILTER=No
 CLAMPMSS=Yes # See RFC2923

Set up zones

  inet ipv4
  loc  ipv4
  tun  ipv4
  dvb  ipv4

Set up interfaces

  loc   eth1    detect   routefilter
  inet  eth0    detect   norfc1918,routefilter
  tun   tun0    -        norfc1918,routefilter
  dvb   dvb0_0  -     

Set up policy

  loc   all  REJECT  info
  dvb   all  REJECT  info
  all   all  DROP    info

Set up SNAT masquerading in masq

  tun0  eth1

Set up params

  #This IP address are provided by the satellite ISP
  SAT_ISP_GRE_IP=
  LOCAL_TUN_IP=

Set up rules

  SECTION ESTABLISHED
  REJECT        dvb  fw:!$LOCAL_TUN_IP
  SECTION RELATED
  REJECT        dvb  fw:!$LOCAL_TUN_IP
 
  SECTION NEW
  DNS/ACCEPT    fw   inet
  Ping/ACCEPT   fw   inet
  #Allow Web/FTP queries via GRE tunnel to ISP
  # Answers come as RELATED/ESTABLISHED traffic via DVB
  Web/ACCEPT    fw   tun
  Web/ACCEPT    loc  tun            
  FTP/ACCEPT    fw   tun           
  FTP/ACCEPT    loc  tun            
  Ping/ACCEPT   fw   tun           
  Ping/ACCEPT   pr   tun

Set up tunnels

  gre  inet   $SAT_ISP_GRE_IP

Conclusion

This document reviewed just basic ideas how to setup and share satellite internet connection. Further releases of Alpine Linux will include start up and configuration scripts (see Mailing Lists). Note, that more advanced traffic routing is beyond of scope of this document.

Another advanced topic that is beyond of scope is how to use remote proxy/VPN services to protect/encrypt your Satellite traffic against grabbers. This configuration may protect HTTP/POP3 and other types of data against unauthorized grabbing with attempts to sniff personal mail, electronic addresses and other information.

More information