Setting up Satellite Internet Connection: Difference between revisions

From Alpine Linux
m (→‎More information: Converted as many links as possible to HTTPs. Marked more dead links.)
m (→‎More information: Rescued a dead hyperlink via archive.org.)
Line 238: Line 238:
* [http://www.linuxtv.org/wiki LinuxTV Wiki]
* [http://www.linuxtv.org/wiki LinuxTV Wiki]
* [https://web.archive.org/web/20080801052704/http://www.hack-it.net/How-To/Sat-HOWTO.html Satellite HOW-TO (via archive.org)]
* [https://web.archive.org/web/20080801052704/http://www.hack-it.net/How-To/Sat-HOWTO.html Satellite HOW-TO (via archive.org)]
* [http://tier.cs.berkeley.edu/wiki/HOWTO:IPTunnelling IP Tunnelling HOW-TO]{{dead link}}
* [https://web.archive.org/web/20100622001151/http://tier.cs.berkeley.edu/wiki/HOWTO:IPTunnelling TIER:HOWTO:IPTunnelling (via archive.org)]}
* [http://www.ses-sirius.com/english/ SES SIRIUS]{{dead link}}
* [http://www.ses-sirius.com/english/ SES SIRIUS]{{dead link}}
* [https://shorewall.org/ Shorewall]
* [https://shorewall.org/ Shorewall]
* [https://lartc.org/howto/ Linux Advanced Routing & Traffic Control HOWTO]
* [https://lartc.org/howto/ Linux Advanced Routing & Traffic Control HOWTO]

Revision as of 01:28, 23 December 2021

Satellite Internet Connection HOW-TO

Introduction

This document briefly explains Satellite technology, how it works, what you need, configuration, and how to share it between several clients. The main focus is an Internet connection, i.e. satellite TV is not covered.

How does it work?

First we make the request (using a land Internet connection) to the Sat-Server usually via a tunnel. It will retrieve our info from the Internet and send it to the Satellite. Ultimately, we'll receive data from the satellite to our home using a parabolic antenna and a Sat Card.

Satellite works very well with protocols which have a small request data size and a much larger answer size. Large response delay is the biggest problem with satellite internet service. That may prevent using interactive services such as VoIP. The delay is caused by the distance the satellite is from the earth's surface, typically 36000 km. Average overall delay time is 300-400 ms.

To install the satellite system we need:

  • DVB-S Card
  • Parabolic Antenna (Satellite Dish)
  • LNB Digital Converter

Technical Information

A satellite link as is very different from Wired link. It may cause additional problems such as reachability, privacy, etc. There could also be weather related problems, particularly in snow or rain conditions.

Antenna / Converter

A parabolic antenna has a very high gain. The satellite transponder frequency is from 11 GHz to 12.7 GHz. The Digital Converter translates it to 1-2 GHz and sends the signal to a DVB-S card receiver through as much as 30-40 km of coaxial cable. This document assumes your parabolic antenna is properly mounted and boresighted as well as the proper converter (usually Ku-band) is used.

DVB-S Receiver Card

DVB-S card receives analog signals via coax cable and converts them to digital signals similar to those found on an Ethernet. After that, the OS transforms it to TCP/IP packets.

DVB Setup

Install DVB-S Card and check if system recognized it

Note: in most cases you need PCI version 2.1 or later (check your DVB card specifications) i.e. a Pentium-III or newer system.

lspci

Make sure that kernel modules are loaded

You must use Alpine 1.7.10 release or newer that should load appropriate kernel modules for DVB card on startup. To check if DVB devices are installed, run:

ls -la /dev/dvb*

Install LinuxTV Applications

apk_add linuxtv-dvb-apps

Create and edit file channels.conf

channels.conf contains settings for each Satellite you are using. For example the satellite Sirius-4 Nordic Beam has the following parameters:

  • Freq - 12322Mhz
  • Polarization - vertical
  • Symbol Rate - 27.654711Ms/s
  • FEC -7/8.

You'll need to get the parameters from your ISP or find them on the Internet. See Satellite Parameters and SES SIRIUS.

The following example is for "Sirius-4 Nordic Beam":

echo "Sirius4-Nord:12322:v:0:27500:0:0:0" >> /etc/channels.conf

Tune DVB Receiver

Check configured channels:

szap -c /etc/channels.conf -q

Tune to channel number 001:

szap -c /etc/channels.conf -n 1

In some cases you may need to run this command permanently in the background because of a bug in the kernel modules for some dvb cards.

  • Option A:

szap -c /etc/channels.conf -n 1 > /dev/null 2>&1 &

  • Option B:

start-stop-daemon --start --background --exec /usr/bin/szap -- -c /etc/channels.conf -n 1

Set up DVB network interface

Your ISP provides you the PID, which is used for select a particular transmission from many signals on the same frequency.

dvbnet -a 0 -p $PID

ifconfig dvb0_0 hw ether $MAC ifconfig dvb0_0 $IP netmask 255.255.255.255 up

Here $IP is any IP address, which does not match any address on your network. The $MAC you specify here is usually the MAC address of your DVB card, in some cases ISP supplies MAC address for you. In any case, the ISP sends data only for registered MAC addresses.

Due to the nature of a satellite connection, the DVB interface receives packets, which have originated from other sources, usually from either a land internet connection or, in most cases, from a virtual tunnel device. In order receive such packets, the source validation should be disabled on the dvb0_0 interface.

echo "0" > /proc/sys/net/ipv4/conf/dvb0_0/rp_filter

Another way to achieve that is to allow shorewall to control it using ROUTE_FILTER and routefilter parameters.

Test if satellite interface is receiving data

You should see many packets for other clients of your ISP.

apk add tcpdump

tcpdump -n -i dvb0_0

Authentication with ISP

Before you receive your data via satellite, your ISP should authenticate you as their registered client. There are several common techniques in use:

  • Some ISPs use "Proxy Authentication." When you use their proxy, you also need to supply a login name and password to continue the request. Once done, the ISP uses your IP address to calculate your MAC address, to which it sends the answer.
  • Other ISPs require you to make a VPN connection (using your login and password) first, then they will control your registration account (where they retrieve your MAC address) and will send data to your card (your MAC address).
  • If you have a static public IP, perhaps the most convenient way is when ISPs suggest making a GRE/IPIP tunnel which is used to send authenticated requests to the ISP's satellite server. Subsequently, the ISP sends replies via the satellite you are connected to.

Here is an example of setting up GRE tunnel with an ISP:

Make static routes

All queries to DNS servers of your land ISP should go via land line.

route add $DNS1 gw $DEFAULT_LAND_GATEWAY

route add $DNS2 gw $DEFAULT_LAND_GATEWAY

GRE packets should always go via land default gateway.

route add $SAT_ISP_GRE_IP gw $DEFAULT_LAND_GATEWAY

It is assumed that $DEFAULT_LAND_GATEWAY is the default gateway given by the land ISP, $DNSx are your DNS servers provided by the land ISP and $SAT_ISP_GRE_IP is the remote IP of the satellite ISP's GRE tunnel.

Changes of default route will be made after a tunnel interface is created.

Make GRE tunnel and set up the tunnel interface

apk_add iproute2

modprobe ip_gre

modprobe tun

ip tunnel add tun0 mode gre local $MY_STATIC_IP remote $SAT_ISP_GRE_IP ttl 250

ifconfig tun0 $LOCAL_TUN_IP pointopoint $REMOTE_TUN_IP up

Tunnel Parameters, such as $SAT_ISP_GRE_IP, $LOCAL_TUN_IP and $REMOTE_TUN_IP are provided by the satellite ISP.

Now make a new default route that uses the tunnel interface. Most requests will go to the satellite ISP via the GRE tunnel with a source IP of $LOCAL_TUN_IP. Answers are expected via the DVB interface for the destination IP $LOCAL_TUN_IP.

route del default

route add default dev tun0

Test satellite internet connectivity

ping wiki.alpinelinux.org

tcpdump -n -i tun0

tcpdump -n -i dvb0_0 host $LOCAL_TUN_IP

Sharing a Satellite Internet Connection

It is assumed we need to share the satellite internet with clients in a local network connected via a second Ethernet interface to a satellite internet machine. This requires enabling IP forwarding and setting up simple SNAT masquerading and traffic filtering rules. The easiest way is to use Shorewall for that purpose.

Install shorewall

apk add shorewall

Set up shorewall.conf

 IP_FORWARDING=yes
 ROUTE_FILTER=No
 CLAMPMSS=Yes # See RFC2923

Set up zones

  inet ipv4
  loc  ipv4
  tun  ipv4
  dvb  ipv4

Set up interfaces

  loc   eth1    detect   routefilter
  inet  eth0    detect   norfc1918,routefilter
  tun   tun0    -        norfc1918,routefilter
  dvb   dvb0_0  -     

Set up policy

  loc   all  REJECT  info
  dvb   all  REJECT  info
  all   all  DROP    info

Set up SNAT masquerading in masq

  tun0  eth1

Set up params

  #This IP address are provided by the satellite ISP
  SAT_ISP_GRE_IP=
  LOCAL_TUN_IP=

Set up rules

  SECTION ESTABLISHED
  REJECT        dvb  fw:!$LOCAL_TUN_IP
  SECTION RELATED
  REJECT        dvb  fw:!$LOCAL_TUN_IP
 
  SECTION NEW
  DNS/ACCEPT    fw   inet
  Ping/ACCEPT   fw   inet
  #Allow Web/FTP queries via GRE tunnel to ISP
  # Answers come as RELATED/ESTABLISHED traffic via DVB
  Web/ACCEPT    fw   tun
  Web/ACCEPT    loc  tun            
  FTP/ACCEPT    fw   tun           
  FTP/ACCEPT    loc  tun            
  Ping/ACCEPT   fw   tun           
  Ping/ACCEPT   pr   tun

Set up tunnels

  gre  inet   $SAT_ISP_GRE_IP

Conclusion

This document reviewed just basic ideas how to setup and share satellite internet connection. Further releases of Alpine Linux will include start up and configuration scripts (see Mailing Lists). Note, that more advanced traffic routing is beyond of scope of this document.

Another advanced topic that is beyond of scope is how to use remote proxy/VPN services to protect/encrypt your Satellite traffic against grabbers. This configuration may protect HTTP/POP3 and other types of data against unauthorized grabbing with attempts to sniff personal mail, electronic addresses and other information.

More information