My PPP-to-Linux experience w/ 3.0, w/o home network
Yeechang Lee
serial with 3.0. As much of the information I've found on line only
deals with people who a) use Windows and/or b) have a router as part
of a home network, I think my experiences will be helpful for some
others in my situation.
Background: RedHat 7.2 Linux box w/ cable modem. No router, as the
computer's the only thing with broadband connectivity. Philips Series
1 TiVo with the new 3.0 software and its (un)support for PPP and
Ethernet through magic prefix codes in Phone Options.
Connectivity: As I neither needed "always-on" access, nor wanted to
crack open my TiVo again, PPP over serial is what I decided to do.
What I bought: Null modem, serial extension cable. You of course need
the TiVo serial cable (the one that ends with the headphone-like plug)
as well.
What I added to /etc/rc.d/rc.local on my Linux box:
echo "Enabling IP forwarding."
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "Adding TiVo-specific IP masquerading rules."
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -i eth0 -s 192.168.10.2 -j MASQ
echo "Starting the pppd for TiVo."
/usr/sbin/pppd /dev/tts/1 115200 noauth debug proxyarp nocrtscts \
nobsdcomp nodeflate persist local lcp-max-configure 28800 \
192.168.10.1:192.168.10.2
(Note that I use devfsd. If you don't, you should change /dev/tts/1 to
/dev/ttyS1.)
What else I had to do on my Linux box: I use Redhat's lokkit utility
to set up some simple firewall rules. I found I had to manually add
8080 as a permitted port, as TiVo uses it for part of its
communications with home base. I am sure there is a more elegant way
to do the above within the TiVo-specific IP masquerading rules, but
not being an ipchains expert (I've historically used tcp_wrappers a
lot more) I will defer to others here. As I don't run anything that
listens to port 8080 on my machine I believe I should be safe.
Problem and bizarre solution: The above setup initially did not work
*at all*. It didn't work so much that `cat /dev/tts/1` didn't show
anything. Out of desperation I removed the null modem; lo and behold,
things started happening! Apparently I have either a miswired TiVo,
TiVo serial cable, or Radio Shack serial cable. Since then I have
heard one similar report on AVS Forum, so there may be others so
afflicted.
The above setup has worked for over a week with no trouble yet. I have
happily canceled my landline (which I only used for TiVo), so I can
see 3.0 has saved me $17/month.
--
<URL:http://www.pobox.com/~ylee/>
Yeechang Lee
configuration question more than anything else.)
A few weeks ago I wrote in alt.video.ptv.tivo (see
<URL:http://groups.google.com/groups?selm=slrnag9jmg.fbv.ylee%40pobox.com>
what I did to get my TiVo get its daily updates through PPP, over a
serial cable, through my Linux box and a cable modem, instead of PPP
over its built-in modem.
TiVo syncs its clock during this update, apparently using ntpdate (it
can't use ntpd since it normally doesn't have a 24x7 live net
connection), using the two servers at 204.176.49.10 and
204.176.49.11. (Aside: I wonder if TiVo has received permission from
ISI? Probably not, considering these are stratum-1 servers.) I have
recently discovered--through my normally totally-accurate TiVo clock
losing its accuracy--that my Redhat 'lokkit' (a simple personal
firewall setup) blocks TiVo from using this method with
PPP-over-serial. I found I had to explicitly add '123:udp' as a
permitted port in lokkit for incoming connections.
To recap from my earlier posting, I originally created these ipchains
rules in addition to the ones lokkit creates for me:
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -i eth0 -s 192.168.10.2 -j MASQ
To get TiVo's NTP to work, I found I also had to add the following,
the equivalent of manually adding port 123:udp in lokkit:
/sbin/ipchains -I input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 \
123 -p udp -j ACCEPT
/sbin/ipchains -I input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 \
8080 -p tcp -j ACCEPT -y
(Line #2 has nothing to do with NTP. I also decided to use an explicit
ipchains line instead of adding port 8080--which TiVo also
uses--manually through lokkit as before.)
This is all working now, but my question is this: How can I rewrite
the additional ipchains lines so that only the incoming data over
ports 8080 and 123:udp that's bound for my masqueraded TiVo-over-PPP
will be accepted for input?
--
Yeechang Lee <yl...@pobox.com> | I am a child of God
<URL:http://www.pobox.com/~ylee/> | And he has sent me here
<URL:icbm://037420163.-122213312/> | Has given me an earthly home
"Work?!?" -Maynard G. Krebs | With parents kind and dear
J. Eric Townsend
> TiVo syncs its clock during this update, apparently using ntpdate (it
> can't use ntpd since it normally doesn't have a 24x7 live net
> connection), using the two servers at 204.176.49.10 and
> 204.176.49.11. (Aside: I wonder if TiVo has received permission from
> ISI? Probably not, considering these are stratum-1 servers.)
Those two NTP servers are owned and operated by TiVo, Inc -- why would
TiVo need permission from ISI?
--
J. Eric Townsend
buy stickers: http://www.spies.com/jet/store.html
and support my artcar: http://www.spies.com/jet/artcar.html
Jack Ak
Who is ISI?
From ARIN Whois...
UUNET Technologies, Inc. (NETBLK-UUNETCBLK176-179)
3060 Williams Drive, Suite 601
Fairfax, VA 22031
US
Netname: UUNETCBLK176-179
Netblock: 204.176.0.0 - 204.179.255.255
Maintainer: UU
"J. Eric Townsend" <j...@spies.com> wrote in message news:xod1yac...@spies.com...
Scott Seligman
>> yl...@pobox.com (Yeechang Lee) writes:
>> > using the two servers at 204.176.49.10 and
>> > 204.176.49.11. (Aside: I wonder if TiVo has received permission from
>> > ISI? Probably not, considering these are stratum-1 servers.)
From what I can tell, these two NTP servers are stratum 2 servers.
>It appears the IP addresses are owned by UUNET.
>Who is ISI?
timekeeper.isi.edu is the stratum 1 server that TiVo is peering with. I
would assume TiVo has permission to peer with it.
--
Scott Seligman
those who know me have no need of my name
>yl...@pobox.com (Yeechang Lee) writes:
>> TiVo syncs its clock during this update, apparently using ntpdate (it
>> can't use ntpd since it normally doesn't have a 24x7 live net
>> connection), using the two servers at 204.176.49.10 and
>> 204.176.49.11. (Aside: I wonder if TiVo has received permission from
>> ISI? Probably not, considering these are stratum-1 servers.)
>Those two NTP servers are owned and operated by TiVo, Inc -- why would
>TiVo need permission from ISI?
the organization name was probably mistake. it would be easier for the
world to know that they were tivo servers if uunet would swip the block.
--
bringing you boring signatures for 17 years
those who know me have no need of my name
>Who is ISI?
the information sciences institute, university of southern california.
they handle some basic internet functionality, and they provide the
upstream ntp server to which the tivo servers are sync'd, i.e., ntptrace's
results were probably misinterpreted.
those who know me have no need of my name
>timekeeper.isi.edu is the stratum 1 server that TiVo is peering with. I
>would assume TiVo has permission to peer with it.
policy is open access, though the service area doesn't match. perhaps tivo
has other internet providers within the service area, or they did obtain
permission -- it's not really our concern either way.
J. Eric Townsend
> the organization name was probably mistake. it would be easier for the
> world to know that they were tivo servers if uunet would swip the block.
Ah, good point. I wasn't around when things got set up, never thought
to check it out...