Cheap POP-In-A-Box? 19
Interloper asks: "I have been considering creating a non-profit ISP for a small community. The idea is to provide dial-up v.34 or v.90 connections at cost. What hardware and software are available to make an all-in-one POP for dial-up users as cheaply as possible. The sort of features needed include WAN connectivity (upstream provider,frame-relay or leased line), a digital interface for a group of dial-up lines, internal routing, internal mail handling, authentication, and any other needed support for 8+ simultaneous users. Web page hosting is not considered necessary. Basically just e-mail and browsing. Can these features all be contained in one box? What distro and hardware would make this as cheap and fast as needed?"
one part of the solution... (Score:1)
HTH.
talk to your local telco (Score:1)
If you have enough people in your area interested in getting access, why don't you petition you local telco for DSL access OR local cable company for cable modem access. There are satellite modems out there to, check out starband.
If there is no local dial-up access, try to negotiate a flat-rate unlimited price for dialing up the nearest (long distance) ISP access #.
Buying and setting up all that equipment sounds like overkill to me; that is, unless you just want to get the experience.
Below Cost... (Score:1)
Depending on how small you are, you could really just do this with a Cisco 2509 or 2511 - 8 or 16 asyncronous ports for modems and a couple sync ports for upstream and an ethernet port. Plus external modems (Recommend Courier V.Evertyhing), of course.
PErsonally, I'd probably be looking for a Cisco 2501 plus a Livingston portmaster instead of the 2511.
It looks like the 2511 (16 ports) are going for between $1000-$1500. 2501's are about $700, Portmasters are under $300.
You can authenticate using the 2511 or Portmaster without using any authentication server. You can probably get away with using your upstream's DNS server, and for email you can probably get away with either outsourcing or telling the users to get a free web-based solution.
If you'd like to a FreeBSD (or I guess I better also say Linux) box to the mix and you can then run your own DNS, authenticate using Radius, run your own mail and web servers, among others.. For this few users, you don't need much more than a mid-range pentium or low-end pentium II with an IDE disk.
Generally, getting into the V.90 game requires a significantly larger investment. You are probably talking about buying equipment which will handle 24 simultaneous users at a pop and you'll need to buy a T carrier circuit from the telco. And, if you're in a rural area, V.90 a lot of times performs worse than a good V.everything modem at v.34 speeds.
You should also verify your upstream cost. The circuit alone could cost you thousands a month.
Re:Below Cost... (Score:1)
The other piece I left out is that you'll need a T1 CSU/DSU. This will be about $500 or so used.
I've run pops without the cisco before and they work, but I usually like to have a cisco somewhere to be able to have knobs to turn to fix weird problems. But again that's me.
Re:Pocket ISP for my office (Score:1)
You can't just hook up a bunch of 56k modems to a computer to provide V.90 access. A V.90 modem can only do 33.6k to another V.90. To go beyond that, one end has to be a digital line (ie. a T-1+).
One box=2x trouble (Score:2)
{Lucent Portmaster 3, Cisco 3800, Ascend MAX ?}
If that is to big, then use a router that has 8+ async. serial ports and a WAN port
Some ISPs started on a Cisco 2500 series with async serial ports connected to modems and sync ports connected to T1's. They now use the router to terminate Frame Relay Customers.
Great engineered used hardware is better than cheap new hardware, so just get a used Sun workstation and put Linux on it, get a good router that can handle your needs.
If you can do without mail, and your upstream provider can do DNS for you, then just store all the login info on the RAS box to get a 1 box solution.
You can get used routers to handle 8+ modems and 1 or 2 WAN T1s for around $2500-$3000. Don't forget the cost of management, if you have gobs of time then try the one Linux box solutions, otherwise spend a little bit more for the more stable, easier to manage setup.
Why? (Score:2)
This is important cause it different goals have different answers. If you're looking to start a small business then that's one sort of model. If you're just looking to provide a local service to a bunch of folks then a different set of criteria come into play. If you've need for a certain degree of control then there's another set of critera.
Good luck. Running a small bbs/isp is no picnic. You've got to stay on top of the phone company, your upstream provider, the hardware, the software, security, backups, billing, disaster-plans, marketing, customer service, policies, etc.
Don't put all your eggs in one basket.... (Score:2)
Starting an ISP on a shoestring is easier now than when I did it 3.5 years ago.
The first thing to do is decide if v.90 is a priority. If it isn't, then do yourself a favour and get the analog gear, it's cheaper. If it is, then you need to do a gargantuan amount of homework.
v.34, frame/leased POP equipment list:
If you're going to make the change to V.90, sub in one of the following components:
Remember to buy used, haunt the isp-* lists, and budget for when things go wrong.
M
Contact another Community Network (Score:2)
Also, and me not lawyer, but SCN does have the status of nonprofit organization. That means gifts to them are tax deductible. Going that route makes people more likely to give donations, and to take you seriously. If you don't need much space, then the city or county might rent you space for cheap, let you use it for free, since you'd be a charity, of sorts. If this is all about cheap access for everyone, then that's quite a political rally in some parts of the country. Wave that flag a bit, and you'll have some folks falling over themselves trying to be first to help you.
you can do this with very little hardware (Score:2)
For the services not specifically in the package they offer, like authentication, mail, news, DNS and stuff, you can throw a few boxes in colo somewhere. (maybe at the same provider)
This will be a pretty low cost-of-entry way into the market. Grab some sales reps and see if they can offer anything like this.
I know sprint and level3 and probably uunet, psi, and a billion others do, too. (Disclaimer, I work for one of the above, so big deal.)
Click here for $50! [dangifiknow.com]
Re:Virtual ISP? (Score:2)
Being immodest for a moment... (Score:2)
...but my company, Eicon Networks, make a PRI card that will do what you want and works under Linux. It's not really my area of expertise, but here's a link [eicon.com]. You'd want to look at the Diva server PRI card for the dial-in side, and perhaps even at the S-class cards for the WAN links.
Skip the modems and go virtural modem (Score:2)
Skip buying up modems and talk to your local telephone company about their virtural modem pool operation. The telco can set up several modems and lines in one of their switching stations and then send the data from/to the modems over the switch network or over the internet to your own box.
This affords you to be able to put pops just about anywhere, because the telco is just about anywhere.
Re:Pocket ISP for my office (Score:2)
You can't just hook up a bunch of 56k modems to a computer to provide V.90 access. A V.90 modem can only do 33.6k to another V.90. To go beyond that, one end has to be a digital line (ie. a T-1+).
Yeah, good point. I've never actually set up a dialup server, so it didn't cross my mind.
[grin] I think the more daunting challenge might be actually getting four serial ports to work in the same machine...
[shudders while remembering connecting an INFAX airport flight information display system running on a PC to a bunch of DEC VAX.]
Virtual ISP? (Score:3)
For 10 bucks a month per user I can supply dial up, News, email, and webspace to dial users. Its called outsourcing, and I have a number in all 50 US states. (Not in all cities though so I'm long distance to many rual areas)
I have to provide tech support (for a fee they would do that too, come to think of it for a fee all I have to do is sell to users, they take care of the rest) There is also a minimun monthlycharge, but you only need a few users (about 15) to get above that.
I recomend looking into this option first. Your far less likely to have problems when there is a big dial up pool then when everyone in your town decideds to get on at once.
PS, anyone want dial-up? I'm happy to sell to you, if you don't want to do your own ISP.
Re:you can do this with very little hardware (Score:3)
Good suggestion, but I think the poster is in a rural area, where I imagine this service may not be offered. Then again maybe I'm reading too much into the "small communities" part. And heck, for all I know the big guys do offer this to every nook and cranny of $COUNTRY. :-)
To the original poster: if you do end up having to get your own equipment, check eBay for used netowrking gear. I've heard good things about Livingston's Portmaster series of dialup access routers (they got absorbed into Lucent, so the Lucent site is the place to go for support and product docs). One of those guys may be all you need for network connectivity. If you need to offer DNS (maybe upstream provider will offer it) look to eBay again for cheap x86 machines to run a linux or BSD name service off of. One of those machines could also run mail in a pinch. (of course if your users are anemiable to the idea, having them all use webmail providers like yahoo equals one less thing to mess with... put it to them as "less hassle == lower cost == lower monthly membership dues" ;) )
As another poster mentioned, there is a HOWTO on setting up an ISP (you'll also want to reference the PPP howto and a few others more than likely; also note that the 2nd edition of the linux network admin guide (covering all sorts of handy info) is available online at the linux documentation site (& mirrors)).
--
Fuck Censorship.
Boardwatch magazine (Score:3)
Check linuxdoc.org (Score:3)
a little poking around can go a long way.
Pocket ISP for my office (Score:4)
"...a digital interface for a group of dial-up lines, internal routing, internal mail handling, authentication, and any other needed support for 8+ simultaneous users. Web page hosting is not considered necessary. Basically just e-mail and browsing.
Okay. I worked for a division of Litton, until we got "divested" to my General Manager.
Now, Pat's a good guy, but he's cheap. He was going to be perfectly happy without his own domain and everything, and with a 56k dial-up connection to the Internet. (We have 17 users on the LAN I administer. We make and sell a variety of very weird and specialized stuff. We *need* connectivity, for communicating with both customers and suppliers.)
And yet, our homepage was going to be "http://www.whateverisp.com/~companyname". It was a joke.
Did I mention that Pat is clueless?
So, I called an ISP. Had PPPoE-based DSL installed. We've got two static IPs. Stole the fastest spare computer we had kicking around (an old Compaq Deskpro Pentium 100 from under the old receptionist's desk), stuffed two cheap Realtek-based PCI ethernet cards into it, and took it home with me.
At home that night, I threw Red Hat 6.2 onto it. Got the Roaring Penguin PPPoE solution, which installed absolutely painlessly. Set up DNS, Apache, sendmail, user accounts, password-protected SAMBA for our internal LAN (so that one of the engineers can change specs and stuff on our webpage without a hassle).
I brought the machine back in to the office the next day, plugged it into our LAN, configured it as our office DHCP server, set up ipchains to serve as our NAT firewall and gateway to the Internet. Plugged in the Northern Telecom DSL modem, typed "adsl-start", and we were up and running!
Essentially, an Internet Service Provider in a box. The biggest difference with what you'd want to do is that you need dial-in services. A bunch of modems (remember, Winmodems don't work under Linux!), plugged into a bunch of 486s, could probably serve your needs easily and inexpensively. Without getting into expensive terminal server solutions or multi-serial cards, a legacy PC will support 4 serial devices, and that's only if you can get the IRQ sharing to work. Worst case traffic on each machine will be 4 modem @ 56k each. No sweat. Just plug in as many 486s configured like that as you need. Your limiting factor is likely to be the speed of your connection to the Internet; even so, when all your modems are in use, it's unlikely that all your users will be downloading MP3s at the same time, etc.
My system's current uptime is 77 days. Aside from going in and upgrading BIND on Monday (security upgrade), the system is pretty maintenance-free. Our e-mail service is quick and reliable. Our webpage doesn't get more than 50-60 different visitors a day, so the Pentium 100 doesn't even break a sweat. And Linux is so efficient at the NAT services that our 17 users, many of them on Pentium IIIs and stuff, max out the speed of our DSL, not the old Compaq.
My boss can't believe this thing, but it's true.
Oh, and to avoid a distro war, I chose Red Hat Linux over Debian, Caldera, SuSE, or even FreeBSD because I know RH Linux better, and getting this thing up and running quickly was of the essence.
Can these features all be contained in one box?Well, you could do everything that I've done in one box. In fact, everything here runs in the one box. Instead of putting in the second network card, since your clients aren't on a LAN like mine, you could use the free slots for the 4 modems you'd be able to shoehorn into that thing. Or the multi-port serial card (make sure that it has Linux drivers available before buying it!). I don't think that running a PPP dialup server would require much more CPU horsepower than what I'm doing.
HOWEVER, I do want you to think about something. If all your services are provided by one machine, you're at risk.
Just this past week, a vulnerability was found in BIND (Berkeley Internet Naming Daemon). BIND is a DNS server, responsible for turning "www.whatever.com" into an IP address.
Since, for example, my mail server and my DNS server are on the same machine, if a cracker breaks into BIND and gets root access on my box, he's also got root access on my mailserver.
Which means that he can read the contents of /var/spool/mail/private_stuff. And he can even post it to alt.sex.fetish.hamster.duct-tape. Or he can sell it to our competition.
The best thing is to have a firewall machine - could be a 386, as long as you can install a highly secure operating system on it - with two network cards and nothing else installed but the bare minimum. A 386 can easily saturate 10base-T ethernet, even loaded down with (ugh!) Windows 95. So, as long as your operating system of choice will run on the system, it really doesn't have to be too spectacular. Money is not needed to buy servers when most of the time companies have to pay to get get rid of this sort of hardware.
Make the firewall machine redirect all port 80 requests to your dedicated webserver. Make the firewall machine redirect all port 25 to the dedicated SMTP server. All domain requests to the DNS server. Etc. This way, if someone roots your webserver, they just have your webserver. If someone roots your firewall, they just have your firewall. If they've got your firewall but they want your mailserver, they'll have to use your firewall machine to break into your webserver.
The point here is that if someone wants in badly enough, they'll get in. Security is just about obstacles, and stratifying the machines is another obstacle.
Plug your PPP server(s) into the DMZ's hub, set up the firewall to perform NAT for those machines, set up the PPP server(s) to use the firewall machine as a gateway, and you're off to the races. Your users will have two measures of isolation from the hax0rs and evil users on the 'Net, and your server farm will be out of harm's way.
Now, if all this is so great, why don't I have this in the office?
Did I mention that Pat is clueless?
He's also too cheap to let me spend the time to actually set up a DMZ with a couple of the old 486s we have kicking around the office.
Having said that, I still sleep pretty well at night. One Linux box running all these functions, but with ipchains set up to only be open on the needed ports, frequently backed up by an administrator who watches the security websites, is still far more secure than almost any Windoze server running IIS and all the associated crap with it. Hell, it's not too far off to say that I portscan my server far more often than I get portscanned.
Oh, and yeah, I'd give the name of the domain here, and you could check out the server. But given that there are elements to the Slashdot audience who are very capable of breaking into just about anything, and I really don't want to attract their attention to my company's server, I won't.