Библиотека сайта rus-linux.net
|Purchase||Copyright © 2002 Paul Sheer. Click here for copying permissions.||Home|
Next: 42. The LINUX Kernel Up: rute Previous: 40. named   Contents
- 41.1 Basic Dialup
- 41.2 Demand-Dial, Masquerading
- 41.3 Dialup DNS
- 41.4 Dial-in Servers
- 41.5 Using
- 41.6 ISDN Instead of Modems
Dialup networking is unreliable and difficult to configure. The reason is simply that telephones were not designed for data. However, considering that the telephone network is by far the largest electronic network on the globe, it makes sense to make use of it. This is why modems were created. On the other hand, the advent of ISDN is slightly more expensive and a better choice for all but home dialup. See Section 41.6 for more information.
For home use, dialup networking is not all that difficult to
configure. The PPP HOWTO contains lots on this (see Section 16).
For my machine this boils down to creating the files
both containing the following line of text:
although only one of the files will be used,
then running the following command at a shell
prompt: [This example
assumes that an initialization string
sufficient. See Section 3.5.]
This is a minimalist's dial-in command and it's specific to my ISP only. Don't use the exact command unless you have an account with the Internet Solution ISP in South Africa, before January 2000.
The command-line options are explained as follows:
- Specifies the script that
pppdmust use to start things up. When you use a modem manually (as is shown further below), you need to go through the steps of initializing the modem, causing a dial, connecting, logging in, and finally telling the remote computer that you would like to set the connection to ``data communication'' mode, called the point-to-point protocol, or PPP. The
<script>is the automation of this manual procedure.
chat -S -s -v <expect> <send> <expect> <send> ...
chathas a man page and uses other than modem communication.
-Smeans to log messages to the terminal and not to
-smeans to log to stderr;
-vmeans verbose output. After the options comes a list of things the modem is likely to say, alternated with appropriate responses. This is called an expect-send sequence. The sequence
AT&F1is the modem initialization string. [This example assumes that an initialization string of
AT&F1is sufficient. See Section 3.5.]
\qmeans to not print the password amid the debug output--very important.
- Specifies the device you are going to use.
This will usually be
- The speed the modem is to be set to. This is only the speed
between the PC and the modem and has nothing to do with the
actual data throughput. It should be set as high as possible
except in the case of very old machines whose serial ports
may possibly only handle
38400. It's best to choose
115200unless this doesn't work.
- Output debug information. This option is useful for
- Use hardware flow control.
- Use modem control lines. This is actually the default.
- Create a UUCP lock file in
/var/lock/. As explained in Section 34.4, this is a file of the form
/var/lock/LCK..tty?? that tells other applications that the serial device is in use. For this reason, you must not call the device
- Remain always a foreground process. This allows you
pppdrun and stop it with
- Create an IP route after PPP comes
alive. Henceforth, packets will go to the right place.
- Hide the password from the
logs. This is important for security.
- Specifies the line from the
/etc/ppp/pap-secretsfile to use. For a home PC there is usually only one line.
stands for dial-IP and talks directly to your modem.
The following session demonstrates a manual dial for user
manually like this is a game of trying to get the garbage lines
you see below: this is PPP starting to talk. When you get this junk,
you have won and can press
Then, copy and paste your session for future reference.
Now you can modify the above
chat script as you
need. The kinds of things that will differ are trivial: like having
login: instead of
name:. Some systems also require you to
type something instead of
ppp, and some require nothing to be
typed after your password. Some further require nothing to be typed
at all, thus immediately entering PPP mode.
dip also creates UUCP lock files as explained in
You may ask why there are
/etc/ppp/pap-secrets files if a user name and password are already
specified inside the the
chat script. CHAP (Challenge Handshake
Authentication Protocol) and PAP (Password Authentication Protocol)
are authentication mechanisms used after logging in--in other
words, somewhere amid the
~y}#A!}!e} }3}"}&} }*} } }~}&4}2Iq}'}"}(}"N$~~y}#A!}!r} }4}"}&} }.
If you run the
pppd command above, you will get output something like this:
You can see the expect-send sequences working, so it's easy to correct them if you made a mistake somewhere.
At this point you might want to type
route -n and
in another terminal:
This clearly shows what
pppd has done: created a network device
and a route to it.
If your name server is configured, you should now be able to
ping metalab.unc.edu or some well-known host.
really just involves adding the
option to the
pppd command-line above. The other way of doing
dial-on-demand is to use the
diald package, but here we
pppd implementation. The
is, however, a far more thorough solution.
demand option, you will notice that spurious dialouts
take place. You need to add some filtering rules to ensure that
only the services you are interested in cause a dialout. These services
should only make outgoing connections when absolutely necessary.
A firewall script might look as follows. This example uses the old
ipfwadm command, possibly called
on your machine. [The newer
command is now superseded by a completed different
packet filtering system in
2.4.] See the
for more information on building a firewall.
The ports we are using are
auth service is not needed but
should be kept open so that connecting
services get a failure instead of waiting for a timeout. You
can comment out the
auth line in
If you have a LAN of machines that needs to share the same dialup
link, then you can give them all
192.168. addresses and
masquerade the LAN through the PPP interface.
IP masquerading or NAT (network address translation)
can be done with:
pppd script becomes (note that you need
or later for this to work as I have it here):
Your DNS service, to be
used on a dialup server, requires some customization.
options section from the DNS configurations
in Chapter 40 with the following:
dialup yes; notify no; forward only; tell
bind to use the link as little as possible; not send notify
messages (there are no slave servers on our LAN to notify) and
to forward requests to
192.168.2.254 rather than
trying to answer them itself; respectively. The option
listen-on causes the name server to bind to the network
192.168.2.254 only. In this example, the interface
192.168.2.254 is our Ethernet card which routes packets from
the local LAN. This is important for security, because
it prevents any possible connection from the outside.
There is also a DNS package written specifically for use by dialup
servers. It is called
dnrd and is much easier to configure
pppd is really just a way
to initiate a network device over a serial port, regardless
of whether you initiate or listen for a connection.
As long as there is a serial connection between two
pppd will negotiate a link.
To listen for a
pppd dial-in, you
need just add the following line to your
and then the line
to the file
/etc/mgetty/login.config for Debian). For security,
you would probably want to run
chmod a-s /usr/sbin/pppd,
pppd as root anyway. Your
/etc/ppp/options file could contain
Note that we dispense with the serial line options (i.e., speed
and flow control) because
mgetty would have already
initialized the serial line.
<hostname> is just the name
of the local machine.
The proxyarp setting adds the remote client to the
ARP tables. This enables your client to connect through to the
Internet on the other side of the line without extra routes.
can be filled with lines like,
to specify the IP address and password of each user.
Next, add a user
dialup and perhaps set its
password to that in the
chap-secrets file. You can then test
your configuration from a remote machine with
as above. If that works (i.e.,
mgetty answers, and
you get your garbage lines as on page
), then a proper
should also work. The
/etc/ppp/chap-secrets file can contain:
and you can dial out using a typical
pppd command, like this:
You should be carefully to have a proper DNS configuration
for forward and reverse lookups of your
pppd IP addresses.
This is so that no services block with long timeouts and also
so that other Internet machines will be friendly to your user's
Note that the above also supports faxes,
logins, voice, and
uucp (see Section 34.3) on the
same modem because
mgetty only starts
pppd if it sees an
LCP request (part of the PPP protocol). If you just want PPP, read the
config files in
to disable the other services.
If a dialout does occur unexpectedly, you can run
tcpdump to dump packets going to your
This output will probably highlight the error. You can then look
at the TCP port of the service and try to figure out what
process the packet might have come from. The command is:
tcpdump is also discussed in
For those who are not familiar with ISDN, this paragraph gives you a quick summary. ISDN stands for Integrated Services Digital Network. ISDN lines are like regular telephone lines, except that an ISDN line comes with two analog and two digital channels. The analog channels are regular telephone lines in every respect--just plug your phone in and start making calls. The digital lines each support 64 kilobits/second data transfer; only ISDN communication equipment is meant to plug in to these and the charge rate is the same as that of a telephone call. To communicate over the digital line, you need to dial an ISP just as with a regular telephone. PPP runs over ISDN in the same way as a modem connection. It used to be that only very expensive ISDN routers could work with ISDN, but ISDN modems and ISDN ISA/PCI cards have become cheap enough to allow anyone to use ISDN, and most telephone companies will install an ISDN line as readily as a regular telephone line. So you may ask what's with the ``Integrated Services.'' I suppose it was thought that this service, in allowing both data and regular telephone, would be the ubiquitous communications service. It remains to be seen, however, if video conferencing over 64-Kb lines becomes mainstream.
ISDN is not covered in detail here, although ample HOWTOs exists on the subject. Be wary when setting up ISDN. ISDN dials really fast. It can dial out a thousand times in a few minutes, which is expensive.
Next: 42. The LINUX Kernel Up: rute Previous: 40. named   Contents
Только зарегистрированные пользователи могут оценивать и комментировать статьи.