aboutsummaryrefslogtreecommitdiff
path: root/en_US.ISO8859-1
diff options
context:
space:
mode:
authorJim Mock <jim@FreeBSD.org>2000-03-02 02:26:03 +0000
committerJim Mock <jim@FreeBSD.org>2000-03-02 02:26:03 +0000
commiteaac021d46ee4dda62250643c5e4ba355f3f7612 (patch)
treecf51fd84a47aab8b7b59d130af7020b8bf28cc42 /en_US.ISO8859-1
parent369bfc4a2a235efd7f182f36b1d98c02efc803d8 (diff)
downloaddoc-eaac021d46ee4dda62250643c5e4ba355f3f7612.tar.gz
doc-eaac021d46ee4dda62250643c5e4ba355f3f7612.zip
Initial restructuring, reorganization, etc., of the handbook's PPP and
SLIP chapter. I'm still not certain we really need to keep the SLIP section around, but until it's been discussed, it stays put. While I had my nose in here I also updated some of the more crufty bits and fixed a few typos/grammar errors here and there.
Notes
Notes: svn path=/head/; revision=6641
Diffstat (limited to 'en_US.ISO8859-1')
-rw-r--r--en_US.ISO8859-1/books/handbook/ppp-and-slip/chapter.sgml3479
1 files changed, 1748 insertions, 1731 deletions
diff --git a/en_US.ISO8859-1/books/handbook/ppp-and-slip/chapter.sgml b/en_US.ISO8859-1/books/handbook/ppp-and-slip/chapter.sgml
index 9a84ff1fe9..90da0350d6 100644
--- a/en_US.ISO8859-1/books/handbook/ppp-and-slip/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/ppp-and-slip/chapter.sgml
@@ -1,696 +1,707 @@
<!--
The FreeBSD Documentation Project
- $FreeBSD: doc/en_US.ISO_8859-1/books/handbook/ppp-and-slip/chapter.sgml,v 1.18 2000/01/11 03:50:32 jim Exp $
+ $FreeBSD: doc/en_US.ISO_8859-1/books/handbook/ppp-and-slip/chapter.sgml,v 1.19 2000/01/23 10:22:38 kuriyama Exp $
-->
<chapter id="ppp-and-slip">
<title>PPP and SLIP</title>
-
- <para>If your connection to the Internet is through a modem, or you wish to
- provide other people with dialup connections to the Internet using
- FreeBSD, you have the option of using PPP or SLIP. Furthermore, two
- varieties of PPP are provided: <emphasis>user</emphasis> (sometimes
- referred to as <emphasis>iijppp</emphasis>) and
- <emphasis>kernel</emphasis>. The procedures for configuring both types of
- PPP, and for setting up SLIP are described in this chapter.</para>
-
+
+ <para><emphasis>Restructured, reorganized, and updated by &a.jim;,
+ 1 March 2000.</emphasis></para>
+
+ <sect1>
+ <title>Synopsis</title>
+
+ <para>If you are connecting to the Internet via modem, or wish to
+ provide dialup connections to the Internet for others using FreeBSD,
+ you have the option of using PPP or SLIP.</para>
+
+ <para>This chapter covers three varieties of PPP;
+ <emphasis>user</emphasis>, <emphasis>kernel</emphasis>, and
+ <emphasis>PPPoE</emphasis> (PPP over Ethernet). It also covers
+ setting up a SLIP client and server.</para>
+
+ <para>The first variety of PPP that will be covered is User PPP. User
+ PPP was introduced into FreeBSD in 2.0.5-RELEASE as an addition to
+ the already existing kernel implementation of PPP.</para>
+
+ <para>You may be wondering what the main difference is between User
+ PPP and kernel PPP. The answer is simple; user PPP does not run as
+ a daemon, and can run as and when desired. No PPP interface needs
+ to be compiled into ther kernel; it runs as a user process, and uses
+ the tunnel device driver (<devicename>tun</devicename>) to get data
+ into and out of the kernel.</para>
+
+ <para>From here on out in this chapter, user ppp will simply be
+ referred to as ppp unless a distinction needs to be made between it
+ and and any other PPP software such as <command>pppd</command>.
+ Unless otherwise stated, all of the commands explained in this
+ section should be executed as root.</para>
+ </sect1>
+
<sect1 id="userppp">
- <title>Setting up User PPP</title>
-
- <para>User PPP was introduced to FreeBSD in release 2.0.5 as an addition
- to the existing kernel implementation of PPP. So, what is different
- about this new PPP that warrants its addition? To quote from the manual
- page:</para>
-
- <blockquote>
- <para>This is a user process PPP software package. Normally, PPP is
- implemented as a part of the kernel (e.g. as managed by
- <command>pppd</command>) and it is thus somewhat hard to debug and/or
- modify its behavior. However, in this implementation PPP is done as a
- user process with the help of the tunnel device driver
- (<devicename>tun</devicename>).</para>
- </blockquote>
-
- <para>In essence, this means that rather than running a PPP daemon, the
- ppp program can be run as and when desired. No PPP interface needs to
- be compiled into the kernel, as the program can use the generic tunnel
- device to get data into and out of the kernel.</para>
-
- <para>From here on out, user ppp will be referred to simply as ppp unless
- a distinction needs to be made between it and any other PPP
- client/server software such as <command>pppd</command>. Unless
- otherwise stated, all commands in this section should be executed as
- root.</para>
-
- <para>There are a large number of enhancements in version 2 of ppp. You
- can discover what version you have by running ppp with no arguments and
- typing <command>show version</command> at the prompt. It is a simple
- matter to upgrade to the latest version of ppp (under any version of
- FreeBSD) by downloading the latest archive via <ulink
- url="http://www.Awfulhak.org/ppp.html">www.Awfulhak.org</ulink>.</para>
-
+ <title>Using User PPP</title>
+
+ <para><emphasis>Originally contributed by &a.brian;, with input
+ from &a.nik;, &a.dirkvangulik;, and &a.pjc;.</emphasis></para>
+
<sect2>
- <title>Before you start</title>
-
- <para>This document assumes you are in roughly this position:</para>
-
- <para>You have an account with an Internet Service Provider (ISP) which
- lets you use PPP. Further, you have a modem (or other device)
- connected and configured correctly which allows you to connect to your
- ISP.</para>
-
- <para>You are going to need the following information to hand:</para>
-
- <itemizedlist>
- <listitem>
- <para>Your ISPs phone number(s).</para>
- </listitem>
+ <title>User PPP</title>
- <listitem>
- <para>Your login name and password. This can be either a regular
- unix style login/password pair, or a PPP PAP or CHAP
- login/password pair.</para>
- </listitem>
+ <sect3>
+ <title>Assumptions</title>
- <listitem>
- <para>The IP addresses of one or more nameservers. Normally, you
- will be given two IP numbers. You <emphasis>must</emphasis> have
- this information for <application>PPP</application> version 1.x
- unless you run your own nameserver. From version 2 onwards,
- <application>PPP</application> supports nameserver address
- negotiation. If your ISP supports this, then using the command
- <command>enable dns</command> in your config file will tell
- <application>PPP</application> to set the nameservers for
- you.</para>
- </listitem>
- </itemizedlist>
-
- <para>The following information may have been supplied by your ISP, but
- is not strictly necessary:</para>
-
- <itemizedlist>
- <listitem>
- <para>The IP address of your ISP's gateway. The gateway is the
- machine to which you will connect and will be set up as your
- <emphasis>default route</emphasis>. If your ISP hasn't given you
- this number, we can make one up and your ISP's PPP server will
- tell us the correct value when we connect.</para>
-
- <para>This IP number is referred to as <literal>HISADDR</literal>
- by ppp.</para>
- </listitem>
+ <para>This document assumes you have the following:</para>
- <listitem>
- <para>Your ISP's netmask. If your ISP hasn't given you this
- information, you can safely use a netmask of <hostid
+ <itemizedlist>
+ <listitem>
+ <para>An account with an Internet Service Provider (ISP) which
+ you connect to using PPP. Further, you have a modem or
+ other device connected to your system and configured
+ correctly, which allows you to connect to your ISP.</para>
+ </listitem>
+
+ <listitem>
+ <para>The dialup number(s) of your ISP.</para>
+ </listitem>
+
+ <listitem>
+ <para>Your login name and password. This can be either a
+ regular unix style login and password pair, or a PAP or CHAP
+ login and password pair.</para>
+ </listitem>
+
+ <listitem>
+ <para>The IP address(es) of one or more name servers.
+ Normally, you will be given two IP addresses by your ISP to
+ use for this. If they have not given you at least one, then
+ you can use the <command>enable dns</command> command in
+ your <filename>ppp.conf</filename> file to tell
+ <application>ppp</application> to set the name servers for
+ you.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>The following information may be supplied by your ISP, but
+ is not completely necessary:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>The IP address of your ISP's gateway. The gateway is
+ the machine to which you will connect and will be set up as
+ your <emphasis>default route</emphasis>. If you do not have
+ this information, we can make one up and your ISP's PPP
+ server will tell us the correct value when we connect.</para>
+
+ <para>This IP number is referred to as
+ <literal>HISADDR</literal> by
+ <application>ppp</application>.</para>
+ </listitem>
+
+ <listitem>
+ <para>The netmask you should use. If your ISP has not
+ provided you with one, you can safely use <hostid
role="netmask">255.255.255.0</hostid>.</para>
-
- <para>If your ISP allocates you a static IP address and hostname
- then you can enter this information. Otherwise, we simply let the
- peer assign whatever IP number it sees fit.</para>
- </listitem>
- </itemizedlist>
-
- <para>If you do not have any of the required information, contact your
- ISP and make sure they provide it to you.</para>
- </sect2>
+ </listitem>
+
+ <listitem>
+ <para>If your ISP provides you with a static IP address and
+ hostname, you can enter it. Otherwise, we simply let the
+ peer assign whatever IP address it sees fit.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>If you do not have any of the required information, contact
+ your ISP and make sure they provide it to you.</para>
+ </sect3>
- <sect2>
- <title>Building a ppp ready kernel</title>
-
- <para>As the description states, <command>ppp</command> uses the kernel
- <devicename>tun</devicename> device. It is necessary to make sure
- that your kernel has support for this device compiled in.</para>
-
- <para>To check this, go to your kernel compile directory
- (<filename>/sys/i386/conf</filename> or
- <filename>/sys/pc98/conf</filename>) and examine your kernel
- configuration file. It needs to have the line
+ <sect3>
+ <title>Preparing the Kernel</title>
+
+ <para>As previously mentioned, <application>ppp</application>
+ users the <devicename>tun</devicename> device. It is necessary
+ to make sure that your kernel has support for this device
+ compiled into it.</para>
+
+ <para>To check, go to your kernel compile directory
+ (<filename>/sys/i386/conf</filename> or
+ <filename>/sys/pc98/conf</filename>) and examine your
+ configuration file. It should have the following line somewhere
+ in it:</para>
<programlisting>
-pseudo-device tun 1</programlisting>
-
- in it somewhere. The stock <filename>GENERIC</filename> kernel has
- this as standard, so if you have not installed a custom kernel or you
- do not have a <filename>/sys</filename> directory, you do not have to
- change anything.</para>
-
- <para>If your kernel configuration file does not have this line in it,
- or you need to configure more than one <devicename>tun</devicename> device (for example, if you
- are setting up a server and could have 16 dialup ppp connections at
- any one time then you will need to use <literal>16</literal> instead
- of <literal>1</literal>), then you should add the line, re-compile,
- re-install and boot the new kernel. Please refer to the <link
- linkend="kernelconfig">Configuring the FreeBSD Kernel</link> section
- for more information on kernel configuration.</para>
-
- <para>You can check how many tunnel devices your current kernel has by
- typing the following:</para>
+pseudo-device tun 1</programlisting>
+
+ <para>If this line is not present, you will need to add it to the
+ configuration file and recompile your kernel. The stock
+ <filename>GENERIC</filename> kernel has this included, so if you
+ have not installed a custom kernel or do not have a
+ <filename>/sys</filename> directory, you do not have to change
+ anything. If you do need to recompile your kernel, please refer
+ to the <link linkend="kernelconfig">kernel configuration</link>
+ section for more information.</para>
+
+ <para>You can check how many tunnel devices your current kernel
+ has by typing the following:</para>
- <screen>&prompt.root; <userinput>ifconfig -a</userinput>
+ <screen>&prompt.root; <userinput>ifconfig -a</userinput>
tun0: flags=8051&lt;UP,POINTOPOINT,RUNNING,MULTICAST&gt; mtu 1500
inet 200.10.100.1 --&gt; 203.10.100.24 netmask 0xffffffff
tun1: flags=8050&lt;POINTOPOINT,RUNNING,MULTICAST&gt; mtu 576
tun2: flags=8051&lt;UP,POINTOPOINT,RUNNING,MULTICAST&gt; mtu 1500
inet 203.10.100.1 --&gt; 203.10.100.20 netmask 0xffffffff
tun3: flags=8010&lt;POINTOPOINT,MULTICAST&gt; mtu 1500</screen>
-
-
- <para>This case shows four tunnel devices, two of which are currently
- configured and being used. It should be noted that the
- <literal>RUNNING</literal> flag above indicates that the interface has
- been used at some point&mdash;it is not an error if your interface
- does not show up as <literal>RUNNING</literal>.</para>
-
- <para>If you have a kernel without the <devicename>tun</devicename> device, and you can not
- rebuild it for some reason, all is not lost. You should be able to
- dynamically load the code. Refer to the appropriate
- &man.modload.8; and &man.lkm.4; pages for further details.</para>
-
- <para>You may also wish to take this opportunity to configure a
- firewall. Details can be found in the <link
- linkend="firewalls">Firewalls</link> section.</para>
- </sect2>
-
- <sect2>
- <title>Check the tun device</title>
-
- <para>Most users will only require one <devicename>tun</devicename>
- device (<filename>/dev/tun0</filename>). If you have used more (i.e.,
- a number other than <literal>1</literal> in the
- <literal>pseudo-device</literal> line in the kernel configuration
- file) then alter all references to <devicename>tun0</devicename> below
- to reflect whichever device number you are using.</para>
-
- <para>The easiest way to make sure that the
- <devicename>tun0</devicename> device is configured correctly is to
- re-make it. To do this, execute the following commands:</para>
-
- <screen>&prompt.root; <userinput>cd /dev</userinput>
+
+ <para>This case shows four tunnel devices, two of which are
+ currently configured and being used. It should be noted that
+ the <literal>RUNNING</literal> flag above indicates that the
+ interface has been used at some point&mdash;it is not an error
+ if your interface does not show up as
+ <literal>RUNNING</literal>.</para>
+
+ <para>If for some reason you have a kernel that does not have the
+ <devicename>tun</devicename> device in it and cannot recompile
+ the kernel, all is not lost. You should be able to dynamically
+ load the code. Please refer to the appropriate
+ &man.modload.8; and &man.lkm.4; man pages for further
+ details.</para>
+ </sect3>
+
+ <sect3>
+ <title>Check the <devicename>tun</devicename> device</title>
+
+ <para>Under normal circumstances, most users will only require one
+ <devicename>tun</devicename> device
+ (<filename>/dev/tun0</filename>). If you have specified more
+ than one on the <literal>pseudo-device</literal> line for
+ <devicename>tun</devicename> in your kernel configuration file,
+ then alter all references to <devicename>tun0</devicename> below
+ to reflect whichever device number you are using (e.g.,
+ <devicename>tun2</devicename>).</para>
+
+ <para>The easiest way to make sure that the
+ <devicename>tun0</devicename> device is configured correctly,
+ is to remake the device. This process is quite easy. To remake
+ the device, do the following:</para>
+
+ <screen>&prompt.root; <userinput>cd /dev</userinput>
&prompt.root; <userinput>./MAKEDEV tun0</userinput></screen>
-
- <para>If you require 16 tunnel devices in your kernel, you will need to
- create more than just <devicename>tun0</devicename>:</para>
-
- <screen>&prompt.root; <userinput>cd /dev</userinput>
+
+ <para>If you need 16 tunnel devices in your kernel, you will need
+ to create them. This can be done by executing the following
+ commands:</para>
+
+ <screen>&prompt.root; <userinput>cd /dev</userinput>
&prompt.root; <userinput>./MAKEDEV tun15</userinput></screen>
-
- <para>Also, to confirm that the kernel is configured correctly, the
- following command should give the indicated output:</para>
-
- <screen>&prompt.root; <userinput>ifconfig tun0</userinput>
-tun0: flags=8050&lt;POINTOPOINT,RUNNING,MULTICAST&gt; mtu 1500</screen>
-
- <para>The <literal>RUNNING</literal> flag may not yet be set, in which
- case you will see:</para>
-
- <screen>&prompt.root; <userinput>ifconfig tun0</userinput>
-tun0: flags=8010&lt;POINTOPOINT,MULTICAST> mtu 1500</screen>
- </sect2>
-
- <sect2>
- <title>Name Resolution Configuration</title>
-
- <para>The resolver is the part of the system that turns IP addresses
- into hostnames and vice versa. It can be configured to look for maps
- that describe IP to hostname mappings in one of two places. The first
- is a file called <filename>/etc/hosts</filename> (<command>man 5
- hosts</command>). The second is the Internet Domain Name Service
- (DNS), a distributed data base, the discussion of which is beyond the
- scope of this document.</para>
-
- <para>This section describes briefly how to configure your
- resolver.</para>
-
- <para>The resolver is a set of system calls that do the name mappings,
- but you have to tell them where to find their information. You do
- this by first editing the file <filename>/etc/host.conf</filename>.
- Do <emphasis>not</emphasis> call this file
- <filename>/etc/hosts.conf</filename> (note the extra
- <literal>s</literal>) as the results can be confusing.</para>
+
+ <para>To confirm that the kernel is configured correctly, issue
+ the follow command and compare the results:</para>
+
+ <screen>&prompt.root; <userinput>ifconfig tun0</userinput>
+tun0: flags=8050&lt;POINTOPOINT,RUNNING,MULTICAST&gt; mut 1500</screen>
+
+ <para>The <literal>RUNNING</literal> flag may not yet be set, in
+ which case you will see:</para>
+
+ <screen>&prompt.root; <userinput>ifconfig tun0</userinput>
+tun0: flags=8010&lt;POINTOPOINT,MULTICAST&gt; mtu 1500</screen>
+ </sect3>
<sect3>
- <title>Edit the <filename>/etc/host.conf</filename> file</title>
+ <title>Name Resolution Configuration</title>
+
+ <para>The resolver is the part of the system that turns IP
+ addresses into hostnames and vice versa. It can be configured
+ to look for maps that describe IP to hostname mappings in one of
+ two places. The first is a file called
+ <filename>/etc/hosts</filename>. Read &man.hosts.5; for more
+ information. The second is the Internet Domain Name Service
+ (DNS), a distributed data base, the discussion of which is
+ beyond the scope of this document.</para>
+
+ <para>The resolver is a set of system calls that do the name
+ mappings, but you have to tell them where to find their
+ information. You do this by first editing the file
+ <filename>/etc/host.conf</filename>. Do <emphasis>not</emphasis>
+ call this file <filename>/etc/hosts.conf</filename> (note the
+ extra <literal>s</literal>) as the results can be
+ confusing.</para>
- <para>This file should contain the following two lines (in this
- order):</para>
-
- <programlisting>
+ <sect4>
+ <title>Edit <filename>/etc/host.conf</filename></title>
+
+ <para>This file should contain the following two lines (in this
+ order):</para>
+
+ <programlisting>
hosts
bind</programlisting>
-
- <para>These instructs the resolver to first look in the file
- <filename>/etc/hosts</filename>, and then to consult the DNS if the
- name was not found.</para>
- </sect3>
+
+ <para>These instruct the resolver to first look in the file
+ <filename>/etc/hosts</filename>, and then to consult the DNS
+ if the name was not found.</para>
+ </sect4>
- <sect3>
- <title>Edit the <filename>/etc/hosts</filename>(5) file</title>
-
- <para>This file should contain the IP addresses and names of machines
- on your network. At a bare minimum it should contain entries for
- the machine which will be running ppp. Assuming that your machine
- is called <hostid role="fqdn">foo.bar.com</hostid> with the IP
- address <hostid role="ipaddr">10.0.0.1</hostid>,
- <filename>/etc/hosts</filename> should contain:</para>
-
- <programlisting>
-127.0.0.1 localhost
-10.0.0.1 foo.bar.com foo</programlisting>
-
- <para>The first line defines the alias <hostid>localhost</hostid> as a
- synonym for the current machine. Regardless of your own IP address,
- the IP address for this line should always be <hostid
- role="ipaddr">127.0.0.1</hostid>. The second line maps the name
- <hostid role="fqdn">foo.bar.com</hostid> (and the shorthand
- <hostid>foo</hostid>) to the IP address <hostid
+ <sect4>
+ <title>Edit <filename>/etc/hosts</filename></title>
+
+ <para>This file should contain the IP addresses and names of
+ machines on your network. At a bare minimum it should contain
+ entries for the machine which will be running ppp. Assuming
+ that your machine is called <hostid
+ role="fqdn">foo.bar.com</hostid> with the IP address <hostid
+ role="ipaddr">10.0.0.1</hostid>,
+ <filename>/etc/hosts</filename> should contain:</para>
+
+ <programlisting>
+127.0.0.1 localhost.bar.com localhost
+127.0.0.1 localhost.bar.com.
+10.0.0.1 foo.bar.com foo
+10.0.0.1 foo.bar.com.</programlisting>
+
+ <para>The first two lines define the alias
+ <hostid>localhost</hostid> as a synonym for the current
+ machine. Regardless of your own IP address, the IP address
+ for this line should always be <hostid
+ role="ipaddr">127.0.0.1</hostid>. The second two lines map
+ the name <hostid role="fqdn">foo.bar.com</hostid> (and the
+ shorthand <hostid>foo</hostid>) to the IP address <hostid
role="ipaddr">10.0.0.1</hostid>.</para>
-
- <para>If your provider allocates you a static IP address and name,
- then use these in place of the <hostid
+
+ <para>If your provider allocates you a static IP address and
+ name, use them in place of the <hostid
role="ipaddr">10.0.0.1</hostid> entry.</para>
- </sect3>
-
- <sect3>
- <title>Edit the <filename>/etc/resolv.conf</filename> file</title>
+ </sect4>
- <para><filename>/etc/resolv.conf</filename> tells the resolver how to
- behave. If you are running your own DNS, you may leave this file
- empty. Normally, you will need to enter the following
- line(s):</para>
-
- <programlisting>
+ <sect4>
+ <title>Edit <filename>/etc/resolv.conf</filename></title>
+
+ <para>The <filename>/etc/resolv.conf</filename> file tells the
+ resolver how to behave. If you are running your own DNS, you
+ may leave this file empty. Normally, you will need to enter
+ the following line(s):</para>
+
+ <programlisting>
+domain <replaceable>bar.com</replaceable>
nameserver <replaceable>x.x.x.x</replaceable>
-nameserver <replaceable>y.y.y.y</replaceable>
-domain <replaceable>bar.com</replaceable></programlisting>
-
- <para>The <hostid
- role="ipaddr"><replaceable>x.x.x.x</replaceable></hostid> and
- <hostid role="ipaddr"><replaceable>y.y.y.y</replaceable></hostid>
- addresses are those given to you by your ISP. Add as many
- <literal>nameserver</literal> lines as your ISP provides. The
- <literal>domain</literal> line defaults to your hostname's domain,
- and is probably unnecessary. Refer to the
- <filename>resolv.conf</filename> manual page for details of other
- possible entries in this file.</para>
-
- <para>If you are running PPP version 2 or greater, the <command>enable
- dns</command> command will tell PPP to request that your ISP
- confirms the nameserver values. If your ISP supplies different
- addresses (or if there are no nameserver lines in
- <filename>/etc/resolv.conf</filename>), PPP will rewrite the file
- with the ISP-supplied values.</para>
+nameserver <replaceable>y.y.y.y</replaceable></programlisting>
+
+ <para>The <hostid
+ role="ipaddr"><replaceable>x.x.x.x</replaceable></hostid> and
+ <hostid role="ipaddr"><replaceable>y.y.y.y</replaceable></hostid>
+ addresses are those given to you by your ISP. Add as many
+ <literal>nameserver</literal> lines as your ISP provides. The
+ <literal>domain</literal> line defaults to your hostname's
+ domain, and is probably unnecessary. Refer to the
+ &man.resolv.conf.5; manual page for details of other possible
+ entries in this file.</para>
+
+ <para>If you are running PPP version 2 or greater, the
+ <command>enable dns</command> command will tell PPP to request
+ that your ISP confirms the nameserver values. If your ISP
+ supplies different addresses (or if there are no nameserver
+ lines in <filename>/etc/resolv.conf</filename>), PPP will
+ rewrite the file with the ISP-supplied values.</para>
+ </sect4>
</sect3>
- </sect2>
-
- <sect2>
- <title><command>ppp</command> Configuration</title>
-
- <para>Both user ppp and <command>pppd</command> (the kernel level
- implementation of PPP) use configuration files located in the
- <filename>/etc/ppp</filename> directory. The sample configuration
- files provided are a good reference for user ppp, so don't delete
- them.</para>
-
- <para>Configuring <command>ppp</command> requires that you edit a number
- of files, depending on your requirements. What you put in them
- depends to some extent on whether your ISP allocates IP addresses
- statically (i.e., you get given one IP address, and always use that
- one) or dynamically (i.e., your IP address can be different for each
- PPP session).</para>
-
- <sect3 id="userppp-staticIP">
- <title>PPP and Static IP addresses</title>
- <para>You will need to create a configuration file called
- <filename>/etc/ppp/ppp.conf</filename>. It should look similar to
- the example below.</para>
+ <sect3>
+ <title><application>PPP</application> Configuration</title>
- <note>
- <para>Lines that end in a <literal>:</literal> start in the first
- column, all other lines should be indented as shown using spaces
- or tabs.</para>
- </note>
+ <para>Both <command>ppp</command> and <command>pppd</command>
+ (the kernel level implementation of PPP) use the configuration
+ files located in the <filename>/etc/ppp</filename> directory.
+ The sample configuration files provided are a good reference,
+ so do not delete them.</para>
- <programlisting>
+ <para>Configuring <command>ppp</command> requires that you edit a
+ number of files, depending on your requirements. What you put
+ in them depends to some extent on whether your ISP allocates IP
+ addresses statically (i.e., you get given one IP address, and
+ always use that one) or dynamically (i.e., your IP address
+ changes each time you connect to your ISP).</para>
+
+ <sect4 id="userppp-staticIP">
+ <title>PPP and Static IP Addresses</title>
+
+ <para>You will need to create a configuration file called
+ <filename>/etc/ppp/ppp.conf</filename>. It should look
+ similar to the example below.</para>
+
+ <note>
+ <para>Lines that end in a <literal>:</literal> start in the
+ first column, all other lines should be indented as shown
+ using spaces or tabs.</para>
+ </note>
+
+ <programlisting>
1 default:
2 set device /dev/cuaa0
3 set speed 115200
4 set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" ATE1Q0 OK-AT-OK \\dATDT\\TTIMEOUT 40 CONNECT"
5 provider:
-6 set phone "(0123) 456 7890"
+6 set phone "(123) 456 7890"
7 set login "TIMEOUT 10 \"\" \"\" gin:--gin: foo word: bar col: ppp"
8 set timeout 300
9 set ifaddr <replaceable>x.x.x.x</replaceable> <replaceable>y.y.y.y</replaceable> 255.255.255.0 0.0.0.0
10 add default HISADDR
11 enable dns</programlisting>
- <para>Do not include the line numbers, they are just for reference in
- this discussion.</para>
-
- <variablelist>
- <varlistentry>
- <term>Line 1:</term>
-
- <listitem>
- <para>Identifies the default entry. Commands in this entry are
- executed automatically when ppp is run.</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Line 2:</term>
-
- <listitem>
- <para>Identifies the device to which the modem is connected.
- <devicename>COM1:</devicename> is
- <filename>/dev/cuaa0</filename> and
- <devicename>COM2:</devicename> is
- <filename>/dev/cuaa1</filename>.</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Line 3:</term>
-
- <listitem>
- <para>Sets the speed you want to connect at. If 115200 doesn't
- work (it should with any reasonably new modem), try 38400
- instead.</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Line 4:</term>
-
- <listitem>
- <para>The dial string. User PPP uses an expect-send syntax
- similar to the &man.chat.8; program. Refer to the
- manual page for information on the features of this
- language.</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Line 5:</term>
-
- <listitem>
- <para>Identifies an entry for a provider called
- &ldquo;provider&rdquo;.</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Line 6:</term>
-
- <listitem>
- <para>Sets the phone number for this provider. Multiple phone
- numbers may be specified using the <literal>:</literal> or
- <literal>|</literal> character as a separator. The difference
- between these separators is described in &man.ppp.8;.
- To summarize, if you want to rotate through the numbers, use
- the <literal>:</literal>. If you want to always attempt to
- dial the first number first and only use the other numbers if
- the first number fails, use the <literal>|</literal>. Always
- quote the entire set of phone numbers as shown.</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Line 7:</term>
-
- <listitem>
- <para>The login string is of the same chat-like syntax as the
- dial string. In this example, the string works for a service
- whose login session looks like this:</para>
-
- <screen>J. Random Provider
+ <para>Do not include the line numbers, they are just for
+ reference in this discussion.</para>
+
+ <variablelist>
+ <varlistentry>
+ <term>Line 1:</term>
+
+ <listitem>
+ <para>Identifies the default entry. Commands in this
+ entry are executed automatically when ppp is run.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Line 2:</term>
+
+ <listitem>
+ <para>Identifies the device to which the modem is
+ connected. <devicename>COM1</devicename> is
+ <filename>/dev/cuaa0</filename> and
+ <devicename>COM2</devicename> is
+ <filename>/dev/cuaa1</filename>.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Line 3:</term>
+
+ <listitem>
+ <para>Sets the speed you want to connect at. If 115200
+ does not work (it should with any reasonably new modem),
+ try 38400 instead.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Line 4:</term>
+
+ <listitem>
+ <para>The dial string. User PPP uses an expect-send
+ syntax similar to the &man.chat.8; program. Refer to
+ the manual page for information on the features of this
+ language.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Line 5:</term>
+
+ <listitem>
+ <para>Identifies an entry for a provider called
+ &ldquo;provider&rdquo;.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Line 6:</term>
+
+ <listitem>
+ <para>Sets the phone number for this provider. Multiple
+ phone numbers may be specified using the colon
+ (<literal>:</literal>) or pipe character
+ (<literal>|</literal>)as a separator. The difference
+ between the two separators is described in &man.ppp.8;.
+ To summarize, if you want to rotate through the numbers,
+ use a colon. If you want to always attempt to dial the
+ first number first and only use the other numbers if the
+ first number fails, use the pipe character. Always
+ quote the entire set of phone numbers as shown.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Line 7:</term>
+
+ <listitem>
+ <para>The login string is of the same chat-like syntax as
+ the dial string. In this example, the string works for
+ a service whose login session looks like this:</para>
+
+ <screen>J. Random Provider
login: <replaceable>foo</replaceable>
password: <replaceable>bar</replaceable>
protocol: ppp</screen>
-
- <para>You will need to alter this script to suit your own needs.
- When you write this script for the first time, you should
- enable &ldquo;chat&rdquo; logging to ensure that the
- conversation is going as expected.</para>
-
- <para>If you're using PAP or CHAP, there will be no login at
- this point, so your login string can be left blank. See <link
- linkend="userppp-PAPnCHAP">PAP and CHAP
+
+ <para>You will need to alter this script to suit your own
+ needs. When you write this script for the first time,
+ you should enable &ldquo;chat&rdquo; logging to ensure
+ that the conversation is going as expected.</para>
+
+ <para>If you are using PAP or CHAP, there will be no login
+ at this point, so your login string can be left blank.
+ See <link linkend="userppp-PAPnCHAP">PAP and CHAP
authentication</link> for further details.</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Line 8:</term>
-
- <listitem>
- <para>Sets the default timeout (in seconds) for the connection.
- Here, the connection will be closed automatically after 300
- seconds of inactivity. If you never want to timeout, set this
- value to zero.</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Line 9:</term>
-
- <listitem>
- <para>Sets the interface addresses. The string
- <replaceable>x.x.x.x</replaceable> should be replaced by the
- IP address that your provider has allocated to you. The
- string <replaceable>y.y.y.y</replaceable> should be replaced
- by the IP address that your ISP indicated for their gateway
- (the machine to which you connect). If your ISP hasn't given
- you a gateway address, use <hostid
- role="netmask">10.0.0.2/0</hostid>. If you need to use a
- &ldquo;guessed&rdquo; address, make sure that you create an
- entry in <filename>/etc/ppp/ppp.linkup</filename> as per the
- instructions for <link linkend="userppp-dynamicIP">PPP and
- Dynamic IP addresses</link>. If this line is omitted,
- <command>ppp</command> cannot run in <option>-auto</option> or
- <option>-dynamic</option> mode.</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Line 10:</term>
-
- <listitem>
- <para>Adds a default route to your ISPs gateway. The special
- word <literal>HISADDR</literal> is replaced with the gateway
- address specified on line 9. It is important that this line
- appears after line 9, otherwise <literal>HISADDR</literal>
- will not yet be initialized.</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Line 11:</term>
-
- <listitem>
- <para>This line tells PPP to ask your ISP to confirm that your
- nameserver addresses are correct. If your ISP supports this
- facility, PPP can then update
- <filename>/etc/resolv.conf</filename> with the correct
- nameserver entries.</para>
- </listitem>
- </varlistentry>
- </variablelist>
-
- <para>It is not necessary to add an entry to
- <filename>ppp.linkup</filename> when you have a static IP address as
- your routing table entries are already correct before you connect.
- You may however wish to create an entry to invoke programs after
- connection. This is explained later with the sendmail
- example.</para>
-
- <para>Example configuration files can be found in the
- <filename>/etc/ppp</filename> directory.</para>
- </sect3>
-
- <sect3 id="userppp-dynamicIP">
- <title>PPP and Dynamic IP addresses</title>
-
- <para>If your service provider does not assign static IP numbers,
- <command>ppp</command> can be configured to negotiate the local and
- remote addresses. This is done by &ldquo;guessing&rdquo; an IP
- number and allowing <command>ppp</command> to set it up correctly
- using the IP Configuration Protocol (IPCP) after connecting. The
- <filename>ppp.conf</filename> configuration is the same as <link
- linkend="userppp-staticIP">PPP and Static IP addresses</link>,
- with the following change:</para>
-
- <programlisting>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Line 8:</term>
+
+ <listitem>
+ <para>Sets the default timeout (in seconds) for the
+ connection. Here, the connection will be closed
+ automatically after 300 seconds of inactivity. If you
+ never want to timeout, set this value to zero.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Line 9:</term>
+
+ <listitem>
+ <para>Sets the interface addresses. The string
+ <replaceable>x.x.x.x</replaceable> should be replaced by
+ the IP address that your provider has allocated to you.
+ The string <replaceable>y.y.y.y</replaceable> should be
+ replaced by the IP address that your ISP indicated for
+ their gateway (the machine to which you connect). If
+ your ISP hasn't given you a gateway address, use <hostid
+ role="netmask">10.0.0.2/0</hostid>. If you need to use
+ a &ldquo;guessed&rdquo; address, make sure that you
+ create an entry in
+ <filename>/etc/ppp/ppp.linkup</filename> as per the
+ instructions for <link linkend="userppp-dynamicIP">PPP
+ and Dynamic IP addresses</link>. If this line is
+ omitted, <command>ppp</command> cannot run in
+ <option>-auto</option> or <option>-dynamic</option>
+ mode.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Line 10:</term>
+
+ <listitem>
+ <para>Adds a default route to your ISPs gateway. The
+ special word <literal>HISADDR</literal> is replaced with
+ the gateway address specified on line 9. It is
+ important that this line appears after line 9,
+ otherwise <literal>HISADDR</literal> will not yet be
+ initialized.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Line 11:</term>
+
+ <listitem>
+ <para>This line tells PPP to ask your ISP to confirm that
+ your nameserver addresses are correct. If your ISP
+ supports this facility, PPP can then update
+ <filename>/etc/resolv.conf</filename> with the correct
+ nameserver entries.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+ <para>It is not necessary to add an entry to
+ <filename>ppp.linkup</filename> when you have a static IP
+ address as your routing table entries are already correct
+ before you connect. You may however wish to create an entry
+ to invoke programs after connection. This is explained later
+ with the sendmail example.</para>
+
+ <para>Example configuration files can be found in the
+ <filename>/etc/ppp</filename> directory.</para>
+ </sect4>
+
+ <sect4 id="userppp-dynamicIP">
+ <title>PPP and Dynamic IP Addresses</title>
+
+ <para>If your service provider does not assign static IP
+ addresses, <command>ppp</command> can be configured to
+ negotiate the local and remote addresses. This is done by
+ &ldquo;guessing&rdquo; an IP address and allowing
+ <command>ppp</command> to set it up correctly using the IP
+ Configuration Protocol (IPCP) after connecting. The
+ <filename>ppp.conf</filename> configuration is the same as
+ <link linkend="userppp-staticIP">PPP and Static IP
+ Addresses</link>, with the following change:</para>
+
+ <programlisting>
9 set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0</programlisting>
-
- <para>Again, do not include the line numbers, they are just for
- reference in this discussion. Indentation of at least one space is
- required.</para>
-
- <variablelist>
- <varlistentry>
- <term>Line 9:</term>
- <listitem>
- <para>The number after the <literal>/</literal> character is the
- number of bits of the address that ppp will insist on. You
- may wish to use IP numbers more appropriate to your
- circumstances, but the above example will always work.</para>
+ <para>Again, do not include the line numbers, they are just for
+ reference. Indentation of at least one space is
+ required.</para>
+
+ <variablelist>
+ <varlistentry>
+ <term>Line 9:</term>
- <para>The last argument (<literal>0.0.0.0</literal>) tells PPP
- to negotiate using address <hostid
+ <listitem>
+ <para>The number after the <literal>/</literal> character
+ is the number of bits of the address that ppp will
+ insist on. You may wish to use IP numbers more
+ appropriate to your circumstances, but the above example
+ will always work.</para>
+
+ <para>The last argument (<literal>0.0.0.0</literal>) tells
+ PPP to negotiate using address <hostid
role="ipaddr">0.0.0.0</hostid> rather than <hostid
role="ipaddr">10.0.0.1</hostid>. Do not use
- <literal>0.0.0.0</literal> as the first argument to
- <command>set ifaddr</command> as it prevents PPP from setting
- up an initial route in <option>-auto</option> mode.</para>
- </listitem>
- </varlistentry>
- </variablelist>
-
- <para>If you are running version 1.x of PPP, you will also need to
- create an entry in <filename>/etc/ppp/ppp.linkup</filename>.
- <filename>ppp.linkup</filename> is used after a connection has been
- established. At this point, <command>ppp</command> will know what
- IP addresses should <emphasis>really</emphasis> be used. The
- following entry will delete the existing bogus routes, and create
- correct ones:</para>
-
- <programlisting>
-1 provider:
-2 delete ALL
-3 add 0 0 HISADDR</programlisting>
-
- <variablelist>
- <varlistentry>
- <term>Line 1:</term>
-
- <listitem>
- <para>On establishing a connection, <command>ppp</command> will
- look for an entry in <filename>ppp.linkup</filename> according
- to the following rules: First, try to match the same label as
- we used in <filename>ppp.conf</filename>. If that fails, look
- for an entry for the IP number of our gateway. This entry is
- a four-octet IP style label. If we still haven't found an
- entry, look for the <literal>MYADDR</literal> entry.</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Line 2:</term>
-
- <listitem>
- <para>This line tells <command>ppp</command> to delete all
- existing routes for the acquired tun interface (except the
- direct route entry).</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Line 3:</term>
-
- <listitem>
- <para>This line tells <command>ppp</command> to add a default
- route that points to <literal>HISADDR</literal>.
- <literal>HISADDR</literal> will be replaced with the IP number
- of the gateway as negotiated in the IPCP.</para>
- </listitem>
- </varlistentry>
- </variablelist>
-
- <para>See the pmdemand entry in the files
- <filename>/etc/ppp/ppp.conf.sample</filename> and
- <filename>/etc/ppp/ppp.linkup.sample</filename> for a detailed
- example.</para>
-
- <para>Version 2 of PPP introduces &ldquo;sticky routes&rdquo;. Any
- <literal>add</literal> or <literal>delete</literal> lines that
- contain <literal>MYADDR</literal> or <literal>HISADDR</literal> will
- be remembered, and any time the actual values of
- <literal>MYADDR</literal> or <literal>HISADDR</literal> change, the
- routes will be re-applied. This removes the necessity of repeating
- these lines in <filename>ppp.linkup</filename>.</para>
- </sect3>
-
- <sect3>
- <title>Receiving incoming calls with <command>ppp</command></title>
-
- <para>This section describes setting up <command>ppp</command> in a
- server role.</para>
+ <literal>0.0.0.0</literal> as the first argument to
+ <command>set ifaddr</command> as it prevents PPP from
+ setting up an initial route in <option>-auto</option>
+ mode.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+ <para>If you are running version 1.x of PPP, you will also need
+ to create an entry in <filename>/etc/ppp/ppp.linkup</filename>.
+ <filename>ppp.linkup</filename> is used after a connection has
+ been established. At this point, <command>ppp</command> will
+ know what IP addresses should <emphasis>really</emphasis> be
+ used. The following entry will delete the existing bogus
+ routes, and create correct ones:</para>
- <para>When you configure <command>ppp</command> to receive incoming
- calls on a machine connected to a LAN, you must decide if you wish
- to forward packets to the LAN. If you do, you should allocate the
- peer an IP number from your LAN's subnet, and use the command
-
<programlisting>
-enable proxy</programlisting>
-
- in your <filename>ppp.conf</filename> file. You should also confirm
- that the <filename>/etc/rc.conf</filename> file (this file used to
- be called <filename>/etc/sysconfig</filename>) contains the
- following:</para>
-
- <programlisting>
-gateway=YES</programlisting>
-
- <sect4>
- <title>Which getty?</title>
-
- <para><link linkend="dialup">Configuring FreeBSD for Dialup
- Services</link> provides a good description on enabling dialup
- services using getty.</para>
-
- <para>An alternative to <command>getty</command> is <ulink
- url="http://www.leo.org/~doering/mgetty/index.html">mgetty</ulink>,
- a smarter version of <command>getty</command> designed with dialup
- lines in mind.</para>
-
- <para>The advantages of using <command>mgetty</command> is that it
- actively <emphasis>talks</emphasis> to modems, meaning if port is
- turned off in <filename>/etc/ttys</filename> then your modem won't
- answer the phone.</para>
-
- <para>Later versions of <command>mgetty</command> (from 0.99beta
- onwards) also support the automatic detection of PPP streams,
- allowing your clients script-less access to your server.</para>
-
- <para>Refer to <link linkend="userppp-mgetty">Mgetty and
- AutoPPP</link> for more information on
- <command>mgetty</command>.</para>
+1 provider:
+2 delete ALL
+3 add 0 0 HISADDR</programlisting>
+
+ <variablelist>
+ <varlistentry>
+ <term>Line 1:</term>
+
+ <listitem>
+ <para>On establishing a connection, <command>ppp</command>
+ will look for an entry in <filename>ppp.linkup</filename>
+ according to the following rules: First, try to match
+ the same label as we used in
+ <filename>ppp.conf</filename>. If that fails, look for
+ an entry for the IP address of our gateway. This entry
+ is a four-octet IP style label. If we still have not
+ found an entry, look for the <literal>MYADDR</literal>
+ entry.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Line 2:</term>
+
+ <listitem>
+ <para>This line tells <command>ppp</command> to delete all
+ of the existing routes for the acquired
+ <devicename>tun</devicename> interface (except the
+ direct route entry).</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Line 3:</term>
+
+ <listitem>
+ <para>This line tells <command>ppp</command> to add a
+ default route that points to <literal>HISADDR</literal>.
+ <literal>HISADDR</literal> will be replaced with the IP
+ number of the gateway as negotiated in the IPCP.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+ <para>See the pmdemand entry in the files
+ <filename>/etc/ppp/ppp.conf.sample</filename> and
+ <filename>/etc/ppp/ppp.linkup.sample</filename> for a
+ detailed example.</para>
+
+ <para>Version 2 of PPP introduces &ldquo;sticky routes&rdquo;.
+ Any <literal>add</literal> or <literal>delete</literal> lines
+ that contain <literal>MYADDR</literal> or
+ <literal>HISADDR</literal> will be remembered, and any time
+ the actual values of <literal>MYADDR</literal> or
+ <literal>HISADDR</literal> change, the routes will be
+ reapplied. This removes the necessity of repeating these
+ lines in <filename>ppp.linkup</filename>.</para>
</sect4>
<sect4>
- <title>PPP permissions</title>
-
- <para><command>ppp</command> must normally be run as user id 0. If
- however you wish to allow <command>ppp</command> to run in server
- mode as a normal user by executing <command>ppp</command> as
- described below, that user must be given permission to run
- <command>ppp</command> by adding them to the
- <username>network</username> group in
- <filename>/etc/group</filename>.</para>
-
- <para>You will also need to give them access to one or more sections
- of the configuration file using the <command>allow</command>
- command:</para>
+ <title>Receiving Incoming Calls</title>
+
+ <para>When you configure <application>ppp</application> to
+ receive incoming calls on a machine connected to a LAN, you
+ must decide if you wish to forward packets to the LAN. If you
+ do, you should allocate the peer an IP number from your LAN's
+ subnet, and use the command <command>enable proxy</command> in
+ your <filename>/etc/ppp/ppp.conf</filename> file. You should
+ also confirm that the <filename>/etc/rc.conf</filename> file
+ contains the following:</para>
<programlisting>
+gateway="YES"</programlisting>
+
+ <sect5>
+ <title>Which getty?</title>
+
+ <para><link linkend="dialup">Configuring FreeBSD for Dialup
+ Services</link> provides a good description on enabling
+ dialup services using getty.</para>
+
+ <para>An alternative to <command>getty</command> is <ulink
+ url="http://www.leo.org/~doering/mgetty/index.html">mgetty</ulink>,
+ a smarter version of <command>getty</command> designed with
+ dialup lines in mind.</para>
+
+ <para>The advantages of using <command>mgetty</command> is
+ that it actively <emphasis>talks</emphasis> to modems,
+ meaning if port is turned off in
+ <filename>/etc/ttys</filename> then your modem will not answer
+ the phone.</para>
+
+ <para>Later versions of <command>mgetty</command> (from
+ 0.99beta onwards) also support the automatic detection of
+ PPP streams, allowing your clients script-less access to
+ your server.</para>
+
+ <para>Refer to <link linkend="userppp-mgetty">Mgetty and
+ AutoPPP</link> for more information on
+ <command>mgetty</command>.</para>
+ </sect5>
+
+ <sect5>
+ <title><application>PPP</application> Permissions</title>
+
+ <para>The <command>ppp</command> command must normally be run
+ as user id 0. If however, you wish to allow
+ <command>ppp</command> to run in server mode as a normal
+ user by executing <command>ppp</command> as described below,
+ that user must be given permission to run
+ <command>ppp</command> by adding them to the
+ <username>network</username> group in
+ <filename>/etc/group</filename>.</para>
+
+ <para>You will also need to give them access to one or more
+ sections of the configuration file using the
+ <command>allow</command> command:</para>
+
+ <programlisting>
allow users fred mary</programlisting>
- <para>If this command is used in the <literal>default</literal>
- section, it gives the specified users access to everything.</para>
- </sect4>
+ <para>If this command is used in the <literal>default</literal>
+ section, it gives the specified users access to
+ everything.</para>
+ </sect5>
- <sect4>
- <title>Setting up a PPP shell for dynamic-IP users</title>
-
- <para>Create a file called <filename>/etc/ppp/ppp-shell</filename>
- containing the following:</para>
-
- <programlisting>
+ <sect5>
+ <title>PPP Shells for Dynamic-IP Users</title>
+
+ <para>Create a file called
+ <filename>/etc/ppp/ppp-shell</filename> containing the
+ following:</para>
+
+ <programlisting>
#!/bin/sh
IDENT=`echo $0 | sed -e 's/^.*-\(.*\)$/\1/'`
CALLEDAS="$IDENT"
@@ -704,61 +715,63 @@ echo "PPP for $CALLEDAS on $TTY"
echo "Starting PPP for $IDENT"
exec /usr/sbin/ppp -direct $IDENT</programlisting>
-
- <para>This script should be executable. Now make a symbolic link
- called <filename>ppp-dialup</filename> to this script using the
- following commands:</para>
-
- <screen>&prompt.root; <userinput>ln -s ppp-shell /etc/ppp/ppp-dialup</userinput></screen>
-
- <para>You should use this script as the <emphasis>shell</emphasis>
- for all your dialup ppp users. This is an example from
- <filename>/etc/password</filename> for a dialup PPP user with
- username <username>pchilds</username>. (remember don't directly
- edit the password file, use <command>vipw</command>)</para>
-
- <programlisting>
+
+ <para>This script should be executable. Now make a symbolic
+ link called <filename>ppp-dialup</filename> to this script
+ using the following commands:</para>
+
+ <screen>&prompt.root; <userinput>ln -s ppp-shell /etc/ppp/ppp-dialup</userinput></screen>
+
+ <para>You should use this script as the
+ <emphasis>shell</emphasis> for all of your dialup users.
+ This is an example from <filename>/etc/password</filename>
+ for a dialup PPP user with username
+ <username>pchilds</username> (remember don't directly edit
+ the password file, use <command>vipw</command>).</para>
+
+ <programlisting>
pchilds:*:1011:300:Peter Childs PPP:/home/ppp:/etc/ppp/ppp-dialup</programlisting>
-
- <para>Create a <filename>/home/ppp</filename> directory that is
- world readable containing the following 0 byte files
-
+
+ <para>Create a <filename>/home/ppp</filename> directory that
+ is world readable containing the following 0 byte
+ files:</para>
+
<screen>-r--r--r-- 1 root wheel 0 May 27 02:23 .hushlogin
-r--r--r-- 1 root wheel 0 May 27 02:22 .rhosts</screen>
-
- which prevents <filename>/etc/motd</filename> from being
- displayed.</para>
- </sect4>
- <sect4>
- <title>Setting up a PPP shell for static-IP users</title>
-
- <para>Create the <filename>ppp-shell</filename> file as above and
- for each account with statically assigned IPs create a symbolic
- link to <filename>ppp-shell</filename>.</para>
-
- <para>For example, if you have three dialup customers
- <username>fred</username>, <username>sam</username>, and
- <username>mary</username>, that you route class C networks for,
- you would type the following:</para>
-
- <screen>&prompt.root; <userinput>ln -s /etc/ppp/ppp-shell /etc/ppp/ppp-fred</userinput>
+ <para>which prevents <filename>/etc/motd</filename> from being
+ displayed.</para>
+ </sect5>
+
+ <sect5>
+ <title>PPP shells for Static-IP Users</title>
+
+ <para>Create the <filename>ppp-shell</filename> file as above
+ and for each account with statically assigned IPs create a
+ symbolic link to <filename>ppp-shell</filename>.</para>
+
+ <para>For example, if you have three dialup customers
+ <username>fred</username>, <username>sam</username>, and
+ <username>mary</username>, that you route class C networks
+ for, you would type the following:</para>
+
+ <screen>&prompt.root; <userinput>ln -s /etc/ppp/ppp-shell /etc/ppp/ppp-fred</userinput>
&prompt.root; <userinput>ln -s /etc/ppp/ppp-shell /etc/ppp/ppp-sam</userinput>
&prompt.root; <userinput>ln -s /etc/ppp/ppp-shell /etc/ppp/ppp-mary</userinput></screen>
-
- <para>Each of these users dialup accounts should have their shell
- set to the symbolic link created above. (ie.
- <username>mary</username>'s shell should be
- <filename>/etc/ppp/ppp-mary</filename>).</para>
- </sect4>
- <sect4>
- <title>Setting up ppp.conf for dynamic-IP users</title>
+ <para>Each of these users dialup accounts should have their
+ shell set to the symbolic link created above (i.e.,
+ <username>mary</username>'s shell should be
+ <filename>/etc/ppp/ppp-mary</filename>).</para>
+ </sect5>
+
+ <sect5>
+ <title>Setting up ppp.conf for dynamic-IP users</title>
- <para>The <filename>/etc/ppp/ppp.conf</filename> file should contain
- something along the lines of</para>
+ <para>The <filename>/etc/ppp/ppp.conf</filename> file should
+ contain something along the lines of:</para>
- <programlisting>
+ <programlisting>
default:
set debug phase lcp chat
set timeout 0
@@ -771,30 +784,30 @@ ttyd1:
set ifaddr 203.14.100.1 203.14.100.21 255.255.255.255
enable proxy</programlisting>
- <note>
- <para>The indenting is important.</para>
- </note>
-
- <para>The <literal>default:</literal> section is loaded for each
- session. For each dialup line enabled in
- <filename>/etc/ttys</filename> create an entry similar to the one
- for <literal>ttyd0:</literal> above. Each line should get a
- unique IP address from your pool of IP addresses for dynamic
- users.</para>
- </sect4>
+ <note>
+ <para>The indenting is important.</para>
+ </note>
- <sect4>
- <title>Setting up <filename>ppp.conf</filename> for static-IP
- users</title>
-
- <para>Along with the contents of the sample
- <filename>/etc/ppp/ppp.conf</filename> above you should add a
- section for each of the statically assigned dialup users. We will
- continue with our <username>fred</username>,
- <username>sam</username>, and <username>mary</username>
- example.</para>
-
- <programlisting>
+ <para>The <literal>default:</literal> section is loaded for
+ each session. For each dialup line enabled in
+ <filename>/etc/ttys</filename> create an entry similar to
+ the one for <literal>ttyd0:</literal> above. Each line
+ should get a unique IP address from your pool of IP
+ addresses for dynamic users.</para>
+ </sect5>
+
+ <sect5>
+ <title>Setting up <filename>ppp.conf</filename> for static-IP
+ users</title>
+
+ <para>Along with the contents of the sample
+ <filename>/etc/ppp/ppp.conf</filename> above you should add
+ a section for each of the statically assigned dialup users.
+ We will continue with our <username>fred</username>,
+ <username>sam</username>, and <username>mary</username>
+ example.</para>
+
+ <programlisting>
fred:
set ifaddr 203.14.100.1 203.14.101.1 255.255.255.255
@@ -803,14 +816,14 @@ sam:
mary:
set ifaddr 203.14.100.1 203.14.103.1 255.255.255.255</programlisting>
-
- <para>The file <filename>/etc/ppp/ppp.linkup</filename> should also
- contain routing information for each static IP user if required.
- The line below would add a route for the <hostid
- role="ipaddr">203.14.101.0</hostid> class C via the client's
- ppp link.</para>
-
- <programlisting>
+
+ <para>The file <filename>/etc/ppp/ppp.linkup</filename> should
+ also contain routing information for each static IP user if
+ required. The line below would add a route for the <hostid
+ role="ipaddr">203.14.101.0</hostid> class C via the
+ client's ppp link.</para>
+
+ <programlisting>
fred:
add 203.14.101.0 netmask 255.255.255.0 HISADDR
@@ -819,84 +832,87 @@ sam:
mary:
add 203.14.103.0 netmask 255.255.255.0 HISADDR</programlisting>
+ </sect5>
</sect4>
<sect4>
<title>More on <command>mgetty</command>, AutoPPP, and MS
extensions</title>
-
+
<sect5 id="userppp-mgetty">
<title><command>mgetty</command> and AutoPPP</title>
- <para>Configuring and compiling <command>mgetty</command> with the
- <literal>AUTO_PPP</literal> option enabled allows
+ <para>Configuring and compiling <command>mgetty</command> with
+ the <literal>AUTO_PPP</literal> option enabled allows
<command>mgetty</command> to detect the LCP phase of PPP
- connections and automatically spawn off a ppp shell. However,
- since the default login/password sequence does not occur it is
- necessary to authenticate users using either PAP or CHAP.</para>
-
- <para>This section assumes the user has successfully configured,
- compiled, and installed a version of <command>mgetty</command>
- with the <literal>AUTO_PPP</literal> option (v0.99beta or
- later)</para>
-
+ connections and automatically spawn off a ppp shell.
+ However, since the default login/password sequence does not
+ occur it is necessary to authenticate users using either PAP
+ or CHAP.</para>
+
+ <para>This section assumes the user has successfully
+ configured, compiled, and installed a version of
+ <command>mgetty</command> with the
+ <literal>AUTO_PPP</literal> option (v0.99beta or
+ later).</para>
+
<para>Make sure your
<filename>/usr/local/etc/mgetty+sendfax/login.config</filename>
file has the following in it:</para>
-
+
<programlisting>
/AutoPPP/ - - /etc/ppp/ppp-pap-dialup</programlisting>
-
+
<para>This will tell <command>mgetty</command> to run the
<filename>ppp-pap-dialup</filename> script for detected PPP
connections.</para>
-
+
<para>Create a file called
<filename>/etc/ppp/ppp-pap-dialup</filename> containing the
following (the file should be executable):</para>
-
+
<programlisting>
#!/bin/sh
exec /usr/sbin/ppp -direct pap$IDENT</programlisting>
-
+
<para>For each dialup line enabled in
- <filename>/etc/ttys</filename> create a corresponding entry in
- <filename>/etc/ppp/ppp.conf</filename>. This will happily
- co-exist with the definitions we created above.</para>
-
+ <filename>/etc/ttys</filename>, create a corresponding entry
+ in <filename>/etc/ppp/ppp.conf</filename>. This will
+ happily co-exist with the definitions we created
+ above.</para>
+
<programlisting>
pap:
enable pap
set ifaddr 203.14.100.1 203.14.100.20-203.14.100.40
enable proxy</programlisting>
-
- <para>Each user logging in with this method will need to have a
- username/password in <filename>/etc/ppp/ppp.secret</filename>
- file, or alternatively add the</para>
-
+
+ <para>Each user logging in with this method will need to have
+ a username/password in
+ <filename>/etc/ppp/ppp.secret</filename> file, or
+ alternatively add the following option to authenticate users
+ via PAP from <filename>/etc/password</filename> file.</para>
+
<programlisting>
enable passwdauth</programlisting>
-
- <para>option to authenticate users via pap from the
- <filename>/etc/password</filename> file.</para>
- <para>If you wish to assign some users a static IP number, you can
- specify the number as the third argument in
+ <para>If you wish to assign some users a static IP number, you
+ can specify the number as the third argument in
<filename>/etc/ppp/ppp.secret</filename>. See
<filename>/etc/ppp/ppp.secret.sample</filename> for
examples.</para>
</sect5>
-
+
<sect5>
<title>MS extensions</title>
- <para>It is possible to configure PPP to supply DNS and NetBIOS
- nameserver addresses on demand.</para>
+ <para>It is possible to configure PPP to supply DNS and
+ NetBIOS nameserver addresses on demand.</para>
<para>To enable these extensions with PPP version 1.x, the
following lines might be added to the relevant section of
<filename>/etc/ppp/ppp.conf</filename>.</para>
-
+
<programlisting>
enable msext
set ns 203.14.100.1 203.14.100.2
@@ -908,342 +924,348 @@ set nbns 203.14.100.5</programlisting>
accept dns
set dns 203.14.100.1 203.14.100.2
set nbns 203.14.100.5</programlisting>
-
- <para>This will tell the clients the primary and secondary name
- server addresses, and a netbios nameserver host.</para>
- <para>In version 2 and above, if the <literal>set dns</literal>
- line is omitted, PPP will use the values found in
- <filename>/etc/resolv.conf</filename>.</para>
+ <para>This will tell the clients the primary and secondary
+ name server addresses, and a netbios nameserver host.</para>
+
+ <para>In version 2 and above, if the
+ <literal>set dns</literal> line is omitted, PPP will use the
+ values found in <filename>/etc/resolv.conf</filename>.</para>
</sect5>
</sect4>
- </sect3>
-
- <sect3 id="userppp-PAPnCHAP">
- <title>PAP and CHAP authentication</title>
-
- <para>Some ISPs set their system up so that the authentication part of
- your connection is done using either of the PAP or CHAP
- authentication mechanisms. If this is the case, your ISP will not
- give a <prompt>login:</prompt> prompt when you connect, but will
- start talking PPP immediately.</para>
-
- <para>PAP is less secure than CHAP, but security is not normally an
- issue here as passwords, although being sent as plain text with PAP,
- are being transmitted down a serial line only. There's not much room
- for crackers to &ldquo;eavesdrop&rdquo;.</para>
-
- <para>Referring back to the <link linkend="userppp-staticIP">PPP and
- Static IP addresses</link> or <link
+
+ <sect4 id="userppp-PAPnCHAP">
+ <title>PAP and CHAP authentication</title>
+
+ <para>Some ISPs set their system up so that the authentication
+ part of your connection is done using either of the PAP or
+ CHAP authentication mechanisms. If this is the case, your ISP
+ will not give a <prompt>login:</prompt> prompt when you
+ connect, but will start talking PPP immediately.</para>
+
+ <para>PAP is less secure than CHAP, but security is not normally
+ an issue here as passwords, although being sent as plain text
+ with PAP, are being transmitted down a serial line only.
+ There's not much room for crackers to
+ &ldquo;eavesdrop&rdquo;.</para>
+
+ <para>Referring back to the <link linkend="userppp-staticIP">PPP
+ and Static IP addresses</link> or <link
linkend="userppp-dynamicIP">PPP and Dynamic IP addresses</link>
- sections, the following alterations must be made:</para>
-
- <programlisting>
+ sections, the following alterations must be made:</para>
+
+ <programlisting>
7 set login
&hellip;
12 set authname <replaceable>MyUserName</replaceable>
13 set authkey <replaceable>MyPassword</replaceable></programlisting>
-
- <para>As always, do not include the line numbers, they are just for
- reference in this discussion. Indentation of at least one space is
- required.</para>
-
- <variablelist>
- <varlistentry>
- <term>Line 7:</term>
- <listitem>
- <para>Your ISP will not normally require that you log into the
- server if you're using PAP or CHAP. You must therefore
- disable your "set login" string.</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Line 12:</term>
-
- <listitem>
- <para>This line specifies your PAP/CHAP user name. You will
- need to insert the correct value for
- <replaceable>MyUserName</replaceable>.</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Line 13:</term>
-
- <listitem>
- <para>This line specifies your PAP/CHAP password. You will need
- to insert the correct value for
- <replaceable>MyPassword</replaceable>. You may want to add an
- additional line
+ <para>As always, do not include the line numbers, they are just
+ for reference in this discussion. Indentation of at least one
+ space is required.</para>
+
+ <variablelist>
+ <varlistentry>
+ <term>Line 7:</term>
+
+ <listitem>
+ <para>Your ISP will not normally require that you log into
+ the server if you're using PAP or CHAP. You must
+ therefore disable your &ldquo;set login&rdquo;
+ string.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Line 12:</term>
+
+ <listitem>
+ <para>This line specifies your PAP/CHAP user name. You
+ will need to insert the correct value for
+ <replaceable>MyUserName</replaceable>.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Line 13:</term>
+
+ <listitem>
+ <para>This line specifies your PAP/CHAP password. You
+ will need to insert the correct value for
+ <replaceable>MyPassword</replaceable>. You may want to
+ add an additional line, such as:</para>
- <programlisting>
+ <programlisting>
15 accept PAP</programlisting>
- or
-
- <programlisting>
+ <para>or</para>
+
+ <programlisting>
15 accept CHAP</programlisting>
- to make it obvious that this is the intention, but PAP and
- CHAP are both accepted by default.</para>
- </listitem>
- </varlistentry>
- </variablelist>
- </sect3>
-
- <sect3>
- <title>Changing your <command>ppp</command> configuration on the
- fly</title>
+ <para>to make it obvious that this is the intention, but
+ PAP and CHAP are both accepted by default.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </sect4>
- <para>It is possible to talk to the <command>ppp</command> program
- while it is running in the background, but only if a suitable
- diagnostic port has been set up. To do this, add the following line
- to your configuration:</para>
+ <sect4>
+ <title>Changing your <command>ppp</command> configuration on the
+ fly</title>
- <programlisting>
+ <para>It is possible to talk to the <command>ppp</command>
+ program while it is running in the background, but only if a
+ suitable diagnostic port has been set up. To do this, add the
+ following line to your configuration:</para>
+
+ <programlisting>
set server /var/run/ppp-tun%d DiagnosticPassword 0177</programlisting>
- <para>This will tell PPP to listen to the specified unix-domain
- socket, asking clients for the specified password before allowing
- access. The <literal>%d</literal> in the name is replaced with the
- <devicename>tun</devicename> device number that is in use.</para>
-
- <para>Once a socket has been set up, the
- &man.pppctl.8; program may be used in scripts that wish to
- manipulate the running program.</para>
+ <para>This will tell PPP to listen to the specified unix-domain
+ socket, asking clients for the specified password before
+ allowing access. The <literal>%d</literal> in the name is
+ replaced with the <devicename>tun</devicename> device number
+ that is in use.</para>
+
+ <para>Once a socket has been set up, the &man.pppctl.8; program
+ may be used in scripts that wish to manipulate the running
+ program.</para>
+ </sect4>
</sect3>
- </sect2>
-
- <sect2 id="userppp-final">
- <title>Final system configuration</title>
-
- <para>You now have <command>ppp</command> configured, but there are a
- few more things to do before it is ready to work. They all involve
- editing the <filename>/etc/rc.conf</filename> file (was
- <filename>/etc/sysconfig</filename>).</para>
-
- <para>Working from the top down in this file, make sure the
- <literal>hostname=</literal> line is set, e.g.:</para>
-
- <programlisting>
-hostname=foo.bar.com</programlisting>
-
- <para>If your ISP has supplied you with a static IP address and name,
- it's probably best that you use this name as your host name.</para>
-
- <para>Look for the <literal>network_interfaces</literal> variable. If
- you want to configure your system to dial your ISP on demand, make
- sure the <devicename>tun0</devicename> device is added to the list,
- otherwise remove it.</para>
-
- <programlisting>
-network_interfaces="lo0 tun0" ifconfig_tun0=</programlisting>
- <note>
- <para>The <literal>ifconfig_tun0</literal> variable should be empty,
- and a file called <filename>/etc/start_if.tun0</filename> should be
- created. This file should contain the line</para>
+ <sect3 id="userppp-final">
+ <title>Final system configuration</title>
+
+ <para>You now have <command>ppp</command> configured, but there
+ are a few more things to do before it is ready to work. They
+ all involve editing the <filename>/etc/rc.conf</filename>
+ file.</para>
+
+ <para>Working from the top down in this file, make sure the
+ <literal>hostname=</literal> line is set, e.g.:</para>
<programlisting>
+hostname="foo.bar.com"</programlisting>
+
+ <para>If your ISP has supplied you with a static IP address and
+ name, it's probably best that you use this name as your host
+ name.</para>
+
+ <para>Look for the <literal>network_interfaces</literal> variable.
+ If you want to configure your system to dial your ISP on demand,
+ make sure the <devicename>tun0</devicename> device is added to
+ the list, otherwise remove it.</para>
+
+ <programlisting>
+network_interfaces="lo0 tun0" ifconfig_tun0=</programlisting>
+
+ <note>
+ <para>The <literal>ifconfig_tun0</literal> variable should be
+ empty, and a file called
+ <filename>/etc/start_if.tun0</filename> should be created.
+ This file should contain the line:</para>
+
+ <programlisting>
ppp -auto mysystem</programlisting>
-
- <para>This script is executed at network configuration time, starting
- your ppp daemon in automatic mode. If you have a LAN for which this
- machine is a gateway, you may also wish to use the
- <option>-alias</option> switch. Refer to the manual page for
- further details.</para>
- </note>
-
- <para>Set the router program to <literal>NO</literal> with the
- line</para>
-
- <programlisting>
-router_enable=NO (/etc/rc.conf)
-router=NO (/etc/sysconfig)</programlisting>
-
- <para>It is important that the <command>routed</command> daemon is not
- started (it's started by default) as <command>routed</command> tends
- to delete the default routing table entries created by
- <command>ppp</command>.</para>
-
- <para>It is probably worth your while ensuring that the
- <literal>sendmail_flags</literal> line does not include the
- <option>-q</option> option, otherwise <command>sendmail</command> will
- attempt to do a network lookup every now and then, possibly causing
- your machine to dial out. You may try:</para>
-
- <programlisting>
+
+ <para>This script is executed at network configuration time,
+ starting your ppp daemon in automatic mode. If you have a LAN
+ for which this machine is a gateway, you may also wish to use
+ the <option>-alias</option> switch. Refer to the manual page
+ for further details.</para>
+ </note>
+
+ <para>Set the router program to <literal>NO</literal> with
+ following line in your <filename>/etc/rc.conf</filename>:</para>
+
+ <programlisting>
+router_enable="NO"</programlisting>
+
+ <para>It is important that the <command>routed</command> daemon is
+ not started (it is started by default), as it
+ <command>routed</command> tends to delete the default routing
+ table entries created by <command>ppp</command>.</para>
+
+ <para>It is probably worth your while ensuring that the
+ <literal>sendmail_flags</literal> line does not include the
+ <option>-q</option> option, otherwise
+ <command>sendmail</command> will attempt to do a network lookup
+ every now and then, possibly causing your machine to dial out.
+ You may try:</para>
+
+ <programlisting>
sendmail_flags="-bd"</programlisting>
-
- <para>The upshot of this is that you must force
- <command>sendmail</command> to re-examine the mail queue whenever the
- ppp link is up by typing:</para>
-
- <screen>&prompt.root; <userinput>/usr/sbin/sendmail -q</userinput></screen>
-
- <para>You may wish to use the <command>!bg</command> command in
- <filename>ppp.linkup</filename> to do this automatically:</para>
-
- <programlisting>
+
+ <para>The downside of this is that you must force
+ <command>sendmail</command> to re-examine the mail queue
+ whenever the ppp link is up by typing:</para>
+
+ <screen>&prompt.root; <userinput>/usr/sbin/sendmail -q</userinput></screen>
+
+ <para>You may wish to use the <command>!bg</command> command in
+ <filename>ppp.linkup</filename> to do this automatically:</para>
+
+ <programlisting>
1 provider:
2 delete ALL
3 add 0 0 HISADDR
4 !bg sendmail -bd -q30m</programlisting>
-
- <para>If you don't like this, it is possible to set up a
- &ldquo;dfilter&rdquo; to block SMTP traffic. Refer to the sample
- files for further details.</para>
-
- <para>All that is left is to reboot the machine.</para>
-
- <para>After rebooting, you can now either type</para>
-
- <screen>&prompt.root; <userinput>ppp</userinput></screen>
-
- <para>and then <command>dial provider</command> to start the PPP
- session, or, if you want <command>ppp</command> to establish sessions
- automatically when there is outbound traffic (and you haven't created
- the <filename>start_if.tun0</filename> script), type</para>
-
- <screen>&prompt.root; <userinput>ppp -auto provider</userinput></screen>
- </sect2>
-
- <sect2>
- <title>Summary</title>
-
- <para>To recap, the following steps are necessary when setting up ppp
- for the first time:</para>
-
- <para>Client side:</para>
-
- <procedure>
- <step>
- <para>Ensure that the <devicename>tun</devicename> device is built
- into your kernel.</para>
- </step>
- <step>
- <para>Ensure that the
- <filename>tun<replaceable>X</replaceable></filename> device file
- is available in the <filename>/dev</filename> directory.</para>
- </step>
-
- <step>
- <para>Create an entry in <filename>/etc/ppp/ppp.conf</filename>.
- The <filename>pmdemand</filename> example should suffice for most
- ISPs.</para>
- </step>
+ <para>If you don't like this, it is possible to set up a
+ &ldquo;dfilter&rdquo; to block SMTP traffic. Refer to the
+ sample files for further details.</para>
- <step>
- <para>If you have a dynamic IP address, create an entry in
- <filename>/etc/ppp/ppp.linkup</filename>.</para>
- </step>
+ <para>Now the only thing left to do is reboot the machine.</para>
- <step>
- <para>Update your <filename>/etc/rc.conf</filename> (or
- <filename>sysconfig</filename>) file.</para>
- </step>
+ <para>All that is left is to reboot the machine. After rebooting,
+ you can now either type:</para>
- <step>
- <para>Create a <filename>start_if.tun0</filename> script if you
- require demand dialing.</para>
- </step>
- </procedure>
-
- <para>Server side:</para>
-
- <procedure>
- <step>
- <para>Ensure that the <devicename>tun</devicename> device is built
- into your kernel.</para>
- </step>
+ <screen>&prompt.root; <userinput>ppp</userinput></screen>
- <step>
- <para>Ensure that the
- <filename>tun<replaceable>X</replaceable></filename> device file
- is available in the <filename>/dev</filename> directory.</para>
- </step>
+ <para>and then <command>dial provider</command> to start the PPP
+ session, or, if you want <command>ppp</command> to establish
+ sessions automatically when there is outbound traffic (and
+ you have not created the <filename>start_if.tun0</filename>
+ script), type:</para>
- <step>
- <para>Create an entry in <filename>/etc/passwd</filename> (using the
- &man.vipw.8; program).</para>
- </step>
+ <screen>&prompt.root; <userinput>ppp -auto provider</userinput></screen>
+ </sect3>
- <step>
- <para>Create a profile in this users home directory that runs
- <command>ppp -direct direct-server</command> or similar.</para>
- </step>
+ <sect3>
+ <title>Summary</title>
+
+ <para>To recap, the following steps are necessary when setting up
+ ppp for the first time:</para>
+
+ <para>Client side:</para>
+
+ <procedure>
+ <step>
+ <para>Ensure that the <devicename>tun</devicename> device is
+ built into your kernel.</para>
+ </step>
+
+ <step>
+ <para>Ensure that the
+ <filename>tun<replaceable>X</replaceable></filename> device
+ file is available in the <filename>/dev</filename>
+ directory.</para>
+ </step>
+
+ <step>
+ <para>Create an entry in
+ <filename>/etc/ppp/ppp.conf</filename>. The
+ <filename>pmdemand</filename> example should suffice for
+ most ISPs.</para>
+ </step>
+
+ <step>
+ <para>If you have a dynamic IP address, create an entry in
+ <filename>/etc/ppp/ppp.linkup</filename>.</para>
+ </step>
+
+ <step>
+ <para>Update your <filename>/etc/rc.conf</filename>
+ file.</para>
+ </step>
+
+ <step>
+ <para>Create a <filename>start_if.tun0</filename> script if
+ you require demand dialing.</para>
+ </step>
+ </procedure>
+
+ <para>Server side:</para>
+
+ <procedure>
+ <step>
+ <para>Ensure that the <devicename>tun</devicename> device is
+ built into your kernel.</para>
+ </step>
+
+ <step>
+ <para>Ensure that the
+ <filename>tun<replaceable>X</replaceable></filename> device
+ file is available in the <filename>/dev</filename>
+ directory.</para>
+ </step>
+
+ <step>
+ <para>Create an entry in <filename>/etc/passwd</filename>
+ (using the &man.vipw.8; program).</para>
+ </step>
+
+ <step>
+ <para>Create a profile in this users home directory that runs
+ <command>ppp -direct direct-server</command> or
+ similar.</para>
+ </step>
+
+ <step>
+ <para>Create an entry in
+ <filename>/etc/ppp/ppp.conf</filename>. The
+ <filename>direct-server</filename> example should
+ suffice.</para>
+ </step>
+
+ <step>
+ <para>Create an entry in
+ <filename>/etc/ppp/ppp.linkup</filename>.</para>
+ </step>
+
+ <step>
+ <para>Update your <filename>/etc/rc.conf</filename>
+ file.</para>
+ </step>
+ </procedure>
+ </sect3>
+ </sect2>
+ </sect1>
- <step>
- <para>Create an entry in <filename>/etc/ppp/ppp.conf</filename>.
- The <filename>direct-server</filename> example should
- suffice.</para>
- </step>
+ <sect1 id="ppp">
+ <title>Using Kernel PPP</title>
- <step>
- <para>Create an entry in
- <filename>/etc/ppp/ppp.linkup</filename>.</para>
- </step>
+ <para><emphasis>Parts originally contributed by &a.gena; and
+ &a.rhuff;.</emphasis></para>
- <step>
- <para>Update your <filename>/etc/rc.conf</filename> (or
- <filename>sysconfig</filename>) file.</para>
- </step>
- </procedure>
- </sect2>
-
<sect2>
- <title>Acknowledgments</title>
-
- <para>This section of the handbook was last updated on Monday Aug 10,
- 1998 by &a.brian;</para>
-
- <para>Thanks to the following for their input, comments &amp;
- suggestions:</para>
-
- <para>&a.nik;</para>
-
- <para>&a.dirkvangulik;</para>
-
- <para>&a.pjc;</para>
- </sect2>
- </sect1>
-
- <sect1 id="ppp">
- <title>Setting up Kernel PPP</title>
-
- <para><emphasis>Contributed by &a.gena;.</emphasis></para>
-
- <para>Before you start setting up PPP on your machine make sure that
- <command>pppd</command> is located in <filename>/usr/sbin</filename> and
- directory <filename>/etc/ppp</filename> exists.</para>
+ <title>Setting up Kernel PPP</title>
- <para><command>pppd</command> can work in two modes:</para>
+ <para>Before you start setting up PPP on your machine make sure
+ that <command>pppd</command> is located in
+ <filename>/usr/sbin</filename> and the directory
+ <filename>/etc/ppp</filename> exists.</para>
- <orderedlist>
- <listitem>
- <para>as a &ldquo;client&rdquo;, i.e. you want to connect your machine
- to outside world via PPP serial connection or modem line.</para>
- </listitem>
-
- <listitem>
- <para>as a &ldquo;server&rdquo;, i.e. your machine is located on the
- network and used to connect other computers using PPP.</para>
- </listitem>
- </orderedlist>
-
- <para>In both cases you will need to set up an options file
- (<filename>/etc/ppp/options</filename> or <filename>~/.ppprc</filename>
- if you have more then one user on your machine that uses PPP).</para>
+ <para><command>pppd</command> can work in two modes:</para>
+
+ <orderedlist>
+ <listitem>
+ <para>As a &ldquo;client&rdquo;, i.e., you want to connect your
+ machine to the outside world via a PPP serial connection or
+ modem line.</para>
+ </listitem>
- <para>You also will need some modem/serial software (preferably kermit) so
- you can dial and establish connection with remote host.</para>
+ <listitem>
+ <para>as a &ldquo;server&rdquo;, i.e. your machine is located on
+ the network and used to connect other computers using
+ PPP.</para>
+ </listitem>
+ </orderedlist>
+
+ <para>In both cases you will need to set up an options file
+ (<filename>/etc/ppp/options</filename> or
+ <filename>~/.ppprc</filename> if you have more than one user on
+ your machine that uses PPP).</para>
+
+ <para>You also will need some modem/serial software (preferably
+ kermit) so you can dial and establish a connection with the
+ remote host.</para>
+ </sect2>
<sect2>
- <title>Working as a PPP client</title>
-
+ <title>Using <command>pppd</command> as a client</title>
+
<para>I used the following <filename>/etc/ppp/options</filename> to
connect to CISCO terminal server PPP line.</para>
@@ -1263,14 +1285,14 @@ domain ppp.foo.com # put your domain name here
defaultroute # put this if you want that PPP server will be your
# default router</programlisting>
-
+
<para>To connect:</para>
<procedure>
<step>
- <para>Dial to the remote host using kermit (or other modem program)
- enter your user name and password (or whatever is needed to enable
- PPP on the remote host)</para>
+ <para>Dial to the remote host using kermit (or some other modem
+ program), and enter your user name and password (or whatever
+ is needed to enable PPP on the remote host).</para>
</step>
<step>
@@ -1278,21 +1300,21 @@ defaultroute # put this if you want that PPP server will be your
</step>
<step>
- <para>enter:</para>
-
+ <para>Enter the following:</para>
+
<screen>&prompt.root; <userinput>/usr/src/usr.sbin/pppd.new/pppd <replaceable>/dev/tty01</replaceable> <replaceable>19200</replaceable></userinput></screen>
- <para>Use the appropriate speed and device name.</para>
+ <para>Be sure to use the appropriate speed and device name.</para>
</step>
</procedure>
-
- <para>Now your computer is connected with PPP. If the connection fails
- for some reasons you can add the <option>debug</option> option to the
- <filename>/etc/ppp/options</filename> file and check messages on the
- console to track the problem</para>
+
+ <para>Now your computer is connected with PPP. If the connection
+ fails, you can add the <option>debug</option> option to the
+ <filename>/etc/ppp/options</filename> file and check messages on
+ the console to track the problem.</para>
- <para>Following <filename>/etc/ppp/pppup</filename> script will make all
- 3 stages automatically:</para>
+ <para>Following <filename>/etc/ppp/pppup</filename> script will make
+ all 3 stages automatically:</para>
<programlisting>
#!/bin/sh
@@ -1314,14 +1336,14 @@ ifconfig ppp0 delete
kermit -y /etc/ppp/kermit.dial
pppd /dev/tty01 19200</programlisting>
-
- <para><filename>/etc/ppp/kermit.dial</filename> is kermit script that
- dials and makes all necessary authorization on the remote host.
- (Example of such script is attached to the end of this
- document)</para>
-
- <para>Use the following <filename>/etc/ppp/pppdown</filename> script to
- disconnect the PPP line:</para>
+
+ <para><filename>/etc/ppp/kermit.dial</filename> is a kermit script
+ that dials and makes all necessary authorization on the remote
+ host (an example of such a script is attached to the end of this
+ document).</para>
+
+ <para>Use the following <filename>/etc/ppp/pppdown</filename> script
+ to disconnect the PPP line:</para>
<programlisting>
#!/bin/sh
@@ -1342,9 +1364,10 @@ fi
/sbin/ifconfig ppp0 delete
kermit -y /etc/ppp/kermit.hup
/etc/ppp/ppptest</programlisting>
-
- <para>Check if PPP is still running
- (<filename>/usr/etc/ppp/ppptest</filename>):</para>
+
+ <para>Check to see if PPP is still running by executing
+ <filename>/usr/etc/ppp/ppptest</filename>, which should look like
+ this:</para>
<programlisting>
#!/bin/sh
@@ -1357,9 +1380,10 @@ fi
set -x
netstat -n -I ppp0
ifconfig ppp0</programlisting>
-
- <para>Hangs up modem line
- (<filename>/etc/ppp/kermit.hup</filename>):</para>
+
+ <para>To hang up the modem, execute
+ <filename>/etc/ppp/kermit.hup</filename>, which should
+ contain:</para>
<programlisting>
set line /dev/tty01 ; put your modem device here
@@ -1380,17 +1404,15 @@ inp 5 OK
out ATH0\13
echo \13
exit</programlisting>
-
- <para>Here is an alternate method using <command>chat</command> instead
- of <command>kermit</command>.</para>
-
- <para><emphasis>Contributed by &a.rhuff;.</emphasis></para>
-
+
+ <para>Here is an alternate method using <command>chat</command>
+ instead of <command>kermit</command>.</para>
+
<para>The following two files are sufficient to accomplish a pppd
connection.</para>
-
+
<para><filename>/etc/ppp/options</filename>:</para>
-
+
<programlisting>
/dev/cuaa1 115200
@@ -1410,30 +1432,33 @@ domain &lt;your.domain&gt; # put your domain name here
defaultroute # put this if you want that PPP server will be
# your default router</programlisting>
-
+
<para><filename>/etc/ppp/login.chat.script</filename>:</para>
-
- <para>(This should actually go into a single line.)</para>
-
+
+ <note>
+ <para>The following should go on a single line.</para>
+ </note>
+
<programlisting>
ABORT BUSY ABORT 'NO CARRIER' "" AT OK ATDT&lt;phone.number&gt;
CONNECT "" TIMEOUT 10 ogin:-\\r-ogin: &lt;login-id&gt;
TIMEOUT 5 sword: &lt;password&gt;</programlisting>
-
- <para>Once these are installed and modified correctly, all you need to
- do is</para>
-
+
+ <para>Once these are installed and modified correctly, all you need
+ to do is run <command>pppd</command>, like so:</para>
+
<screen>&prompt.root; <userinput>pppd</userinput></screen>
-
- <para>This sample based primarily on information provided by: Trev
- Roydhouse &lt;Trev.Roydhouse@f401.n711.z3.fidonet.org&gt; and used by
- permission.</para>
+
+ <para>This sample is based primarily on information provided by:
+ Trev Roydhouse &lt;Trev.Roydhouse@f401.n711.z3.fidonet.org&gt;
+ and used with permission.</para>
</sect2>
-
+
<sect2>
- <title>Working as a PPP server</title>
-
- <para><filename>/etc/ppp/options</filename>:</para>
+ <title>Using <command>pppd</command> as a server</title>
+
+ <para><filename>/etc/ppp/options</filename> should contain something
+ similar to the following:</para>
<programlisting>
crtscts # Hardware flow control
@@ -1447,9 +1472,10 @@ netmask 255.255.255.0 # netmask ( not required )
domain ppp.foo.com # your domain
passive # wait for LCP
modem # modem line</programlisting>
-
- <para>Following <filename>/etc/ppp/pppserv</filename> script will enable
- ppp server on your machine:</para>
+
+ <para>The following <filename>/etc/ppp/pppserv</filename> script
+ will enable tell <application>pppd</application> to behave as a
+ server:</para>
<programlisting>
#!/bin/sh
@@ -1475,9 +1501,9 @@ kermit -y /etc/ppp/kermit.ans
# run ppp
pppd /dev/tty01 19200</programlisting>
-
- <para>Use this <filename>/etc/ppp/pppservdown</filename> script to stop
- ppp server:</para>
+
+ <para>Use this <filename>/etc/ppp/pppservdown</filename> script to
+ stop the server:</para>
<programlisting>
#!/bin/sh
@@ -1497,9 +1523,10 @@ ifconfig ppp0 down
ifconfig ppp0 delete
kermit -y /etc/ppp/kermit.noans</programlisting>
-
- <para>Following kermit script will enable/disable autoanswer mode on
- your modem (<filename>/etc/ppp/kermit.ans</filename>):</para>
+
+ <para>The following kermit script
+ (<filename>/etc/ppp/kermit.ans</filename>) will enable/disable
+ autoanswer mode on your modem. It should look like this:</para>
<programlisting>
set line /dev/tty01
@@ -1525,12 +1552,12 @@ out ATS0=1\13 ; change this to out ATS0=0\13 if you want to disable
inp 5 OK
echo \13
exit</programlisting>
-
- <para>This <filename>/etc/ppp/kermit.dial</filename> script is used for
- dialing and authorizing on remote host. You will need to customize it
- for your needs. Put your login and password in this script, also you
- will need to change input statement depending on responses from your
- modem and remote host.</para>
+
+ <para>A script named <filename>/etc/ppp/kermit.dial</filename> is
+ used for dialing and authenticating on the remote host. You will
+ need to customize it for your needs. Put your login and password
+ in this script; you will also need to change the input statement
+ depending on responses from your modem and remote host.</para>
<programlisting>
;
@@ -1649,9 +1676,9 @@ exit 1
; end:</programlisting>
</sect2>
</sect1>
-
+
<sect1 id="pppoe">
- <title>Setting up PPP over Ethernet (PPPoE)</title>
+ <title>Using PPP over Ethernet (PPPoE)</title>
<para><emphasis>Contributed by &a.jim; (from <ulink
url="http://www-dev.node.to/freebsd/how-tos/how-to-freebsd-pppoe.html">node.to</ulink>) 10 Jan 2000.</emphasis></para>
@@ -1827,153 +1854,158 @@ ppp_profile="default" # or your provider</programlisting>
</sect2>
</sect1>
- <sect1 id="slipc">
- <title>Setting up a SLIP Client</title>
-
- <para><emphasis>Contributed by &a.asami; 8 Aug 1995.</emphasis></para>
-
- <para>The following is one way to set up a FreeBSD machine for SLIP on a
- static host network. For dynamic hostname assignments (i.e., your
- address changes each time you dial up), you probably need to do
- something much fancier.</para>
-
- <para>First, determine which serial port your modem is connected to. I
- have a symbolic link to <filename>/dev/modem</filename> from
- <filename>/dev/cuaa1</filename>, and only use the modem name in my
- configuration files. It can become quite cumbersome when you need to
- fix a bunch of files in <filename>/etc</filename> and
- <filename>.kermrc</filename>'s all over the system!</para>
-
- <note>
- <para><filename>/dev/cuaa0</filename> is <devicename>COM1</devicename>,
- <filename>cuaa1</filename> is <devicename>COM2</devicename>,
- etc.</para>
- </note>
-
- <para>Make sure you have
+ <sect1 id="slip">
+ <title>Using SLIP</title>
+
+ <para><emphasis>Originally contributed by &a.asami; and
+ &a.ghelmer;, with input from &a.wilko; and
+ &a.piero;.</emphasis></para>
+
+ <sect2 id="slipc">
+ <title>Setting up a SLIP Client</title>
+
+ <para>The following is one way to set up a FreeBSD machine for SLIP
+ on a static host network. For dynamic hostname assignments (i.e.,
+ your address changes each time you dial up), you probably need to
+ do something much fancier.</para>
+
+ <para>First, determine which serial port your modem is connected to.
+ I have a symbolic link to <filename>/dev/modem</filename> from
+ <filename>/dev/cuaa1</filename>, and only use the modem name in
+ my configuration files. It can become quite cumbersome when you
+ need to fix a bunch of files in <filename>/etc</filename> and
+ <filename>.kermrc</filename>'s all over the system!</para>
+
+ <note>
+ <para><filename>/dev/cuaa0</filename> is
+ <devicename>COM1</devicename>, <filename>cuaa1</filename> is
+ <devicename>COM2</devicename>, etc.</para>
+ </note>
+
+ <para>Make sure you have the following in your kernel configuration
+ file:</para>
<programlisting>
pseudo-device sl 1</programlisting>
- in your kernel's config file. It is included in the
- <filename>GENERIC</filename> kernel, so this will not be a problem
- unless you deleted it.</para>
+ <para>It is included in the <filename>GENERIC</filename> kernel, so
+ this should not be a problem unless you have deleted it.</para>
- <sect2>
- <title>Things you have to do only once</title>
-
- <procedure>
- <step>
- <para>Add your home machine, the gateway and nameservers to your
- <filename>/etc/hosts</filename> file. Mine looks like
- this:</para>
+ <sect3>
+ <title>Things you have to do only once</title>
- <programlisting>
+ <procedure>
+ <step>
+ <para>Add your home machine, the gateway and nameservers to
+ your <filename>/etc/hosts</filename> file. Mine looks like
+ this:</para>
+
+ <programlisting>
127.0.0.1 localhost loghost
136.152.64.181 silvia.HIP.Berkeley.EDU silvia.HIP silvia
136.152.64.1 inr-3.Berkeley.EDU inr-3 slip-gateway
128.32.136.9 ns1.Berkeley.edu ns1
128.32.136.12 ns2.Berkeley.edu ns2</programlisting>
-
- <para>By the way, silvia is the name of the car that I had when I
- was back in Japan (it is called 2?0SX here in U.S.).</para>
- </step>
+ </step>
+
+ <step>
+ <para>Make sure you have <option>hosts</option> before
+ <option>bind</option> in your
+ <filename>/etc/host.conf</filename>. Otherwise, funny
+ things may happen.</para>
+ </step>
+
+ <step>
+ <para>Edit the <filename>/etc/rc.conf</filename> file.</para>
+
+ <orderedlist>
+ <listitem>
+ <para>Set your hostname by editing the line that
+ says:</para>
- <step>
- <para>Make sure you have <option>hosts</option> before
- <option>bind</option> in your <filename>/etc/host.conf</filename>.
- Otherwise, funny things may happen.</para>
- </step>
+ <programlisting>
+hostname=&ldquo;myname.my.domain&rdquo;</programlisting>
- <step>
- <para>Edit the file <filename>/etc/rc.conf</filename>. Note that
- you should edit the file <filename>/etc/sysconfig</filename>
- instead if you are running FreeBSD previous to version
- 2.2.2.</para>
-
- <orderedlist>
- <listitem>
- <para>Set your hostname by editing the line that says:</para>
-
- <programlisting>
-hostname=myname.my.domain</programlisting>
+ <para>You should give it your full Internet
+ hostname.</para>
+ </listitem>
- <para>You should give it your full Internet hostname.</para>
- </listitem>
-
- <listitem>
- <para>Add sl0 to the list of network interfaces by changing the
- line that says:</para>
-
- <programlisting>
+ <listitem>
+ <para>Add sl0 to the list of network interfaces by
+ changing the line that says:</para>
+
+ <programlisting>
network_interfaces="lo0"</programlisting>
- <para>to:</para>
-
- <programlisting>
-network_interfaces="lo0 sl0"</programlisting>
- </listitem>
-
- <listitem>
- <para>Set the startup flags of sl0 by adding a line:</para>
-
- <programlisting>
+ <para>to:</para>
+
+ <programlisting>
+network_interfaces=&ldquo;lo0 sl0&rdquo;</programlisting>
+ </listitem>
+
+ <listitem>
+ <para>Set the startup flags of sl0 by adding a
+ line:</para>
+
+ <programlisting>
ifconfig_sl0="inet ${hostname} slip-gateway netmask 0xffffff00 up"</programlisting>
- </listitem>
-
- <listitem>
- <para>Designate the default router by changing the line:</para>
+ </listitem>
- <programlisting>
-defaultrouter=NO</programlisting>
+ <listitem>
+ <para>Designate the default router by changing the
+ line:</para>
- <para>to:</para>
+ <programlisting>
+defaultrouter=&ldquo;NO&rdquo;</programlisting>
- <programlisting>
-defaultrouter=slip-gateway</programlisting>
- </listitem>
- </orderedlist>
- </step>
+ <para>to:</para>
- <step>
- <para>Make a file <filename>/etc/resolv.conf</filename> which
- contains:</para>
+ <programlisting>
+defaultrouter=&ldquo;slip-gateway&rdquo;</programlisting>
+ </listitem>
+ </orderedlist>
+ </step>
- <programlisting>
+ <step>
+ <para>Make a file <filename>/etc/resolv.conf</filename> which
+ contains:</para>
+
+ <programlisting>
domain HIP.Berkeley.EDU
nameserver 128.32.136.9
nameserver 128.32.136.12</programlisting>
- <para>As you can see, these set up the nameserver hosts. Of course,
- the actual domain names and addresses depend on your
- environment.</para>
- </step>
-
- <step>
- <para>Set the password for root and toor (and any other accounts
- that does not have a password). Use passwd, do not edit the
- <filename>/etc/passwd</filename> or
- <filename>/etc/master.passwd</filename> files!</para>
- </step>
-
- <step>
- <para>Reboot your machine and make sure it comes up with the correct
- hostname.</para>
- </step>
- </procedure>
- </sect2>
-
- <sect2>
- <title>Making a SLIP connection</title>
-
- <procedure>
- <step>
- <para>Dial up, type <command>slip</command> at the prompt, enter
- your machine name and password. The things you need to enter
- depends on your environment. I use kermit, with a script like
- this:</para>
+ <para>As you can see, these set up the nameserver hosts. Of
+ course, the actual domain names and addresses depend on your
+ environment.</para>
+ </step>
+
+ <step>
+ <para>Set the password for root and toor (and any other
+ accounts that do not have a password). Use passwd or
+ &man.vipw.8;, do not edit the
+ <filename>/etc/passwd</filename> or
+ <filename>/etc/master.passwd</filename> files!</para>
+ </step>
+
+ <step>
+ <para>Reboot your machine and make sure it comes up with the
+ correct hostname.</para>
+ </step>
+ </procedure>
+ </sect3>
- <programlisting>
+ <sect3>
+ <title>Making a SLIP connection</title>
+
+ <procedure>
+ <step>
+ <para>Dial up, type <command>slip</command> at the prompt,
+ enter your machine name and password. The things you need
+ to enter depends on your environment. I use kermit, with a
+ script like this:</para>
+
+ <programlisting>
# kermit setup
set modem hayes
set line /dev/modem
@@ -1983,90 +2015,94 @@ set flow rts/cts
set terminal bytesize 8
set file type binary
# The next macro will dial up and login
-define slip dial 643-9600, input 10 =>, if failure stop, -
+define slip dial 643-9600, input 10 =&gt;, if failure stop, -
output slip\x0d, input 10 Username:, if failure stop, -
output silvia\x0d, input 10 Password:, if failure stop, -
output ***\x0d, echo \x0aCONNECTED\x0a</programlisting>
- <para>(of course, you have to change the hostname and password to
- fit yours). Then you can just type <command>slip</command> from
- the kermit prompt to get connected.</para>
+ <para>Of course, you have to change the hostname and password
+ to fit yours. After doing so, you can just type
+ <command>slip</command> from the kermit prompt to get
+ connected.</para>
+
+ <note>
+ <para>Leaving your password in plain text anywhere in the
+ filesystem is generally a BAD idea. Do it at your own
+ risk.</para>
+ </note>
+ </step>
+
+ <step>
+ <para>Leave the kermit there (you can suspend it by
+ <command>z</command>) and as root, type:</para>
+
+ <screen>&prompt.root; <userinput>slattach -h -c -s 115200 /dev/modem</userinput></screen>
+
+ <para>If you are able to <command>ping</command> hosts on the
+ other side of the router, you are connected! If it does not
+ work, you might want to try <option>-a</option> instead of
+ <option>-c</option> as an argument to slattach.</para>
+ </step>
+ </procedure>
+ </sect3>
- <note>
- <para>Leaving your password in plain text anywhere in the
- filesystem is generally a BAD idea. Do it at your own risk. I
- am just too lazy.</para>
- </note>
- </step>
+ <sect3>
+ <title>How to shutdown the connection</title>
- <step>
- <para>Leave the kermit there (you can suspend it by
- <command>z</command>) and as root, type:</para>
-
- <screen>&prompt.root; <userinput>slattach -h -c -s 115200 /dev/modem</userinput></screen>
-
- <para>If you are able to <command>ping</command> hosts on the other
- side of the router, you are connected! If it does not work, you
- might want to try <option>-a</option> instead of
- <option>-c</option> as an argument to slattach.</para>
- </step>
- </procedure>
- </sect2>
+ <para>Do the following:</para>
- <sect2>
- <title>How to shutdown the connection</title>
-
- <para>Type
-
- <screen>&prompt.root; <userinput>kill -INT `cat /var/run/slattach.modem.pid`</userinput></screen>
+ <screen>&prompt.root; <userinput>kill -INT `cat /var/run/slattach.modem.pid`</userinput></screen>
- (as root) to kill slattach. Then go back to kermit
- (<command>fg</command> if you suspended it) and exit from it
- (<command>q</command>).</para>
+ <para>to kill slattach. Keep in mind you must be
+ <username>root</username> to do the above. Then go back to
+ kermit (<command>fg</command> if you suspended it) and exit from
+ it (<command>q</command>).</para>
- <para>The slattach man page says you have to use <command>ifconfig sl0
- down</command> to mark the interface down, but this does not seem to
- make any difference for me. (<command>ifconfig sl0</command> reports
- the same thing.)</para>
-
- <para>Some times, your modem might refuse to drop the carrier (mine
- often does). In that case, simply start kermit and quit it again. It
- usually goes out on the second try.</para>
- </sect2>
-
- <sect2>
- <title>Troubleshooting</title>
-
- <para>If it does not work, feel free to ask me. The things that people
- tripped over so far:</para>
-
- <itemizedlist>
- <listitem>
- <para>Not using <option>-c</option> or <option>-a</option> in
- slattach (I have no idea why this can be fatal, but adding this
- flag solved the problem for at least one person)</para>
- </listitem>
+ <para>The slattach man page says you have to use <command>ifconfig
+ sl0 down</command> to mark the interface down, but this does not
+ seem to make any difference for me.
+ (<command>ifconfig sl0</command> reports the same thing.)</para>
- <listitem>
- <para>Using <option>s10</option> instead of <option>sl0</option>
- (might be hard to see the difference on some fonts).</para>
- </listitem>
+ <para>Some times, your modem might refuse to drop the carrier
+ (mine often does). In that case, simply start kermit and quit
+ it again. It usually goes out on the second try.</para>
+ </sect3>
- <listitem>
- <para>Try <command>ifconfig sl0</command> to see your interface
- status. I get:</para>
-
- <screen>&prompt.root; <userinput>ifconfig sl0</userinput>
+ <sect3>
+ <title>Troubleshooting</title>
+
+ <para>If it does not work, feel free to ask me. The things that
+ people tripped over so far:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Not using <option>-c</option> or <option>-a</option> in
+ slattach (I have no idea why this can be fatal, but adding
+ this flag solved the problem for at least one
+ person).</para>
+ </listitem>
+
+ <listitem>
+ <para>Using <option>s10</option> instead of
+ <option>sl0</option> (might be hard to see the difference on
+ some fonts).</para>
+ </listitem>
+
+ <listitem>
+ <para>Try <command>ifconfig sl0</command> to see your
+ interface status. I get:</para>
+
+ <screen>&prompt.root; <userinput>ifconfig sl0</userinput>
sl0: flags=10&lt;POINTOPOINT&gt;
inet 136.152.64.181 --&gt; 136.152.64.1 netmask ffffff00</screen>
- </listitem>
-
- <listitem>
- <para>Also, <command>netstat -r</command> will give the routing
- table, in case you get the "no route to host" messages from ping.
- Mine looks like:</para>
+ </listitem>
+
+ <listitem>
+ <para>Also, <command>netstat -r</command> will give the
+ routing table, in case you get the &ldquo;no route to
+ host&rdquo; messages from ping. Mine looks like:</para>
- <screen>&prompt.root; <userinput>netstat -r</userinput>
+ <screen>&prompt.root; <userinput>netstat -r</userinput>
Routing tables
Destination Gateway Flags Refs Use IfaceMTU Rtt Netmasks:
@@ -2080,316 +2116,311 @@ localhost.Berkel localhost.Berkeley UH 5 42127 lo0 - 0.438
inr-3.Berkeley.E silvia.HIP.Berkele UH 1 0 sl0 - -
silvia.HIP.Berke localhost.Berkeley UGH 34 47641234 lo0 - 0.438
(root node)</screen>
-
- <para>(this is after transferring a bunch of files, your numbers
- should be smaller).</para>
- </listitem>
- </itemizedlist>
- </sect2>
- </sect1>
-
- <sect1 id="slips">
- <title>Setting up a SLIP Server</title>
-
- <para><emphasis>Contributed by &a.ghelmer;. v1.0, 15 May
- 1995.</emphasis></para>
-
- <para>This document provides suggestions for setting up SLIP Server
- services on a FreeBSD system, which typically means configuring your
- system to automatically startup connections upon login for remote SLIP
- clients. The author has written this document based on his experience;
- however, as your system and needs may be different, this document may
- not answer all of your questions, and the author cannot be responsible
- if you damage your system or lose data due to attempting to follow the
- suggestions here.</para>
-
- <para>This guide was originally written for SLIP Server services on a
- FreeBSD 1.x system. It has been modified to reflect changes in the
- pathnames and the removal of the SLIP interface compression flags in
- early versions of FreeBSD 2.X, which appear to be the only major changes
- between FreeBSD versions. If you do encounter mistakes in this
- document, please email the author with enough information to help
- correct the problem.</para>
-
- <sect2 id="slips-prereqs">
- <title>Prerequisites</title>
-
- <para>This document is very technical in nature, so background knowledge
- is required. It is assumed that you are familiar with the TCP/IP
- network protocol, and in particular, network and node addressing,
- network address masks, subnetting, routing, and routing protocols,
- such as RIP. Configuring SLIP services on a dial-up server requires a
- knowledge of these concepts, and if you are not familiar with them,
- please read a copy of either Craig Hunt's <emphasis>TCP/IP Network
- Administration</emphasis> published by O'Reilly &amp; Associates,
- Inc. (ISBN Number 0-937175-82-X), or Douglas Comer's books on the
- TCP/IP protocol.</para>
-
- <para>It is further assumed that you have already setup your modem(s)
- and configured the appropriate system files to allow logins through
- your modems. If you have not prepared your system for this yet,
- please see the tutorial for configuring dialup services; if you have a
- World-Wide Web browser available, browse the list of tutorials at
- <ulink url="http://www.FreeBSD.org/">http://www.FreeBSD.org/</ulink>;
- otherwise, check the place where you found this document for a
- document named <filename>dialup.txt</filename> or something similar.
- You may also want to check the manual pages for
- &man.sio.4; for information on the serial port device driver and
- &man.ttys.5;, &man.gettytab.5;, &man.getty.8;, &amp; &man.init.8;
- for information relevant to configuring the system to accept logins on
- modems, and perhaps &man.stty.1; for information on setting serial
- port parameters (such as <literal>clocal</literal> for
- directly-connected serial interfaces).</para>
+
+ <para>This is after transferring a bunch of files, your
+ numbers should be smaller).</para>
+ </listitem>
+ </itemizedlist>
+ </sect3>
</sect2>
-
- <sect2>
- <title>Quick Overview</title>
-
- <para>In its typical configuration, using FreeBSD as a SLIP server works
- as follows: a SLIP user dials up your FreeBSD SLIP Server system and
- logs in with a special SLIP login ID that uses
- <filename>/usr/sbin/sliplogin</filename> as the special user's shell.
- The <command>sliplogin</command> program browses the file
- <filename>/etc/sliphome/slip.hosts</filename> to find a matching line
- for the special user, and if it finds a match, connects the serial
- line to an available SLIP interface and then runs the shell script
- <filename>/etc/sliphome/slip.login</filename> to configure the SLIP
- interface.</para>
-
+
+ <sect2 id="slips">
+ <title>Setting up a SLIP Server</title>
+
+ <para>This document provides suggestions for setting up SLIP Server
+ services on a FreeBSD system, which typically means configuring
+ your system to automatically startup connections upon login for
+ remote SLIP clients. The author has written this document based
+ on his experience; however, as your system and needs may be
+ different, this document may not answer all of your questions, and
+ the author cannot be responsible if you damage your system or lose
+ data due to attempting to follow the suggestions here.</para>
+
+ <sect3 id="slips-prereqs">
+ <title>Prerequisites</title>
+
+ <para>This document is very technical in nature, so background
+ knowledge is required. It is assumed that you are familiar with
+ the TCP/IP network protocol, and in particular, network and node
+ addressing, network address masks, subnetting, routing, and
+ routing protocols, such as RIP. Configuring SLIP services on a
+ dial-up server requires a knowledge of these concepts, and if
+ you are not familiar with them, please read a copy of either
+ Craig Hunt's <emphasis>TCP/IP Network Administration</emphasis>
+ published by O'Reilly &amp; Associates, Inc. (ISBN Number
+ 0-937175-82-X), or Douglas Comer's books on the TCP/IP
+ protocol.</para>
+
+ <para>It is further assumed that you have already setup your
+ modem(s) and configured the appropriate system files to allow
+ logins through your modems. If you have not prepared your
+ system for this yet, please see the tutorial for configuring
+ dialup services; if you have a World-Wide Web browser available,
+ browse the list of tutorials at <ulink
+ url="http://www.FreeBSD.org/">http://www.FreeBSD.org/</ulink>.
+ You may also want to check the manual pages for &man.sio.4; for
+ information on the serial port device driver and &man.ttys.5;,
+ &man.gettytab.5;, &man.getty.8;, &amp; &man.init.8; for
+ information relevant to configuring the system to accept logins
+ on modems, and perhaps &man.stty.1; for information on setting
+ serial port parameters (such as <literal>clocal</literal> for
+ directly-connected serial interfaces).</para>
+ </sect3>
+
<sect3>
- <title>An Example of a SLIP Server Login</title>
+ <title>Quick Overview</title>
+
+ <para>In its typical configuration, using FreeBSD as a SLIP server
+ works as follows: a SLIP user dials up your FreeBSD SLIP Server
+ system and logs in with a special SLIP login ID that uses
+ <filename>/usr/sbin/sliplogin</filename> as the special user's
+ shell. The <command>sliplogin</command> program browses the
+ file <filename>/etc/sliphome/slip.hosts</filename> to find a
+ matching line for the special user, and if it finds a match,
+ connects the serial line to an available SLIP interface and then
+ runs the shell script
+ <filename>/etc/sliphome/slip.login</filename> to configure the
+ SLIP interface.</para>
+
+ <sect4>
+ <title>An Example of a SLIP Server Login</title>
+
+ <para>For example, if a SLIP user ID were
+ <username>Shelmerg</username>, <username>Shelmerg</username>'s
+ entry in <filename>/etc/master.passwd</filename> would look
+ something like this (except it would be all on one
+ line):</para>
- <para>For example, if a SLIP user ID were
- <username>Shelmerg</username>, <username>Shelmerg</username>'s entry
- in <filename>/etc/master.passwd</filename> would look something like
- this (except it would be all on one line):</para>
-
- <programlisting>
+ <programlisting>
Shelmerg:password:1964:89::0:0:Guy Helmer - SLIP:/usr/users/Shelmerg:/usr/sbin/sliplogin</programlisting>
-
- <para>When <username>Shelmerg</username> logs in,
- <command>sliplogin</command> will search
- <filename>/etc/sliphome/slip.hosts</filename> for a line that had a
- matching user ID; for example, there may be a line in
- <filename>/etc/sliphome/slip.hosts</filename> that reads:</para>
-
- <programlisting>
+
+ <para>When <username>Shelmerg</username> logs in,
+ <command>sliplogin</command> will search
+ <filename>/etc/sliphome/slip.hosts</filename> for a line that
+ had a matching user ID; for example, there may be a line in
+ <filename>/etc/sliphome/slip.hosts</filename> that
+ reads:</para>
+
+ <programlisting>
Shelmerg dc-slip sl-helmer 0xfffffc00 autocomp</programlisting>
-
- <para><command>sliplogin</command> will find that matching line, hook
- the serial line into the next available SLIP interface, and then
- execute <filename>/etc/sliphome/slip.login</filename> like
- this:</para>
-
- <programlisting>
+
+ <para><command>sliplogin</command> will find that matching line,
+ hook the serial line into the next available SLIP interface,
+ and then execute <filename>/etc/sliphome/slip.login</filename>
+ like this:</para>
+
+ <programlisting>
/etc/sliphome/slip.login 0 19200 Shelmerg dc-slip sl-helmer 0xfffffc00 autocomp</programlisting>
-
- <para>If all goes well, <filename>/etc/sliphome/slip.login</filename>
- will issue an <command>ifconfig</command> for the SLIP interface to
- which <command>sliplogin</command> attached itself (slip interface
- 0, in the above example, which was the first parameter in the list
- given to <filename>slip.login</filename>) to set the local IP
- address (<hostid>dc-slip</hostid>), remote IP address
- (<hostid>sl-helmer</hostid>), network mask for the SLIP interface
- (<hostid role="netmask">0xfffffc00</hostid>), and any additional
- flags (<literal>autocomp</literal>). If something goes wrong,
- <command>sliplogin</command> usually logs good informational
- messages via the <literal>daemon</literal> syslog facility, which
- usually goes into <filename>/var/log/messages</filename> (see the
- manual pages for &man.syslogd.8; and
- &man.syslog.conf.5, and perhaps check
- <filename>/etc/syslog.conf</filename> to see to which files
- <command>syslogd</command> is logging).</para>
-
- <para>OK, enough of the examples &mdash; let us dive into setting up
- the system.</para>
+
+ <para>If all goes well,
+ <filename>/etc/sliphome/slip.login</filename> will issue an
+ <command>ifconfig</command> for the SLIP interface to which
+ <command>sliplogin</command> attached itself (slip interface
+ 0,in the above example, which was the first parameter in the
+ list given to <filename>slip.login</filename>) to set the
+ local IP address (<hostid>dc-slip</hostid>), remote IP address
+ (<hostid>sl-helmer</hostid>), network mask for the SLIP
+ interface (<hostid role="netmask">0xfffffc00</hostid>), and
+ any additional flags (<literal>autocomp</literal>). If
+ something goes wrong, <command>sliplogin</command> usually
+ logs good informational messages via the
+ <literal>daemon</literal> syslog facility, which usually goes
+ into <filename>/var/log/messages</filename> (see the manual
+ pages for &man.syslogd.8; and &man.syslog.conf.5; and perhaps
+ check <filename>/etc/syslog.conf</filename> to see to which
+ files <command>syslogd</command> is logging).</para>
+
+ <para>OK, enough of the examples &mdash; let us dive into
+ setting up the system.</para>
+ </sect4>
</sect3>
- </sect2>
-
- <sect2>
- <title>Kernel Configuration</title>
-
- <para>FreeBSD's default kernels usually come with two SLIP interfaces
- defined (<devicename>sl0</devicename> and
- <devicename>sl1</devicename>); you can use <command>netstat
+
+ <sect3>
+ <title>Kernel Configuration</title>
+
+ <para>FreeBSD's default kernels usually come with two SLIP
+ interfaces defined (<devicename>sl0</devicename> and
+ <devicename>sl1</devicename>); you can use <command>netstat
-i</command> to see whether these interfaces are defined in your
- kernel.</para>
-
- <para>Sample output from <command>netstat -i</command>:</para>
-
- <screen>Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll
+ kernel.</para>
+
+ <para>Sample output from <command>netstat -i</command>:</para>
+
+ <screen>Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll
ed0 1500 &lt;Link&gt;0.0.c0.2c.5f.4a 291311 0 174209 0 133
ed0 1500 138.247.224 ivory 291311 0 174209 0 133
lo0 65535 &lt;Link&gt; 79 0 79 0 0
lo0 65535 loop localhost 79 0 79 0 0
sl0* 296 &lt;Link&gt; 0 0 0 0 0
sl1* 296 &lt;Link&gt; 0 0 0 0 0</screen>
-
- <para>The <devicename>sl0</devicename> and <devicename>sl1</devicename>
- interfaces shown in <command>netstat -i</command>'s output indicate
- that there are two SLIP interfaces built into the kernel. (The
- asterisks after the <literal>sl0</literal> and <literal>sl1</literal>
- indicate that the interfaces are &ldquo;down&rdquo;.)</para>
-
- <para>However, FreeBSD's default kernels do not come configured to
- forward packets (ie, your FreeBSD machine will not act as a router)
- due to Internet RFC requirements for Internet hosts (see RFC's 1009
- [Requirements for Internet Gateways], 1122 [Requirements for Internet
- Hosts &mdash; Communication Layers], and perhaps 1127 [A Perspective
- on the Host Requirements RFCs]), so if you want your FreeBSD SLIP
- Server to act as a router, you will have to edit the
- <filename>/etc/rc.conf</filename> file (called
- <filename>/etc/sysconfig</filename> in FreeBSD releases prior to
- 2.2.2) and change the setting of the <literal>gateway</literal>
- variable to <option>YES</option>. If you have an older system which
- predates even the <filename>/etc/sysconfig</filename> file, then add
- the following command:
- <programlisting>
-sysctl -w net.inet.ip.forwarding = 1</programlisting>
+ <para>The <devicename>sl0</devicename> and
+ <devicename>sl1</devicename> interfaces shown in
+ <command>netstat -i</command>'s output indicate that there are
+ two SLIP interfaces built into the kernel. (The asterisks after
+ the <literal>sl0</literal> and <literal>sl1</literal> indicate
+ that the interfaces are &ldquo;down&rdquo;.)</para>
+
+ <para>However, FreeBSD's default kernels do not come configured
+ to forward packets (ie, your FreeBSD machine will not act as a
+ router) due to Internet RFC requirements for Internet hosts (see
+ RFCs 1009 [Requirements for Internet Gateways], 1122
+ [Requirements for Internet Hosts &mdash; Communication Layers],
+ and perhaps 1127 [A Perspective on the Host Requirements RFCs]),
+ so if you want your FreeBSD SLIP Server to act as a router, you
+ will have to edit the <filename>/etc/rc.conf</filename> file and
+ change the setting of the <literal>gateway</literal> variable to
+ <option>YES</option>.</para>
+
+ <para>You will then need to reboot for the new settings to take
+ effect.</para>
+
+ <para>You will notice that near the end of the default kernel
+ configuration file (<filename>/sys/i386/conf/GENERIC</filename>)
+ is a line that reads:</para>
- to your <filename>/etc/rc.local</filename> file.</para>
-
- <para>You will then need to reboot for the new settings to take
- effect.</para>
-
- <para>You will notice that near the end of the default kernel
- configuration file (<filename>/sys/i386/conf/GENERIC</filename>) is a
- line that reads:</para>
-
- <programlisting>
+ <programlisting>
pseudo-device sl 2</programlisting>
-
- <para>This is the line that defines the number of SLIP devices available
- in the kernel; the number at the end of the line is the maximum number
- of SLIP connections that may be operating simultaneously.</para>
-
- <para>Please refer to <link linkend="kernelconfig">Configuring the
- FreeBSD Kernel</link> for help in reconfiguring your kernel.</para>
- </sect2>
-
- <sect2>
- <title>Sliplogin Configuration</title>
-
- <para>As mentioned earlier, there are three files in the
- <filename>/etc/sliphome</filename> directory that are part of the
- configuration for <filename>/usr/sbin/sliplogin</filename> (see
- &man.sliplogin.8; for the actual manual page for
- <command>sliplogin</command>): <filename>slip.hosts</filename>, which
- defines the SLIP users &amp; their associated IP addresses;
- <filename>slip.login</filename>, which usually just configures the
- SLIP interface; and (optionally) <filename>slip.logout</filename>,
- which undoes <filename>slip.login</filename>'s effects when the serial
- connection is terminated.</para>
-
+
+ <para>This is the line that defines the number of SLIP devices
+ available in the kernel; the number at the end of the line is
+ the maximum number of SLIP connections that may be operating
+ simultaneously.</para>
+
+ <para>Please refer to <link linkend="kernelconfig">Configuring the
+ FreeBSD Kernel</link> for help in reconfiguring your
+ kernel.</para>
+ </sect3>
+
<sect3>
- <title><filename>slip.hosts</filename> Configuration</title>
+ <title>Sliplogin Configuration</title>
+
+ <para>As mentioned earlier, there are three files in the
+ <filename>/etc/sliphome</filename> directory that are part of
+ the configuration for <filename>/usr/sbin/sliplogin</filename>
+ (see &man.sliplogin.8; for the actual manual page for
+ <command>sliplogin</command>): <filename>slip.hosts</filename>,
+ which defines the SLIP users &amp; their associated IP
+ addresses; <filename>slip.login</filename>, which usually just
+ configures the SLIP interface; and (optionally)
+ <filename>slip.logout</filename>, which undoes
+ <filename>slip.login</filename>'s effects when the serial
+ connection is terminated.</para>
+
+ <sect4>
+ <title><filename>slip.hosts</filename> Configuration</title>
+
+ <para><filename>/etc/sliphome/slip.hosts</filename> contains
+ lines which have at least four items, separated by
+ whitespace:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>SLIP user's login ID</para>
+ </listitem>
- <para><filename>/etc/sliphome/slip.hosts</filename> contains lines
- which have at least four items, separated by whitespace:</para>
+ <listitem>
+ <para>Local address (local to the SLIP server) of the SLIP
+ link</para>
+ </listitem>
- <itemizedlist>
- <listitem>
- <para>SLIP user's login ID</para>
- </listitem>
-
- <listitem>
- <para>Local address (local to the SLIP server) of the SLIP
- link</para>
- </listitem>
-
- <listitem>
- <para>Remote address of the SLIP link</para>
- </listitem>
-
- <listitem>
- <para>Network mask</para>
- </listitem>
- </itemizedlist>
+ <listitem>
+ <para>Remote address of the SLIP link</para>
+ </listitem>
- <para>The local and remote addresses may be host names (resolved to IP
- addresses by <filename>/etc/hosts</filename> or by the domain name
- service, depending on your specifications in
- <filename>/etc/host.conf</filename>), and I believe the network mask
- may be a name that can be resolved by a lookup into
- <filename>/etc/networks</filename>. On a sample system,
- <filename>/etc/sliphome/slip.hosts</filename> looks like
- this:</para>
-
- <programlisting>
+ <listitem>
+ <para>Network mask</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>The local and remote addresses may be host names (resolved
+ to IP addresses by <filename>/etc/hosts</filename> or by the
+ domain name service, depending on your specifications in
+ <filename>/etc/host.conf</filename>), and I believe the
+ network mask may be a name that can be resolved by a lookup
+ into <filename>/etc/networks</filename>. On a sample system,
+ <filename>/etc/sliphome/slip.hosts</filename> looks like
+ this:</para>
+
+ <programlisting>
#
# login local-addr remote-addr mask opt1 opt2
# (normal,compress,noicmp)
#
Shelmerg dc-slip sl-helmerg 0xfffffc00 autocomp</programlisting>
-
- <para>At the end of the line is one or more of the options.</para>
- <itemizedlist>
- <listitem>
- <para><option>normal</option> &mdash; no header compression</para>
- </listitem>
-
- <listitem>
- <para><option>compress</option> &mdash; compress headers</para>
- </listitem>
-
- <listitem>
- <para><option>autocomp</option> &mdash; compress headers if the
- remote end allows it</para>
- </listitem>
-
- <listitem>
- <para><option>noicmp</option> &mdash; disable ICMP packets (so any
- &ldquo;ping&rdquo; packets will be dropped instead of using up
- your bandwidth)</para>
- </listitem>
- </itemizedlist>
+ <para>At the end of the line is one or more of the
+ options.</para>
- <para>Note that <command>sliplogin</command> under early releases of
- FreeBSD 2 ignored the options that FreeBSD 1.x recognized, so the
- options <option>normal</option>, <option>compress</option>,
- <option>autocomp</option>, and <option>noicmp</option> had no effect
- until support was added in FreeBSD 2.2 (unless your
- <filename>slip.login</filename> script included code to make use of
- the flags).</para>
-
- <para>Your choice of local and remote addresses for your SLIP links
- depends on whether you are going to dedicate a TCP/IP subnet or if
- you are going to use &ldquo;proxy ARP&rdquo; on your SLIP server (it
- is not &ldquo;true&rdquo; proxy ARP, but that is the terminology
- used in this document to describe it). If you are not sure which
- method to select or how to assign IP addresses, please refer to the
- TCP/IP books referenced in the <link
- linkend="slips-prereqs">slips-prereqs</link> section and/or
- consult your IP network manager.</para>
-
- <para>If you are going to use a separate subnet for your SLIP clients,
- you will need to allocate the subnet number out of your assigned IP
- network number and assign each of your SLIP client's IP numbers out
- of that subnet. Then, you will probably either need to configure a
- static route to the SLIP subnet via your SLIP server on your nearest
- IP router, or install <command>gated</command> on your FreeBSD SLIP
- server and configure it to talk the appropriate routing protocols to
- your other routers to inform them about your SLIP server's route to
- the SLIP subnet.</para>
-
- <para>Otherwise, if you will use the &ldquo;proxy ARP&rdquo; method,
- you will need to assign your SLIP client's IP addresses out of your
- SLIP server's Ethernet subnet, and you will also need to adjust your
- <filename>/etc/sliphome/slip.login</filename> and
- <filename>/etc/sliphome/slip.logout</filename> scripts to use
- &man.arp.8; to manage the proxy-ARP entries in the SLIP server's
- ARP table.</para>
- </sect3>
-
- <sect3>
- <title><filename>slip.login</filename> Configuration</title>
+ <itemizedlist>
+ <listitem>
+ <para><option>normal</option> &mdash; no header
+ compression</para>
+ </listitem>
- <para>The typical <filename>/etc/sliphome/slip.login</filename> file
- looks like this:</para>
-
- <programlisting>
+ <listitem>
+ <para><option>compress</option> &mdash; compress
+ headers</para>
+ </listitem>
+
+ <listitem>
+ <para><option>autocomp</option> &mdash; compress headers if
+ the remote end allows it</para>
+ </listitem>
+
+ <listitem>
+ <para><option>noicmp</option> &mdash; disable ICMP packets
+ (so any &ldquo;ping&rdquo; packets will be dropped instead
+ of using up your bandwidth)</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>Note that <command>sliplogin</command> under early releases
+ of FreeBSD 2 ignored the options that FreeBSD 1.x recognized,
+ so the options <option>normal</option>,
+ <option>compress</option>, <option>autocomp</option>, and
+ <option>noicmp</option> had no effect until support was added
+ in FreeBSD 2.2 (unless your <filename>slip.login</filename>
+ script included code to make use of the flags).</para>
+
+ <para>Your choice of local and remote addresses for your SLIP
+ links depends on whether you are going to dedicate a TCP/IP
+ subnet or if you are going to use &ldquo;proxy ARP&rdquo; on
+ your SLIP server (it is not &ldquo;true&rdquo; proxy ARP, but
+ that is the terminology used in this document to describe it).
+ If you are not sure which method to select or how to assign IP
+ addresses, please refer to the TCP/IP books referenced in the
+ <link linkend="slips-prereqs">slips-prereqs</link> section
+ and/or consult your IP network manager.</para>
+
+ <para>If you are going to use a separate subnet for your SLIP
+ clients, you will need to allocate the subnet number out of
+ your assigned IP network number and assign each of your SLIP
+ client's IP numbers out of that subnet. Then, you will
+ probably either need to configure a static route to the SLIP
+ subnet via your SLIP server on your nearest IP router, or
+ install <command>gated</command> on your FreeBSD SLIP server
+ and configure it to talk the appropriate routing protocols to
+ your other routers to inform them about your SLIP server's
+ route to the SLIP subnet.</para>
+
+ <para>Otherwise, if you will use the &ldquo;proxy ARP&rdquo;
+ method, you will need to assign your SLIP client's IP
+ addresses out of your SLIP server's Ethernet subnet, and you
+ will also need to adjust your
+ <filename>/etc/sliphome/slip.login</filename> and
+ <filename>/etc/sliphome/slip.logout</filename> scripts to use
+ &man.arp.8; to manage the proxy-ARP entries in the SLIP
+ server's ARP table.</para>
+ </sect4>
+
+ <sect4>
+ <title><filename>slip.login</filename> Configuration</title>
+
+ <para>The typical <filename>/etc/sliphome/slip.login</filename>
+ file looks like this:</para>
+
+ <programlisting>
#!/bin/sh -
#
# @(#)slip.login 5.1 (Berkeley) 7/1/90
@@ -2401,18 +2432,18 @@ Shelmerg dc-slip sl-helmerg 0xfffffc00 autocomp</programlisting
# slipunit ttyspeed loginname local-addr remote-addr mask opt-args
#
/sbin/ifconfig sl$1 inet $4 $5 netmask $6</programlisting>
-
- <para>This <filename>slip.login</filename> file merely
- <command>ifconfig</command>'s the appropriate SLIP interface with
- the local and remote addresses and network mask of the SLIP
- interface.</para>
-
- <para>If you have decided to use the &ldquo;proxy ARP&rdquo; method
- (instead of using a separate subnet for your SLIP clients), your
- <filename>/etc/sliphome/slip.login</filename> file will need to look
- something like this:</para>
-
- <programlisting>
+
+ <para>This <filename>slip.login</filename> file merely
+ <command>ifconfig</command>'s the appropriate SLIP interface
+ with the local and remote addresses and network mask of the
+ SLIP interface.</para>
+
+ <para>If you have decided to use the &ldquo;proxy ARP&rdquo;
+ method (instead of using a separate subnet for your SLIP
+ clients), your <filename>/etc/sliphome/slip.login</filename>
+ file will need to look something like this:</para>
+
+ <programlisting>
#!/bin/sh -
#
# @(#)slip.login 5.1 (Berkeley) 7/1/90
@@ -2426,52 +2457,56 @@ Shelmerg dc-slip sl-helmerg 0xfffffc00 autocomp</programlisting
/sbin/ifconfig sl$1 inet $4 $5 netmask $6
# Answer ARP requests for the SLIP client with our Ethernet addr
/usr/sbin/arp -s $5 00:11:22:33:44:55 pub</programlisting>
-
- <para>The additional line in this <filename>slip.login</filename>,
- <command>arp -s &#36;5 00:11:22:33:44:55 pub</command>, creates an
- ARP entry in the SLIP server's ARP table. This ARP entry causes the
- SLIP server to respond with the SLIP server's Ethernet MAC address
- whenever a another IP node on the Ethernet asks to speak to the SLIP
- client's IP address.</para>
-
- <para>When using the example above, be sure to replace the Ethernet
- MAC address (<hostid role="mac">00:11:22:33:44:55</hostid>) with the
- MAC address of your system's Ethernet card, or your &ldquo;proxy
- ARP&rdquo; will definitely not work! You can discover your SLIP
- server's Ethernet MAC address by looking at the results of running
- <command>netstat -i</command>; the second line of the output should
- look something like:</para>
-
- <screen>ed0 1500 &lt;Link&gt;0.2.c1.28.5f.4a 191923 0 129457 0 116</screen>
-
- <para>This indicates that this particular system's Ethernet MAC
- address is <hostid role="mac">00:02:c1:28:5f:4a</hostid> &mdash; the
- periods in the Ethernet MAC address given by <command>netstat
- -i</command> must be changed to colons and leading zeros should be
- added to each single-digit hexadecimal number to convert the address
- into the form that
- &man.arp.8; desires; see the manual page on &man.arp.8; for
- complete information on usage.</para>
- <note>
- <para>When you create <filename>/etc/sliphome/slip.login</filename>
- and <filename>/etc/sliphome/slip.logout</filename>, the
- &ldquo;execute&rdquo; bit (ie, <command>chmod 755
+ <para>The additional line in this
+ <filename>slip.login</filename>, <command>arp -s
+ &#36;5 00:11:22:33:44:55 pub</command>, creates an ARP entry
+ in the SLIP server's ARP table. This ARP entry causes the
+ SLIP server to respond with the SLIP server's Ethernet MAC
+ address whenever a another IP node on the Ethernet asks to
+ speak to the SLIP client's IP address.</para>
+
+ <para>When using the example above, be sure to replace the
+ Ethernet MAC address (<hostid
+ role="mac">00:11:22:33:44:55</hostid>) with the MAC address of
+ your system's Ethernet card, or your &ldquo;proxy ARP&rdquo;
+ will definitely not work! You can discover your SLIP server's
+ Ethernet MAC address by looking at the results of running
+ <command>netstat -i</command>; the second line of the output
+ should look something like:</para>
+
+ <screen>ed0 1500 &lt;Link&gt;0.2.c1.28.5f.4a 191923 0 129457 0 116</screen>
+
+ <para>This indicates that this particular system's Ethernet MAC
+ address is <hostid role="mac">00:02:c1:28:5f:4a</hostid>
+ &mdash; the periods in the Ethernet MAC address given by
+ <command>netstat -i</command> must be changed to colons and
+ leading zeros should be added to each single-digit hexadecimal
+ number to convert the address into the form that &man.arp.8;
+ desires; see the manual page on &man.arp.8; for complete
+ information on usage.</para>
+
+ <note>
+ <para>When you create
+ <filename>/etc/sliphome/slip.login</filename> and
+ <filename>/etc/sliphome/slip.logout</filename>, the
+ &ldquo;execute&rdquo; bit (ie, <command>chmod 755
/etc/sliphome/slip.login /etc/sliphome/slip.logout</command>)
- must be set, or <command>sliplogin</command> will be unable to
- execute it.</para>
- </note>
- </sect3>
-
- <sect3>
- <title><filename>slip.logout</filename> Configuration</title>
+ must be set, or <command>sliplogin</command> will be unable
+ to execute it.</para>
+ </note>
+ </sect4>
- <para><filename>/etc/sliphome/slip.logout</filename> is not strictly
- needed (unless you are implementing &ldquo;proxy ARP&rdquo;), but if
- you decide to create it, this is an example of a basic
- <filename>slip.logout</filename> script:</para>
-
- <programlisting>
+ <sect4>
+ <title><filename>slip.logout</filename> Configuration</title>
+
+ <para><filename>/etc/sliphome/slip.logout</filename> is not
+ strictly needed (unless you are implementing &ldquo;proxy
+ ARP&rdquo;), but if you decide to create it, this is an
+ example of a basic
+ <filename>slip.logout</filename> script:</para>
+
+ <programlisting>
#!/bin/sh -
#
# slip.logout
@@ -2484,11 +2519,11 @@ Shelmerg dc-slip sl-helmerg 0xfffffc00 autocomp</programlisting
#
/sbin/ifconfig sl$1 down</programlisting>
- <para>If you are using &ldquo;proxy ARP&rdquo;, you will want to have
- <filename>/etc/sliphome/slip.logout</filename> remove the ARP entry
- for the SLIP client:</para>
-
- <programlisting>
+ <para>If you are using &ldquo;proxy ARP&rdquo;, you will want to
+ have <filename>/etc/sliphome/slip.logout</filename> remove the
+ ARP entry for the SLIP client:</para>
+
+ <programlisting>
#!/bin/sh -
#
# @(#)slip.logout
@@ -2502,65 +2537,69 @@ Shelmerg dc-slip sl-helmerg 0xfffffc00 autocomp</programlisting
/sbin/ifconfig sl$1 down
# Quit answering ARP requests for the SLIP client
/usr/sbin/arp -d $5</programlisting>
-
- <para>The <command>arp -d &#36;5</command> removes the ARP entry that
- the &ldquo;proxy ARP&rdquo; <filename>slip.login</filename> added
- when the SLIP client logged in.</para>
-
- <para>It bears repeating: make sure
- <filename>/etc/sliphome/slip.logout</filename> has the execute
- bit set for after you create it (ie, <command>chmod
- 755 /etc/sliphome/slip.logout</command>).</para>
- </sect3>
- </sect2>
-
- <sect2>
- <title>Routing Considerations</title>
-
- <para>If you are not using the &ldquo;proxy ARP&rdquo; method for
- routing packets between your SLIP clients and the rest of your network
- (and perhaps the Internet), you will probably either have to add
- static routes to your closest default router(s) to route your SLIP
- client subnet via your SLIP server, or you will probably need to
- install and configure <command>gated</command> on your FreeBSD SLIP
- server so that it will tell your routers via appropriate routing
- protocols about your SLIP subnet.</para>
-
- <sect3>
- <title>Static Routes</title>
-
- <para>Adding static routes to your nearest default routers can be
- troublesome (or impossible, if you do not have authority to do
- so...). If you have a multiple-router network in your organization,
- some routers, such as Cisco and Proteon, may not only need to be
- configured with the static route to the SLIP subnet, but also need
- to be told which static routes to tell other routers about, so some
- expertise and troubleshooting/tweaking may be necessary to get
- static-route-based routing to work.</para>
+
+ <para>The <command>arp -d &#36;5</command> removes the ARP entry
+ that the &ldquo;proxy ARP&rdquo;
+ <filename>slip.login</filename> added when the SLIP client
+ logged in.</para>
+
+ <para>It bears repeating: make sure
+ <filename>/etc/sliphome/slip.logout</filename> has the execute
+ bit set for after you create it (ie, <command>chmod 755
+ /etc/sliphome/slip.logout</command>).</para>
+ </sect4>
</sect3>
-
+
<sect3>
- <title>Running <command>gated</command></title>
-
- <para>An alternative to the headaches of static routes is to install
- <command>gated</command> on your FreeBSD SLIP server and configure
- it to use the appropriate routing protocols (RIP/OSPF/BGP/EGP) to
- tell other routers about your SLIP subnet. You can use
- <command>gated</command> from the <link linkend="ports">ports
- collection</link> or retrieve and build it yourself from <ulink
+ <title>Routing Considerations</title>
+
+ <para>If you are not using the &ldquo;proxy ARP&rdquo; method for
+ routing packets between your SLIP clients and the rest of your
+ network (and perhaps the Internet), you will probably either
+ have to add static routes to your closest default router(s) to
+ route your SLIP client subnet via your SLIP server, or you will
+ probably need to install and configure <command>gated</command>
+ on your FreeBSD SLIP server so that it will tell your routers
+ via appropriate routing protocols about your SLIP subnet.</para>
+
+ <sect4>
+ <title>Static Routes</title>
+
+ <para>Adding static routes to your nearest default routers can
+ be troublesome (or impossible, if you do not have authority to
+ do so...). If you have a multiple-router network in your
+ organization, some routers, such as Cisco and Proteon, may
+ not only need to be configured with the static route to the
+ SLIP subnet, but also need to be told which static routes to
+ tell other routers about, so some expertise and
+ troubleshooting/tweaking may be necessary to get
+ static-route-based routing to work.</para>
+ </sect4>
+
+ <sect4>
+ <title>Running <command>gated</command></title>
+
+ <para>An alternative to the headaches of static routes is to
+ install <command>gated</command> on your FreeBSD SLIP server
+ and configure it to use the appropriate routing protocols
+ (RIP/OSPF/BGP/EGP) to tell other routers about your SLIP
+ subnet. You can use <command>gated</command> from the <link
+ linkend="ports">ports collection</link> or retrieve and build
+ it yourself from <ulink
url="ftp://ftp.gated.merit.edu/research.and.development/gated/">the
- GateD anonymous ftp site</ulink>; I believe the current version as
- of this writing is <filename>gated-R3_5Alpha_8.tar.Z</filename>,
- which includes support for FreeBSD &ldquo;out-of-the-box&rdquo;.
- Complete information and documentation on <command>gated</command>
- is available on the Web starting at <ulink
+ GateD anonymous ftp site</ulink>; I believe the current version
+ as of this writing is
+ <filename>gated-R3_5Alpha_8.tar.Z</filename>, which includes
+ support for FreeBSD &ldquo;out-of-the-box&rdquo;. Complete
+ information and documentation on <command>gated</command> is
+ available on the Web starting at <ulink
url="http://www.gated.merit.edu/">the Merit GateD
Consortium</ulink>. Compile and install it, and then write a
- <filename>/etc/gated.conf</filename> file to configure your gated;
- here is a sample, similar to what the author used on a FreeBSD SLIP
- server:</para>
-
- <programlisting>
+ <filename>/etc/gated.conf</filename> file to configure your
+ gated; here is a sample, similar to what the author used on a
+ FreeBSD SLIP server:</para>
+
+ <programlisting>
#
# gated configuration file for dc.dsu.edu; for gated version 3.5alpha5
# Only broadcast RIP information for xxx.xxx.yy out the ed Ethernet interface
@@ -2598,56 +2637,34 @@ export proto rip interface ed {
import proto rip interface ed {
all ;
} ;</programlisting>
-
- <para>The above sample <filename>gated.conf</filename> file broadcasts
- routing information regarding the SLIP subnet
- <replaceable>xxx.xxx.yy</replaceable> via RIP onto the Ethernet; if
- you are using a different Ethernet driver than the
- <devicename>ed</devicename> driver, you will need to change the
- references to the <devicename>ed</devicename> interface
- appropriately. This sample file also sets up tracing to
- <filename>/var/tmp/gated.output</filename> for debugging
- <command>gated</command>'s activity; you can certainly turn off the
- tracing options if <command>gated</command> works OK for you. You
- will need to change the <replaceable>xxx.xxx.yy</replaceable>'s into
- the network address of your own SLIP subnet (be sure to change the
- net mask in the <literal>proto direct</literal> clause as
- well).</para>
-
- <para>When you get <command>gated</command> built and installed and
- create a configuration file for it, you will need to run
- <command>gated</command> in place of <command>routed</command> on
- your FreeBSD system; change the <filename>routed/gated</filename>
- startup parameters in <filename>/etc/netstart</filename> as
- appropriate for your system. Please see the manual page for
- <command>gated</command> for information on
- <command>gated</command>'s command-line parameters.</para>
- </sect3>
- </sect2>
-
- <sect2>
- <title>Acknowledgments</title>
-
- <para>Thanks to these people for comments and advice regarding this
- tutorial:</para>
-
- <variablelist>
- <varlistentry>
- <term>&a.wilko;</term>
- <listitem>
- <para></para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>Piero Serini</term>
-
- <listitem>
- <para><email>Piero@Strider.Inet.IT</email></para>
- </listitem>
- </varlistentry>
- </variablelist>
+ <para>The above sample <filename>gated.conf</filename> file
+ broadcasts routing information regarding the SLIP subnet
+ <replaceable>xxx.xxx.yy</replaceable> via RIP onto the
+ Ethernet; if you are using a different Ethernet driver than
+ the <devicename>ed</devicename> driver, you will need to
+ change the references to the <devicename>ed</devicename>
+ interface appropriately. This sample file also sets up
+ tracing to <filename>/var/tmp/gated.output</filename> for
+ debugging <command>gated</command>'s activity; you can
+ certainly turn off the tracing options if
+ <command>gated</command> works OK for you. You will need to
+ change the <replaceable>xxx.xxx.yy</replaceable>'s into the
+ network address of your own SLIP subnet (be sure to change the
+ net mask in the <literal>proto direct</literal> clause as
+ well).</para>
+
+ <para>When you get <command>gated</command> built and installed
+ and create a configuration file for it, you will need to run
+ <command>gated</command> in place of <command>routed</command>
+ on your FreeBSD system; change the
+ <filename>routed/gated</filename> startup parameters in
+ <filename>/etc/netstart</filename> as appropriate for your
+ system. Please see the manual page for
+ <command>gated</command> for information on
+ <command>gated</command>'s command-line parameters.</para>
+ </sect4>
+ </sect3>
</sect2>
</sect1>
</chapter>