diff options
author | Nik Clayton <nik@FreeBSD.org> | 1999-09-17 23:39:47 +0000 |
---|---|---|
committer | Nik Clayton <nik@FreeBSD.org> | 1999-09-17 23:39:47 +0000 |
commit | b128378902fe80ffce68ba98cb2c36a0db9aeb30 (patch) | |
tree | 6ff5c0cf312dc026ed9a0641b6984f6ad757bae3 /en_US.ISO_8859-1/books | |
parent | def191833e2d7b5d170c7d0437052f01093fff7d (diff) | |
download | doc-b128378902fe80ffce68ba98cb2c36a0db9aeb30.tar.gz doc-b128378902fe80ffce68ba98cb2c36a0db9aeb30.zip |
The PPP Primer, with a mechanical conversion to DocBook;
nsgmls -c /usr/local/share/sgml/linuxdoc/catalog ppp.sgml | \
instant -t /usr/local/share/sgml/transpec/linuxdoc-docbook.ts > \
../../books/ppp-primer/book.sgml
Notes
Notes:
svn path=/head/; revision=5651
Diffstat (limited to 'en_US.ISO_8859-1/books')
-rw-r--r-- | en_US.ISO_8859-1/books/ppp-primer/book.sgml | 2340 |
1 files changed, 2340 insertions, 0 deletions
diff --git a/en_US.ISO_8859-1/books/ppp-primer/book.sgml b/en_US.ISO_8859-1/books/ppp-primer/book.sgml new file mode 100644 index 0000000000..f824059981 --- /dev/null +++ b/en_US.ISO_8859-1/books/ppp-primer/book.sgml @@ -0,0 +1,2340 @@ +<!DOCTYPE BOOK PUBLIC "-//Davenport//DTD DocBook V3.0//EN"> +<book> + +<bookinfo> +<bookbiblio> +<title>PPP - Pedantic PPP Primer</title> + +<authorgroup> +<author> +<surname>Maintainer: Steve Sims <emphasis remap=tt><ulink URL="mailto:SimsS@IBM.NET"><SimsS@IBM.NET></ulink></emphasis></surname> +</author> +</authorgroup> + +<pubdate>$FreeBSD: doc/en_US.ISO_8859-1/tutorials/ppp/ppp.sgml,v 1.8 1999/09/06 07:22:25 peter Exp $</pubdate> + +<abstract><para>This is a step-by-step guide for configuring FreeBSD systems to act as +a dial-up router/gateway in a Local Area Environment. All entries may +be assumed to be relevant to FreeBSD 2.2+, unless otherwise noted.</para></abstract> + +</bookbiblio> +</bookinfo> + +<chapter> +<title>Overview:</title> + +<para>The User-Mode PPP dialer in FreeBSD Version 2.2 (also known as: +<emphasis remap=it>"IIJ-PPP"</emphasis> ) now supports Packet Aliasing for dial up +connections to the Internet. This feature, also known as +"<emphasis remap=it>Masquerading</emphasis>", "<emphasis remap=it>IP Aliasing</emphasis>", or "<emphasis remap=it>Network Address +Translation</emphasis>", allows a FreeBSD system to act as a dial- on-demand +router between an Ethernet-based Local Area Network and an Internet +Service Provider. Systems on the LAN can use the FreeBSD system to +forward information between the Internet by means of a single +dial-connection.</para> + + +<sect1> +<title>Purpose of this Guide.</title> + +<para>This guide explains how to: +<itemizedlist> + +<listitem> +<para>Configure the FreeBSD system to support dial-out connections,</para> +</listitem> + +<listitem> +<para>Share a dial-out connection with other systems in a network,</para> +</listitem> + +<listitem> +<para>Configure Windows platforms to use the FreeBSD system as a gateway to the Internet.</para> +</listitem> + +</itemizedlist> +</para> + +<para>While the focus of this guide is to assist in configuring IP Aliasing, +it also includes specific examples of the configuration steps necessary +to configure and install each individual component; each section stands +alone and may be used to assist in the configuration of various aspects +of FreeBSD internetworking.</para> + +</sect1> +</chapter> + +<chapter> +<title>Building the Local Area Network</title> + +<para> While the ppp program can, and usually is, be configured to provide +services to <emphasis>only</emphasis> the local FreeBSD box it can also be used to serve as a +"Gateway" (or "router") between other LAN-connected resources and the Internet or +other Dial-Up service.</para> + + +<sect1> +<title>Typical Network Topology</title> + +<para>This guide assumes a typical Local Area Network lashed together as +follows: +<literallayout> ++---------+ ----> Dial-Up Internet Connection +| FreeBSD | \ (i.e.: NetCom, AOL, AT&T, EarthLink, +etc) +| |-------- +| "Curly" | +| | ++----+----+ + | +|----+-------------+-------------+----| <-- Ethernet Network + | | | + | | | ++----+----+ +----+----+ +----+----+ +| | | | | | +| Win95 | | WFW | | WinNT | +| "Larry" | | "Moe" | | "Shemp" | +| | | | | | ++---------+ +---------+ +---------+</literallayout> +</para> + +</sect1> + +<sect1> +<title>Assumptions about the Local Area Network</title> + +<para>Some specific assumptions about this sample network are:</para> + +<para>Three workstations and a Server are connected with Ethernet +cabling: +<itemizedlist> + +<listitem> +<para>a FreeBSD Server ("Curly") with an NE-2000 adapter configured as +'ed0'</para> +</listitem> + +<listitem> +<para>a Windows-95 workstation ("Larry") with Microsoft's "native" +32-bit TCP/IP drivers</para> +</listitem> + +<listitem> +<para>a Windows for Workgroups workstation ("Moe") with Microsoft's +16-bit TCP/IP extensions</para> +</listitem> + +<listitem> +<para>a Windows NT workstation ("Shemp") with Microsoft's "native" +32-bit TCP/IP drivers</para> +</listitem> + +</itemizedlist> + </para> + +<para>The IP Addresses on the Ethernet side of this sample LAN have been</para> + +<para>taken from the pool of "reserved" addresses proposed in RFC-1597. +IP addresses are assigned as follows: +<literallayout>Name IP Address +"Curly" 192.168.1.1 # The FreeBSD box +"Larry" 192.168.1.2 # The Win'95 box +"Moe" 192.168.1.3 # The WfW box +"Shemp" 192.168.1.4 # The Windows NT box</literallayout> +</para> + +<para>This guide assumes that the modem on the FreeBSD box is connected +to the first serial port ('<filename>/dev/cuaa0</filename>' or '<emphasis remap=tt>COM1:</emphasis>' in +DOS-terms).</para> + +<para>Finally, we'll also assume that your Internet Service Provider (ISP) +automatically provides the IP addresses of both your PPP/FreeBSD side +as well as the ISP's side. (i.e.: Dynamic IP Addresses on both ends +of the link.) Specific details for configuring the Dial-Out side of +PPP will be addressed in Section 2, "Configuring the FreeBSD System".</para> + +</sect1> +</chapter> + +<chapter> +<title>FreeBSD System Configuration</title> + +<para>There are three basic pieces of information that must be known to +the FreeBSD box before you can proceed with integrating the sample +Local Area Network:</para> + +<para> +<itemizedlist> + +<listitem> +<para>The Host Name of the FreeBSD system; in our example it's "Curly",</para> +</listitem> + +<listitem> +<para>The Network configuration,</para> +</listitem> + +<listitem> +<para>The <filename>/etc/hosts</filename> file (which lists the names and IP addresses of +the other systems in your network)</para> +</listitem> + +</itemizedlist> +</para> + +<para>If you performed the installation of FreeBSD over a network +connection some of this information may already be configured into +your FreeBSD system.</para> + +<para>Even if you believe that the FreeBSD system was properly configured +when it was installed you should at least verify each of these bits of +information to prevent trouble in subsequent steps.</para> + + +<sect1> +<title>Verifying the FreeBSD Host Name</title> + +<para>It's possible that the FreeBSD host name was specified and saved +when the system was initially installed. To verify that it was, enter +the following command at a prompt:</para> + +<para> +<informalexample> +<screen># hostname</screen> +</informalexample> +</para> + +<para>The name of the host FreeBSD system will be displayed on a single +line. If the name looks correct (this is very subjective :-) skip +ahead to Section 3.2, "Verifying the Ethernet Interface +Configuration".</para> + +<para>For example, in our sample network, we would see 'curly.my.domain' +as a result of the `hostname` command if the name had been set +correctly during, or after, installation. (At this point, don't worry +too much about the ".my.domain" part, we'll sort this out later. The +important part is the name up to the first dot.)</para> + +<para>If a host name wasn't specified when FreeBSD was installed you'll +probably see 'myname.my.domain` as a response. You'll need to edit +<filename>/etc/rc.conf</filename> to set the name of the machine.</para> + + +<sect2> +<title>Configuring the FreeBSD Host Name</title> + +<para><emphasis><emphasis remap=bf>Reminder: You must be logged in as 'root' to edit the +system configuration files!</emphasis></emphasis></para> + +<para><emphasis><emphasis remap=bf>CAUTION: If you mangle the system configuration files, +chances are your system WILL NOT BOOT correctly! Be careful!</emphasis></emphasis></para> + +<para>The configuration file that specifies the FreeBSD system's host +name when the system boots is in <filename>/etc/rc.conf</filename>. Use the +default text editor ('<emphasis remap=tt>ee</emphasis>') to edit this file.</para> + +<para>Logged in as user 'root' load <filename>/etc/rc.conf</filename> into the +editor with the following command: +<informalexample> +<screen># ee /etc/rc.conf</screen> +</informalexample> +</para> + +<para>Using the arrow keys, scroll down until you find the line that +specifies the host name of the FreeBSD system. By default, this +section says: +<informalexample> +<screen>--- +### Basic network options: ### +hostname="myname.my.domain" # Set this! +---</screen> +</informalexample> + +Change this section to say (in our example): +<informalexample> +<screen>--- +### Basic network options: ### +hostname="curly.my.domain" # Set this! +---</screen> +</informalexample> +</para> + +<para>Once the change to the host name has been made, press the 'Esc' key to +access the command menu. Select "leave editor" and make sure to +specify "save changes" when prompted.</para> + +</sect2> +</sect1> + +<sect1> +<title>Verifying the Ethernet Interface Configuration</title> + +<para>To reiterate our basic assumption, this guide assumes that the +Ethernet Interface in the FreeBSD system is named '<emphasis remap=tt>ed0</emphasis>'. This is +the default for NE-1000, NE-2000, WD/SMC models 8003, 8013 and Elite +Ultra (8216) network adapters.</para> + +<para>Other models of network adapters may have different device names in +FreeBSD. Check the FAQ for specifics about your network adapter. If +you're not sure of the device name of your adapter, check the FreeBSD +FAQ to determine the device name for the card you have and substitute +that name (i.e.: '<emphasis remap=tt>de0</emphasis>', '<emphasis remap=tt>zp0</emphasis>', or similar) in the following +steps.</para> + +<para>As was the case with the host name, the configuration for the +FreeBSD system's Ethernet Interface may have been specified when the +system was installed.</para> + +<para>To display the configuration for the interfaces in your +FreeBSD system (Ethernet and others), enter the following command: +<informalexample> +<screen># ifconfig -a</screen> +</informalexample> + +(In layman's terms: "Show me the <emphasis remap=bf>I</emphasis>nter<emphasis remap=bf>F</emphasis>ace <acronym>CONFIG</acronym>uration +for my network devices.") </para> + +<para>An example: +<informalexample> +<screen># ifconfig -a + ed0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu +1500 + inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255 + ether 01:02:03:04:05:06 + lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500 + tun0: flags=8050<POINTOPOINT,RUNNING, MULTICAST> mtu 1500 + sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552 + ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500 + lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 + inet 127.0.0.1 netmask 0xff000000 +# _</screen> +</informalexample> +</para> + +<para>In this example, the following devices were displayed:</para> + +<para><emphasis remap=tt>ed0:</emphasis> The Ethernet Interface</para> + +<para><emphasis remap=tt>lp0:</emphasis> The Parallel Port Interface (ignored in this guide)</para> + +<para><emphasis remap=tt>tun0:</emphasis> The "tunnel" device; <emphasis>This is the one user-mode ppp uses!</emphasis></para> + +<para><emphasis remap=tt>sl0:</emphasis> The SL/IP device (ignored in this guide)</para> + +<para><emphasis remap=tt>ppp0:</emphasis> Another PPP device (for kernel ppp; ignored in this guide)</para> + +<para><emphasis remap=tt>lo0:</emphasis> The "Loopback" device (ignored in this guide)</para> + +<para>In this example, the 'ed0' device is up and running. The key +indicators are: +<orderedlist> + +<listitem> +<para>Its status is "<acronym>UP</acronym>",</para> +</listitem> + +<listitem> +<para>It has an Internet ("<emphasis remap=tt>inet</emphasis>") address, (in this case, 192.168.1.1)</para> +</listitem> + +<listitem> +<para>It has a valid Subnet Mask ("netmask"; 0xffffff00 is the same as +255.255.255.0), and</para> +</listitem> + +<listitem> +<para>It has a valid broadcast address (in this case, 192.168.1.255).</para> +</listitem> + +</orderedlist> +</para> + +<para>If the line for the Ethernet card had shown something similar to: +<informalexample> +<screen>ed0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500 + ether 01:02:03:04:05:06</screen> +</informalexample> + +then the Ethernet card hasn't been configured yet.</para> + +<para>If the configuration for the Ethernet interface is correct you can +skip forward to Section 3.4, "Creating the list of other LAN hosts". +Otherwise, proceed with the next section.</para> + + +<sect2> +<title>Configuring your Ethernet Interface</title> + +<para><emphasis><emphasis remap=bf>Reminder: You must be logged in as 'root' to edit the +system configuration files!</emphasis></emphasis></para> + +<para><emphasis><emphasis remap=bf>CAUTION: If you mangle the system configuration files, +chances are your system WILL NOT BOOT correctly! Be careful!</emphasis></emphasis></para> + +<para>The configuration file that specifies settings for the network +interfaces when the system boots is in <filename>/etc/rc.conf</filename>. Use +the default text editor ('ee') to edit this file.</para> + +<para>Logged in as user 'root' load <filename>/etc/rc.conf</filename> into the +editor with the following command:</para> + +<para><command> # ee /etc/rc.conf</command></para> + +<para>About 20 lines from the top of <filename>/etc/rc.conf</filename> is the section +that describes which network interfaces should be activated when the +system boots. In the default configuration file the specific line +that controls this is:</para> + +<para> +<informalexample> +<screen>network_interfaces="lo0" # List of network interfaces (lo0 is loopback).</screen> +</informalexample> +</para> + +<para>You'll need to amend this line to tell FreeBSD that you want to add +another device, namely the '<emphasis remap=tt>ed0</emphasis>' device. Change this line to +read:</para> + +<para> +<informalexample> +<screen>network_interfaces="lo0 ed0" # List of network interfaces (lo0 is loopback).</screen> +</informalexample> +</para> + +<para>(Note the space between the definition for the loopback device +("<emphasis remap=tt>lo0</emphasis>") +and the Ethernet device ("<emphasis remap=tt>ed0</emphasis>")! </para> + +<para><emphasis><emphasis remap=bf> Reminder: If your Ethernet card isn't named '<emphasis remap=tt>ed0</emphasis>', specify +the correct device name here instead.</emphasis></emphasis></para> + +<para>If you performed the installation of FreeBSD over a network +connection then the '<literal>network_interfaces=</literal>' line may already +include a reference to your Ethernet adapter. If it is, verify that +it is the correct device name.</para> + +<para>Specify the Interface Settings for the Ethernet device +('<emphasis remap=tt>ed0</emphasis>'):</para> + +<para>Beneath the line that specifies which interfaces should be +activated are the lines that specify the actual settings for each +interface. In the default <filename>/etc/rc.conf</filename> file is a single +line that says:</para> + +<para> +<informalexample> +<screen>ifconfig_lo0="inet 127.0.0.1" # default loopback device configuration.</screen> +</informalexample> +</para> + +<para>You'll need to add another line after that to specify the settings +for your '<emphasis remap=tt>ed0</emphasis>' device.</para> + +<para>If you performed the installation of FreeBSD over a network +connection then there may already be an '<literal>ifconfig_ed0=</literal>' line +after the loopback definition. If so, verify that it has the correct +values.</para> + +<para>For our sample configuration we'll insert a line immediately after +the loopback device definition that says:</para> + +<para> +<informalexample> +<screen>ifconfig_ed0="inet 192.168.1.1 netmask 255.255.255.0"</screen> +</informalexample> +</para> + +<para>When you've finished editing <filename>/etc/rc.conf</filename> to specify and +configure the network interfaces the section should look really close +to:</para> + +<para> +<informalexample> +<screen>--- +network_interfaces="ed1 lo0" # List of network interfaces (lo0 is loopback). +ifconfig_lo0="inet 127.0.0.1" # default loopback device configuration. +ifconfig_ed1="inet 192.168.1.1 netmask 255.255.255.0" +---</screen> +</informalexample> +</para> + +<para>Once all of the necessary changes to <filename>/etc/rc.conf</filename> have +been made, press the 'Esc' key to invoke the control menu. Select +"leave editor" and be sure to select "save changes" when prompted.</para> + +</sect2> +</sect1> + +<sect1> +<title>Enabling Packet Forwarding</title> + +<para>By default the FreeBSD system will not forward IP packets between +various network interfaces. In other words, routing functions (also +known as gateway functions) are disabled.</para> + +<para>If your intent is to use a FreeBSD system as stand-alone Internet +workstation and not as a gateway between LAN nodes and your ISP you +should skip forward to Section 3.4, "Creating the List of Other +LAN Hosts".</para> + +<para>If you intend for the PPP program to service the local FreeBSD box +as well as LAN workstations (as a router) you'll need to enable IP +forwarding.</para> + +<para>To enable IP Packet forwarding you'll need to edit the +<filename>/etc/rc.conf</filename> file. +Load this file into your editor with the following command: +<informalexample> +<screen># ee /etc/rc.conf</screen> +</informalexample> +</para> + +<para>About 85 lines down from the top of the file will be the +configuration +section which controls IP forwarding, which will look like: +<informalexample> +<screen>===== +gateway_enable="NO" # Set to YES if this host will be a gateway. +=====</screen> +</informalexample> +</para> + +<para>Change this line to read: +<informalexample> +<screen>===== +gateway_enable="YES" # Set to YES if this host will be a gateway. +=====</screen> +</informalexample> +</para> + +<para>and exit the editor (saving the changes!).</para> + +<para><emphasis><emphasis remap=bf>NOTE: This line may already be set to +'<literal>gateway_enable="YES"</literal>' if IP forwarding was enabled when the +FreeBSD system was installed.</emphasis></emphasis></para> + +</sect1> + +<sect1> +<title>Creating the List of other LAN Hosts(<filename>/etc/hosts</filename>)</title> + +<para>The final step in configuring the LAN side of the FreeBSD system is +to create a list of the names and TCP/IP addresses of the various +systems that are connected to the Local Area Network. This list is +stored in the '<filename>/etc/hosts</filename>' file.</para> + +<para>The default version of this file has only a single host name +listing in it: the name and address of the loopback device ('lo0'). +By networking convention, this device is always named "localhost" and +always has an IP address of 127.0.0.1. (See the interface +configuration example in Section 3.2.)</para> + +<para>To edit the <filename>/etc/hosts</filename> file enter the following command: +<informalexample> +<screen> # ee /etc/hosts </screen> +</informalexample> +</para> + +<para>Scroll all the way to the bottom of the file (paying attention to +the comments along the way; there's some good information there!) and +enter (assuming our sample network) the following IP addresses and +host names: +<informalexample> +<screen>192.168.1.1 curly curly.my.domain # FreeBSD System +192.168.1.2 larry larry.my.domain # Windows '95 System +192.168.1.3 moe moe.my.domain # Windows for Workgroups +System +192.168.1.4 shemp shemp.my.domain # Windows NT System</screen> +</informalexample> +</para> + +<para>(No changes are needed to the line for the '<emphasis remap=tt>127.0.0.1 +localhost</emphasis>' entry.)</para> + +<para>Once you've entered these lines, press the 'Esc' key to invoke the +control menu. Select "leave editor" and be sure to select "save +changes" when prompted.</para> + +</sect1> + +<sect1> +<title>Testing the FreeBSD system</title> + +<para>Congratulations! Once you've made it to this point, the FreeBSD +system is configured as a network-connected UNIX system! If you made +any changes to the <filename>/etc/rc.conf</filename> file you should probably +re-boot your FreeBSD system. This will accomplish two important +objectives: +<itemizedlist> + +<listitem> +<para>Allow the changes to the interface configurations to be applied, and</para> +</listitem> + +<listitem> +<para>Verify that the system restarts without any glaring configuration errors.</para> +</listitem> + +</itemizedlist> +</para> + +<para>Once the system has been rebooted you should test the network +interfaces.</para> + + +<sect2> +<title>Verifying the operation of the loopback device</title> + +<para>To verify that the loopback device is configured correctly, log in as +'root' and enter: +<informalexample> +<screen># ping localhost</screen> +</informalexample> +</para> + +<para>You should see: +<informalexample> +<screen># ping localhost +PING localhost.my.domain. (127.0.0.1): 56 data bytes +64 bytes from 127.0.0.1: icmp_seq=0 ttl=255 time=0.219 ms +64 bytes from 127.0.0.1: icmp_seq=1 ttl=255 time=0.287 ms +64 bytes from 127.0.0.1: icmp_seq=2 ttl=255 time=0.214 m +[...]</screen> +</informalexample> + +messages scroll by until you hit Ctrl-C to stop the madness.</para> + +</sect2> + +<sect2> +<title>Verifying the operation of the Ethernet Device</title> + +<para>To verify that the Ethernet device is configured correctly, enter:</para> + +<para> +<informalexample> +<screen># ping curly</screen> +</informalexample> +</para> + +<para>You should see: +<informalexample> +<screen># ping curly +PING curly.my.domain. (192.168.1.1): 56 data bytes +64 bytes from 192.168.1.1: icmp_seq=0 ttl=255 time=0.219 ms +64 bytes from 192.168.1.1: icmp_seq=1 ttl=255 time=0.200 ms +64 bytes from 192.168.1.1: icmp_seq=2 ttl=255 time=0.187 ms +[...]</screen> +</informalexample> + +messages.</para> + +<para>One important thing to look at in these two examples is that the +names (loopback and curly) correctly correlate to their IP addresses +(127.0.0.1 and 192.168.1.1). This verifies that the +<filename>/etc/hosts</filename> files is correct.</para> + +<para>If the IP address for "curly" isn't 192.168.1.1 or the address for +"localhost" isn't 127.0.0.1, return to Section 3.4 and review your +entries in '<filename>/etc/hosts</filename>'.</para> + +<para>If the names and addresses are indicated correctly in the result of +the ping command but there are errors displayed then something is +amiss with the interface configuration(s). Return to Section 3.1 and +verify everything again.</para> + +<para>If everything here checks out, proceed with the next section.</para> + +</sect2> +</sect1> +</chapter> + +<chapter> +<title>Configuring the PPP Dial-Out Connection</title> + +<para>There are two basic modes of operation of the ppp driver: +"Interactive" and "Automatic".</para> + +<para>In Interactive mode you:</para> + +<para> +<itemizedlist> + +<listitem> +<para>Manually establish a connection to your ISP,</para> +</listitem> + +<listitem> +<para>Browse, surf, transfer files and mail, etc...,</para> +</listitem> + +<listitem> +<para>Manually disconnect from your ISP.</para> +</listitem> + +</itemizedlist> +</para> + +<para>In Automatic mode, the PPP program silently watches what goes on +inside the FreeBSD system and automagically connects and disconnects +with your ISP as required to make the Internet a seamless element of +your network.</para> + +<para>In this section we'll address the configuration(s) for both modes +with emphasis on configuring your `ppp` environment to operate in +"Automatic" mode.</para> + + +<sect1> +<title>Backing up the original PPP configuration files</title> + +<para>Before making any changes to the files which are used by PPP you +should make a copy of the default files that were created when the +FreeBSD system was installed.</para> + +<para>Log in as the 'root' user and perform the following steps:</para> + +<para>Change to the '<filename>/etc</filename> directory:</para> + +<para><emphasis remap=tt># cd /etc</emphasis></para> + +<para>Make a backup copy the original files in the 'ppp' directory:</para> + +<para><emphasis remap=tt># cp -R ppp ppp.ORIGINAL</emphasis></para> + +<para>You should now be able to see both a '<emphasis remap=tt>ppp</emphasis>' and a +'<filename>ppp.ORIGINAL</filename>' subdirectory +in the '<filename>/etc</filename>' directory.</para> + +</sect1> + +<sect1> +<title>Create your own PPP configuration files</title> + +<para>By default, the FreeBSD installation process creates a number of +sample configuration files in the /etc/ppp directory. Please take +some time to review these files; they were derived from working +systems and represent the features and capabilities of the PPP +program.</para> + +<para>I <emphasis>strongly</emphasis> encourage you to learn from these sample files and +apply them to your own configuration as necessary.</para> + +<para>For detailed information about the `ppp` program, read the ppp +manpage: +<informalexample> +<screen># man ppp</screen> +</informalexample> +</para> + +<para>For detailed information about the `chat` scripting language used by +the PPP dialer, read the chat manpage: +<informalexample> +<screen># man chat</screen> +</informalexample> +</para> + +<para>The remainder of this section describes the recommended contents of +the PPP configuration files.</para> + + +<sect2> +<title>The '<filename>/etc/ppp/ppp.conf</filename>' file</title> + +<para>The '<filename>/etc/ppp/ppp.conf</filename>' file contains the information and +settings required to set up a dial-out PPP connection. More than one +configuration may be contained in this file. The FreeBSD handbook +(XXX URL? XXX) describes the contents and syntax of this file in +detail.</para> + +<para>This section will describe only the minimal configuration to get a +dial-out connection working.</para> + +<para>Below is the /etc/ppp/ppp.conf file that we'll be using to provide a +dial-out Internet gateway for our example LAN: +<informalexample> +<screen>################################################################ +# PPP Configuration File ('/etc/ppp/ppp.conf') +# +# Default settings; These are always executed always when PPP +# is invoked and apply to all system configurations. +################################################################ +default: +set device /dev/cuaa0 +set speed 57600 +disable pred1 +deny pred1 +disable lqr +deny lqr +set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" ATE1Q0M0 +OK-AT-OK\\dATDT\\T TIMEOUT 40 CONNECT" +set redial 3 10 +# +# +################################################################ +# +# For interactive mode use this configuration: +# +# Invoke with `ppp -alias interactive` +# +################################################################ +interactive: +set authname Your_User_ID_On_Remote_System +set authkey Your_Password_On_Remote_System +set phone 1-800-123-4567 +set timeout 300 +set openmode active +accept chap +# +################################################################ +# +# For demand-dial (automatic) mode we'll use this configuration: +# +# Invoke with: 'ppp -auto -alias demand' +# +################################################################ +demand: +set authname Your_User_ID_On_Remote_System +set authkey Your_Password_On_Remote_System +set phone 1-800-123-4567 +set timeout 300 +set openmode active +accept chap +set ifaddr 127.1.1.1/0 127.2.2.2/0 255.255.255.0 +add 0 0 127.2.2.2 +################################################################ +# End of /etc/ppp/ppp.conf</screen> +</informalexample> + +This file, taken verbatim from a working system, has three relevant +configuration sections:</para> + + +<sect3> +<title>The "<emphasis remap=tt>default</emphasis>" Section</title> + +<para>The '<emphasis remap=tt>default:</emphasis>' section contains the values and settings +used by every other section in the file. Essentially, this section is +implicitly added to the configuration lines to each other section.</para> + +<para>This is a good place to put "global defaults" applicable to all +dial-up sessions; especially modem settings and dialing prefixes which +typically don't change based on which destination system you're +connecting to.</para> + +<para>Following are the descriptions of each line in the "default" section +of the sample '<filename>/etc/ppp/ppp.conf</filename>' file: +<informalexample> +<screen>set device /dev/cuaa0</screen> +</informalexample> + +This statement informs the PPP program that it should use the first +serial port. +Under FreeBSD the '<filename>/dev/cuaa0</filename>' device is the same port that's +known as "<emphasis remap=tt>COM1:</emphasis>" under DOS, Windows, Windows 95, etc....</para> + +<para>If your modem is on <emphasis remap=tt>COM2:</emphasis> you should specify +'<filename>/dev/cua01</filename>; <emphasis remap=tt>COM3:</emphasis> would be '<filename>/dev/cua02</filename>'.</para> + +<para> +<informalexample> +<screen>set speed 57600 </screen> +</informalexample> +</para> + +<para>This line sets the transmit and receive speed for the connection +between the serial port and the modem. While the modem used for this +configuration is only a 28.8 device, setting this value to 57600 lets +the serial link run at a higher rate to accommodate higher throughput +as a result of the data compression built into late-model modems.</para> + +<para>If you have trouble communicating with your modem, try setting this +value to 38400 or even as low as 19200.</para> + +<para> +<informalexample> +<screen>disable pred1 +deny pred1</screen> +</informalexample> +</para> + +<para>These two lines disable the "CCP/Predictor type 1" compression +features of the PPP program. The current version of `ppp` supports +data compression in accordance with draft Internet standards. +Unfortunately many ISPs use equipment that does not support this +capability. Since most modems try to perform on-the-fly compression +anyway you're probably not losing much performance by disabling this +feature on the FreeBSD side and denying the remote side from forcing +it on you.</para> + +<para> +<informalexample> +<screen>disable lqr +deny lqr</screen> +</informalexample> +</para> + +<para>These two lines control the "Line Quality Reporting" functions which +are part of the complete Point-to-Point (PPP) protocol specification. +(See RFC-1989 for details.)</para> + +<para>The first line, "disable lqr", instructs the PPP program to not +attempt to report line quality status to the device on the remote end.</para> + +<para>The second line, "deny lqr", instructs the PPP program to deny any +attempts by the remote end to reports line quality.</para> + +<para>As most modern dial-up modems have automatic error correction and +detection and LQR reporting is not fully implemented in many vendor's +products it's generally a safe bet to include these two lines in the +default configuration.</para> + +<para> +<informalexample> +<screen>set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" ATE1Q0M0 +OK-AT-OK\\dATDT\\T TIMEOUT 40 CONNECT"</screen> +</informalexample> +</para> + +<para><emphasis>NOTE: (This statement should appear on a single line; ignore any +line wrapping that may appear in this document.)</emphasis></para> + +<para>This line instructs the PPP program how to dial the modem and +specifies some rudimentary guidelines for doing so: +<itemizedlist> + +<listitem> +<para>Attempts to dial should fail if the modem returns a "BUSY" result code,</para> +</listitem> + +<listitem> +<para>Attempts to dial should also fail if the modem returns a "NO CARRIER" result code,</para> +</listitem> + +<listitem> +<para>The PPP program should expect each of the following events to complete within a +5-second timeout period: +<itemizedlist> + +<listitem> +<para>The PPP program will initially expect nothing (specified above +by the \"\" portion of the statement) from the modem </para> +</listitem> + +<listitem> +<para>The program +will send the modem initialization string "ATE1Q0M0" to the modem and +await a response of "OK". If a response is not received, the program +should send an attention command to the modem ("AT") and look again +for a response of "OK", </para> +</listitem> + +<listitem> +<para>The program should delay for one second +(specified by the "\\d" part of the statement, and send the dialing +string to the modem. The "ATDT" portion of the statement is the +standard modem prefix to dial using tone-dialing; if you do not have +touch-tone service on your local phone line, replace the "ATDT" with +"ATDP". The "\\T" string is a placeholder for the actual phone number +(which will be automatically inserted as specified by the "set dial +123-4567").</para> +</listitem> + +</itemizedlist> +</para> +</listitem> + +<listitem> +<para>Finally, before a (maximum) timeout of 40 seconds, the PPP +program should expect to see a "CONNECT" result code returned from the +modem.</para> +</listitem> + +</itemizedlist> +</para> + +<para>A failure at any point in this dialog will be interpreted as a dialing +failure and the PPP program will fail to connect.</para> + +<para>(For a detailed description of the mini-scripting language used by the +PPP dialer, refer to the "chat" manpage.)</para> + +<para> +<informalexample> +<screen>set redial 3 10</screen> +</informalexample> + +This line specifies that if a dial connection cannot immediately be made +the PPP program should retry (up to 3 times if necessary) with a delay of 10 seconds +between redialing attempts.</para> + +</sect3> + +<sect3> +<title>The "<emphasis remap=tt>interactive</emphasis>" Section</title> + +<para>The '<emphasis remap=tt>interactive:</emphasis>' section contains the values and +settings used to set up an "interactive" PPP session with a specific +remote system. Settings in this section will have the lines included +in the "default" section included automatically.</para> + +<para>The example cited in this section of the guide presumes that you'll +be connecting to a remote system that understands how to authenticate +a user without any fancy scripting language. That is, this sample +uses the CHAP protocol to set up the connection.</para> + +<para>A good rule of thumb is that if the Windows '95 dialer can set up a +connection by just clicking the "Connect" button this sample +configuration should work OK.</para> + +<para>If, on the other hand, when you connect to your ISP using Microsoft +Windows '95 Dial-Up Networking you need to resort to using the "Dial +Up Scripting Tool" from the Microsoft Plus! pack or you have to select +"Bring up a terminal windows after dialing" in the Windows '95 +connection options then you'll need to look at the sample PPP +configuration files and the ppp manpage for examples of "expect / +response" scripting to make your ISP connection. The "set login" +command is used for this purpose.</para> + +<para>Or even better, find an ISP who knows how to provide PAP or CHAP +authentication!</para> + +<para>The configuration examples shown here have been successfully used to +connect to: +<itemizedlist> + +<listitem> +<para>Various Shiva LanRovers</para> +</listitem> + +<listitem> +<para>The IBM Network (<ulink URL="http://www.ibm.net">http://www.ibm.net</ulink>)</para> +</listitem> + +<listitem> +<para>AT&T WorldNet (<ulink URL="http://att.com/worldnet">http://att.com/worldnet</ulink>)</para> +</listitem> + +<listitem> +<para>Erol's (<ulink URL="http://www.erols.com">http://www.erols.com</ulink>)</para> +</listitem> + +</itemizedlist> +</para> + +<para>Following are descriptions for each line in the "interactive" section +of the sample '<filename>/etc/ppp/ppp.conf</filename>' file:</para> + +<para> +<informalexample> +<screen>set authname Your_User_ID_On_Remote_System</screen> +</informalexample> + +This line specifies the name you would use to log in to the remote +system. </para> + +<para> +<informalexample> +<screen>set authkey Your_Password_On_Remote_System</screen> +</informalexample> + +This is the password you'd use to log in to the remote system.</para> + +<para> +<informalexample> +<screen>set phone 1-800-123-4567</screen> +</informalexample> + +This is the phone number of the remote system. If you're inside a PBX +you can +prepend '<emphasis remap=tt>9, </emphasis>' to the number here.</para> + +<para> +<informalexample> +<screen>set timeout 300</screen> +</informalexample> + +This tells the PPP program that it should automatically hang up the +phone if no data has +be exchanged for 300 seconds (5 minutes). You may wish to tailor this +number to your +specific requirements.</para> + +<para> +<informalexample> +<screen>set openmode active</screen> +</informalexample> + +This tells the PPP program that once the modems are connected it +should immediately attempt to negotiate the connection. Some remote +sites do this automatically, some don't. This instructs your side of +the link to take the initiative and try to set up the connection.</para> + +<para> +<informalexample> +<screen>accept chap</screen> +</informalexample> + +This tells the PPP program to use the "Challenge-Handshake +Authentication Protocol" to authenticate you. The values exchanged +between the local and remote side for UserID and password are taken +from the 'authname' and 'authkey' entries above.</para> + +</sect3> + +<sect3> +<title>The "<emphasis remap=tt>demand</emphasis>" Section</title> + +<para>The "<emphasis remap=tt>demand</emphasis>" section contains the values and settings used +to set up a "Dial-on-demand" PPP session with a specific remote +system. Settings in this section will also have the lines included in +the "default" section included automatically.</para> + +<para>Except for the last two lines in this section it is identical to +the configuration section which defines the "interactive" +configuration.</para> + +<para>As noted in Paragraph ???, the examples cited in this section of +the guide presume that you'll be connecting to a remote system that +understands how to use the CHAP protocol to set up the connection.</para> + +<para>Following are descriptions for each line in the "demand" section of +the sample '<filename>/etc/ppp/ppp.conf</filename>' file:</para> + +<para> +<informalexample> +<screen>set authname Your_User_ID_On_Remote_System</screen> +</informalexample> + +This line specifies the name you would use to log in to the remote +system. </para> + +<para> +<informalexample> +<screen>set authkey Your_Password_On_Remote_System</screen> +</informalexample> + +This is the password you'd use to log in to the remote system.</para> + +<para> +<informalexample> +<screen>set phone 1-800-123-4567</screen> +</informalexample> + +This is the phone number of the remote system.</para> + +<para> +<informalexample> +<screen>set timeout 300</screen> +</informalexample> +</para> + +<para>This tells the PPP program that it should automatically hang up the +phone if no data has be exchanged for 300 seconds (5 minutes). You +may wish to tailor this number to your specific requirements.</para> + +<para> +<informalexample> +<screen>set openmode active</screen> +</informalexample> +</para> + +<para>This tells the PPP program that once the modems are connected it +should immediately attempt to negotiate the connection. Some remote +sites do this automatically, some don't. This instructs your side of +the link to take the initiative and try to set up the connection.</para> + +<para> +<informalexample> +<screen>accept chap</screen> +</informalexample> +</para> + +<para>This tells the PPP program to use the "Challenge-Handshake +Authentication Protocol" to authenticate you. The values exchanged +between the local and remote side for UserID and password are taken +from the 'authname' and 'authkey' entries above.</para> + +<para> +<informalexample> +<screen>set ifaddr 127.1.1.1/0 127.2.2.2/0 255.255.255.0</screen> +</informalexample> +</para> + +<para>This command sets up a pair of "fake" IP addresses for the local and +remote sides of the PPP link. It instructs the PPP program to create +an IP address of 127.1.1.1 for the local side of the '<emphasis remap=tt>tun0</emphasis>' +(tunnel) device (refer back to section ?? for a description of this +device) and 127.2.2.2 for the remote side. Appending '<filename>/0</filename>' to +each address tells the PPP program that zero of the bits that make up +these addresses are significant and can (in fact, must!) be negotiated +between the local and remote systems when the link is established. +The 255.255.255.0 string tells the PPP program what Subnet mask to +apply to these pseudo-interfaces.</para> + +<para>Remember, we've assumed that your ISP provides the IP addresses for +both ends of the link! If your ISP assigned you a specific IP address +that you should use on your side when configuring your system, enter +that IP address here <emphasis>instead</emphasis> of <emphasis remap=tt>127.1.1.1</emphasis>.</para> + +<para>Conversly, if your ISP gave you a specific IP address that he uses on +his end you should enter that IP address here <emphasis>instead</emphasis> of +<emphasis remap=tt>127.2.2.2</emphasis>.</para> + +<para>In both cases, it's probably a good idea to leave the '<filename>/0</filename>' on +the end of each address. This gives the PPP program the opportunity +to change the address(es) of the link if it <emphasis>has</emphasis> to.</para> + +<para> +<informalexample> +<screen>add 0 0 127.2.2.2</screen> +</informalexample> +</para> + +<para>This last line tells the PPP program that it should add a default +route for IP traffic that points to the (fake) IP address of the ISP's +system.</para> + +<para><emphasis><emphasis remap=bf>Note: If you used an ISP-specified address instead of +<emphasis remap=tt>127.2.2.2</emphasis> on the preceeding line, use the same number here +instead of <emphasis remap=tt>127.2.2.2</emphasis></emphasis></emphasis>.</para> + +<para>By adding this "fake" route for IP traffic, the PPP program can, +while idle: +<itemizedlist> + +<listitem> +<para>Accept packets that FreeBSD doesn't already know how to forward,</para> +</listitem> + +<listitem> +<para>Establish a connection to the ISP "<emphasis>on-the-fly</emphasis>",</para> +</listitem> + +<listitem> +<para>Reconfigure the IP addresses of the local and remote side of the link,</para> +</listitem> + +<listitem> +<para>Forward packets between your workstation and the ISP.</para> +</listitem> + +</itemizedlist> + +automatically!</para> + +<para>Once the number of seconds specified by the timeout value in the +"default" section have elapsed without any TCP/IP traffic the PPP +program will automatically close the dial-up connection and the +process will begin again.</para> + +</sect3> +</sect2> + +<sect2> +<title>The '<filename>/etc/ppp/ppp.linkup</filename>' file</title> + +<para>The other file needed to complete the PPP configuration is found in +'<filename>/etc/ppp/ppp.linkup</filename>'. This file contains instructions for +the PPP program on what actions to take after a dial-up link is +established.</para> + +<para>In the case of dial-on-demand configurations the PPP program will need +to delete the default route that was created to the fake IP address of +the remote side (127.2.2.2 in our example in the previous section) and +install a new default route that points the actual IP address of the +remote end (discovered during the dial-up connection setup).</para> + +<para>A representative '<filename>/etc/ppp/ppp.linkup</filename>' file: +<informalexample> +<screen>#########################################################################= + +# PPP Link Up File ('/etc/ppp/ppp.linkup') +# +# This file is checked after PPP establishes a network connection. +# +# This file is searched in the following order. +# +# 1) First, the IP address assigned to us is searched and +# the associated command(s) are executed. +# +# 2) If the IP Address is not found, then the label name specified at + +# PPP startup time is searched and the associated command(s) +# are executed. +# +# 3) If neither of the above are found then commands under the label +# 'MYADDR:' are executed. +# +#########################################################################= + +# +# This section is used for the "demand" configuration in +# /etc/ppp/ppp.conf: +demand: + delete ALL + add 0 0 HISADDR +# +# All other configurations in /etc/ppp/ppp.conf use this: +# +MYADDR: + add 0 0 HISADDR +######################################################################## +# End of /etc/ppp/ppp.linkup</screen> +</informalexample> + +Notice that there is a section in this file named "demand:", identical +to the configuration name used in the '<filename>/etc/ppp/ppp.conf</filename>' +file. This section instructs the PPP program that once a link is +established using this configuration, it must: +<orderedlist> + +<listitem> +<para>Remove any IP routing information that the PPP program has created</para> +</listitem> + +<listitem> +<para>Add a default route the remote end's actual address.</para> +</listitem> + +</orderedlist> +</para> + +<para>It's critical that those configurations in +'<filename>/etc/ppp/ppp.conf</filename>' which include the '<emphasis remap=tt>set ifaddr</emphasis>' and +'<emphasis remap=tt>add 0 0</emphasis>' statements (i.e.: those configurations used for +Dial-on-Demand configurations) execute the "delete ALL" and "add 0 0 +HISADDR" commands in <filename>/etc/ppp/ppp.linkup</filename>.</para> + +<para><emphasis><emphasis remap=bf>This is the mechanism that controls the actual on-demand +configuration of the link.</emphasis></emphasis></para> + +<para>All configurations not explicitly named in +<filename>/etc/ppp/ppp.linkup</filename> will use whatever commands are in the +"MYADDR:" section of the file. This is where non-Demand-Dial +configurations (such as our "interactive:" sample) will fall through +to. This section simply adds a default route to the ISP's IP address +(at the remote end).</para> + +</sect2> +</sect1> + +<sect1> +<title>IP Aliasing</title> + +<para>All of the configuration steps described thus far are relevant to +any FreeBSD system which will be used to connect to an ISP via dial-up +connection.</para> + +<para>If your sole objective in reading this guide is to connect your +FreeBSD box to the Internet using dial-out ppp you can proceed to +Section 6, "Testing the Network".</para> + +<para>One very attractive feature of the PPP program in on-demand mode is +its ability to route IP traffic between other systems on the Local +Area Network automatically. This feature is known by various names, +"<emphasis>IP Aliasing</emphasis>", "<emphasis>Network Address Translation</emphasis>", "<emphasis>Address +Masquerading</emphasis>" or "<emphasis>Transparent Proxying</emphasis>".</para> + +<para>Regardless of the terminology used, this mode is not, however, +automatic. If the PPP program is started normally then the program +will not forward packets between LAN interface(s) and the dial-out +connection. In effect, only the FreeBSD system is connected to the +ISP; other workstations cannot "share" the same connection.</para> + +<para>For example, if the program is started with either of the following +command lines:</para> + +<para><emphasis remap=tt># ppp interactive (Interactive mode)</emphasis></para> + +<para> or</para> + +<para><emphasis remap=tt># ppp -auto demand (Dial-on-Demand mode)</emphasis></para> + +<para>then the system will function as an Internet-connected workstation +<emphasis>only</emphasis> for the +FreeBSD box.</para> + +<para>To start the PPP program as a gateway between LAN resources and the +Internet, one of the following command lines would be used instead:</para> + +<para><emphasis remap=tt># ppp -alias interactive (Interactive mode)</emphasis></para> + +<para> or</para> + +<para><emphasis remap=tt># ppp -auto -alias demand (Dial-on-Demand mode)</emphasis></para> + +<para>You can alternatively use the command <emphasis remap=tt>``alias enable yes''</emphasis> +in your ppp configuration file (refer to the man page for details).</para> + +<para>Keep this in mind if you intend to proceed with Section 5, +"Configuring Windows Systems".</para> + +</sect1> +</chapter> + +<chapter> +<title>Configuring Windows Systems</title> + +<para>As indicated in Section 1, our example network consists of a +FreeBSD system ("Curly") which acts as a gateway (or router) between a +Local Area Network consisting of two different flavors of Windows +Workstations. In order for the LAN nodes to use Curly as a router +they need to be properly configured. Note that this section does not +explain how to configure the Windows workstations for Dial-Up +networking. If you need a good explanation of that procedure, I +recommend <ulink URL="http://www.aladdin.co.uk/techweb">http://www.aladdin.co.uk/techweb</ulink>.</para> + + +<sect1> +<title> Configuring Windows 95</title> + +<para>Configuring Windows 95 to act as an attached resource on your LAN +is relatively simple. The Windows 95 network configuration must be +slightly modified to use the FreeBSD system as the default gateway to +the ISP. Perform the following steps:</para> + +<para><emphasis remap=bf>Create the Windows 95 "hosts" file:</emphasis></para> + +<para>In order to connect to the other TCP/IP systems on the LAN you'll +need to create an identical copy of the "hosts" file that you +installed on the FreeBSD system in Section 3.4. +<itemizedlist> + +<listitem> +<para>Click the "Start" button; select "Run..."; enter "notepad +\WINDOWS\HOSTS" (without the quotes) and click "OK"</para> +</listitem> + +<listitem> +<para>In the editor, enter the addresses and system names from the hosts +file shown in Section 3.4.</para> +</listitem> + +<listitem> +<para>When finished editing, close the notepad application (making sure +that you save the file!).</para> +</listitem> + +</itemizedlist> +</para> + +<para><emphasis remap=bf>Configure the Windows 95 TCP/IP Network Configuation +settings</emphasis>: +<itemizedlist> + +<listitem> +<para>Click the "Start" button on the taskbar; select "Settings" and +"Control Panel". </para> +</listitem> + +<listitem> +<para>Double-click the "Network" icon to open it.</para> + +<para> +The settings for all Network Elements are displayed.</para> +</listitem> + +<listitem> +<para>With the "Configuration" tab selected, scroll down the list of +installed components and highlight the "TCP/IP-><emphasis>YourInterfaceType</emphasis>" line +(where "<emphasis>YourInterfaceType</emphasis>" is the name or type of Ethernet adapter in your system). +</para> + +<para>If TCP/IP is not listed in the list of installed network +components, click the "Add" button and install it before proceeding.</para> + +<para>(Hint: "Add | Protocol | Microsoft | TCP/IP | OK")</para> +</listitem> + +<listitem> +<para>Click on the "Properties" button to display a list of the +settings associated with the TCP component.</para> +</listitem> + +</itemizedlist> +</para> + +<para><emphasis remap=bf>Configure the IP Address Information:</emphasis> +<itemizedlist> + +<listitem> +<para>Click the "IP Address" tab</para> +</listitem> + +<listitem> +<para>Click the "Specify an IP address" radio button. +</para> + +<para>(In our example LAN the Windows 95 system is the one we've called "Larry".)</para> +</listitem> + +<listitem> +<para>In the "IP Address" field enter "192.168.1.2".</para> +</listitem> + +<listitem> +<para>Enter 255.255.255.0 in the "Subnet Mask" field.</para> +</listitem> + +</itemizedlist> +</para> + +<para><emphasis remap=bf>Configure the Gateway information:</emphasis> +<itemizedlist> + +<listitem> +<para>Click on the "Gateway" tab +</para> + +<para>For our example network the FreeBSD box will be acting as our +gateway to the Internet (routing packets between the Ethernet LAN and +the PPP dial-up connection. Enter the IP address of the FreeBSD +Ethernet interface, 192.168.1.1, in the "New gateway" field and click +the "Add" button. If any other gateways are defined in the "Installed +gateways" list you may wish to consider removing them.</para> +</listitem> + +</itemizedlist> +</para> + +<para><emphasis remap=bf>Configure the DNS Information:</emphasis></para> + +<para>This guide assumes that your Internet Service Provider has given +you a list of Domain Name Servers (or "DNS Servers") that you should +use. If you wish to run a DNS server on your local FreeBSD system, +refer to Section 6, "Exercise for the Interested Student" for tips on +setting up DNS on your FreeBSD system.</para> + +<para> +<itemizedlist> + +<listitem> +<para>Click the "DNS Configuration" tab</para> +</listitem> + +<listitem> +<para>Make sure that the "Enable DNS" radio button is selected. +</para> + +<para>(If this button is not selected only the entries that +we put in the host file(s) will be available and your Net-Surfing +will not work as you expect!)</para> +</listitem> + +<listitem> +<para>In the "Host" field enter the name of the Windows 95 box, in this +case: "Larry".</para> +</listitem> + +<listitem> +<para>In the "Domain" field enter the name of our local network, in this +case: "my.domain"</para> +</listitem> + +<listitem> +<para>In the "DNS Server Search Order" section, enter the IP address +of the DNS server(s) that your ISP provided, clicking the "Add" button +after every address is entered. Repeat this step as many times as +necessary to add all of the addresses that your ISP provided.</para> +</listitem> + +</itemizedlist> +</para> + +<para><emphasis remap=bf>Other Windows 95 TCP/IP options:</emphasis></para> + +<para>For our purposes the settings under the "Advanced", "WINS +Configuration" and "Bindings" tabs are not necessary.</para> + +<para>If you wish to use the Windows Internet Naming Service ("WINS") +your attention is invited to <ulink URL="http://www.localnet.org">http://www.localnet.org</ulink> for +more information about WINS settings, specifically regarding sharing +files transparently across the Internet.</para> + +<para><emphasis remap=bf>Mopping up:</emphasis> +<itemizedlist> + +<listitem> +<para>Click on the "OK" button to close the TCP/IP Properties window.</para> +</listitem> + +<listitem> +<para>Click on the "OK" button to close the Network Control Panel. </para> +</listitem> + +<listitem> +<para>Reboot your computer if prompted to do so. </para> +</listitem> + +</itemizedlist> +</para> + +<para> That's it!</para> + +</sect1> + +<sect1> +<title>Configuring Windows NT</title> + +<para>Configuring Windows NT to act as a LAN resource is also relatively +straightforward. The procedures for configuring Windows NT are +similar to Windows 95 with minor exceptions in the user interface.</para> + +<para>The steps shown here are appropriate for a Windows NT 4.0 +Workstation, but the principles are the same for NT 3.5x. You may +wish to refer to the "Configuring Windows for Workgroups" section if +you're configuring Windows NT 3.5<emphasis remap=it>x</emphasis>, since the user interface is +the same for NT 3.5 and WfW.</para> + +<para>Perform the following steps: </para> + +<para><emphasis remap=bf>Create the Windows NT "hosts" file:</emphasis></para> + +<para>In order to connect to the other TCP/IP systems on the LAN you'll +need to create an identical copy of the "hosts" file that you +installed on the FreeBSD system in Section 3.4 +<itemizedlist> + +<listitem> +<para>Click the "Start" button; select "Run..."; enter "notepad +\WINDOWS\SYSTEM\DRIVERS\ETC\HOSTS" (without the quotes) and click +"OK"</para> +</listitem> + +<listitem> +<para>In the editor, enter the addresses and system names from Section +3.4.</para> +</listitem> + +<listitem> +<para>When finished editing, close the notepad application (making sure +that you save the file!).</para> +</listitem> + +</itemizedlist> +</para> + +<para><emphasis remap=bf>Configure the Windows NT TCP/IP Network Configuation +settings</emphasis>: +<itemizedlist> + +<listitem> +<para>Click the "Start" button on the taskbar; select "Settings" and +"Control Panel". </para> +</listitem> + +<listitem> +<para>Double-click the "Network" icon to open it. </para> +</listitem> + +<listitem> +<para>With the "Identification" tab selected, verify the "Computer Name" +and "Workgroup" fields. In this example we'll use "Shemp" for the name +and "Stooges" for the workgroup. Click the "Change" button and amend +these entries as necessary.</para> +</listitem> + +<listitem> +<para>Select the "Protocols" tab. + +</para> + +<para>The installed Network Protocols will be displayed. There may be a +number of protocols listed but the one of interest to this guide is +the "TCP/IP Protocol". If "TCP/IP Protocol" is not listed, click the +"Add" button to load it.</para> + +<para>(Hint: "Add | TCP/IP Protocol | OK") </para> +</listitem> + +<listitem> +<para>Highlight "TCP/IP +Protocol" and click the "Properties" button. +</para> + +<para>Tabs for specifying various settings for TCP/IP will be displayed.</para> +</listitem> + +</itemizedlist> +</para> + +<para><emphasis remap=bf>Configuring the IP Address:</emphasis></para> + +<para>Make sure that the Ethernet Interface is shown in the "Adapter" +box; if not, scroll through the list of adapters until the correct +interface is shown. +<itemizedlist> + +<listitem> +<para>Click the "Specify an IP address" radio button to enable the three +text boxes. +</para> + +<para>In our example LAN the Windows NT system is the one we've called +"Shemp"</para> +</listitem> + +<listitem> +<para>In the "IP Address" field enter "192.168.1.4".</para> +</listitem> + +<listitem> +<para>Enter 255.255.255.0 in the "Subnet Mask" field.</para> +</listitem> + +</itemizedlist> +</para> + +<para><emphasis remap=bf>Configure the Gateway information:</emphasis></para> + +<para>For our example network the FreeBSD box will be acting as our gateway +to the Internet (routing packets between the Ethernet LAN and the PPP dial-up +connection. +<itemizedlist> + +<listitem> +<para>Enter the IP address of the FreeBSD Ethernet interface, +192.168.1.1, in the "New gateway" field and click the "Add" button. +</para> + +<para>If any other gateways are defined in the "Installed gateways" list +you may wish to consider removing them.</para> +</listitem> + +</itemizedlist> +</para> + +<para><emphasis remap=bf>Configuring DNS:</emphasis></para> + +<para>Again, this guide assumes that your Internet Service Provider has +given you a list of Domain Name Servers (or "DNS Servers") that you +should use.</para> + +<para>If you wish to run a DNS server on your local FreeBSD system, refer to +Section 6, "Exercise for the Interested Student" for tips on setting +up DNS on your FreeBSD system. +<itemizedlist> + +<listitem> +<para>Click the "DNS" tab</para> +</listitem> + +<listitem> +<para>In the "Host Name" field enter the name of the Windows NT box, in +this case: "Shemp".</para> +</listitem> + +<listitem> +<para>In the "Domain" field enter the name of our local network, in this +case: "my.domain"</para> +</listitem> + +<listitem> +<para>In the "DNS Server Search Order" section, enter the IP address of +the DNS server that your ISP provided, clicking the "Add" button after +every address is entered. Repeat this step as many times as necessary +to add all of the addresses that your ISP provided.</para> +</listitem> + +</itemizedlist> +</para> + +<para><emphasis remap=bf>Other Windows NT TCP/IP options:</emphasis></para> + +<para>For our purposes the settings under the "WINS Address" and +"Routing" tabs are not used.</para> + +<para>If you wish to use the Windows Internet Naming Service ("WINS") +your attention is invited to <ulink URL="http://www.localnet.org">http://www.localnet.org</ulink> for +more information about WINS settings, specifically regarding sharing +files transparently across the Internet.</para> + +<para><emphasis remap=bf>Mopping up:</emphasis> +<itemizedlist> + +<listitem> +<para>Click on the "OK" button to close the TCP/IP Properties section. +</para> +</listitem> + +<listitem> +<para>Click on the "Close" button to close the Network Control Panel. +</para> +</listitem> + +<listitem> +<para>Restart your computer if prompted to do so.</para> +</listitem> + +</itemizedlist> +</para> + +<para>That's it!</para> + +</sect1> + +<sect1> +<title>Configuring Windows for Workgroups</title> + +<para>Configuring Windows for Workgroups to act as a network client +requires that the Microsoft TCP/IP-32 driver diskette has been +installed on the workstation. The TCP/IP drivers are not included +with the WfW CD or diskettes; if you need a copy they're available at +<ulink URL="ftp://ftp.microsoft.com:/peropsys/windows/public/tcpip">ftp://ftp.microsoft.com:/peropsys/windows/public/tcpip</ulink>.</para> + +<para>Once the TCP/IP drivers have been loaded, perform the following +steps:</para> + +<para><emphasis remap=bf>Create the Windows for Workgroups "hosts" file:</emphasis></para> + +<para>In order to connect to the other TCP/IP systems on the LAN you'll +need to create an identical copy of the "hosts" file that you +installed on the FreeBSD system in Section 3.4. +<itemizedlist> + +<listitem> +<para>In Program Manager, click the "File" button; select "Run"; and +enter: "notepad \WINDOWS\HOSTS" (without the quotes) and click "OK"</para> +</listitem> + +<listitem> +<para>In the editor, enter the addresses and system names from the hosts +file shown in Section 3.4.</para> +</listitem> + +<listitem> +<para>When finished editing, close the notepad application (making sure +that you save the file!).</para> +</listitem> + +</itemizedlist> +</para> + +<para><emphasis remap=bf>Configure the Windows 95 TCP/IP Network Configuation +settings</emphasis> +<itemizedlist> + +<listitem> +<para>In the main window of Program Manager, open the "Network" group by +double-clicking the icon. </para> +</listitem> + +<listitem> +<para>Double click on the "Network Setup" icon. </para> +</listitem> + +<listitem> +<para>In the "Network Drivers Box" double-click the "Microsoft +TCP/IP-32" entry. </para> +</listitem> + +</itemizedlist> +</para> + +<para><emphasis remap=bf>Configure the Windows for Workgroups IP Address:</emphasis> </para> + +<para>Ensure +the correct Ethernet Interface is selected in the "Adapter" list. If +not, scroll down until it is displayed and select it by clicking on +it. +<itemizedlist> + +<listitem> +<para>Ensure that the "Enable Automatic DHCP Configuration" check box is +blank. If it is checked, click it to remove the "X".</para> +</listitem> + +<listitem> +<para>In our example LAN the Windows for Workgroups system is the one +we've called "Moe"; in the "IP Address" field enter "192.168.1.3".</para> +</listitem> + +<listitem> +<para>Enter 255.255.255.0 in the "Subnet Mask" field.</para> +</listitem> + +</itemizedlist> +</para> + +<para><emphasis remap=bf>Configure the Gateway information:</emphasis></para> + +<para>For our example network the FreeBSD box will be acting as our +gateway to the Internet (routing packets between the Ethernet LAN and +the PPP dial-up connection). +<itemizedlist> + +<listitem> +<para>Enter the IP address of the FreeBSD system, 192.168.1.1, in the +"Default Gateway" field.</para> +</listitem> + +</itemizedlist> +</para> + +<para><emphasis remap=bf>Configuring DNS:</emphasis></para> + +<para>Again, this guide assumes that your Internet Service Provider has +given you a list of Domain Name Servers (or "DNS Servers") that you +should use. If you wish to run a DNS server on your local FreeBSD +system, refer to Section 6, "Exercise for the Interested Student" for +tips on setting up DNS on your FreeBSD system. +<itemizedlist> + +<listitem> +<para>Click the "DNS" button.</para> +</listitem> + +<listitem> +<para>In the "Host Name" field enter the name of the Windows for +Workgroups box, in this case: "Moe".</para> +</listitem> + +<listitem> +<para>In the "Domain" field enter the name of our local network, in this +case: "my.domain"</para> +</listitem> + +<listitem> +<para>In the "Domain Name Service (DNS) Search Order" section, enter the +IP address of the DNS server that your ISP provided, clicking the "Add" +button after each address is entered. Repeat this step as many times as +necessary to add all of the addresses that your ISP provided.</para> +</listitem> + +<listitem> +<para>Click on the "OK" button to close the DNS Configuration window. +</para> +</listitem> + +</itemizedlist> +</para> + +<para><emphasis remap=bf>Mopping up:</emphasis> +<itemizedlist> + +<listitem> +<para>Click on the "OK" button to close the TCP/IP Configuration window. +</para> +</listitem> + +<listitem> +<para>Click on the "OK" button to close the Network Setup window.</para> +</listitem> + +<listitem> +<para>Reboot your computer if prompted. </para> +</listitem> + +</itemizedlist> +</para> + +<para>That's it!</para> + +</sect1> +</chapter> + +<chapter> +<title>Testing the Network</title> + +<para> Once you've completed that appropriate tasks above you should have +a functioning PPP gateway to the Internet.</para> + + +<sect1> +<title>Testing the Dial-Up link:</title> + +<para> The first thing to test is that the connection is being made +between your modem and the ISP.</para> + +</sect1> + +<sect1> +<title>Testing the Ethernet LAN</title> + +<para> *** TBD ***</para> + +</sect1> +</chapter> + +<chapter> +<title>Exercises for the Interested Student</title> + + +<sect1> +<title>Creating a mini-DNS system</title> + +<para>While managing a Domain Name Service (DNS) hierarchy can be a black +art, it is possible to set up a Mini-DNS server on the FreeBSD system +that also acts as your gateway to your ISP.</para> + +<para>Building on the files in <filename>/etc/namedb</filename> when the FreeBSD +system was installed it's possible to create a name server that is +both authoritative for the example network shown here as well as a +front-door to the Internet DNS architecture.</para> + +<para>In this minimal DNS configuration, only three files are necessary: +<informalexample> +<screen>/etc/namedb/named.boot +/etc/namedb/named.root +/etc/namedb/mydomain.db</screen> +</informalexample> +</para> + +<para>The <filename>/etc/namedb/named.root</filename> file is automatically installed +as part of the FreeBSD base installation; the other two files must be +created manually.</para> + + +<sect2> +<title>The <filename>/etc/namedb/named.boot</filename> file</title> + +<para>The <filename>/etc/namedb/named.boot</filename> file controls the startup +settings of the DNS server. +Esentially, it tells the Name Server: +<orderedlist> + +<listitem> +<para>Where to find configuration files,</para> +</listitem> + +<listitem> +<para>What "domain names" it's responsible for, and</para> +</listitem> + +<listitem> +<para>Where to find other DNS servers.</para> +</listitem> + +</orderedlist> +</para> + +<para>Using the '<emphasis remap=tt>ee</emphasis>' editor, create a +<filename>/etc/namedb/named.boot</filename> with the following contents: +<informalexample> +<screen>; boot file for mini-name server + +directory /etc/namedb + +; type domain source host/file backup file + +cache . named.root +primary my.domain. mydomain.db</screen> +</informalexample> +</para> + +<para>Lines that begin with a semi-colon are comments. The significant +lines in this file are: +<itemizedlist> + +<listitem> +<para><command>directory /etc/namedb</command> +</para> + +<para>Tells the Name Server where to find the configuration files +referenced in the remaining sections of the +'<filename>/etc/namedb/named.boot</filename>' file.</para> +</listitem> + +<listitem> +<para><emphasis remap=tt>cache . named.root</emphasis> +</para> + +<para>Tells the Name Server that the list of "Top-Level" DNS servers for +the Internet can be found in a file called '<filename>named.root</filename>'. +(This file is included in the base installation and its +contents are not described in this document.)</para> +</listitem> + +<listitem> +<para><emphasis remap=tt>primary my.domain. mydomain.db</emphasis> +</para> + +<para>Tells the Name Server that it will be "authoritative" for a DNS +domain called "my.domain" and that a list of names and IP addresses +for the systems in "my.domain" (the local network) +can be found in a file named '<filename>mydomain.db</filename>'.</para> +</listitem> + +</itemizedlist> +</para> + +<para>Once the <filename>/etc/namedb/named.boot</filename> file has been created and +saved, proceed to the next section to create the +<filename>/etc/namedb/mydomain.db</filename> file.</para> + +</sect2> + +<sect2> +<title>The <filename>/etc/namedb/mydomain.db</filename> file</title> + +<para>The <filename>/etc/namedb/mydomain.db</filename> file lists the names and IP +addresses of <emphasis>every</emphasis> system in the Local Area Network.</para> + +<para><emphasis>For a detailed description of the statements used in this file, +refer to the <emphasis remap=tt>named</emphasis> manpage.</emphasis></para> + +<para>The <filename>/etc/namedb/mydomain.db</filename> file for our minimal DNS +server has the following contents: +<informalexample> +<screen>@ IN SOA my.domain. root.my.domain. ( + 961230 ; Serial + 3600 ; Refresh + 300 ; Retry + 3600000 ; Expire + 3600 ) ; Minimum + IN NS curly.my.domain. + +curly.my.domain. IN A 192.168.1.1 # The FreeBSD box +larry.my.domain. IN A 192.168.1.2 # The Win'95 box +moe.my.domain. IN A 192.168.1.3 # The WfW box +shemp.my.domain. IN A 192.168.1.4 # The Windows NT box + +$ORIGIN 1.168.192.IN-ADDR.ARPA + IN NS curly.my.domain. +1 IN PTR curly.my.domain. +2 IN PTR larry.my.domain. +3 IN PTR moe.my.domain. +4 IN PTR shemp.my.domain. + +$ORIGIN 0.0.127.IN-ADDR.ARPA + IN NS curly.my.domain. +1 IN PTR localhost.my.domain.</screen> +</informalexample> +</para> + +<para>In simple terms, this file declares that the local DNS server is: +<itemizedlist> + +<listitem> +<para>The Start of Authority for ("SOA") for a domain called +'my.domain',</para> +</listitem> + +<listitem> +<para>The Name Server ("NS") for 'my.domain',</para> +</listitem> + +<listitem> +<para>Responsible for the reverse-mapping for all IP addresses that +start with '192.168.1.' and +'127.0.0.' ("$ORIGIN ...")</para> +</listitem> + +</itemizedlist> +</para> + +<para>To add workstation entries to this file you'll need to add two +lines for each system; one in the top section where the name(s) are +mapped into Internet Addresses ("IN A"), and another line that maps +the addresses back into names in the <filename>$ORIGIN +1.168.192.IN-ADDR.ARPA</filename> section.</para> + +</sect2> + +<sect2> +<title>Starting the DNS Server</title> + +<para>By default the DNS server ('<filename>/usr/sbin/named</filename>') is not +started when the system boots. You can modify this behavior by +changing a single line in '<filename>/etc/rc.conf</filename>' as follows:</para> + +<para> Using the '<emphasis remap=tt>ee</emphasis>' editor, load <filename>/etc/rc.conf</filename>. Scroll +down approximately 40 lines until you come to the section that says: +<informalexample> +<screen>--- +named_enable="NO" # Run named, the DNS server (or NO). +named_flags="-b /etc/namedb/named.boot" # Flags to named (if enabled). +---</screen> +</informalexample> + +Change this section to read: +<informalexample> +<screen>--- +named_enable="YES" # Run named, the DNS server (or NO). +named_flags="-b /etc/namedb/named.boot" # Flags to named (if enabled). +---</screen> +</informalexample> + +Save the file and reboot.</para> + +<para>Alternatively, start the Name Server daemon by entering the following +command: +<informalexample> +<screen># named -b /etc/namedb/named.boot</screen> +</informalexample> +</para> + +<para>Whenever you modify any of the files in <filename>/etc/namedb</filename> you'll +need to kick-start the Name Server process to make it pick up the +modifications. This is performed with the following system command: +<informalexample> +<screen># kill -HUP `cat /var/run/named.pid`</screen> +</informalexample> +</para> + +</sect2> +</sect1> + +<sect1> +<title>Playing with PPP filters</title> + +<para>The PPP program has the ability to apply selected filtering rules +to the traffic it routes. While this is not nearly as secure as a +formal firewall it does provide some access control as to how the link +is used.</para> + +<para>('<emphasis remap=tt>man ipfw</emphasis>' for information on setting up a more secure +FreeBSD system.)</para> + +<para>The complete documentation for the various filters and rules under +PPP are availabe in the PPP manpage.</para> + +<para>There are four distinct classes of rules which may be applied to +the PPP program: +<itemizedlist> + +<listitem> +<para><emphasis remap=tt>afilter</emphasis> - Access Counter (or "Keep Alive") filters +</para> + +<para>These control which events are ignored by the <literal>set timeout=</literal> +statement in the configuration file.</para> +</listitem> + +<listitem> +<para><emphasis remap=tt>dfilter</emphasis> - Dialing filters +</para> + +<para>These filtering rules control which events are ignored by the +demand-dial mode of PPP.</para> +</listitem> + +<listitem> +<para><emphasis remap=tt>ifilter</emphasis> - Input filters +</para> + +<para>Control whether incoming packets should be discarded or passed into +the system.</para> +</listitem> + +<listitem> +<para><emphasis remap=tt>ofilter</emphasis> - Output filters +</para> + +<para>Control whether outgoing packets should be discarded or passed into +the system.</para> +</listitem> + +</itemizedlist> +</para> + +<para>What follows is a snippet from an operating system which provides a +good foundation for "normal" Internet operations while preventing PPP +from pumping <emphasis>all</emphasis> data over the dial-up connection. Comments +briefly describe the logic of each rule set: +<informalexample> +<screen># +# KeepAlive filters +# Don't keep Alive with ICMP,DNS and RIP packet +# + set afilter 0 deny icmp + set afilter 1 deny udp src eq 53 + set afilter 2 deny udp dst eq 53 + set afilter 3 deny udp src eq 520 + set afilter 4 deny udp dst eq 520 + set afilter 5 permit 0/0 0/0 +# +# Dial Filters: +# Note: ICMP will trigger a dial-out in this configuration! +# + set dfilter 0 permit 0/0 0/0 +# +# Allow ident packet pass through +# + set ifilter 0 permit tcp dst eq 113 + set ofilter 0 permit tcp src eq 113 +# +# Allow telnet connection to the Internet +# + set ifilter 1 permit tcp src eq 23 estab + set ofilter 1 permit tcp dst eq 23 +# +# Allow ftp access to the Internet +# + set ifilter 2 permit tcp src eq 21 estab + set ofilter 2 permit tcp dst eq 21 + set ifilter 3 permit tcp src eq 20 dst gt 1023 + set ofilter 3 permit tcp dst eq 20 +# +# Allow access to DNS lookups +# + set ifilter 4 permit udp src eq 53 + set ofilter 4 permit udp dst eq 53 +# +# Allow DNS Zone Transfers +# + set ifilter 5 permit tcp src eq 53 + set ofilter 5 permit tcp dst eq 53 +# +# Allow access from/to local network +# + set ifilter 6 permit 0/0 192.168.1.0/24 + set ofilter 6 permit 192.168.1.0/24 0/0 +# +# Allow ping and traceroute response +# + set ifilter 7 permit icmp + set ofilter 7 permit icmp + set ifilter 8 permit udp dst gt 33433 + set ofilter 9 permit udp dst gt 33433 +# +# Allow cvsup +# + set ifilter 9 permit tcp src eq 5998 + set ofilter 9 permit tcp dst eq 5998 + set ifilter 10 permit tcp src eq 5999 + set ofilter 10 permit tcp dst eq 5999 +# +# Allow NTP for Time Synchronization +# + set ifilter 11 permit tcp src eq 123 dst eq 123 + set ofilter 11 permit tcp src eq 123 dst eq 123 + set ifilter 12 permit udp src eq 123 dst eq 123 + set ofilter 12 permit udp src eq 123 dst eq 123 +# +# SMTP'd be a good idea! +# + set ifilter 13 permit tcp src eq 25 + set ofilter 13 permit tcp dst eq 25 +# +# +# We use a lot of `whois`, let's pass that +# + set ifilter 14 permit tcp src eq 43 + set ofilter 14 permit tcp dst eq 43 + set ifilter 15 permit udp src eq 43 + set ofilter 15 permit udp dst eq 43 +# +# If none of above rules matches, then packet is blocked. +#-------</screen> +</informalexample> +</para> + +<para>Up to 20 distinct filtering rules can be applied to each class of +filter. Rules in each class are number sequentially from 0 to 20 +<emphasis>but none of the rules for a particular filter class take affect +until ruleset '0' is defined!</emphasis></para> + +<para>If you choose <emphasis>not</emphasis> to use Filtering Rules in the PPP +configuration then <acronym>ALL</acronym> traffic will be permitted both into and +out of your system while it's connected to your ISP.</para> + +<para>If you decide that you want to implement filtering rules, add the +above lines to your <filename>/etc/ppp/ppp.conf</filename> file in either the +"default:", "demand:", or "interactive:" section (or all of them - the +choice is yours).</para> + +</sect1> +</chapter> +</book> |