diff options
Diffstat (limited to 'en/handbook/ppp-and-slip/chapter.sgml')
| -rw-r--r-- | en/handbook/ppp-and-slip/chapter.sgml | 2568 |
1 files changed, 0 insertions, 2568 deletions
diff --git a/en/handbook/ppp-and-slip/chapter.sgml b/en/handbook/ppp-and-slip/chapter.sgml deleted file mode 100644 index a83def5913..0000000000 --- a/en/handbook/ppp-and-slip/chapter.sgml +++ /dev/null @@ -1,2568 +0,0 @@ - <chapter id="ppp-and-slip"> - <title>PPP and SLIP</title> - - <para>If your connection to the Internet is through a modem, or you wish - to provide other people with dialup connections to the Internet using - FreeBSD, you have the option of using PPP or SLIP. Furthermore, two - varieties of PPP are provided: <emphasis>user</emphasis> (sometimes - referred to as <emphasis>iijppp</emphasis>) and <emphasis>kernel</emphasis>. The - procedures for configuring both types of PPP, and for setting up SLIP - are described in this chapter.</para> - - - <sect1 id="userppp"> - <title>Setting up User PPP</title> - - <para>User PPP was introduced to FreeBSD in release 2.0.5 as an - addition to the existing kernel implementation of PPP. So, what is - different about this new PPP that warrants its addition? To quote - from the manual page:</para> - - - <blockquote> - <para>This is a user process PPP software package. Normally, PPP - is implemented as a part of the kernel (e.g. as managed by <command>pppd</command>) - and it is thus somewhat hard to debug and/or modify its - behavior. However, in this implementation PPP is done as a user - process with the help of the tunnel device driver (tun).</para> - </blockquote> - - - <para>In essence, this means that rather than running a PPP daemon, - the ppp program can be run as and when desired. No PPP interface - needs to be compiled into the kernel, as the program can use the - generic tunnel device to get data into and out of the kernel.</para> - - <para>From here on out, user ppp will be referred to simply as ppp - unless a distinction needs to be made between it and any other PPP - client/server software such as <command>pppd</command>. Unless otherwise stated, all - commands in this section should be executed as root.</para> - - <para>There are a large number of enhancements in version 2 of ppp. You - can discover what version you have by running ppp with no arguments - and typing <command>show version</command> at the prompt. It is a - simple matter to upgrade to the latest version of ppp (under any - version of FreeBSD) by downloading the latest archive via <ulink - url="http://www.Awfulhak.org/ppp.html">www.Awfulhak.org</ulink>.</para> - - <sect2> - <title>Before you start</title> - - <para>This document assumes you are in roughly this position:</para> - - <para>You have an account with an Internet Service Provider (ISP) - which lets you use PPP. Further, you have a modem (or other - device) connected and configured correctly which allows you to - connect to your ISP.</para> - - <para>You are going to need the following information to - hand:</para> - - - <itemizedlist> - - <listitem> - <para>Your ISPs phone number(s).</para> - </listitem> - - <listitem> - <para>Your login name and password. This can be either a - regular unix style login/password pair, or a PPP PAP or CHAP - login/password pair.</para> - </listitem> - - <listitem> - <para>The IP addresses of one or more nameservers. Normally, - you will be given two IP numbers. You - <emphasis>must</emphasis> have this information for - <application>PPP</application> version 1.x unless you run - your own nameserver. From version 2 onwards, - <application>PPP</application> supports nameserver address - negotiation. If your ISP supports this, then using the command - <command>enable dns</command> in your config file will tell - <application>PPP</application> to set the nameservers for - you.</para> - </listitem> - </itemizedlist> - - <para>The following information may have been supplied by your ISP, - but is not strictly necessary:</para> - - <itemizedlist> - <listitem> - <para>The IP address of your ISP's gateway. The gateway is the - machine to which you will connect and will be set up as your - <emphasis>default route</emphasis>. If your ISP hasn't given - you this number, we can make one up and your ISP's PPP server - will tell us the correct value when we connect.</para> - - <para>This IP number is referred to as <literal>HISADDR</literal> - by ppp.</para> - </listitem> - - <listitem> - <para>Your ISP's netmask. If your ISP hasn't given you this - information, you can safely use a netmask of <hostid - role="netmask">255.255.255.0</hostid>.</para> - - <para>If your ISP allocates you a static IP address and hostname - then you can enter this information. Otherwise, we simply let the - peer assign whatever IP number it sees fit.</para> - </listitem> - </itemizedlist> - - <para>If you do not have any of the required information, contact - your ISP and make sure they provide it to you.</para> - - </sect2> - - <sect2> - <title>Building a ppp ready kernel</title> - - <para>As the description states, <command>ppp</command> uses the kernel <devicename>tun</devicename> - device. It is necessary to make sure that your kernel has support - for this device compiled in.</para> - - <para>To check this, go to your kernel compile directory - (<filename>/sys/i386/conf</filename> or - <filename>/sys/pc98/conf</filename>) and examine your kernel - configuration file. It needs to have the line - - <programlisting> -pseudo-device tun 1</programlisting> - - in it somewhere. The stock <filename>GENERIC</filename> kernel - has this as standard, so if you have not installed a custom kernel - or you do not have a <filename>/sys</filename> directory, you do not have to change - anything.</para> - - <para>If your kernel configuration file does not have this line in - it, or you need to configure more than one tun device (for - example, if you are setting up a server and could have 16 dialup - ppp connections at any one time then you will need to use <literal>16</literal> - instead of <literal>1</literal>), then you should add the line, re-compile, - re-install and boot the new kernel. Please refer to the - <link linkend="kernelconfig">Configuring the FreeBSD - Kernel</link> section for more information on kernel - configuration.</para> - - <para>You can check how many tunnel devices your current kernel has - by typing the following:</para> - - - <informalexample> - <screen>&prompt.root; <userinput>ifconfig -a</userinput> -tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500 - inet 200.10.100.1 --> 203.10.100.24 netmask 0xffffffff -tun1: flags=8050<POINTOPOINT,RUNNING,MULTICAST> mtu 576 -tun2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500 - inet 203.10.100.1 --> 203.10.100.20 netmask 0xffffffff -tun3: flags=8010<POINTOPOINT,MULTICAST> mtu 1500</screen> - </informalexample> - - <para>This case shows four tunnel devices, two of which are - currently configured and being used. It should be noted that the - <literal>RUNNING</literal> flag above indicates that the interface has - been used at some point—it is not an error if your interface does - not show up as <literal>RUNNING</literal>.</para> - - <para>If you have a kernel without the tun device, and you can not - rebuild it for some reason, all is not lost. You should be able - to dynamically load the code. Refer to the appropriate <citerefentry><refentrytitle>modload</refentrytitle><manvolnum>8</manvolnum></citerefentry> - and <citerefentry><refentrytitle>lkm</refentrytitle><manvolnum>4</manvolnum></citerefentry> pages for further details.</para> - - <para>You may also wish to take this opportunity to configure a - firewall. Details can be found in the <link linkend="firewalls">Firewalls</link> section.</para> - - </sect2> - - <sect2> - <title>Check the tun device</title> - - <para>Most users will only require one <devicename>tun</devicename> device (<filename>/dev/tun0</filename>). If you - have used more (i.e., a number other than <literal>1</literal> in the <literal>pseudo-device</literal> - line in the kernel configuration file) then alter all references - to <devicename>tun0</devicename> below to reflect whichever device number you are - using.</para> - - <para>The easiest way to make sure that the <devicename>tun0</devicename> device is - configured correctly is to re-make it. To do this, execute the - following commands:</para> - - - <informalexample> - <screen>&prompt.root; <userinput>cd /dev</userinput> -&prompt.root; <userinput>./MAKEDEV tun0</userinput></screen> - </informalexample> - - <para>If you require 16 tunnel devices in your kernel, you will need - to create more than just tun0:</para> - - - <informalexample> - <screen>&prompt.root; <userinput>cd /dev</userinput> -&prompt.root; <userinput>./MAKEDEV tun15</userinput></screen> - </informalexample> - - <para>Also, to confirm that the kernel is configured correctly, the - following command should give the indicated output:</para> - - - <informalexample> - <screen>&prompt.root; <userinput>ifconfig tun0</userinput> -tun0: flags=8050<POINTOPOINT,RUNNING,MULTICAST> mtu 1500</screen> - </informalexample> - - <para>The <literal>RUNNING</literal> flag may not yet be set, in which - case you will see:</para> - - <informalexample> - <screen>&prompt.root; <userinput>ifconfig tun0</userinput> -tun0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500</screen> - </informalexample> - </sect2> - - <sect2> - <title>Name Resolution Configuration</title> - - <para>The resolver is the part of the system that turns IP addresses - into hostnames and vice versa. It can be configured to look for - maps that describe IP to hostname mappings in one of two places. - The first is a file called <filename>/etc/hosts</filename> - (<command>man 5 hosts</command>). The second is the - Internet Domain Name Service (DNS), a distributed data base, the - discussion of which is beyond the scope of this document.</para> - - <para>This section describes briefly how to configure your - resolver.</para> - - <para>The resolver is a set of system calls that do the name - mappings, but you have to tell them where to find their - information. You do this by first editing the file - <filename>/etc/host.conf</filename>. Do <emphasis>not</emphasis> call this file - <filename>/etc/hosts.conf</filename> (note the extra <literal>s</literal>) as the - results can be confusing.</para> - - - <sect3> - <title>Edit the <filename>/etc/host.conf</filename> file</title> - - <para>This file should contain the following two lines (in this -order):</para> - - - <programlisting> -hosts -bind</programlisting> - - <para>These instructs the resolver to first look in - the file <filename>/etc/hosts</filename>, and then to consult - the DNS if the name was not found.</para> - - </sect3> - - <sect3> - <title>Edit the <filename>/etc/hosts</filename>(5) file</title> - - <para>This file should contain the IP addresses and names of - machines on your network. At a bare minimum it should contain - entries for the machine which will be running ppp. Assuming that - your machine is called <hostid role="fqdn">foo.bar.com</hostid> - with the IP address <hostid role="ipaddr">10.0.0.1</hostid>, - <filename>/etc/hosts</filename> should contain:</para> - - <programlisting> -127.0.0.1 localhost -10.0.0.1 foo.bar.com foo</programlisting> - - <para>The first line defines the alias <hostid>localhost</hostid> as a synonym - for the current machine. Regardless of your own IP address, the - IP address for this line should always be <hostid role="ipaddr">127.0.0.1</hostid>. The second - line maps the name <hostid role="fqdn">foo.bar.com</hostid> (and the shorthand <hostid>foo</hostid>) - to the IP address <hostid role="ipaddr">10.0.0.1</hostid>.</para> - - <para>If your provider allocates you a static IP address and name, - then use these in place of the <hostid role="ipaddr">10.0.0.1</hostid> entry.</para> - - </sect3> - - <sect3> - <title>Edit the <filename>/etc/resolv.conf</filename> file</title> - - <para><filename>/etc/resolv.conf</filename> tells the resolver how - to behave. If you are running your own DNS, you may leave this - file empty. Normally, you will need to enter the following - line(s):</para> - - <programlisting> -nameserver <replaceable>x.x.x.x</replaceable> -nameserver <replaceable>y.y.y.y</replaceable> -domain <replaceable>bar.com</replaceable></programlisting> - - <para>The <hostid - role="ipaddr"><replaceable>x.x.x.x</replaceable></hostid> and - <hostid role="ipaddr"><replaceable>y.y.y.y</replaceable></hostid> addresses are those given to you - by your ISP. Add as many <literal>nameserver</literal> lines as your ISP - provides. The <literal>domain</literal> line defaults to your hostname's - domain, and is probably unnecessary. Refer to the <filename>resolv.conf</filename> - manual page for details of other possible entries in this - file.</para> - - <para>If you are running PPP version 2 or greater, the <command>enable - dns</command> command will tell PPP to request that your ISP - confirms the nameserver values. If your ISP supplies different - addresses (or if there are no nameserver lines in - <filename>/etc/resolv.conf</filename>), PPP will rewrite the file - with the ISP-supplied values.</para> - </sect3> - </sect2> - - <sect2> - <title><command>ppp</command> Configuration</title> - - <para>Both user ppp and <command>pppd</command> (the kernel level implementation of - PPP) use configuration files located in the - <filename>/etc/ppp</filename> directory. The sample configuration - files provided are a good reference for user ppp, so don't delete - them.</para> - - <para>Configuring <command>ppp</command> requires that you edit a number of files, - depending on your requirements. What you put in them depends to - some extent on whether your ISP allocates IP addresses statically - (i.e., you get given one IP address, and always use that one) or - dynamically (i.e., your IP address can be different for each PPP - session).</para> - - - <sect3 id="userppp-staticIP"> - <title>PPP and Static IP addresses</title> - - <para>You will need to create a configuration file called - <filename>/etc/ppp/ppp.conf</filename>. It should look similar - to the example below.</para> - - <note> - <para>Lines that end in a <literal>:</literal> start in the first column, all - other lines should be indented as shown using spaces or - tabs.</para> - </note> - - - <programlisting> -1 default: -2 set device /dev/cuaa0 -3 set speed 115200 -4 set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" ATE1Q0 OK-AT-OK \\dATDT\\TTIMEOUT 40 CONNECT" -5 provider: -6 set phone "(0123) 456 7890" -7 set login "TIMEOUT 10 \"\" \"\" gin:--gin: foo word: bar col: ppp" -8 set timeout 300 -9 set ifaddr <replaceable>x.x.x.x</replaceable> <replaceable>y.y.y.y</replaceable> 255.255.255.0 0.0.0.0 -10 add default HISADDR -11 enable dns</programlisting> - - <para>Do not include the line numbers, they are - just for reference in this discussion.</para> - - - <variablelist> - <varlistentry><term>Line 1:</term> - <listitem> - <para>Identifies the default entry. Commands in this - entry are executed automatically when ppp is run.</para> - </listitem> - </varlistentry> - - <varlistentry><term>Line 2:</term> - - <listitem> - <para>Identifies the device to which the modem is - connected. <devicename>COM1:</devicename> is <filename>/dev/cuaa0</filename> and - <devicename>COM2:</devicename> is <filename>/dev/cuaa1</filename>.</para> - </listitem> - </varlistentry> - - <varlistentry><term>Line 3:</term> - - <listitem> - <para>Sets the speed you want to connect at. If 115200 - doesn't work (it should with any reasonably new modem), - try 38400 instead.</para> - </listitem> - </varlistentry> - - <varlistentry><term>Line 4:</term> - - <listitem> - <para>The dial string. User PPP uses an expect-send - syntax similar to the <citerefentry><refentrytitle>chat</refentrytitle><manvolnum>8</manvolnum></citerefentry> - program. Refer to the manual page for information on - the features of this language.</para> - </listitem> - </varlistentry> - - <varlistentry><term>Line 5:</term> - - <listitem> - <para>Identifies an entry for a provider called - “provider”.</para> - </listitem> - </varlistentry> - - <varlistentry><term>Line 6:</term> - - <listitem> - <para>Sets the phone number for this provider. Multiple - phone numbers may be specified using the - <literal>:</literal> or <literal>|</literal> - character as a separator. The difference between these - spearators is described in the ppp manual page. To - summarize, if you want to rotate through the numbers, - use the <literal>:</literal>. If you want to always attempt to dial - the first number first and only use the other numbers if - the first number fails, use the <literal>|</literal>. Always quote the - entire set of phone numbers as shown.</para> - </listitem> - </varlistentry> - - <varlistentry><term>Line 7:</term> - - <listitem> - <para>The login string is of the same chat-like syntax as - the dial string. In this example, the string works for - a service whose login session looks like this:</para> - - - <informalexample> - <screen>J. Random Provider -login: <replaceable>foo</replaceable> -password: <replaceable>bar</replaceable> -protocol: ppp</screen> - </informalexample> - - <para>You will need to alter this script to suit your own - needs. When you write this script for the first time, - you should enable “chat” logging to ensure that - the conversation is going as expected.</para> - - <para>If you're using PAP or CHAP, there will be no - login at this point, so your login string can be left - blank. See - <link linkend="userppp-PAPnCHAP">PAP and CHAP - authentication</link> for further details.</para> - </listitem> - </varlistentry> - - <varlistentry><term>Line 8:</term> - - <listitem> - <para>Sets the default timeout (in seconds) for the - connection. Here, the connection will be closed - automatically after 300 seconds of inactivity. If you - never want to timeout, set this value to zero.</para> - </listitem> - </varlistentry> - - <varlistentry><term>Line 9:</term> - - <listitem> - <para>Sets the interface addresses. The string <replaceable>x.x.x.x</replaceable> - should be replaced by the IP address that your provider - has allocated to you. The string <replaceable>y.y.y.y</replaceable> should be - replaced by the IP address that your ISP indicated for - their gateway (the machine to which you connect). If - your ISP hasn't given you a gateway address, use - <hostid role="netmask">10.0.0.2/0</hostid>. If you need - to use a “guessed” address, make sure that you create - an entry in <filename>/etc/ppp/ppp.linkup</filename> as - per the instructions for - <link linkend="userppp-dynamicIP">PPP and Dynamic - IP addresses</link>. If this line is omitted, <command>ppp</command> cannot - run in <option>-auto</option> or - <option>-dynamic</option> mode.</para> - </listitem> - </varlistentry> - - <varlistentry><term>Line 10:</term> - - <listitem> - <para>Adds a default route to your ISPs gateway. The - special word <literal>HISADDR</literal> is replaced with - the gateway address specified on line 9. It is - important that this line appears after line 9, otherwise - <literal>HISADDR</literal> will not yet be - initialized.</para> - - </listitem> - </varlistentry> - - <varlistentry> - <term>Line 11:</term> - - <listitem> - <para>This line tells PPP to ask your ISP to confirm that your - nameserver addresses are correct. If your ISP supports this - facility, PPP can then update - <filename>/etc/resolv.conf</filename> with the correct - nameserver entries.</para> - </listitem> - </varlistentry> - </variablelist> - - <para>It is not necessary to add an entry to - <filename>ppp.linkup</filename> when you have a static IP - address as your routing table entries are already correct before - you connect. You may however wish to create an entry to invoke - programs after connection. This is explained later with the - sendmail example.</para> - - <para>Example configuration files can be found in the - <filename>/etc/ppp</filename> directory.</para> - - </sect3> - - <sect3 id="userppp-dynamicIP"> - <title>PPP and Dynamic IP addresses</title> - - <para>If your service provider does not assign static IP numbers, - <command>ppp</command> can be configured to negotiate - the local and remote addresses. This is done by “guessing” an - IP number and allowing <command>ppp</command> to set it up correctly using the IP - Configuration Protocol (IPCP) after connecting. The - <filename>ppp.conf</filename> configuration is the same as <link - linkend="userppp-staticIP">PPP and - Static IP addresses</link>, with the following change:</para> - - <programlisting> -9 set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0</programlisting> - - <para>Again, do not include the line numbers, they are just for - reference in this discussion. Indentation of at least one space - is required.</para> - - - <variablelist> - <varlistentry><term>Line 9:</term> - <listitem> - <para>The number after the <literal>/</literal> character is the number - of bits of the address that ppp will insist on. You may - wish to use IP numbers more appropriate to your - circumstances, but the above example will always - work.</para> - - <para>The last argument (<literal>0.0.0.0</literal>) tells PPP - to negotiate using address <hostid - role="ipaddr">0.0.0.0</hostid> rather than <hostid - role="ipaddr">10.0.0.1</hostid>. Do not use - <literal>0.0.0.0</literal> as the first argument to - <command>set ifaddr</command> as it prevents PPP from setting - up an intial route in <option>-auto</option> mode.</para> - - </listitem> - </varlistentry> - </variablelist> - - - <para>If you are running version 1.x of PPP, uou will also need to create an entry in - <filename>/etc/ppp/ppp.linkup</filename>. - <filename>ppp.linkup</filename> is used after a connection has - been established. At this point, <command>ppp</command> will know what IP - addresses should <emphasis>really</emphasis> be used. - The following entry will delete the existing bogus routes, and - create correct ones:</para> - - <programlisting> -1 provider: -2 delete ALL -3 add 0 0 HISADDR</programlisting> - - - <variablelist> - <varlistentry><term>Line 1:</term> - <listitem> - <para>On establishing a connection, <command>ppp</command> will look for an - entry in <filename>ppp.linkup</filename> according to - the following rules: First, try to match the same label - as we used in <filename>ppp.conf</filename>. If that - fails, look for an entry for the IP number of our - gateway. This entry is a four-octet IP style label. If - we still haven't found an entry, look for the - <literal>MYADDR</literal> entry.</para> - </listitem> - </varlistentry> - - <varlistentry><term>Line 2:</term> - - <listitem> - <para>This line tells <command>ppp</command> to delete all existing routes - for the acquired tun interface (except the direct route - entry).</para> - </listitem> - </varlistentry> - - <varlistentry><term>Line 3:</term> - - <listitem> - <para>This line tells <command>ppp</command> to add a default route that - points to <literal>HISADDR</literal>. - <literal>HISADDR</literal> will be replaced with the IP - number of the gateway as negotiated in the IPCP.</para> - - </listitem> - </varlistentry> - </variablelist> - - - <para>See the pmdemand entry in the files - <filename>/etc/ppp/ppp.conf.sample</filename> and - <filename>/etc/ppp/ppp.linkup.sample</filename> for a detailed - example.</para> - - <para>Version 2 of PPP introduces “sticky routes”. Any - <literal>add</literal> or <literal>delete</literal> lines that - contain <literal>MYADDR</literal> or <literal>HISADDR</literal> will - be remembered, and any time the actual values of - <literal>MYADDR</literal> or <literal>HISADDR</literal> change, the - routes will be re-applied. This removes the necessity of repeating - these lines in <filename>ppp.linkup</filename>.</para> - </sect3> - - <sect3> - <title>Receiving incoming calls with <command>ppp</command></title> - - <para>This section describes setting up <command>ppp</command> in a server - role.</para> - - <para>When you configure <command>ppp</command> to - receive incoming calls on a machine connected to a LAN, you must decide if you wish to - forward packets to the LAN. If you do, you should allocate the - peer an IP number from your LAN's subet, and use the command - - <programlisting> -enable proxy</programlisting> - - in your <filename>ppp.conf</filename> file. You should also - confirm that the <filename>/etc/rc.conf</filename> file (this file - used to be called <filename>/etc/sysconfig</filename>) contains the - following:</para> - - <programlisting> -gateway=YES</programlisting> - - <sect4> - <title>Which getty?</title> - - <para><link linkend="dialup">Configuring FreeBSD for - Dialup Services</link> provides a good description on enabling - dialup services using getty.</para> - - <para>An alternative to <command>getty</command> is <ulink - URL="http://www.leo.org/~doering/mgetty/index.html">mgetty</ulink>, a smarter version of <command>getty</command> designed with dialup lines in mind.</para> - - <para>The advantages of using <command>mgetty</command> is that it actively - <emphasis>talks</emphasis> to modems, meaning if port is - turned off in <filename>/etc/ttys</filename> then your modem - won't answer the phone.</para> - - <para>Later versions of <command>mgetty</command> (from 0.99beta onwards) also - support the automatic detection of PPP streams, allowing your - clients script-less access to your server.</para> - - <para>Refer to <link linkend="userppp-mgetty">Mgetty and - AutoPPP</link> for more information on <command>mgetty</command>.</para> - - </sect4> - - <sect4> - <title>PPP permissions</title> - - <para><command>ppp</command> must normally be run as user id 0. If however you - wish to allow <command>ppp</command> to run in server mode as a normal user by - executing <command>ppp</command> as described below, that user must be given - permission to run <command>ppp</command> by adding them to the - <username>network</username> group in - <filename>/etc/group</filename>.</para> - - <para>You will also need to give them access to one or more sections - of the configuration file using the <command>allow</command> - command:</para> - - <programlisting> -allow users fred mary</programlisting> - - <para>If this command is used in the <literal>default</literal> - section, it gives the specified users access to everything.</para> - </sect4> - - <sect4> - <title>Setting up a PPP shell for dynamic-IP users</title> - - <para>Create a file called - <filename>/etc/ppp/ppp-shell</filename> containing the - following:</para> - - <programlisting> -#!/bin/sh -IDENT=`echo $0 | sed -e 's/^.*-\(.*\)$/\1/'` -CALLEDAS="$IDENT" -TTY=`tty` - -if [ x$IDENT = xdialup ]; then - IDENT=`basename $TTY` -fi - -echo "PPP for $CALLEDAS on $TTY" -echo "Starting PPP for $IDENT" - -exec /usr/sbin/ppp -direct $IDENT</programlisting> - - <para>This script should be executable. Now make a symbolic - link called <filename>ppp-dialup</filename> to this script - using the following commands:</para> - - <informalexample> - <screen>&prompt.root; <userinput>ln -s ppp-shell /etc/ppp/ppp-dialup</userinput></screen> - </informalexample> - - <para>You should use this script as the - <emphasis>shell</emphasis> for all your dialup ppp users. - This is an example from <filename>/etc/password</filename> for - a dialup PPP user with username <username>pchilds</username>. (remember don't - directly edit the password file, use <command>vipw</command>)</para> - - <programlisting> -pchilds:*:1011:300:Peter Childs PPP:/home/ppp:/etc/ppp/ppp-dialup</programlisting> - - <para>Create a <filename>/home/ppp</filename> directory that is - world readable containing the following 0 byte files - - - <informalexample> - <screen>-r--r--r-- 1 root wheel 0 May 27 02:23 .hushlogin --r--r--r-- 1 root wheel 0 May 27 02:22 .rhosts</screen> - </informalexample> - - which prevents <filename>/etc/motd</filename> from being - displayed.</para> - - </sect4> - - <sect4> - <title>Setting up a PPP shell for static-IP users</title> - - <para>Create the <filename>ppp-shell</filename> file as above - and for each account with statically assigned IPs create a - symbolic link to <filename>ppp-shell</filename>.</para> - - <para>For example, if you have three dialup customers <username>fred</username>, <username>sam</username>, - and <username>mary</username>, that you route class C networks for, you would type - the following:</para> - - - <informalexample> - <screen>&prompt.root; <userinput>ln -s /etc/ppp/ppp-shell /etc/ppp/ppp-fred</userinput> -&prompt.root; <userinput>ln -s /etc/ppp/ppp-shell /etc/ppp/ppp-sam</userinput> -&prompt.root; <userinput>ln -s /etc/ppp/ppp-shell /etc/ppp/ppp-mary</userinput></screen> - </informalexample> - - <para>Each of these users dialup accounts should have their - shell set to the symbolic link created above. (ie. <username>mary</username>'s - shell should be - <filename>/etc/ppp/ppp-mary</filename>).</para> - - </sect4> - - <sect4> - <title>Setting up ppp.conf for dynamic-IP users</title> - - <para>The <filename>/etc/ppp/ppp.conf</filename> file should - contain something along the lines of</para> - - <programlisting> -default: - set debug phase lcp chat - set timeout 0 - -ttyd0: - set ifaddr 203.14.100.1 203.14.100.20 255.255.255.255 - enable proxy - -ttyd1: - set ifaddr 203.14.100.1 203.14.100.21 255.255.255.255 - enable proxy</programlisting> - - <note> - <para>The indenting is important.</para> - </note> - - <para>The <literal>default:</literal> section is - loaded for each session. For each dialup line enabled in - <filename>/etc/ttys</filename> create an entry similar to the - one for <literal>ttyd0:</literal> above. Each line - should get a unique IP address from your pool of IP addresses for - dynamic users.</para> - - </sect4> - - <sect4> - <title>Setting up <filename>ppp.conf</filename> for static-IP users</title> - - <para>Along with the contents of the sample - <filename>/etc/ppp/ppp.conf</filename> above you should add a - section for each of the statically assigned dialup users. We - will continue with our <username>fred</username>, <username>sam</username>, and <username>mary</username> example.</para> - - <programlisting> -fred: - set ifaddr 203.14.100.1 203.14.101.1 255.255.255.255 - -sam: - set ifaddr 203.14.100.1 203.14.102.1 255.255.255.255 - -mary: - set ifaddr 203.14.100.1 203.14.103.1 255.255.255.255</programlisting> - - <para>The file <filename>/etc/ppp/ppp.linkup</filename> should - also contain routing information for each static IP user if - required. The line below would add a route for the <hostid - role="ipaddr">203.14.101.0</hostid> class C via the client's - ppp link.</para> - - <programlisting> -fred: - add 203.14.101.0 netmask 255.255.255.0 HISADDR - -sam: - add 203.14.102.0 netmask 255.255.255.0 HISADDR - -mary: - add 203.14.103.0 netmask 255.255.255.0 HISADDR</programlisting> - - </sect4> - - <sect4> - <title>More on <command>mgetty</command>, AutoPPP, and MS extensions</title> - - - <sect5 id="userppp-mgetty"> - <title><command>mgetty</command> and AutoPPP</title> - - <para>Configuring and compiling <command>mgetty</command> with the <literal>AUTO_PPP</literal> - option enabled allows <command>mgetty</command> to detect the LCP phase of PPP - connections and automatically spawn off a ppp shell. - However, since the default login/password sequence does not - occur it is necessary to authenticate users using either PAP - or CHAP.</para> - - <para>This section assumes the user has successfully - configured, compiled, and installed a version of <command>mgetty</command> with - the <literal>AUTO_PPP</literal> option (v0.99beta or later)</para> - - <para>Make sure your - <filename>/usr/local/etc/mgetty+sendfax/login.config</filename> file has the following in it:</para> - - <programlisting> -/AutoPPP/ - - /etc/ppp/ppp-pap-dialup</programlisting> - - <para>This will tell <command>mgetty</command> to run the - <filename>ppp-pap-dialup</filename> script for detected PPP - connections.</para> - - <para>Create a file called - <filename>/etc/ppp/ppp-pap-dialup</filename> containing the - following (the file should be executable):</para> - - <programlisting> -#!/bin/sh -exec /usr/sbin/ppp -direct pap$IDENT</programlisting> - - <para>For each dialup line enabled in - <filename>/etc/ttys</filename> create a corresponding entry - in <filename>/etc/ppp/ppp.conf</filename>. This will - happily co-exist with the definitions we created - above.</para> - - <programlisting> -pap: - enable pap - set ifaddr 203.14.100.1 203.14.100.20-203.14.100.40 - enable proxy</programlisting> - - <para>Each user logging in with this method will need to have - a username/password in - <filename>/etc/ppp/ppp.secret</filename> file, or - alternatively add the</para> - - <programlisting> -enable passwdauth</programlisting> - - <para>option to authenticate users via pap from the - <filename>/etc/password</filename> file.</para> - - <para>If you wish to assign some users a static IP number, you can - specify the number as the third argument in - <filename>/etc/ppp/ppp.secret</filename>. See - <filename>/etc/ppp/ppp.secret.sample</filename> for - examples.</para> - </sect5> - - <sect5> - <title>MS extentions</title> - - <para>It is possible to configure PPP to supply DNS and NetBIOS - nameserver addresses on demand.</para> - - <para>To enable these extensions with PPP version 1.x, the - following lines might be added to the relevant section of - <filename>/etc/ppp/ppp.conf</filename>.</para> - - <programlisting> -enable msext -set ns 203.14.100.1 203.14.100.2 -set nbns 203.14.100.5</programlisting> - - <para>And for PPP version 2 and above:</para> - - <programlisting> -accept dns -set dns 203.14.100.1 203.14.100.2 -set nbns 203.14.100.5</programlisting> - - <para>This will tell the clients the primary and secondary - name server addresses, and a netbios nameserver host.</para> - - <para>In version 2 and above, if the <literal>set dns</literal> - line is ommitted, PPP will use the values found in - <filename>/etc/resolv.conf</filename>.</para> - </sect5> - </sect4> - </sect3> - - <sect3 id="userppp-PAPnCHAP"> - <title>PAP and CHAP authentication</title> - - <para>Some ISPs set their system up so that the authentication - part of your connection is done using either of the PAP or CHAP - authentication mechanisms. If this is the case, your ISP will - not give a <prompt>login:</prompt> prompt when you - connect, but will start talking PPP immediately.</para> - - <para>PAP is less secure than CHAP, but security is not normally - an issue here as passwords, although being sent as plain text - with PAP, are being transmitted down a serial line only. - There's not much room for crackers to “eavesdrop”.</para> - - <para>Referring back to the <link linkend="userppp-staticIP">PPP and Static IP addresses</link> or <link - linkend="userppp-dynamicIP">PPP and Dynamic IP - addresses</link> sections, the following alterations must be - made:</para> - - <programlisting> -7 set login -… -12 set authname <replaceable>MyUserName</replaceable> -13 set authkey <replaceable>MyPassword</replaceable></programlisting> - - <para>As always, do not include the line numbers, they are just - for reference in this discussion. Indentation of at least one - space is required.</para> - - - <variablelist> - <varlistentry><term>Line 7:</term> - <listitem> - <para>Your ISP will not normally require that you log into - the server if you're using PAP or CHAP. You must - therefore disable your "set login" string.</para> - </listitem> - </varlistentry> - - <varlistentry><term>Line 12:</term> - - <listitem> - <para>This line specifies your PAP/CHAP user name. You - will need to insert the correct value for <replaceable>MyUserName</replaceable>.</para> - - </listitem> - </varlistentry> - - <varlistentry><term>Line 13:</term> - - <listitem> - <para>This line specifies your PAP/CHAP password. You - will need to insert the correct value for <replaceable>MyPassword</replaceable>. You may want to add an - additional line - - <programlisting> -15 accept PAP</programlisting> or - - <programlisting> -15 accept CHAP</programlisting> to make it obvious that this is the - intention, but PAP and CHAP are both accepted by - default.</para> - - </listitem> - </varlistentry> - </variablelist> - </sect3> - - <sect3> - <title>Changing your <command>ppp</command> configuration on the fly</title> - - <para>It is possible to talk to the <command>ppp</command> program while it is - running in the background, but only if a suitable diagnostic port has - been set up. To do this, add the following line to your - configuration:</para> - - <programlisting> -set server /var/run/ppp-tun%d DiagnosticPassword 0177</programlisting> - - <para>This will tell PPP to listen to the specified unix-domain - socket, asking clients for the specified password before allowing - access. The <literal>%d</literal> in the name is replaced with teh - tun device number that is in use.</para> - - <para>Once a socket has been set up, the - <citerefentry><refentrytitle>pppctl</refentrytitle><manvolnum>8</manvolnum></citerefentry> program may be used in scripts that - wish to manipulate the running program.</para> - - </sect3> - </sect2> - - <sect2 id="userppp-final"> - <title>Final system configuration</title> - - <para>You now have <command>ppp</command> configured, but there are a few more things - to do before it is ready to work. They all involve editing the - <filename>/etc/rc.conf</filename> file (was - <filename>/etc/sysconfig</filename>).</para> - - <para>Working from the top down in this file, make sure the - <literal>hostname=</literal> line is set, e.g.:</para> - - <programlisting> -hostname=foo.bar.com</programlisting> - - <para>If your ISP has supplied you with a static IP address and - name, it's probably best that you use this name as your host - name.</para> - - <para>Look for the <literal>network_interfaces</literal> variable. If you want to - configure your system to dial your ISP on demand, make sure the - <devicename>tun0</devicename> device is added to the list, otherwise remove it.</para> - - <programlisting> -network_interfaces="lo0 tun0" ifconfig_tun0=</programlisting> - - <note> - <para>The <literal>ifconfig_tun0</literal> variable should be empty, - and a file called <filename>/etc/start_if.tun0</filename> should - be created. This file should contain the line</para> - - <programlisting> -ppp -auto mysystem</programlisting> - - <para>This script is executed at network configuration time, - starting your ppp daemon in automatic mode. If you have a LAN - for which this machine is a gateway, you may also wish to use - the <option>-alias</option> switch. Refer to the manual page - for further details.</para> - </note> - - <para>Set the router program to <literal>NO</literal> with the line</para> - - <programlisting> -router_enable=NO (/etc/rc.conf) -router=NO (/etc/sysconfig)</programlisting> - - <para>It is important that the <command>routed</command> - daemon is not started (it's started by default) as <command>routed</command> tends to delete the default routing - table entries created by <command>ppp</command>.</para> - - <para>It is probably worth your while ensuring that the - <literal>sendmail_flags</literal> line does not include the <option>-q</option> option, - otherwise <command>sendmail</command> will attempt to do a network lookup every now - and then, possibly causing your machine to dial out. You may - try:</para> - - <programlisting> -sendmail_flags="-bd"</programlisting> - - <para>The upshot of this is that you must force <command>sendmail</command> to - re-examine the mail queue whenever the ppp link is up by - typing:</para> - - <informalexample> - <screen>&prompt.root; <userinput>/usr/sbin/sendmail -q</userinput></screen> - </informalexample> - - <para>You may wish to use the <command>!bg</command> - command in <filename>ppp.linkup</filename> to do this - automatically:</para> - - <programlisting> -1 provider: -2 delete ALL -3 add 0 0 HISADDR -4 !bg sendmail -bd -q30m</programlisting> - - <para>If you don't like this, it is possible to set up a “dfilter” - to block SMTP traffic. Refer to the sample files for further - details.</para> - - <para>All that is left is to reboot the machine.</para> - - <para>After rebooting, you can now either type</para> - - <informalexample> - <screen>&prompt.root; <userinput>ppp</userinput></screen> - </informalexample> - - <para>and then <command>dial provider</command> to start the PPP session, or, if - you want <command>ppp</command> to establish sessions automatically when there is - outbound traffic (and you haven't created the <filename>start_if.tun0</filename> - script), type</para> - - <informalexample> - <screen>&prompt.root; <userinput>ppp -auto provider</userinput></screen> - </informalexample> - - </sect2> - - <sect2> - <title>Summary</title> - - <para>To recap, the following steps are necessary when setting up - ppp for the first time:</para> - - <para>Client side:</para> - - - <procedure> - - <step> - <para>Ensure that the <devicename>tun</devicename> device is built into your - kernel.</para> - </step> - - <step> - <para>Ensure that the <filename>tun<replaceable>X</replaceable></filename> device file is - available in the <filename>/dev</filename> directory.</para> - </step> - - <step> - <para>Create an entry in - <filename>/etc/ppp/ppp.conf</filename>. The <filename>pmdemand</filename> example should suffice for - most ISPs.</para> - </step> - - <step> - <para>If you have a dynamic IP address, create an entry in - <filename>/etc/ppp/ppp.linkup</filename>.</para> - </step> - - <step> - <para>Update your <filename>/etc/rc.conf</filename> (or - <filename>sysconfig</filename>) file.</para> - </step> - - <step> - <para>Create a <filename>start_if.tun0</filename> script if you require demand - dialing.</para> - </step> - - </procedure> - - - <para>Server side:</para> - - <procedure> - - <step> - <para>Ensure that the <devicename>tun</devicename> device is built into your - kernel.</para> - </step> - - <step> - <para>Ensure that the <filename>tun<replaceable>X</replaceable></filename> device file is - available in the <filename>/dev</filename> directory.</para> - </step> - - <step> - <para>Create an entry in <filename>/etc/passwd</filename> - (using the <citerefentry><refentrytitle>vipw</refentrytitle><manvolnum>8</manvolnum></citerefentry> program).</para> - </step> - - <step> - <para>Create a profile in this users home directory that runs - <command>ppp -direct direct-server</command> or similar.</para> - </step> - - <step> - <para>Create an entry in - <filename>/etc/ppp/ppp.conf</filename>. The <filename>direct-server</filename> example should - suffice.</para> - </step> - - <step> - <para>Create an entry in - <filename>/etc/ppp/ppp.linkup</filename>.</para> - </step> - - <step> - <para>Update your <filename>/etc/rc.conf</filename> (or - <filename>sysconfig</filename>) file.</para> - </step> - - </procedure> - - </sect2> - - <sect2> - <title>Acknowledgments</title> - - <para>This section of the handbook was last updated on Monday Aug 10, - 1998 by &a.brian;</para> - - <para>Thanks to the following for their input, comments & - suggestions:</para> - - <para>&a.nik;</para> - - <para>&a.dirkvangulik;</para> - - <para>&a.pjc;</para> - - </sect2> - </sect1> - - <sect1 id="ppp"> - <title>Setting up Kernel PPP</title> - - <para><emphasis>Contributed by &a.gena;.</emphasis></para> - - <para>Before you start setting up PPP on your machine make sure that - <command>pppd</command> is located in <filename>/usr/sbin</filename> and directory - <filename>/etc/ppp</filename> exists.</para> - - <para><command>pppd</command> can work in two modes:</para> - - <orderedlist> - - <listitem> - <para>as a “client”, i.e. you want to connect your machine to - outside world via PPP serial connection or modem line.</para> - </listitem> - - <listitem> - <para>as a “server”, i.e. your machine is located on the - network and used to connect other computers using PPP.</para> - </listitem> - - </orderedlist> - - <para>In both cases you will need to set up an options file - (<filename>/etc/ppp/options</filename> or - <filename>~/.ppprc</filename> if you have more then one user on your - machine that uses PPP).</para> - - <para>You also will need some modem/serial software (preferably - kermit) so you can dial and establish connection with remote - host.</para> - - - <sect2> - <title>Working as a PPP client</title> - - <para>I used the following <filename>/etc/ppp/options</filename> to - connect to CISCO terminal server PPP line.</para> - - <programlisting> -crtscts # enable hardware flow control -modem # modem control line -noipdefault # remote PPP server must supply your IP address. - # if the remote host doesn't send your IP during IPCP - # negotiation , remove this option -passive # wait for LCP packets -domain ppp.foo.com # put your domain name here - -:<remote_ip> # put the IP of remote PPP host here - # it will be used to route packets via PPP link - # if you didn't specified the noipdefault option - # change this line to <local_ip>:<remote_ip> - -defaultroute # put this if you want that PPP server will be your - # default router</programlisting> - - <para>To connect:</para> - - <procedure> - - <step> - <para>Dial to the remote host using kermit (or other modem - program) enter your user name and password (or whatever is - needed to enable PPP on the remote host)</para> - </step> - - <step> - <para>Exit kermit (without hanging up the line).</para> - </step> - - <step> - <para>enter:</para> - - <informalexample> - <screen>&prompt.root; <userinput>/usr/src/usr.sbin/pppd.new/pppd <replaceable>/dev/tty01</replaceable> <replaceable>19200</replaceable></userinput></screen> - </informalexample> - - <para>Use the appropriate speed and device name.</para> - </step> - - </procedure> - - <para>Now your computer is connected with PPP. If the connection - fails for some reasons you can add the <option>debug</option> option to the - <filename>/etc/ppp/options</filename> file and check messages on - the console to track the problem</para> - - <para>Following <filename>/etc/ppp/pppup</filename> script will make - all 3 stages automatically:</para> - - <programlisting> -#!/bin/sh -ps ax |grep pppd |grep -v grep -pid=`ps ax |grep pppd |grep -v grep|awk '{print $1;}'` -if [ "X${pid}" != "X" ] ; then - echo 'killing pppd, PID=' ${pid} - kill ${pid} -fi -ps ax |grep kermit |grep -v grep -pid=`ps ax |grep kermit |grep -v grep|awk '{print $1;}'` -if [ "X${pid}" != "X" ] ; then - echo 'killing kermit, PID=' ${pid} - kill -9 ${pid} -fi - -ifconfig ppp0 down -ifconfig ppp0 delete - -kermit -y /etc/ppp/kermit.dial -pppd /dev/tty01 19200</programlisting> - - <para><filename>/etc/ppp/kermit.dial</filename> is kermit script - that dials and makes all necessary authorization on the remote - host. (Example of such script is attached to the end of this - document)</para> - - <para>Use the following <filename>/etc/ppp/pppdown</filename> script - to disconnect the PPP line:</para> - - <programlisting> -#!/bin/sh -pid=`ps ax |grep pppd |grep -v grep|awk '{print $1;}'` -if [ X${pid} != "X" ] ; then - echo 'killing pppd, PID=' ${pid} - kill -TERM ${pid} -fi - -ps ax |grep kermit |grep -v grep -pid=`ps ax |grep kermit |grep -v grep|awk '{print $1;}'` -if [ "X${pid}" != "X" ] ; then - echo 'killing kermit, PID=' ${pid} - kill -9 ${pid} -fi - -/sbin/ifconfig ppp0 down -/sbin/ifconfig ppp0 delete -kermit -y /etc/ppp/kermit.hup -/etc/ppp/ppptest</programlisting> - - <para>Check if PPP is still running - (<filename>/usr/etc/ppp/ppptest</filename>):</para> - - <programlisting> -#!/bin/sh -pid=`ps ax| grep pppd |grep -v grep|awk '{print $1;}'` -if [ X${pid} != "X" ] ; then - echo 'pppd running: PID=' ${pid-NONE} -else - echo 'No pppd running.' -fi -set -x -netstat -n -I ppp0 -ifconfig ppp0</programlisting> - - <para>Hangs up modem line - (<filename>/etc/ppp/kermit.hup</filename>):</para> - - <programlisting> -set line /dev/tty01 ; put your modem device here -set speed 19200 -set file type binary -set file names literal -set win 8 -set rec pack 1024 -set send pack 1024 -set block 3 -set term bytesize 8 -set command bytesize 8 -set flow none - -pau 1 -out +++ -inp 5 OK -out ATH0\13 -echo \13 -exit</programlisting> - - <para>Here is an alternate method using <command>chat</command> instead of <command>kermit</command>.</para> - - <para><emphasis>Contributed by &a.rhuff;.</emphasis></para> - - <para>The following two files are sufficient to accomplish a pppd - connection.</para> - - <para><filename>/etc/ppp/options</filename>:</para> - - <programlisting> -/dev/cuaa1 115200 - -crtscts # enable hardware flow control -modem # modem control line -connect "/usr/bin/chat -f /etc/ppp/login.chat.script" -noipdefault # remote PPP serve must supply your IP address. - # if the remote host doesn't send your IP during - # IPCP negotiation, remove this option -passive # wait for LCP packets -domain <your.domain> # put your domain name here - -: # put the IP of remote PPP host here - # it will be used to route packets via PPP link - # if you didn't specified the noipdefault option - # change this line to <local_ip>:<remote_ip> - -defaultroute # put this if you want that PPP server will be - # your default router</programlisting> - - <para><filename>/etc/ppp/login.chat.script</filename>:</para> - - <para>(This should actually go into a single line.)</para> - - <programlisting> -ABORT BUSY ABORT 'NO CARRIER' "" AT OK ATDT<phone.number> - CONNECT "" TIMEOUT 10 ogin:-\\r-ogin: <login-id> - TIMEOUT 5 sword: <password></programlisting> - - <para>Once these are installed and modified correctly, all you need - to do is</para> - - <informalexample> - <screen>&prompt.root; <userinput>pppd</userinput></screen> - </informalexample> - - <para>This sample based primarily on information provided - by: Trev Roydhouse - <Trev.Roydhouse@f401.n711.z3.fidonet.org> and used by - permission.</para> - - </sect2> - - <sect2> - <title>Working as a PPP server</title> - - <para><filename>/etc/ppp/options</filename>:</para> - - <programlisting> -crtscts # Hardware flow control -netmask 255.255.255.0 # netmask ( not required ) -192.114.208.20:192.114.208.165 # ip's of local and remote hosts - # local ip must be different from one - # you assigned to the ethernet ( or other ) - # interface on your machine. - # remote IP is ip address that will be - # assigned to the remote machine -domain ppp.foo.com # your domain -passive # wait for LCP -modem # modem line</programlisting> - - <para>Following <filename>/etc/ppp/pppserv</filename> script will - enable ppp server on your machine:</para> - - <programlisting> -#!/bin/sh -ps ax |grep pppd |grep -v grep -pid=`ps ax |grep pppd |grep -v grep|awk '{print $1;}'` -if [ "X${pid}" != "X" ] ; then - echo 'killing pppd, PID=' ${pid} - kill ${pid} -fi -ps ax |grep kermit |grep -v grep -pid=`ps ax |grep kermit |grep -v grep|awk '{print $1;}'` -if [ "X${pid}" != "X" ] ; then - echo 'killing kermit, PID=' ${pid} - kill -9 ${pid} -fi - -# reset ppp interface -ifconfig ppp0 down -ifconfig ppp0 delete - -# enable autoanswer mode -kermit -y /etc/ppp/kermit.ans - -# run ppp -pppd /dev/tty01 19200</programlisting> - - <para>Use this <filename>/etc/ppp/pppservdown</filename> script to - stop ppp server:</para> - - <programlisting> -#!/bin/sh -ps ax |grep pppd |grep -v grep -pid=`ps ax |grep pppd |grep -v grep|awk '{print $1;}'` -if [ "X${pid}" != "X" ] ; then - echo 'killing pppd, PID=' ${pid} - kill ${pid} -fi -ps ax |grep kermit |grep -v grep -pid=`ps ax |grep kermit |grep -v grep|awk '{print $1;}'` -if [ "X${pid}" != "X" ] ; then - echo 'killing kermit, PID=' ${pid} - kill -9 ${pid} -fi -ifconfig ppp0 down -ifconfig ppp0 delete - -kermit -y /etc/ppp/kermit.noans</programlisting> - - <para>Following kermit script will enable/disable autoanswer mode - on your modem (<filename>/etc/ppp/kermit.ans</filename>):</para> - - <programlisting> -set line /dev/tty01 -set speed 19200 -set file type binary -set file names literal -set win 8 -set rec pack 1024 -set send pack 1024 -set block 3 -set term bytesize 8 -set command bytesize 8 -set flow none - -pau 1 -out +++ -inp 5 OK -out ATH0\13 -inp 5 OK -echo \13 -out ATS0=1\13 ; change this to out ATS0=0\13 if you want to disable - ; autoanswer mod -inp 5 OK -echo \13 -exit</programlisting> - - <para>This <filename>/etc/ppp/kermit.dial</filename> script is used - for dialing and authorizing on remote host. You will need to - customize it for your needs. Put your login and password in this - script, also you will need to change input statement depending on - responses from your modem and remote host.</para> - - <programlisting> -; -; put the com line attached to the modem here: -; -set line /dev/tty01 -; -; put the modem speed here: -; -set speed 19200 -set file type binary ; full 8 bit file xfer -set file names literal -set win 8 -set rec pack 1024 -set send pack 1024 -set block 3 -set term bytesize 8 -set command bytesize 8 -set flow none -set modem hayes -set dial hangup off -set carrier auto ; Then SET CARRIER if necessary, -set dial display on ; Then SET DIAL if necessary, -set input echo on -set input timeout proceed -set input case ignore -def \%x 0 ; login prompt counter -goto slhup - -:slcmd ; put the modem in command mode -echo Put the modem in command mode. -clear ; Clear unread characters from input buffer -pause 1 -output +++ ; hayes escape sequence -input 1 OK\13\10 ; wait for OK -if success goto slhup -output \13 -pause 1 -output at\13 -input 1 OK\13\10 -if fail goto slcmd ; if modem doesn't answer OK, try again - -:slhup ; hang up the phone -clear ; Clear unread characters from input buffer -pause 1 -echo Hanging up the phone. -output ath0\13 ; hayes command for on hook -input 2 OK\13\10 -if fail goto slcmd ; if no OK answer, put modem in command mode - -:sldial ; dial the number -pause 1 -echo Dialing. -output atdt9,550311\13\10 ; put phone number here -assign \%x 0 ; zero the time counter - -:look -clear ; Clear unread characters from input buffer -increment \%x ; Count the seconds -input 1 {CONNECT } -if success goto sllogin -reinput 1 {NO CARRIER\13\10} -if success goto sldial -reinput 1 {NO DIALTONE\13\10} -if success goto slnodial -reinput 1 {\255} -if success goto slhup -reinput 1 {\127} -if success goto slhup -if < \%x 60 goto look -else goto slhup - -:sllogin ; login -assign \%x 0 ; zero the time counter -pause 1 -echo Looking for login prompt. - -:slloop -increment \%x ; Count the seconds -clear ; Clear unread characters from input buffer -output \13 -; -; put your expected login prompt here: -; -input 1 {Username: } -if success goto sluid -reinput 1 {\255} -if success goto slhup -reinput 1 {\127} -if success goto slhup -if < \%x 10 goto slloop ; try 10 times to get a login prompt -else goto slhup ; hang up and start again if 10 failures - -:sluid -; -; put your userid here: -; -output ppp-login\13 -input 1 {Password: } -; -; put your password here: -; -output ppp-password\13 -input 1 {Entering SLIP mode.} -echo -quit - -:slnodial -echo \7No dialtone. Check the telephone line!\7 -exit 1 - -; local variables: -; mode: csh -; comment-start: "; " -; comment-start-skip: "; " -; end:</programlisting> - - </sect2> - </sect1> - - <sect1 id="slipc"> - <title>Setting up a SLIP Client</title> - - <para><emphasis>Contributed by &a.asami;<!-- <br> -->8 Aug - 1995.</emphasis></para> - - <para>The following is one way to set up a FreeBSD machine for SLIP on - a static host network. For dynamic hostname assignments (i.e., your - address changes each time you dial up), you probably need to do - something much fancier.</para> - - <para>First, determine which serial port your modem is connected to. I - have a symbolic link to <filename>/dev/modem</filename> from - <filename>/dev/cuaa1</filename>, and only use the modem name in my configuration - files. It can become quite cumbersome when you need to fix a bunch - of files in <filename>/etc</filename> and - <filename>.kermrc</filename>'s all over the system!</para> - - <note> - <para><filename>/dev/cuaa0</filename> is <devicename>COM1</devicename>, - <filename>cuaa1</filename> is <devicename>COM2</devicename>, etc.</para> - </note> - - <para>Make sure you have - - <programlisting> -pseudo-device sl 1</programlisting> in your kernel's config file. It is included in - the <filename>GENERIC</filename> kernel, so this will not be a - problem unless you deleted it.</para> - - - <sect2> - <title>Things you have to do only once</title> - - - <procedure> - - <step> - <para>Add your home machine, the gateway and nameservers to - your <filename>/etc/hosts</filename> file. Mine looks like - this:</para> - - <programlisting> -127.0.0.1 localhost loghost -136.152.64.181 silvia.HIP.Berkeley.EDU silvia.HIP silvia -136.152.64.1 inr-3.Berkeley.EDU inr-3 slip-gateway -128.32.136.9 ns1.Berkeley.edu ns1 -128.32.136.12 ns2.Berkeley.edu ns2</programlisting> - - <para>By the way, silvia is - the name of the car that I had when I was back in Japan (it - is called 2?0SX here in U.S.).</para> - </step> - - <step> - <para>Make sure you have <option>hosts</option> before <option>bind</option> in your - <filename>/etc/host.conf</filename>. Otherwise, funny things - may happen.</para> - </step> - - <step> - <para>Edit the file <filename>/etc/rc.conf</filename>. Note - that you should edit the file - <filename>/etc/sysconfig</filename> instead if you are - running FreeBSD previous to version 2.2.2.</para> - <orderedlist> - - <listitem> - <para>Set your hostname by editing the line that says:</para> - <programlisting> -hostname=myname.my.domain</programlisting> - - <para>You should give it your full Internet hostname.</para> - </listitem> - - <listitem> - <para>Add sl0 to the list of network interfaces by - changing the line that says:</para> - - <programlisting> -network_interfaces="lo0"</programlisting> - - <para>to:</para> - - <programlisting> -network_interfaces="lo0 sl0"</programlisting> - </listitem> - - <listitem> - <para>Set the startup flags of sl0 by adding a line:</para> - - <programlisting> -ifconfig_sl0="inet ${hostname} slip-gateway netmask 0xffffff00 up"</programlisting> - </listitem> - - <listitem> - <para>Designate the default router by changing the line:</para> - <programlisting> -defaultrouter=NO</programlisting> - <para>to:</para> - <programlisting> -defaultrouter=slip-gateway</programlisting> - </listitem> - - </orderedlist> - - </step> - - <step> - <para>Make a file <filename>/etc/resolv.conf</filename> which - contains:</para> - - <programlisting> -domain HIP.Berkeley.EDU -nameserver 128.32.136.9 -nameserver 128.32.136.12</programlisting> - - <para>As you can see, these set up the nameserver hosts. Of - course, the actual domain names and addresses depend on your - environment.</para> - </step> - - <step> - <para>Set the password for root and toor (and any other - accounts that does not have a password). Use passwd, do not - edit the <filename>/etc/passwd</filename> or - <filename>/etc/master.passwd</filename> files!</para> - </step> - - <step> - <para>Reboot your machine and make sure it comes up with the - correct hostname.</para> - </step> - - </procedure> - - - </sect2> - - <sect2> - <title>Making a SLIP connection</title> - - - <procedure> - - <step> - <para>Dial up, type <command>slip</command> at the prompt, enter your machine - name and password. The things you need to enter depends on - your environment. I use kermit, with a script like this:</para> - - <programlisting> -# kermit setup -set modem hayes -set line /dev/modem -set speed 115200 -set parity none -set flow rts/cts -set terminal bytesize 8 -set file type binary -# The next macro will dial up and login -define slip dial 643-9600, input 10 =>, if failure stop, - -output slip\x0d, input 10 Username:, if failure stop, - -output silvia\x0d, input 10 Password:, if failure stop, - -output ***\x0d, echo \x0aCONNECTED\x0a</programlisting> - <para>(of - course, you have to change the hostname and password to fit - yours). Then you can just type <command>slip</command> from the kermit - prompt to get connected.</para> - - <note> - <para>Leaving your password in plain text anywhere in the - filesystem is generally a BAD idea. Do it at your own - risk. I am just too lazy.</para> - </note> - </step> - - <step> - <para>Leave the kermit there (you can suspend it by <command>z</command>) and - as root, type:</para> - - <informalexample> - <screen>&prompt.root; <userinput>slattach -h -c -s 115200 /dev/modem</userinput></screen> - </informalexample> - - <para>If you are able to <command>ping</command> hosts - on the other side of the router, you are connected! If it - does not work, you might want to try <option>-a</option> instead of <option>-c</option> as - an argument to slattach.</para> - </step> - - </procedure> - - - </sect2> - - <sect2> - <title>How to shutdown the connection</title> - - <para>Type - - <informalexample> - <screen>&prompt.root; <userinput>kill -INT `cat /var/run/slattach.modem.pid`</userinput></screen> - </informalexample>(as root) - to kill slattach. Then go back to kermit (<command>fg</command> if you suspended - it) and exit from it (<command>q</command>).</para> - - <para>The slattach man page says you have to use <command>ifconfig sl0 down</command> - to mark the interface down, but this does not seem to make any - difference for me. (<command>ifconfig sl0</command> reports the same - thing.)</para> - - <para>Some times, your modem might refuse to drop the carrier (mine - often does). In that case, simply start kermit and quit it again. - It usually goes out on the second try.</para> - - </sect2> - - <sect2> - <title>Troubleshooting</title> - - <para>If it does not work, feel free to ask me. The things that - people tripped over so far:</para> - - <itemizedlist> - - <listitem> - <para>Not using <option>-c</option> or <option>-a</option> in slattach (I have no idea why - this can be fatal, but adding this flag solved the problem - for at least one person)</para> - </listitem> - - <listitem> - <para>Using <option>s10</option> instead of <option>sl0</option> (might be hard to see the - difference on some fonts).</para> - </listitem> - - <listitem> - <para>Try <command>ifconfig sl0</command> to see your - interface status. I get:</para> - - <informalexample> - <screen>&prompt.root; <userinput>ifconfig sl0</userinput> -sl0: flags=10<POINTOPOINT> - inet 136.152.64.181 --> 136.152.64.1 netmask ffffff00</screen> - </informalexample> - </listitem> - - <listitem> - <para>Also, <command>netstat -r</command> will give the - routing table, in case you get the "no route to host" - messages from ping. Mine looks like:</para> - - <informalexample> - <screen>&prompt.root; <userinput>netstat -r</userinput> -Routing tables -Destination Gateway Flags Refs Use IfaceMTU Rtt Netmasks: - -(root node) -(root node) - -Route Tree for Protocol Family inet: -(root node) => -default inr-3.Berkeley.EDU UG 8 224515 sl0 - - -localhost.Berkel localhost.Berkeley UH 5 42127 lo0 - 0.438 -inr-3.Berkeley.E silvia.HIP.Berkele UH 1 0 sl0 - - -silvia.HIP.Berke localhost.Berkeley UGH 34 47641234 lo0 - 0.438 -(root node)</screen> - </informalexample> - <para>(this is after transferring a bunch - of files, your numbers should be smaller).</para> - </listitem> - - </itemizedlist> - - </sect2> - </sect1> - - <sect1 id="slips"> - <title>Setting up a SLIP Server</title> - - <para><emphasis>Contributed by &a.ghelmer;.<!-- <br> --> v1.0, 15 May - 1995.</emphasis></para> - - <para>This document provides suggestions for setting up SLIP Server - services on a FreeBSD system, which typically means configuring your - system to automatically startup connections upon login for remote - SLIP clients. The author has written this document based on his - experience; however, as your system and needs may be different, this - document may not answer all of your questions, and the author cannot - be responsible if you damage your system or lose data due to - attempting to follow the suggestions here.</para> - - <para>This guide was originally written for SLIP Server services on a - FreeBSD 1.x system. It has been modified to reflect changes in the - pathnames and the removal of the SLIP interface compression flags in - early versions of FreeBSD 2.X, which appear to be the only major - changes between FreeBSD versions. If you do encounter mistakes in - this document, please email the author with enough information to - help correct the problem.</para> - - - <sect2 id="slips-prereqs"> - <title>Prerequisites</title> - - <para>This document is very technical in nature, so background - knowledge is required. It is assumed that you are familiar with - the TCP/IP network protocol, and in particular, network and node - addressing, network address masks, subnetting, routing, and - routing protocols, such as RIP. Configuring SLIP services on a - dial-up server requires a knowledge of these concepts, and if you - are not familiar with them, please read a copy of either Craig - Hunt's <emphasis>TCP/IP Network Administration</emphasis> - published by O'Reilly & Associates, Inc. (ISBN Number - 0-937175-82-X), or Douglas Comer's books on the TCP/IP - protocol.</para> - - <para>It is further assumed that you have already setup your - modem(s) and configured the appropriate system files to allow - logins through your modems. If you have not prepared your system - for this yet, please see the tutorial for configuring dialup - services; if you have a World-Wide Web browser available, browse - the list of tutorials at <ulink - url="http://www.freebsd.org/">http://www.freebsd.org/</ulink>; - otherwise, check the place where you found this document for a - document named <filename>dialup.txt</filename> or something - similar. You may also want to check the manual pages for - <citerefentry><refentrytitle>sio</refentrytitle><manvolnum>4</manvolnum></citerefentry> for information on the serial - port device driver and <citerefentry><refentrytitle>ttys</refentrytitle><manvolnum>5</manvolnum></citerefentry>, - <citerefentry><refentrytitle>gettytab</refentrytitle><manvolnum>5</manvolnum></citerefentry>, - <citerefentry><refentrytitle>getty</refentrytitle><manvolnum>8</manvolnum></citerefentry>, & <citerefentry><refentrytitle>init</refentrytitle><manvolnum>8</manvolnum></citerefentry> for - information relevant to configuring the system to accept logins on - modems, and perhaps <citerefentry><refentrytitle>stty</refentrytitle><manvolnum>1</manvolnum></citerefentry> for information on - setting serial port parameters (such as <literal>clocal</literal> for directly-connected serial - interfaces).</para> - - </sect2> - - <sect2> - <title>Quick Overview</title> - - <para>In its typical configuration, using FreeBSD as a SLIP server - works as follows: a SLIP user dials up your FreeBSD SLIP Server - system and logs in with a special SLIP login ID that uses - <filename>/usr/sbin/sliplogin</filename> as the special user's - shell. The <command>sliplogin</command> program - browses the file <filename>/etc/sliphome/slip.hosts</filename> to - find a matching line for the special user, and if it finds a - match, connects the serial line to an available SLIP interface and - then runs the shell script - <filename>/etc/sliphome/slip.login</filename> to configure the - SLIP interface.</para> - - - <sect3> - <title>An Example of a SLIP Server Login</title> - - <para>For example, if a SLIP user ID were - <username>Shelmerg</username>, <username>Shelmerg</username>'s entry in - <filename>/etc/master.passwd</filename> would look something - like this (except it would be all on one line):</para> - - <programlisting> -Shelmerg:password:1964:89::0:0:Guy Helmer - SLIP:/usr/users/Shelmerg:/usr/sbin/sliplogin</programlisting> - - <para>When <username>Shelmerg</username> logs in, - <command>sliplogin</command> will search - <filename>/etc/sliphome/slip.hosts</filename> for a line that - had a matching user ID; for example, there may be a line in - <filename>/etc/sliphome/slip.hosts</filename> that reads:</para> - - <programlisting> -Shelmerg dc-slip sl-helmer 0xfffffc00 autocomp</programlisting> - - <para><command>sliplogin</command> will find that - matching line, hook the serial line into the next available SLIP - interface, and then execute - <filename>/etc/sliphome/slip.login</filename> like this:</para> - - <programlisting> -/etc/sliphome/slip.login 0 19200 Shelmerg dc-slip sl-helmer 0xfffffc00 autocomp</programlisting> - - <para>If all goes well, - <filename>/etc/sliphome/slip.login</filename> will issue an - <command>ifconfig</command> for the SLIP interface to - which <command>sliplogin</command> attached itself - (slip interface 0, in the above example, which was the first - parameter in the list given to <filename>slip.login</filename>) - to set the local IP address (<hostid>dc-slip</hostid>), remote - IP address (<hostid>sl-helmer</hostid>), network mask for the SLIP - interface (<hostid role="netmask">0xfffffc00</hostid>), and any additional - flags (<literal>autocomp</literal>). If something - goes wrong, <command>sliplogin</command> usually logs - good informational messages via the <literal>daemon</literal> syslog facility, - which usually goes into <filename>/var/log/messages</filename> - (see the manual pages for <citerefentry><refentrytitle>syslogd</refentrytitle><manvolnum>8</manvolnum></citerefentry> and - <citerefentry><refentrytitle>syslog.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>, and perhaps check - <filename>/etc/syslog.conf</filename> to see to which files - <command>syslogd</command> is logging).</para> - - <para>OK, enough of the examples — let us dive into setting up - the system.</para> - - </sect3> - </sect2> - - <sect2> - <title>Kernel Configuration</title> - - <para>FreeBSD's default kernels usually come with two SLIP - interfaces defined (<devicename>sl0</devicename> and - <devicename>sl1</devicename>); you can use <command>netstat -i</command> to see whether these interfaces - are defined in your kernel.</para> - - <para>Sample output from <command>netstat -i</command>:</para> - - - <informalexample> - <screen>Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll -ed0 1500 <Link>0.0.c0.2c.5f.4a 291311 0 174209 0 133 -ed0 1500 138.247.224 ivory 291311 0 174209 0 133 -lo0 65535 <Link> 79 0 79 0 0 -lo0 65535 loop localhost 79 0 79 0 0 -sl0* 296 <Link> 0 0 0 0 0 -sl1* 296 <Link> 0 0 0 0 0</screen> - </informalexample> - - <para>The <devicename>sl0</devicename> and <devicename>sl1</devicename> interfaces shown in <command>netstat -i</command>'s output indicate that there are - two SLIP interfaces built into the kernel. (The asterisks after - the <literal>sl0</literal> and <literal>sl1</literal> indicate that the interfaces are - “down”.)</para> - - <para>However, FreeBSD's default kernels do not come configured to - forward packets (ie, your FreeBSD machine will not act as a - router) due to Internet RFC requirements for Internet hosts (see - RFC's 1009 [Requirements for Internet Gateways], 1122 - [Requirements for Internet Hosts — Communication Layers], and - perhaps 1127 [A Perspective on the Host Requirements RFCs]), so if - you want your FreeBSD SLIP Server to act as a router, you will - have to edit the <filename>/etc/rc.conf</filename> file (called - <filename>/etc/sysconfig</filename> in FreeBSD releases prior to - 2.2.2) and change the setting of the <literal>gateway</literal> variable to <option>YES</option>. - If you have an older system which predates even the - <filename>/etc/sysconfig</filename> file, then add the following - command: - - <programlisting> -sysctl -w net.inet.ip.forwarding = 1</programlisting> to your <filename>/etc/rc.local</filename> - file.</para> - - <para>You will then need to reboot for the new settings to take - effect.</para> - - <para>You will notice that near the end of the default kernel - configuration file (<filename>/sys/i386/conf/GENERIC</filename>) - is a line that reads:</para> - - <programlisting> -pseudo-device sl 2</programlisting> - - <para>This is the line that defines the number of SLIP devices - available in the kernel; the number at the end of the line is the - maximum number of SLIP connections that may be operating - simultaneously.</para> - - <para>Please refer to <link linkend="kernelconfig">Configuring the FreeBSD Kernel</link> for help in - reconfiguring your kernel.</para> - - </sect2> - - <sect2> - <title>Sliplogin Configuration</title> - - <para>As mentioned earlier, there are three files in the - <filename>/etc/sliphome</filename> directory that are part of the - configuration for <filename>/usr/sbin/sliplogin</filename> (see - <citerefentry><refentrytitle>sliplogin</refentrytitle><manvolnum>8</manvolnum></citerefentry> for the actual manual page for - <command>sliplogin</command>): - <filename>slip.hosts</filename>, which defines the SLIP users - & their associated IP addresses; - <filename>slip.login</filename>, which usually just configures the - SLIP interface; and (optionally) <filename>slip.logout</filename>, - which undoes <filename>slip.login</filename>'s effects when the - serial connection is terminated.</para> - - - <sect3> - <title><filename>slip.hosts</filename> Configuration</title> - - <para><filename>/etc/sliphome/slip.hosts</filename> contains lines - which have at least four items, separated by whitespace:</para> - - - <itemizedlist> - - <listitem> - <para>SLIP user's login ID</para> - </listitem> - - <listitem> - <para>Local address (local to the SLIP server) of the SLIP - link</para> - </listitem> - - <listitem> - <para>Remote address of the SLIP link</para> - </listitem> - - <listitem> - <para>Network mask</para> - </listitem> - - </itemizedlist> - - - <para>The local and remote addresses may be host names (resolved - to IP addresses by <filename>/etc/hosts</filename> or by the - domain name service, depending on your specifications in - <filename>/etc/host.conf</filename>), and I believe the network - mask may be a name that can be resolved by a lookup into - <filename>/etc/networks</filename>. On a sample system, - <filename>/etc/sliphome/slip.hosts</filename> looks like - this:</para> - - <programlisting> -# -# login local-addr remote-addr mask opt1 opt2 -# (normal,compress,noicmp) -# -Shelmerg dc-slip sl-helmerg 0xfffffc00 autocomp</programlisting> - - <para>At the end of the line is one or more of the options.</para> - - - <itemizedlist> - - <listitem> - <para><option>normal</option> — no header - compression</para> - </listitem> - - <listitem> - <para><option>compress</option> — compress - headers</para> - </listitem> - - <listitem> - <para><option>autocomp</option> — compress - headers if the remote end allows it</para> - </listitem> - - <listitem> - <para><option>noicmp</option> — disable ICMP - packets (so any “ping” packets will be dropped instead - of using up your bandwidth)</para> - </listitem> - - </itemizedlist> - - - <para>Note that <command>sliplogin</command> under - early releases of FreeBSD 2 ignored the options that FreeBSD 1.x - recognized, so the options <option>normal</option>, - <option>compress</option>, <option>autocomp</option>, and - <option>noicmp</option> had no effect until support was - added in FreeBSD 2.2 (unless your - <filename>slip.login</filename> script included code to make use - of the flags).</para> - - <para>Your choice of local and remote addresses for your SLIP - links depends on whether you are going to dedicate a TCP/IP - subnet or if you are going to use “proxy ARP” on your SLIP - server (it is not “true” proxy ARP, but that is the - terminology used in this document to describe it). If you are - not sure which method to select or how to assign IP addresses, - please refer to the TCP/IP books referenced in the <link - linkend="slips-prereqs">slips-prereqs</link> section - and/or consult your IP network manager.</para> - - <para>If you are going to use a separate subnet for your SLIP - clients, you will need to allocate the subnet number out of your - assigned IP network number and assign each of your SLIP client's - IP numbers out of that subnet. Then, you will probably either - need to configure a static route to the SLIP subnet via your - SLIP server on your nearest IP router, or install <command>gated</command> on your FreeBSD SLIP server and - configure it to talk the appropriate routing protocols to your - other routers to inform them about your SLIP server's route to - the SLIP subnet.</para> - - <para>Otherwise, if you will use the “proxy ARP” method, you - will need to assign your SLIP client's IP addresses out of your - SLIP server's Ethernet subnet, and you will also need to adjust - your <filename>/etc/sliphome/slip.login</filename> and - <filename>/etc/sliphome/slip.logout</filename> scripts to use - <citerefentry><refentrytitle>arp</refentrytitle><manvolnum>8</manvolnum></citerefentry> to manage the proxy-ARP entries in the - SLIP server's ARP table.</para> - - </sect3> - - <sect3> - <title><filename>slip.login</filename> Configuration</title> - - <para>The typical <filename>/etc/sliphome/slip.login</filename> - file looks like this:</para> - - <programlisting> -#!/bin/sh - -# -# @(#)slip.login 5.1 (Berkeley) 7/1/90 - -# -# generic login file for a slip line. sliplogin invokes this with -# the parameters: -# 1 2 3 4 5 6 7-n -# slipunit ttyspeed loginname local-addr remote-addr mask opt-args -# -/sbin/ifconfig sl$1 inet $4 $5 netmask $6</programlisting> - - <para>This <filename>slip.login</filename> file merely <command>ifconfig</command>'s - the appropriate SLIP interface with the local and remote - addresses and network mask of the SLIP interface.</para> - - <para>If you have decided to use the “proxy ARP” method (instead - of using a separate subnet for your SLIP clients), your - <filename>/etc/sliphome/slip.login</filename> file will need to - look something like this:</para> - - <programlisting> -#!/bin/sh - -# -# @(#)slip.login 5.1 (Berkeley) 7/1/90 - -# -# generic login file for a slip line. sliplogin invokes this with -# the parameters: -# 1 2 3 4 5 6 7-n -# slipunit ttyspeed loginname local-addr remote-addr mask opt-args -# -/sbin/ifconfig sl$1 inet $4 $5 netmask $6 -# Answer ARP requests for the SLIP client with our Ethernet addr -/usr/sbin/arp -s $5 00:11:22:33:44:55 pub</programlisting> - - <para>The additional line in this <filename>slip.login</filename>, - <command>arp -s $5 00:11:22:33:44:55 pub</command>, creates - an ARP entry in the SLIP server's ARP table. This ARP entry - causes the SLIP server to respond with the SLIP server's - Ethernet MAC address whenever a another IP node on the Ethernet - asks to speak to the SLIP client's IP address.</para> - - <para>When using the example above, be sure to replace the - Ethernet MAC address (<hostid role="mac">00:11:22:33:44:55</hostid>) with the MAC address of - your system's Ethernet card, or your “proxy ARP” will - definitely not work! You can discover your SLIP server's - Ethernet MAC address by looking at the results of running - <command>netstat -i</command>; the second line of the output - should look something like:</para> - - <informalexample> - <screen>ed0 1500 <Link>0.2.c1.28.5f.4a 191923 0 129457 0 116 - </screen> - </informalexample> - - <para>This indicates that this particular system's Ethernet MAC - address is <hostid role="mac">00:02:c1:28:5f:4a</hostid> — - the periods in the Ethernet MAC address given by - <command>netstat -i</command> must be changed to colons and - leading zeros should be added to each single-digit hexadecimal - number to convert the address into the form that - <citerefentry><refentrytitle>arp</refentrytitle><manvolnum>8</manvolnum></citerefentry> desires; see the manual page on - <citerefentry><refentrytitle>arp</refentrytitle><manvolnum>8</manvolnum></citerefentry> for complete information on - usage.</para> - - <note> - <para>When you create - <filename>/etc/sliphome/slip.login</filename> and - <filename>/etc/sliphome/slip.logout</filename>, the - “execute” bit (ie, <command>chmod 755 - /etc/sliphome/slip.login - /etc/sliphome/slip.logout</command>) must be set, or - <command>sliplogin</command> will be unable to execute - it.</para> - </note> - </sect3> - - <sect3> - <title><filename>slip.logout</filename> Configuration</title> - - <para><filename>/etc/sliphome/slip.logout</filename> is not - strictly needed (unless you are implementing “proxy ARP”), but - if you decide to create it, this is an example of a basic - <filename>slip.logout</filename> script:</para> - - <programlisting> -#!/bin/sh - -# -# slip.logout - -# -# logout file for a slip line. sliplogin invokes this with -# the parameters: -# 1 2 3 4 5 6 7-n -# slipunit ttyspeed loginname local-addr remote-addr mask opt-args -# -/sbin/ifconfig sl$1 down</programlisting> - - <para>If you are using “proxy ARP”, you will want to have - <filename>/etc/sliphome/slip.logout</filename> remove the ARP - entry for the SLIP client:</para> - - <programlisting> -#!/bin/sh - -# -# @(#)slip.logout - -# -# logout file for a slip line. sliplogin invokes this with -# the parameters: -# 1 2 3 4 5 6 7-n -# slipunit ttyspeed loginname local-addr remote-addr mask opt-args -# -/sbin/ifconfig sl$1 down -# Quit answering ARP requests for the SLIP client -/usr/sbin/arp -d $5</programlisting> - - <para>The <command>arp -d $5</command> removes the ARP entry - that the “proxy ARP” <filename>slip.login</filename> added - when the SLIP client logged in.</para> - - <para>It bears repeating: make sure - <filename>/etc/sliphome/slip.logout</filename> has the execute - bit set for after you create it (ie, <command>chmod - 755 /etc/sliphome/slip.logout</command>).</para> - - </sect3> - </sect2> - - <sect2> - <title>Routing Considerations</title> - - <para>If you are not using the “proxy ARP” method for routing - packets between your SLIP clients and the rest of your network - (and perhaps the Internet), you will probably either have to add - static routes to your closest default router(s) to route your SLIP - client subnet via your SLIP server, or you will probably need to - install and configure <command>gated</command> on your - FreeBSD SLIP server so that it will tell your routers via - appropriate routing protocols about your SLIP subnet.</para> - - - <sect3> - <title>Static Routes</title> - - <para>Adding static routes to your nearest default routers can be - troublesome (or impossible, if you do not have authority to do - so...). If you have a multiple-router network in your - organization, some routers, such as Cisco and Proteon, may not - only need to be configured with the static route to the SLIP - subnet, but also need to be told which static routes to tell - other routers about, so some expertise and - troubleshooting/tweaking may be necessary to get - static-route-based routing to work.</para> - - </sect3> - - <sect3> - <title>Running <command>gated</command></title> - - <para>An alternative to the headaches of static routes is to - install <command>gated</command> on your FreeBSD SLIP - server and configure it to use the appropriate routing protocols - (RIP/OSPF/BGP/EGP) to tell other routers about your SLIP subnet. - You can use <command>gated</command> from the - <link linkend="ports">ports collection</link> or retrieve and - build it yourself from <ulink - URL="ftp://ftp.gated.merit.edu/research.and.development/gated/">the GateD anonymous ftp site</ulink>; I believe the current version as of this writing is <filename>gated-R3_5Alpha_8.tar.Z</filename>, which includes support for FreeBSD “out-of-the-box”. Complete information and documentation on <command>gated</command> is available on the Web starting at <ulink URL="http://www.gated.merit.edu/">the Merit GateD Consortium</ulink>. Compile and install it, and then write a <filename>/etc/gated.conf</filename> file to configure your gated; here is a sample, similar to what the author used on a FreeBSD SLIP server:</para> - - <programlisting> -# -# gated configuration file for dc.dsu.edu; for gated version 3.5alpha5 -# Only broadcast RIP information for xxx.xxx.yy out the ed Ethernet interface -# -# -# tracing options -# -traceoptions "/var/tmp/gated.output" replace size 100k files 2 general ; - -rip yes { - interface sl noripout noripin ; - interface ed ripin ripout version 1 ; - traceoptions route ; -} ; - -# -# Turn on a bunch of tracing info for the interface to the kernel: -kernel { - traceoptions remnants request routes info interface ; -} ; - -# -# Propagate the route to xxx.xxx.yy out the Ethernet interface via RIP -# - -export proto rip interface ed { - proto direct { - <replaceable>xxx.xxx.yy</replaceable> mask 255.255.252.0 metric 1; # SLIP connections - } ; -} ; - -# -# Accept routes from RIP via ed Ethernet interfaces - -import proto rip interface ed { - all ; -} ;</programlisting> - - <para>The above sample <filename>gated.conf</filename> file - broadcasts routing information regarding the SLIP subnet - <replaceable>xxx.xxx.yy</replaceable> via RIP onto the - Ethernet; if you are using a different Ethernet driver than the - <devicename>ed</devicename> driver, you will need to change - the references to the <devicename>ed</devicename> interface - appropriately. This sample file also sets up tracing to - <filename>/var/tmp/gated.output</filename> for debugging - <command>gated</command>'s activity; you can - certainly turn off the tracing options if <command>gated</command> works OK for you. You will need to - change the <replaceable>xxx.xxx.yy</replaceable>'s into the - network address of your own SLIP subnet (be sure to change the - net mask in the <literal>proto direct</literal> - clause as well).</para> - - <para>When you get <command>gated</command> built and - installed and create a configuration file for it, you will need - to run <command>gated</command> in place of <command>routed</command> on your FreeBSD system; change the - <filename>routed/gated</filename> startup parameters in - <filename>/etc/netstart</filename> as appropriate for your - system. Please see the manual page for <command>gated</command> for information on <command>gated</command>'s command-line parameters.</para> - - </sect3> - </sect2> - - <sect2> - <title>Acknowledgments</title> - - <para>Thanks to these people for comments and advice regarding this - tutorial:</para> - - - <variablelist> - <varlistentry><term>&a.wilko;</term> - <listitem> - <para></para> - </listitem> - </varlistentry> - - <varlistentry><term>Piero Serini</term> - - <listitem> - <para><email>Piero@Strider.Inet.IT</email></para> - - </listitem> - </varlistentry> - </variablelist> - - - </sect2> - </sect1> - </chapter> - -<!-- - Local Variables: - mode: sgml - sgml-declaration: "../chapter.decl" - sgml-indent-data: t - sgml-omittag: nil - sgml-always-quote-attributes: t - sgml-parent-document: ("../handbook.sgml" "part" "chapter") - End: ---> - |