diff options
Diffstat (limited to 'en_US.ISO8859-1/books/ppp-primer/book.sgml')
-rw-r--r-- | en_US.ISO8859-1/books/ppp-primer/book.sgml | 2372 |
1 files changed, 0 insertions, 2372 deletions
diff --git a/en_US.ISO8859-1/books/ppp-primer/book.sgml b/en_US.ISO8859-1/books/ppp-primer/book.sgml deleted file mode 100644 index 59cf194479..0000000000 --- a/en_US.ISO8859-1/books/ppp-primer/book.sgml +++ /dev/null @@ -1,2372 +0,0 @@ -<!DOCTYPE BOOK PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [ -<!ENTITY % man PUBLIC "-//FreeBSD//ENTITIES DocBook Manual Page Entities//EN"> -%man; -]> - -<book> - -<bookinfo> -<title>PPP - Pedantic PPP Primer</title> - -<authorgroup> -<author> -<firstname>Steve</firstname> -<surname>Sims</surname> -<affiliation> -<address><email>SimsS@IBM.net</email></address> -</affiliation> -</author> -</authorgroup> - -<pubdate>$FreeBSD: doc/en_US.ISO_8859-1/books/ppp-primer/book.sgml,v 1.9 2001/04/17 01:39:30 dd Exp $</pubdate> - -<abstract><para>This is a step-by-step guide for configuring FreeBSD systems to act as -a dial-up router/gateway in a Local Area Environment. All entries may -be assumed to be relevant to FreeBSD 2.2+, unless otherwise noted.</para></abstract> - -</bookinfo> - -<preface> -<title>Overview:</title> - -<para>The User-Mode PPP dialer in FreeBSD Version 2.2 (also known as: -<emphasis remap=it>"IIJ-PPP"</emphasis> ) now supports Packet Aliasing for dial up -connections to the Internet. This feature, also known as -"<emphasis remap=it>Masquerading</emphasis>", "<emphasis remap=it>IP Aliasing</emphasis>", or "<emphasis remap=it>Network Address -Translation</emphasis>", allows a FreeBSD system to act as a dial- on-demand -router between an Ethernet-based Local Area Network and an Internet -Service Provider. Systems on the LAN can use the FreeBSD system to -forward information between the Internet by means of a single -dial-connection.</para> - -<para>This guide explains how to: -<itemizedlist> - -<listitem> -<para>Configure the FreeBSD system to support dial-out connections,</para> -</listitem> - -<listitem> -<para>Share a dial-out connection with other systems in a network,</para> -</listitem> - -<listitem> -<para>Configure Windows platforms to use the FreeBSD system as a gateway to the Internet.</para> -</listitem> - -</itemizedlist> -</para> - -<para>While the focus of this guide is to assist in configuring IP Aliasing, -it also includes specific examples of the configuration steps necessary -to configure and install each individual component; each section stands -alone and may be used to assist in the configuration of various aspects -of FreeBSD internetworking.</para> - -</preface> - -<chapter> -<title>Building the Local Area Network</title> - -<para> While the ppp program can, and usually is, be configured to provide -services to <emphasis>only</emphasis> the local FreeBSD box it can also be used to serve as a -"Gateway" (or "router") between other LAN-connected resources and the Internet or -other Dial-Up service.</para> - - -<sect1> -<title>Typical Network Topology</title> - -<para>This guide assumes a typical Local Area Network lashed together as -follows: -<programlisting> -+---------+ ----> Dial-Up Internet Connection -| FreeBSD | \ (i.e.: NetCom, AOL, AT&T, EarthLink, -etc) -| |-------- -| "Curly" | -| | -+----+----+ - | -|----+-------------+-------------+----| <-- Ethernet Network - | | | - | | | -+----+----+ +----+----+ +----+----+ -| | | | | | -| Win95 | | WFW | | WinNT | -| "Larry" | | "Moe" | | "Shemp" | -| | | | | | -+---------+ +---------+ +---------+</programlisting> -</para> - -</sect1> - -<sect1> -<title>Assumptions about the Local Area Network</title> - -<para>Some specific assumptions about this sample network are:</para> - -<para>Three workstations and a Server are connected with Ethernet -cabling: -<itemizedlist> - -<listitem> -<para>a FreeBSD Server ("Curly") with an NE-2000 adapter configured as -'ed0'</para> -</listitem> - -<listitem> -<para>a Windows-95 workstation ("Larry") with Microsoft's "native" -32-bit TCP/IP drivers</para> -</listitem> - -<listitem> -<para>a Windows for Workgroups workstation ("Moe") with Microsoft's -16-bit TCP/IP extensions</para> -</listitem> - -<listitem> -<para>a Windows NT workstation ("Shemp") with Microsoft's "native" -32-bit TCP/IP drivers</para> -</listitem> - -</itemizedlist> - </para> - -<para>The IP addresses on the Ethernet side of this sample LAN have been -taken from a pool addresses proposed reserved by RFC 1918 for use on -private LANs, so you are free to use these actual IP addresses on your -own LAN if you want. IP addresses are assigned as follows:</para> - -<informaltable> - <tgroup cols=3> - <thead> - <row> - <entry>Name</entry> - <entry>IP Address</entry> - <entry>Comment</entry> - </row> - </thead> - - <tbody> - <row> - <entry><hostid>Curly</hostid></entry> - <entry><hostid role="ipaddr">192.168.1.1</hostid></entry> - <entry>The FreeBSD box</entry> - </row> - - <row> - <entry><hostid>Larry</hostid></entry> - <entry><hostid role="ipaddr">192.168.1.2</hostid></entry> - <entry>The Win'95 box</entry> - </row> - - <row> - <entry><hostid>Moe</hostid></entry> - <entry><hostid role="ipaddr">192.168.1.3</hostid></entry> - <entry>The WfW box</entry> - </row> - - <row> - <entry><hostid>Shemp</hostid></entry> - <entry><hostid role="ipaddr">192.168.1.4</hostid></entry> - <entry>The Windows NT box</entry> - </row> - </tbody> - </tgroup> -</informaltable> - -<para>This guide assumes that the modem on the FreeBSD box is connected -to the first serial port ('<filename>/dev/cuaa0</filename>' or '<emphasis remap=tt>COM1:</emphasis>' in -DOS-terms).</para> - -<para>Finally, we'll also assume that your Internet Service Provider (ISP) -automatically provides the IP addresses of both your PPP/FreeBSD side -as well as the ISP's side. (i.e.: Dynamic IP Addresses on both ends -of the link.) Specific details for configuring the Dial-Out side of -PPP will be addressed in Section 2, "Configuring the FreeBSD System".</para> - -</sect1> -</chapter> - -<chapter id="system-config"> -<title>FreeBSD System Configuration</title> - -<para>There are three basic pieces of information that must be known to -the FreeBSD box before you can proceed with integrating the sample -Local Area Network:</para> - -<para> -<itemizedlist> - -<listitem> -<para>The Host Name of the FreeBSD system; in our example it's "Curly",</para> -</listitem> - -<listitem> -<para>The Network configuration,</para> -</listitem> - -<listitem> -<para>The <filename>/etc/hosts</filename> file (which lists the names and IP addresses of -the other systems in your network)</para> -</listitem> - -</itemizedlist> -</para> - -<para>If you performed the installation of FreeBSD over a network -connection some of this information may already be configured into -your FreeBSD system.</para> - -<para>Even if you believe that the FreeBSD system was properly configured -when it was installed you should at least verify each of these bits of -information to prevent trouble in subsequent steps.</para> - - -<sect1> -<title>Verifying the FreeBSD Host Name</title> - -<para>It's possible that the FreeBSD host name was specified and saved -when the system was initially installed. To verify that it was, enter -the following command at a prompt:</para> - -<para> -<informalexample> -<screen># hostname</screen> -</informalexample> -</para> - -<para>The name of the host FreeBSD system will be displayed on a single -line. If the name looks correct (this is very subjective :-) skip -ahead to <xref linkend="verify-ether-if-config">.</para> - -<para>For example, in our sample network, we would see 'curly.my.domain' -as a result of the `hostname` command if the name had been set -correctly during, or after, installation. (At this point, don't worry -too much about the ".my.domain" part, we'll sort this out later. The -important part is the name up to the first dot.)</para> - -<para>If a host name wasn't specified when FreeBSD was installed you'll -probably see 'myname.my.domain` as a response. You'll need to edit -<filename>/etc/rc.conf</filename> to set the name of the machine.</para> - - -<sect2> -<title>Configuring the FreeBSD Host Name</title> - -<para><emphasis><emphasis remap=bf>Reminder: You must be logged in as 'root' to edit the -system configuration files!</emphasis></emphasis></para> - -<para><emphasis><emphasis remap=bf>CAUTION: If you mangle the system configuration files, -chances are your system WILL NOT BOOT correctly! Be careful!</emphasis></emphasis></para> - -<para>The configuration file that specifies the FreeBSD system's host -name when the system boots is in <filename>/etc/rc.conf</filename>. Use the -default text editor ('<emphasis remap=tt>ee</emphasis>') to edit this file.</para> - -<para>Logged in as user 'root' load <filename>/etc/rc.conf</filename> into the -editor with the following command: -<informalexample> -<screen># ee /etc/rc.conf</screen> -</informalexample> -</para> - -<para>Using the arrow keys, scroll down until you find the line that -specifies the host name of the FreeBSD system. By default, this -section says: -<informalexample> -<screen>--- -### Basic network options: ### -hostname="myname.my.domain" # Set this! ----</screen> -</informalexample> - -Change this section to say (in our example): -<informalexample> -<screen>--- -### Basic network options: ### -hostname="curly.my.domain" # Set this! ----</screen> -</informalexample> -</para> - -<para>Once the change to the host name has been made, press the 'Esc' key to -access the command menu. Select "leave editor" and make sure to -specify "save changes" when prompted.</para> - -</sect2> -</sect1> - -<sect1 id="verify-ether-if-config"> -<title>Verifying the Ethernet Interface Configuration</title> - -<para>To reiterate our basic assumption, this guide assumes that the -Ethernet Interface in the FreeBSD system is named '<emphasis remap=tt>ed0</emphasis>'. This is -the default for NE-1000, NE-2000, WD/SMC models 8003, 8013 and Elite -Ultra (8216) network adapters.</para> - -<para>Other models of network adapters may have different device names in -FreeBSD. Check the FAQ for specifics about your network adapter. If -you're not sure of the device name of your adapter, check the FreeBSD -FAQ to determine the device name for the card you have and substitute -that name (i.e.: '<emphasis remap=tt>de0</emphasis>', '<emphasis remap=tt>zp0</emphasis>', or similar) in the following -steps.</para> - -<para>As was the case with the host name, the configuration for the -FreeBSD system's Ethernet Interface may have been specified when the -system was installed.</para> - -<para>To display the configuration for the interfaces in your -FreeBSD system (Ethernet and others), enter the following command: -<informalexample> -<screen># ifconfig -a</screen> -</informalexample> - -(In layman's terms: "Show me the <emphasis remap=bf>I</emphasis>nter<emphasis remap=bf>F</emphasis>ace <acronym>CONFIG</acronym>uration -for my network devices.") </para> - -<para>An example: -<informalexample> -<screen># ifconfig -a - ed0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu -1500 - inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255 - ether 01:02:03:04:05:06 - lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500 - tun0: flags=8050<POINTOPOINT,RUNNING, MULTICAST> mtu 1500 - sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552 - ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500 - lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 - inet 127.0.0.1 netmask 0xff000000 -# _</screen> -</informalexample> -</para> - -<para>In this example, the following devices were displayed:</para> - -<para><emphasis remap=tt>ed0:</emphasis> The Ethernet Interface</para> - -<para><emphasis remap=tt>lp0:</emphasis> The Parallel Port Interface (ignored in this guide)</para> - -<para><emphasis remap=tt>tun0:</emphasis> The "tunnel" device; <emphasis>This is the one user-mode ppp uses!</emphasis></para> - -<para><emphasis remap=tt>sl0:</emphasis> The SL/IP device (ignored in this guide)</para> - -<para><emphasis remap=tt>ppp0:</emphasis> Another PPP device (for kernel ppp; ignored in this guide)</para> - -<para><emphasis remap=tt>lo0:</emphasis> The "Loopback" device (ignored in this guide)</para> - -<para>In this example, the 'ed0' device is up and running. The key -indicators are: -<orderedlist> - -<listitem> -<para>Its status is "<acronym>UP</acronym>",</para> -</listitem> - -<listitem> -<para>It has an Internet ("<emphasis remap=tt>inet</emphasis>") address, (in this case, 192.168.1.1)</para> -</listitem> - -<listitem> -<para>It has a valid Subnet Mask ("netmask"; 0xffffff00 is the same as -255.255.255.0), and</para> -</listitem> - -<listitem> -<para>It has a valid broadcast address (in this case, 192.168.1.255).</para> -</listitem> - -</orderedlist> -</para> - -<para>If the line for the Ethernet card had shown something similar to: -<informalexample> -<screen>ed0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500 - ether 01:02:03:04:05:06</screen> -</informalexample> - -then the Ethernet card hasn't been configured yet.</para> - -<para>If the configuration for the Ethernet interface is correct you can -skip forward to <xref linkend="list-lan-hosts">.</para> - -<sect2 > -<title>Configuring your Ethernet Interface</title> - -<para><emphasis><emphasis remap=bf>Reminder: You must be logged in as 'root' to edit the -system configuration files!</emphasis></emphasis></para> - -<para><emphasis><emphasis remap=bf>CAUTION: If you mangle the system configuration files, -chances are your system WILL NOT BOOT correctly! Be careful!</emphasis></emphasis></para> - -<para>The configuration file that specifies settings for the network -interfaces when the system boots is in <filename>/etc/rc.conf</filename>. Use -the default text editor ('ee') to edit this file.</para> - -<para>Logged in as user 'root' load <filename>/etc/rc.conf</filename> into the -editor with the following command:</para> - -<para><command> # ee /etc/rc.conf</command></para> - -<para>About 20 lines from the top of <filename>/etc/rc.conf</filename> is the section -that describes which network interfaces should be activated when the -system boots. In the default configuration file the specific line -that controls this is:</para> - -<para> -<informalexample> -<screen>network_interfaces="lo0" # List of network interfaces (lo0 is loopback).</screen> -</informalexample> -</para> - -<para>You'll need to amend this line to tell FreeBSD that you want to add -another device, namely the '<emphasis remap=tt>ed0</emphasis>' device. Change this line to -read:</para> - -<para> -<informalexample> -<screen>network_interfaces="lo0 ed0" # List of network interfaces (lo0 is loopback).</screen> -</informalexample> -</para> - -<para>(Note the space between the definition for the loopback device -("<emphasis remap=tt>lo0</emphasis>") -and the Ethernet device ("<emphasis remap=tt>ed0</emphasis>")! </para> - -<para><emphasis><emphasis remap=bf> Reminder: If your Ethernet card isn't named '<emphasis remap=tt>ed0</emphasis>', specify -the correct device name here instead.</emphasis></emphasis></para> - -<para>If you performed the installation of FreeBSD over a network -connection then the '<literal>network_interfaces=</literal>' line may already -include a reference to your Ethernet adapter. If it is, verify that -it is the correct device name.</para> - -<para>Specify the Interface Settings for the Ethernet device -('<emphasis remap=tt>ed0</emphasis>'):</para> - -<para>Beneath the line that specifies which interfaces should be -activated are the lines that specify the actual settings for each -interface. In the default <filename>/etc/rc.conf</filename> file is a single -line that says:</para> - -<para> -<informalexample> -<screen>ifconfig_lo0="inet 127.0.0.1" # default loopback device configuration.</screen> -</informalexample> -</para> - -<para>You'll need to add another line after that to specify the settings -for your '<emphasis remap=tt>ed0</emphasis>' device.</para> - -<para>If you performed the installation of FreeBSD over a network -connection then there may already be an '<literal>ifconfig_ed0=</literal>' line -after the loopback definition. If so, verify that it has the correct -values.</para> - -<para>For our sample configuration we'll insert a line immediately after -the loopback device definition that says:</para> - -<para> -<informalexample> -<screen>ifconfig_ed0="inet 192.168.1.1 netmask 255.255.255.0"</screen> -</informalexample> -</para> - -<para>When you've finished editing <filename>/etc/rc.conf</filename> to specify and -configure the network interfaces the section should look really close -to:</para> - -<para> -<informalexample> -<screen>--- -network_interfaces="ed1 lo0" # List of network interfaces (lo0 is loopback). -ifconfig_lo0="inet 127.0.0.1" # default loopback device configuration. -ifconfig_ed1="inet 192.168.1.1 netmask 255.255.255.0" ----</screen> -</informalexample> -</para> - -<para>Once all of the necessary changes to <filename>/etc/rc.conf</filename> have -been made, press the 'Esc' key to invoke the control menu. Select -"leave editor" and be sure to select "save changes" when prompted.</para> - -</sect2> -</sect1> - -<sect1> -<title>Enabling Packet Forwarding</title> - -<para>By default the FreeBSD system will not forward IP packets between -various network interfaces. In other words, routing functions (also -known as gateway functions) are disabled.</para> - -<para>If your intent is to use a FreeBSD system as stand-alone Internet -workstation and not as a gateway between LAN nodes and your ISP you -should skip forward to <xref linkend="list-lan-hosts">.</para> - -<para>If you intend for the PPP program to service the local FreeBSD box -as well as LAN workstations (as a router) you'll need to enable IP -forwarding.</para> - -<para>To enable IP Packet forwarding you'll need to edit the -<filename>/etc/rc.conf</filename> file.</para> - - <para>This file contains overrides of the defaults in - <filename>/etc/defaults/rc.conf</filename>. The default gateway - setting is controlled by the line</para> - - <programlisting>gateway_enable="NO"</programlisting> - - <para>in that file. To override it, add a line like</para> - - <programlisting>gateway_enable="YES"</programlisting> - - <para><filename>/etc/rc.conf</filename>.</para> - -<para><emphasis><emphasis remap=bf>NOTE: This line may already be set to -'<literal>gateway_enable="YES"</literal>' if IP forwarding was enabled when the -FreeBSD system was installed.</emphasis></emphasis></para> - -</sect1> - -<sect1 id="list-lan-hosts"> -<title>Creating the List of other LAN Hosts(<filename>/etc/hosts</filename>)</title> - -<para>The final step in configuring the LAN side of the FreeBSD system is -to create a list of the names and TCP/IP addresses of the various -systems that are connected to the Local Area Network. This list is -stored in the '<filename>/etc/hosts</filename>' file.</para> - -<para>The default version of this file has only a single host name -listing in it: the name and address of the loopback device ('lo0'). -By networking convention, this device is always named "localhost" and -always has an IP address of 127.0.0.1. <xref - linkend="verify-ether-if-config">.</para> - - -<para>To edit the <filename>/etc/hosts</filename> file enter the following command: -<informalexample> -<screen> # ee /etc/hosts </screen> -</informalexample> -</para> - -<para>Scroll all the way to the bottom of the file (paying attention to -the comments along the way; there's some good information there!) and -enter (assuming our sample network) the following IP addresses and -host names: -<informalexample> -<screen>192.168.1.1 curly curly.my.domain # FreeBSD System -192.168.1.2 larry larry.my.domain # Windows '95 System -192.168.1.3 moe moe.my.domain # Windows for Workgroups -System -192.168.1.4 shemp shemp.my.domain # Windows NT System</screen> -</informalexample> -</para> - -<para>(No changes are needed to the line for the '<emphasis remap=tt>127.0.0.1 -localhost</emphasis>' entry.)</para> - -<para>Once you've entered these lines, press the 'Esc' key to invoke the -control menu. Select "leave editor" and be sure to select "save -changes" when prompted.</para> - -</sect1> - -<sect1> -<title>Testing the FreeBSD system</title> - -<para>Congratulations! Once you've made it to this point, the FreeBSD -system is configured as a network-connected UNIX system! If you made -any changes to the <filename>/etc/rc.conf</filename> file you should probably -re-boot your FreeBSD system. This will accomplish two important -objectives: -<itemizedlist> - -<listitem> -<para>Allow the changes to the interface configurations to be applied, and</para> -</listitem> - -<listitem> -<para>Verify that the system restarts without any glaring configuration errors.</para> -</listitem> - -</itemizedlist> -</para> - -<para>Once the system has been rebooted you should test the network -interfaces.</para> - - -<sect2> -<title>Verifying the operation of the loopback device</title> - -<para>To verify that the loopback device is configured correctly, log in as -'root' and enter: -<informalexample> -<screen># ping localhost</screen> -</informalexample> -</para> - -<para>You should see: -<informalexample> -<screen># ping localhost -PING localhost.my.domain. (127.0.0.1): 56 data bytes -64 bytes from 127.0.0.1: icmp_seq=0 ttl=255 time=0.219 ms -64 bytes from 127.0.0.1: icmp_seq=1 ttl=255 time=0.287 ms -64 bytes from 127.0.0.1: icmp_seq=2 ttl=255 time=0.214 m -[...]</screen> -</informalexample> - -messages scroll by until you hit Ctrl-C to stop the madness.</para> - -</sect2> - -<sect2> -<title>Verifying the operation of the Ethernet Device</title> - -<para>To verify that the Ethernet device is configured correctly, enter:</para> - -<para> -<informalexample> -<screen># ping curly</screen> -</informalexample> -</para> - -<para>You should see: -<informalexample> -<screen># ping curly -PING curly.my.domain. (192.168.1.1): 56 data bytes -64 bytes from 192.168.1.1: icmp_seq=0 ttl=255 time=0.219 ms -64 bytes from 192.168.1.1: icmp_seq=1 ttl=255 time=0.200 ms -64 bytes from 192.168.1.1: icmp_seq=2 ttl=255 time=0.187 ms -[...]</screen> -</informalexample> - -messages.</para> - -<para>One important thing to look at in these two examples is that the -names (loopback and curly) correctly correlate to their IP addresses -(127.0.0.1 and 192.168.1.1). This verifies that the -<filename>/etc/hosts</filename> files is correct.</para> - -<para>If the IP address for "curly" isn't 192.168.1.1 or the address for -"localhost" isn't 127.0.0.1, return to <xref linkend="list-lan-hosts"> and review your -entries in '<filename>/etc/hosts</filename>'.</para> - -<para>If the names and addresses are indicated correctly in the result of -the ping command but there are errors displayed then something is -amiss with the interface configuration(s). Return to <xref linkend="system-config"> and -verify everything again.</para> - -<para>If everything here checks out, proceed with the next section.</para> - -</sect2> -</sect1> -</chapter> - -<chapter> -<title>Configuring the PPP Dial-Out Connection</title> - -<para>There are two basic modes of operation of the ppp driver: -"Interactive" and "Automatic".</para> - -<para>In Interactive mode you:</para> - -<para> -<itemizedlist> - -<listitem> -<para>Manually establish a connection to your ISP,</para> -</listitem> - -<listitem> -<para>Browse, surf, transfer files and mail, etc...,</para> -</listitem> - -<listitem> -<para>Manually disconnect from your ISP.</para> -</listitem> - -</itemizedlist> -</para> - -<para>In Automatic mode, the PPP program silently watches what goes on -inside the FreeBSD system and automagically connects and disconnects -with your ISP as required to make the Internet a seamless element of -your network.</para> - -<para>In this section we'll address the configuration(s) for both modes -with emphasis on configuring your `ppp` environment to operate in -"Automatic" mode.</para> - - -<sect1> -<title>Backing up the original PPP configuration files</title> - - <note> - <para>More recent versions of FreeBSD have the examples files in - <filename>/usr/share/examples/ppp</filename>, so this step may not - be necessary.</para> - </note> - -<para>Before making any changes to the files which are used by PPP you -should make a copy of the default files that were created when the -FreeBSD system was installed.</para> - -<para>Log in as the 'root' user and perform the following steps:</para> - -<para>Change to the '<filename>/etc</filename> directory:</para> - -<para><emphasis remap=tt># cd /etc</emphasis></para> - -<para>Make a backup copy the original files in the 'ppp' directory:</para> - -<para><emphasis remap=tt># cp -R ppp ppp.ORIGINAL</emphasis></para> - -<para>You should now be able to see both a '<emphasis remap=tt>ppp</emphasis>' and a -'<filename>ppp.ORIGINAL</filename>' subdirectory -in the '<filename>/etc</filename>' directory.</para> - -</sect1> - -<sect1> -<title>Create your own PPP configuration files</title> - -<para>By default, the FreeBSD installation process creates a number of -sample configuration files in the <filename>/etc/ppp</filename> -and <filename>/usr/share/examples/ppp</filename> directories. Please take -some time to review these files; they were derived from working -systems and represent the features and capabilities of the PPP -program.</para> - -<para>You are <emphasis>strongly</emphasis> encouraged to learn from -these sample files and apply them to your own configuration as -necessary.</para> - -<para>For detailed information about the `ppp` program, read the ppp -manpage: -<informalexample> -<screen># man ppp</screen> -</informalexample> -</para> - -<para>For detailed information about the `chat` scripting language used by -the PPP dialer, read the chat manpage: -<informalexample> -<screen># man chat</screen> -</informalexample> -</para> - -<para>The remainder of this section describes the recommended contents of -the PPP configuration files.</para> - - -<sect2> -<title>The '<filename>/etc/ppp/ppp.conf</filename>' file</title> - -<para>The '<filename>/etc/ppp/ppp.conf</filename>' file contains the information and -settings required to set up a dial-out PPP connection. More than one -configuration may be contained in this file. The FreeBSD handbook -(XXX URL? XXX) describes the contents and syntax of this file in -detail.</para> - -<para>This section will describe only the minimal configuration to get a -dial-out connection working.</para> - -<para>Below is the /etc/ppp/ppp.conf file that we'll be using to provide a -dial-out Internet gateway for our example LAN: - -<note> - <para>The full syntax for <filename>ppp.conf</filename> is described in - &man.ppp.8;. Particuarly, note that any line that isn't a label that - ends with a colon (e.g., <literal>default:</literal>, - <literal>interactive:</literal>), a command that begins with - <quote>!</quote> (e.g., <literal>!include</literal>), or a comment - <emphasis>must</emphasis> be indented!</para> -</note> - -<programlisting>################################################################ -# PPP Configuration File ('/etc/ppp/ppp.conf') -# -# Default settings; These are always executed always when PPP -# is invoked and apply to all system configurations. -################################################################ -default: - set device /dev/cuaa0 - set speed 57600 - disable pred1 - deny pred1 - disable lqr - deny lqr - set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" ATE1Q0M0 OK-AT-OK\\dATDT\\T TIMEOUT 40 CONNECT" - set redial 3 10 -# -# -################################################################ -# -# For interactive mode use this configuration: -# -# Invoke with `ppp -alias interactive` -# -################################################################ -interactive: - set authname Your_User_ID_On_Remote_System - set authkey Your_Password_On_Remote_System - set phone 1-800-123-4567 - set timeout 300 - set openmode active - accept chap -# -################################################################ -# -# For demand-dial (automatic) mode we'll use this configuration: -# -# Invoke with: 'ppp -auto -alias demand' -# -################################################################ -demand: - set authname Your_User_ID_On_Remote_System - set authkey Your_Password_On_Remote_System - set phone 1-800-123-4567 - set timeout 300 - set openmode active - accept chap - set ifaddr 127.1.1.1/0 127.2.2.2/0 255.255.255.0 - add 0 0 127.2.2.2 -################################################################ -# End of /etc/ppp/ppp.conf</programlisting> - -This file, taken verbatim from a working system, has three relevant -configuration sections:</para> - - -<sect3> -<title>The "<emphasis remap=tt>default</emphasis>" Section</title> - -<para>The '<emphasis remap=tt>default:</emphasis>' section contains the values and settings -used by every other section in the file. Essentially, this section is -implicitly added to the configuration lines to each other section.</para> - -<para>This is a good place to put "global defaults" applicable to all -dial-up sessions; especially modem settings and dialing prefixes which -typically don't change based on which destination system you're -connecting to.</para> - -<para>Following are the descriptions of each line in the "default" section -of the sample '<filename>/etc/ppp/ppp.conf</filename>' file: -<informalexample> -<screen>set device /dev/cuaa0</screen> -</informalexample> - -This statement informs the PPP program that it should use the first -serial port. -Under FreeBSD the '<filename>/dev/cuaa0</filename>' device is the same port that's -known as "<emphasis remap=tt>COM1:</emphasis>" under DOS, Windows, Windows 95, etc....</para> - -<para>If your modem is on <emphasis remap=tt>COM2:</emphasis> you should specify -'<filename>/dev/cuaa1</filename>; <emphasis remap=tt>COM3:</emphasis> would be '<filename>/dev/cuaa2</filename>'.</para> - -<para> -<informalexample> -<screen>set speed 57600 </screen> -</informalexample> -</para> - -<para>This line sets the transmit and receive speed for the connection -between the serial port and the modem. While the modem used for this -configuration is only a 28.8 device, setting this value to 57600 lets -the serial link run at a higher rate to accommodate higher throughput -as a result of the data compression built into late-model modems.</para> - -<para>If you have trouble communicating with your modem, try setting this -value to 38400 or even as low as 19200.</para> - -<para> -<informalexample> -<screen>disable pred1 -deny pred1</screen> -</informalexample> -</para> - -<para>These two lines disable the "CCP/Predictor type 1" compression -features of the PPP program. The current version of `ppp` supports -data compression in accordance with draft Internet standards. -Unfortunately many ISPs use equipment that does not support this -capability. Since most modems try to perform on-the-fly compression -anyway you're probably not losing much performance by disabling this -feature on the FreeBSD side and denying the remote side from forcing -it on you.</para> - -<para> -<informalexample> -<screen>disable lqr -deny lqr</screen> -</informalexample> -</para> - -<para>These two lines control the "Line Quality Reporting" functions which -are part of the complete Point-to-Point (PPP) protocol specification. -(See RFC-1989 for details.)</para> - -<para>The first line, "disable lqr", instructs the PPP program to not -attempt to report line quality status to the device on the remote end.</para> - -<para>The second line, "deny lqr", instructs the PPP program to deny any -attempts by the remote end to reports line quality.</para> - -<para>As most modern dial-up modems have automatic error correction and -detection and LQR reporting is not fully implemented in many vendor's -products it's generally a safe bet to include these two lines in the -default configuration.</para> - -<para> -<informalexample> -<screen>set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" ATE1Q0M0 -OK-AT-OK\\dATDT\\T TIMEOUT 40 CONNECT"</screen> -</informalexample> -</para> - -<para><emphasis>NOTE: (This statement should appear on a single line; ignore any -line wrapping that may appear in this document.)</emphasis></para> - -<para>This line instructs the PPP program how to dial the modem and -specifies some rudimentary guidelines for doing so: -<itemizedlist> - -<listitem> -<para>Attempts to dial should fail if the modem returns a "BUSY" result code,</para> -</listitem> - -<listitem> -<para>Attempts to dial should also fail if the modem returns a "NO CARRIER" result code,</para> -</listitem> - -<listitem> -<para>The PPP program should expect each of the following events to complete within a -5-second timeout period: -<itemizedlist> - -<listitem> -<para>The PPP program will initially expect nothing (specified above -by the \"\" portion of the statement) from the modem </para> -</listitem> - -<listitem> -<para>The program -will send the modem initialization string "ATE1Q0M0" to the modem and -await a response of "OK". If a response is not received, the program -should send an attention command to the modem ("AT") and look again -for a response of "OK", </para> -</listitem> - -<listitem> -<para>The program should delay for one second -(specified by the "\\d" part of the statement, and send the dialing -string to the modem. The "ATDT" portion of the statement is the -standard modem prefix to dial using tone-dialing; if you do not have -touch-tone service on your local phone line, replace the "ATDT" with -"ATDP". The "\\T" string is a placeholder for the actual phone number -(which will be automatically inserted as specified by the "set dial -123-4567").</para> -</listitem> - -</itemizedlist> -</para> -</listitem> - -<listitem> -<para>Finally, before a (maximum) timeout of 40 seconds, the PPP -program should expect to see a "CONNECT" result code returned from the -modem.</para> -</listitem> - -</itemizedlist> -</para> - -<para>A failure at any point in this dialog will be interpreted as a dialing -failure and the PPP program will fail to connect.</para> - -<para>(For a detailed description of the mini-scripting language used by the -PPP dialer, refer to the "chat" manpage.)</para> - -<para> -<informalexample> -<screen>set redial 3 10</screen> -</informalexample> - -This line specifies that if a dial connection cannot immediately be made -the PPP program should retry (up to 3 times if necessary) with a delay of 10 seconds -between redialing attempts.</para> - -</sect3> - -<sect3> -<title>The "<emphasis remap=tt>interactive</emphasis>" Section</title> - -<para>The '<emphasis remap=tt>interactive:</emphasis>' section contains the values and -settings used to set up an "interactive" PPP session with a specific -remote system. Settings in this section will have the lines included -in the "default" section included automatically.</para> - -<para>The example cited in this section of the guide presumes that you'll -be connecting to a remote system that understands how to authenticate -a user without any fancy scripting language. That is, this sample -uses the CHAP protocol to set up the connection.</para> - -<para>A good rule of thumb is that if the Windows '95 dialer can set up a -connection by just clicking the "Connect" button this sample -configuration should work OK.</para> - -<para>If, on the other hand, when you connect to your ISP using Microsoft -Windows '95 Dial-Up Networking you need to resort to using the "Dial -Up Scripting Tool" from the Microsoft Plus! pack or you have to select -"Bring up a terminal windows after dialing" in the Windows '95 -connection options then you'll need to look at the sample PPP -configuration files and the ppp manpage for examples of "expect / -response" scripting to make your ISP connection. The "set login" -command is used for this purpose.</para> - -<para>Or even better, find an ISP who knows how to provide PAP or CHAP -authentication!</para> - -<para>The configuration examples shown here have been successfully used to -connect to: -<itemizedlist> - -<listitem> -<para>Various Shiva LanRovers</para> -</listitem> - -<listitem> -<para>The IBM Network (<ulink URL="http://www.ibm.net">http://www.ibm.net</ulink>)</para> -</listitem> - -<listitem> -<para>AT&T WorldNet (<ulink URL="http://att.com/worldnet">http://att.com/worldnet</ulink>)</para> -</listitem> - -<listitem> -<para>Erol's (<ulink URL="http://www.erols.com">http://www.erols.com</ulink>)</para> -</listitem> - -</itemizedlist> -</para> - -<para>Following are descriptions for each line in the "interactive" section -of the sample '<filename>/etc/ppp/ppp.conf</filename>' file:</para> - -<para> -<informalexample> -<screen>set authname Your_User_ID_On_Remote_System</screen> -</informalexample> - -This line specifies the name you would use to log in to the remote -system. </para> - -<para> -<informalexample> -<screen>set authkey Your_Password_On_Remote_System</screen> -</informalexample> - -This is the password you'd use to log in to the remote system.</para> - -<para> -<informalexample> -<screen>set phone 1-800-123-4567</screen> -</informalexample> - -This is the phone number of the remote system. If you're inside a PBX -you can -prepend '<emphasis remap=tt>9, </emphasis>' to the number here.</para> - -<para> -<informalexample> -<screen>set timeout 300</screen> -</informalexample> - -This tells the PPP program that it should automatically hang up the -phone if no data has -be exchanged for 300 seconds (5 minutes). You may wish to tailor this -number to your -specific requirements.</para> - -<para> -<informalexample> -<screen>set openmode active</screen> -</informalexample> - -This tells the PPP program that once the modems are connected it -should immediately attempt to negotiate the connection. Some remote -sites do this automatically, some don't. This instructs your side of -the link to take the initiative and try to set up the connection.</para> - - - -<screen>accept chap</screen> - - -<para>This tells the PPP program to use the "Challenge-Handshake -Authentication Protocol" to authenticate you. The values exchanged -between the local and remote side for UserID and password are taken -from the 'authname' and 'authkey' entries above.</para> - -</sect3> - -<sect3> -<title>The "<emphasis remap=tt>demand</emphasis>" Section</title> - -<para>The "<emphasis remap=tt>demand</emphasis>" section contains the values and settings used -to set up a "Dial-on-demand" PPP session with a specific remote -system. Settings in this section will also have the lines included in -the "default" section included automatically.</para> - -<para>Except for the last two lines in this section it is identical to -the configuration section which defines the "interactive" -configuration.</para> - -<para>As noted earlier, the examples cited in this section of -the guide presume that you'll be connecting to a remote system that -understands how to use the CHAP protocol to set up the connection.</para> - -<para>Following are descriptions for each line in the "demand" section of -the sample '<filename>/etc/ppp/ppp.conf</filename>' file:</para> - -<para> -<informalexample> -<screen>set authname Your_User_ID_On_Remote_System</screen> -</informalexample> - -This line specifies the name you would use to log in to the remote -system. </para> - -<para> -<informalexample> -<screen>set authkey Your_Password_On_Remote_System</screen> -</informalexample> - -This is the password you'd use to log in to the remote system.</para> - -<para> -<informalexample> -<screen>set phone 1-800-123-4567</screen> -</informalexample> - -This is the phone number of the remote system.</para> - -<para> -<informalexample> -<screen>set timeout 300</screen> -</informalexample> -</para> - -<para>This tells the PPP program that it should automatically hang up the -phone if no data has be exchanged for 300 seconds (5 minutes). You -may wish to tailor this number to your specific requirements.</para> - -<para> -<informalexample> -<screen>set openmode active</screen> -</informalexample> -</para> - -<para>This tells the PPP program that once the modems are connected it -should immediately attempt to negotiate the connection. Some remote -sites do this automatically, some don't. This instructs your side of -the link to take the initiative and try to set up the connection.</para> - -<para> -<informalexample> -<screen>accept chap</screen> -</informalexample> -</para> - -<para>This tells the PPP program to use the "Challenge-Handshake -Authentication Protocol" to authenticate you. The values exchanged -between the local and remote side for UserID and password are taken -from the 'authname' and 'authkey' entries above.</para> - -<para> -<informalexample> -<screen>set ifaddr 127.1.1.1/0 127.2.2.2/0 255.255.255.0</screen> -</informalexample> -</para> - -<para>This command sets up a pair of "fake" IP addresses for the local and -remote sides of the PPP link. It instructs the PPP program to create -an IP address of 127.1.1.1 for the local side of the '<emphasis remap=tt>tun0</emphasis>' -(tunnel) device -and 127.2.2.2 for the remote side. Appending '<filename>/0</filename>' to -each address tells the PPP program that zero of the bits that make up -these addresses are significant and can (in fact, must!) be negotiated -between the local and remote systems when the link is established. -The 255.255.255.0 string tells the PPP program what Subnet mask to -apply to these pseudo-interfaces.</para> - -<para>Remember, we've assumed that your ISP provides the IP addresses for -both ends of the link! If your ISP assigned you a specific IP address -that you should use on your side when configuring your system, enter -that IP address here <emphasis>instead</emphasis> of <emphasis remap=tt>127.1.1.1</emphasis>.</para> - -<para>Conversly, if your ISP gave you a specific IP address that he uses on -his end you should enter that IP address here <emphasis>instead</emphasis> of -<emphasis remap=tt>127.2.2.2</emphasis>.</para> - -<para>In both cases, it's probably a good idea to leave the '<filename>/0</filename>' on -the end of each address. This gives the PPP program the opportunity -to change the address(es) of the link if it <emphasis>has</emphasis> to.</para> - -<para> -<informalexample> -<screen>add 0 0 127.2.2.2</screen> -</informalexample> -</para> - -<para>This last line tells the PPP program that it should add a default -route for IP traffic that points to the (fake) IP address of the ISP's -system.</para> - -<para><emphasis><emphasis remap=bf>Note: If you used an ISP-specified address instead of -<emphasis remap=tt>127.2.2.2</emphasis> on the preceeding line, use the same number here -instead of <emphasis remap=tt>127.2.2.2</emphasis></emphasis></emphasis>.</para> - -<para>By adding this "fake" route for IP traffic, the PPP program can, -while idle: -<itemizedlist> - -<listitem> -<para>Accept packets that FreeBSD doesn't already know how to forward,</para> -</listitem> - -<listitem> -<para>Establish a connection to the ISP "<emphasis>on-the-fly</emphasis>",</para> -</listitem> - -<listitem> -<para>Reconfigure the IP addresses of the local and remote side of the link,</para> -</listitem> - -<listitem> -<para>Forward packets between your workstation and the ISP.</para> -</listitem> - -</itemizedlist> - -automatically!</para> - -<para>Once the number of seconds specified by the timeout value in the -"default" section have elapsed without any TCP/IP traffic the PPP -program will automatically close the dial-up connection and the -process will begin again.</para> - -</sect3> -</sect2> - -<sect2> -<title>The '<filename>/etc/ppp/ppp.linkup</filename>' file</title> - -<para>The other file needed to complete the PPP configuration is found in -'<filename>/etc/ppp/ppp.linkup</filename>'. This file contains instructions for -the PPP program on what actions to take after a dial-up link is -established.</para> - -<para>In the case of dial-on-demand configurations the PPP program will need -to delete the default route that was created to the fake IP address of -the remote side (127.2.2.2 in our example in the previous section) and -install a new default route that points the actual IP address of the -remote end (discovered during the dial-up connection setup).</para> - -<para>A representative '<filename>/etc/ppp/ppp.linkup</filename>' file: -<informalexample> -<screen>#########################################################################= - -# PPP Link Up File ('/etc/ppp/ppp.linkup') -# -# This file is checked after PPP establishes a network connection. -# -# This file is searched in the following order. -# -# 1) First, the IP address assigned to us is searched and -# the associated command(s) are executed. -# -# 2) If the IP Address is not found, then the label name specified at - -# PPP startup time is searched and the associated command(s) -# are executed. -# -# 3) If neither of the above are found then commands under the label -# 'MYADDR:' are executed. -# -#########################################################################= - -# -# This section is used for the "demand" configuration in -# /etc/ppp/ppp.conf: -demand: - delete ALL - add 0 0 HISADDR -# -# All other configurations in /etc/ppp/ppp.conf use this: -# -MYADDR: - add 0 0 HISADDR -######################################################################## -# End of /etc/ppp/ppp.linkup</screen> -</informalexample> - -Notice that there is a section in this file named "demand:", identical -to the configuration name used in the '<filename>/etc/ppp/ppp.conf</filename>' -file. This section instructs the PPP program that once a link is -established using this configuration, it must: -<orderedlist> - -<listitem> -<para>Remove any IP routing information that the PPP program has created</para> -</listitem> - -<listitem> -<para>Add a default route the remote end's actual address.</para> -</listitem> - -</orderedlist> -</para> - -<para>It's critical that those configurations in -'<filename>/etc/ppp/ppp.conf</filename>' which include the '<emphasis remap=tt>set ifaddr</emphasis>' and -'<emphasis remap=tt>add 0 0</emphasis>' statements (i.e.: those configurations used for -Dial-on-Demand configurations) execute the "delete ALL" and "add 0 0 -HISADDR" commands in <filename>/etc/ppp/ppp.linkup</filename>.</para> - -<para><emphasis><emphasis remap=bf>This is the mechanism that controls the actual on-demand -configuration of the link.</emphasis></emphasis></para> - -<para>All configurations not explicitly named in -<filename>/etc/ppp/ppp.linkup</filename> will use whatever commands are in the -"MYADDR:" section of the file. This is where non-Demand-Dial -configurations (such as our "interactive:" sample) will fall through -to. This section simply adds a default route to the ISP's IP address -(at the remote end).</para> - -</sect2> -</sect1> - -<sect1> -<title>IP Aliasing</title> - -<para>All of the configuration steps described thus far are relevant to -any FreeBSD system which will be used to connect to an ISP via dial-up -connection.</para> - -<para>If your sole objective in reading this guide is to connect your -FreeBSD box to the Internet using dial-out ppp you can proceed to -<xref linkend="testing-the-network">.</para> - -<para>One very attractive feature of the PPP program in on-demand mode is -its ability to route IP traffic between other systems on the Local -Area Network automatically. This feature is known by various names, -"<emphasis>IP Aliasing</emphasis>", "<emphasis>Network Address Translation</emphasis>", "<emphasis>Address -Masquerading</emphasis>" or "<emphasis>Transparent Proxying</emphasis>".</para> - -<para>Regardless of the terminology used, this mode is not, however, -automatic. If the PPP program is started normally then the program -will not forward packets between LAN interface(s) and the dial-out -connection. In effect, only the FreeBSD system is connected to the -ISP; other workstations cannot "share" the same connection.</para> - -<para>For example, if the program is started with either of the following -command lines:</para> - -<para><emphasis remap=tt># ppp interactive (Interactive mode)</emphasis></para> - -<para> or</para> - -<para><emphasis remap=tt># ppp -auto demand (Dial-on-Demand mode)</emphasis></para> - -<para>then the system will function as an Internet-connected workstation -<emphasis>only</emphasis> for the -FreeBSD box.</para> - -<para>To start the PPP program as a gateway between LAN resources and the -Internet, one of the following command lines would be used instead:</para> - -<para><emphasis remap=tt># ppp -alias interactive (Interactive mode)</emphasis></para> - -<para> or</para> - -<para><emphasis remap=tt># ppp -auto -alias demand (Dial-on-Demand mode)</emphasis></para> - -<para>You can alternatively use the command <emphasis remap=tt>``alias enable yes''</emphasis> -in your ppp configuration file (refer to the man page for details).</para> - -<para>Keep this in mind if you intend to proceed with <xref - linkend="config-window-system">.</para> - -</sect1> -</chapter> - -<chapter id="config-window-system"> -<title>Configuring Windows Systems</title> - -<para>As indicated in Section 1, our example network consists of a -FreeBSD system ("Curly") which acts as a gateway (or router) between a -Local Area Network consisting of two different flavors of Windows -Workstations. In order for the LAN nodes to use Curly as a router -they need to be properly configured. Note that this section does not -explain how to configure the Windows workstations for Dial-Up -networking. If you need a good explanation of that procedure, I -recommend <ulink URL="http://www.aladdin.co.uk/techweb">http://www.aladdin.co.uk/techweb</ulink>.</para> - - -<sect1> -<title> Configuring Windows 95</title> - -<para>Configuring Windows 95 to act as an attached resource on your LAN -is relatively simple. The Windows 95 network configuration must be -slightly modified to use the FreeBSD system as the default gateway to -the ISP. Perform the following steps:</para> - -<para><emphasis remap=bf>Create the Windows 95 "hosts" file:</emphasis></para> - -<para>In order to connect to the other TCP/IP systems on the LAN you'll -need to create an identical copy of the "hosts" file that you -installed on the FreeBSD system in <xref linkend="list-lan-hosts">. -<itemizedlist> - -<listitem> -<para>Click the "Start" button; select "Run..."; enter "notepad -\WINDOWS\HOSTS" (without the quotes) and click "OK"</para> -</listitem> - -<listitem> -<para>In the editor, enter the addresses and system names from the hosts -file shown in <xref linkend="list-lan-hosts">.</para> -</listitem> - -<listitem> -<para>When finished editing, close the notepad application (making sure -that you save the file!).</para> -</listitem> - -</itemizedlist> -</para> - -<para><emphasis remap=bf>Configure the Windows 95 TCP/IP Network Configuation -settings</emphasis>: -<itemizedlist> - -<listitem> -<para>Click the "Start" button on the taskbar; select "Settings" and -"Control Panel". </para> -</listitem> - -<listitem> -<para>Double-click the "Network" icon to open it.</para> - -<para> -The settings for all Network Elements are displayed.</para> -</listitem> - -<listitem> -<para>With the "Configuration" tab selected, scroll down the list of -installed components and highlight the "TCP/IP-><emphasis>YourInterfaceType</emphasis>" line -(where "<emphasis>YourInterfaceType</emphasis>" is the name or type of Ethernet adapter in your system). -</para> - -<para>If TCP/IP is not listed in the list of installed network -components, click the "Add" button and install it before proceeding.</para> - -<para>(Hint: "Add | Protocol | Microsoft | TCP/IP | OK")</para> -</listitem> - -<listitem> -<para>Click on the "Properties" button to display a list of the -settings associated with the TCP component.</para> -</listitem> - -</itemizedlist> -</para> - -<para><emphasis remap=bf>Configure the IP Address Information:</emphasis> -<itemizedlist> - -<listitem> -<para>Click the "IP Address" tab</para> -</listitem> - -<listitem> -<para>Click the "Specify an IP address" radio button. -</para> - -<para>(In our example LAN the Windows 95 system is the one we've called "Larry".)</para> -</listitem> - -<listitem> -<para>In the "IP Address" field enter "192.168.1.2".</para> -</listitem> - -<listitem> -<para>Enter 255.255.255.0 in the "Subnet Mask" field.</para> -</listitem> - -</itemizedlist> -</para> - -<para><emphasis remap=bf>Configure the Gateway information:</emphasis> -<itemizedlist> - -<listitem> -<para>Click on the "Gateway" tab -</para> - -<para>For our example network the FreeBSD box will be acting as our -gateway to the Internet (routing packets between the Ethernet LAN and -the PPP dial-up connection. Enter the IP address of the FreeBSD -Ethernet interface, 192.168.1.1, in the "New gateway" field and click -the "Add" button. If any other gateways are defined in the "Installed -gateways" list you may wish to consider removing them.</para> -</listitem> - -</itemizedlist> -</para> - -<para><emphasis remap=bf>Configure the DNS Information:</emphasis></para> - -<para>This guide assumes that your Internet Service Provider has given -you a list of Domain Name Servers (or "DNS Servers") that you should -use. If you wish to run a DNS server on your local FreeBSD system, -refer to Section 6, "Exercise for the Interested Student" for tips on -setting up DNS on your FreeBSD system.</para> - -<para> -<itemizedlist> - -<listitem> -<para>Click the "DNS Configuration" tab</para> -</listitem> - -<listitem> -<para>Make sure that the "Enable DNS" radio button is selected. -</para> - -<para>(If this button is not selected only the entries that -we put in the host file(s) will be available and your Net-Surfing -will not work as you expect!)</para> -</listitem> - -<listitem> -<para>In the "Host" field enter the name of the Windows 95 box, in this -case: "Larry".</para> -</listitem> - -<listitem> -<para>In the "Domain" field enter the name of our local network, in this -case: "my.domain"</para> -</listitem> - -<listitem> -<para>In the "DNS Server Search Order" section, enter the IP address -of the DNS server(s) that your ISP provided, clicking the "Add" button -after every address is entered. Repeat this step as many times as -necessary to add all of the addresses that your ISP provided.</para> -</listitem> - -</itemizedlist> -</para> - -<para><emphasis remap=bf>Other Windows 95 TCP/IP options:</emphasis></para> - -<para>For our purposes the settings under the "Advanced", "WINS -Configuration" and "Bindings" tabs are not necessary.</para> - -<para>If you wish to use the Windows Internet Naming Service ("WINS") -your attention is invited to <ulink URL="http://www.localnet.org">http://www.localnet.org</ulink> for -more information about WINS settings, specifically regarding sharing -files transparently across the Internet.</para> - -<para><emphasis remap=bf>Mopping up:</emphasis> -<itemizedlist> - -<listitem> -<para>Click on the "OK" button to close the TCP/IP Properties window.</para> -</listitem> - -<listitem> -<para>Click on the "OK" button to close the Network Control Panel. </para> -</listitem> - -<listitem> -<para>Reboot your computer if prompted to do so. </para> -</listitem> - -</itemizedlist> -</para> - -<para> That's it!</para> - -</sect1> - -<sect1> -<title>Configuring Windows NT</title> - -<para>Configuring Windows NT to act as a LAN resource is also relatively -straightforward. The procedures for configuring Windows NT are -similar to Windows 95 with minor exceptions in the user interface.</para> - -<para>The steps shown here are appropriate for a Windows NT 4.0 -Workstation, but the principles are the same for NT 3.5x. You may -wish to refer to the "Configuring Windows for Workgroups" section if -you're configuring Windows NT 3.5<emphasis remap=it>x</emphasis>, since the user interface is -the same for NT 3.5 and WfW.</para> - -<para>Perform the following steps: </para> - -<para><emphasis remap=bf>Create the Windows NT "hosts" file:</emphasis></para> - -<para>In order to connect to the other TCP/IP systems on the LAN you'll -need to create an identical copy of the "hosts" file that you -installed on the FreeBSD system in Section 3.4 -<itemizedlist> - -<listitem> -<para>Click the "Start" button; select "Run..."; enter "notepad -\WINNT\SYSTEM32\DRIVERS\ETC\HOSTS" (without the quotes) and click -"OK"</para> -</listitem> - -<listitem> -<para>In the editor, enter the addresses and system names from Section -3.4.</para> -</listitem> - -<listitem> -<para>When finished editing, close the notepad application (making sure -that you save the file!).</para> -</listitem> - -</itemizedlist> -</para> - -<para><emphasis remap=bf>Configure the Windows NT TCP/IP Network Configuation -settings</emphasis>: -<itemizedlist> - -<listitem> -<para>Click the "Start" button on the taskbar; select "Settings" and -"Control Panel". </para> -</listitem> - -<listitem> -<para>Double-click the "Network" icon to open it. </para> -</listitem> - -<listitem> -<para>With the "Identification" tab selected, verify the "Computer Name" -and "Workgroup" fields. In this example we'll use "Shemp" for the name -and "Stooges" for the workgroup. Click the "Change" button and amend -these entries as necessary.</para> -</listitem> - -<listitem> -<para>Select the "Protocols" tab. - -</para> - -<para>The installed Network Protocols will be displayed. There may be a -number of protocols listed but the one of interest to this guide is -the "TCP/IP Protocol". If "TCP/IP Protocol" is not listed, click the -"Add" button to load it.</para> - -<para>(Hint: "Add | TCP/IP Protocol | OK") </para> -</listitem> - -<listitem> -<para>Highlight "TCP/IP -Protocol" and click the "Properties" button. -</para> - -<para>Tabs for specifying various settings for TCP/IP will be displayed.</para> -</listitem> - -</itemizedlist> -</para> - -<para><emphasis remap=bf>Configuring the IP Address:</emphasis></para> - -<para>Make sure that the Ethernet Interface is shown in the "Adapter" -box; if not, scroll through the list of adapters until the correct -interface is shown. -<itemizedlist> - -<listitem> -<para>Click the "Specify an IP address" radio button to enable the three -text boxes. -</para> - -<para>In our example LAN the Windows NT system is the one we've called -"Shemp"</para> -</listitem> - -<listitem> -<para>In the "IP Address" field enter "192.168.1.4".</para> -</listitem> - -<listitem> -<para>Enter 255.255.255.0 in the "Subnet Mask" field.</para> -</listitem> - -</itemizedlist> -</para> - -<para><emphasis remap=bf>Configure the Gateway information:</emphasis></para> - -<para>For our example network the FreeBSD box will be acting as our gateway -to the Internet (routing packets between the Ethernet LAN and the PPP dial-up -connection. -<itemizedlist> - -<listitem> -<para>Enter the IP address of the FreeBSD Ethernet interface, -192.168.1.1, in the "New gateway" field and click the "Add" button. -</para> - -<para>If any other gateways are defined in the "Installed gateways" list -you may wish to consider removing them.</para> -</listitem> - -</itemizedlist> -</para> - -<para><emphasis remap=bf>Configuring DNS:</emphasis></para> - -<para>Again, this guide assumes that your Internet Service Provider has -given you a list of Domain Name Servers (or "DNS Servers") that you -should use.</para> - -<para>If you wish to run a DNS server on your local FreeBSD system, refer to -Section 6, "Exercise for the Interested Student" for tips on setting -up DNS on your FreeBSD system. -<itemizedlist> - -<listitem> -<para>Click the "DNS" tab</para> -</listitem> - -<listitem> -<para>In the "Host Name" field enter the name of the Windows NT box, in -this case: "Shemp".</para> -</listitem> - -<listitem> -<para>In the "Domain" field enter the name of our local network, in this -case: "my.domain"</para> -</listitem> - -<listitem> -<para>In the "DNS Server Search Order" section, enter the IP address of -the DNS server that your ISP provided, clicking the "Add" button after -every address is entered. Repeat this step as many times as necessary -to add all of the addresses that your ISP provided.</para> -</listitem> - -</itemizedlist> -</para> - -<para><emphasis remap=bf>Other Windows NT TCP/IP options:</emphasis></para> - -<para>For our purposes the settings under the "WINS Address" and -"Routing" tabs are not used.</para> - -<para>If you wish to use the Windows Internet Naming Service ("WINS") -your attention is invited to <ulink URL="http://www.localnet.org">http://www.localnet.org</ulink> for -more information about WINS settings, specifically regarding sharing -files transparently across the Internet.</para> - -<para><emphasis remap=bf>Mopping up:</emphasis> -<itemizedlist> - -<listitem> -<para>Click on the "OK" button to close the TCP/IP Properties section. -</para> -</listitem> - -<listitem> -<para>Click on the "Close" button to close the Network Control Panel. -</para> -</listitem> - -<listitem> -<para>Restart your computer if prompted to do so.</para> -</listitem> - -</itemizedlist> -</para> - -<para>That's it!</para> - -</sect1> - -<sect1> -<title>Configuring Windows for Workgroups</title> - -<para>Configuring Windows for Workgroups to act as a network client -requires that the Microsoft TCP/IP-32 driver diskette has been -installed on the workstation. The TCP/IP drivers are not included -with the WfW CD or diskettes; if you need a copy they're available at -<ulink URL="ftp://ftp.microsoft.com:/peropsys/windows/public/tcpip">ftp://ftp.microsoft.com:/peropsys/windows/public/tcpip</ulink>.</para> - -<para>Once the TCP/IP drivers have been loaded, perform the following -steps:</para> - -<para><emphasis remap=bf>Create the Windows for Workgroups "hosts" file:</emphasis></para> - -<para>In order to connect to the other TCP/IP systems on the LAN you'll -need to create an identical copy of the "hosts" file that you -installed on the FreeBSD system in Section 3.4. -<itemizedlist> - -<listitem> -<para>In Program Manager, click the "File" button; select "Run"; and -enter: "notepad \WINDOWS\HOSTS" (without the quotes) and click "OK"</para> -</listitem> - -<listitem> -<para>In the editor, enter the addresses and system names from the hosts -file shown in Section 3.4.</para> -</listitem> - -<listitem> -<para>When finished editing, close the notepad application (making sure -that you save the file!).</para> -</listitem> - -</itemizedlist> -</para> - -<para><emphasis remap=bf>Configure the Windows 95 TCP/IP Network Configuation -settings</emphasis> -<itemizedlist> - -<listitem> -<para>In the main window of Program Manager, open the "Network" group by -double-clicking the icon. </para> -</listitem> - -<listitem> -<para>Double click on the "Network Setup" icon. </para> -</listitem> - -<listitem> -<para>In the "Network Drivers Box" double-click the "Microsoft -TCP/IP-32" entry. </para> -</listitem> - -</itemizedlist> -</para> - -<para><emphasis remap=bf>Configure the Windows for Workgroups IP Address:</emphasis> </para> - -<para>Ensure -the correct Ethernet Interface is selected in the "Adapter" list. If -not, scroll down until it is displayed and select it by clicking on -it. -<itemizedlist> - -<listitem> -<para>Ensure that the "Enable Automatic DHCP Configuration" check box is -blank. If it is checked, click it to remove the "X".</para> -</listitem> - -<listitem> -<para>In our example LAN the Windows for Workgroups system is the one -we've called "Moe"; in the "IP Address" field enter "192.168.1.3".</para> -</listitem> - -<listitem> -<para>Enter 255.255.255.0 in the "Subnet Mask" field.</para> -</listitem> - -</itemizedlist> -</para> - -<para><emphasis remap=bf>Configure the Gateway information:</emphasis></para> - -<para>For our example network the FreeBSD box will be acting as our -gateway to the Internet (routing packets between the Ethernet LAN and -the PPP dial-up connection). -<itemizedlist> - -<listitem> -<para>Enter the IP address of the FreeBSD system, 192.168.1.1, in the -"Default Gateway" field.</para> -</listitem> - -</itemizedlist> -</para> - -<para><emphasis remap=bf>Configuring DNS:</emphasis></para> - -<para>Again, this guide assumes that your Internet Service Provider has -given you a list of Domain Name Servers (or "DNS Servers") that you -should use. If you wish to run a DNS server on your local FreeBSD -system, refer to Section 6, "Exercise for the Interested Student" for -tips on setting up DNS on your FreeBSD system. -<itemizedlist> - -<listitem> -<para>Click the "DNS" button.</para> -</listitem> - -<listitem> -<para>In the "Host Name" field enter the name of the Windows for -Workgroups box, in this case: "Moe".</para> -</listitem> - -<listitem> -<para>In the "Domain" field enter the name of our local network, in this -case: "my.domain"</para> -</listitem> - -<listitem> -<para>In the "Domain Name Service (DNS) Search Order" section, enter the -IP address of the DNS server that your ISP provided, clicking the "Add" -button after each address is entered. Repeat this step as many times as -necessary to add all of the addresses that your ISP provided.</para> -</listitem> - -<listitem> -<para>Click on the "OK" button to close the DNS Configuration window. -</para> -</listitem> - -</itemizedlist> -</para> - -<para><emphasis remap=bf>Mopping up:</emphasis> -<itemizedlist> - -<listitem> -<para>Click on the "OK" button to close the TCP/IP Configuration window. -</para> -</listitem> - -<listitem> -<para>Click on the "OK" button to close the Network Setup window.</para> -</listitem> - -<listitem> -<para>Reboot your computer if prompted. </para> -</listitem> - -</itemizedlist> -</para> - -<para>That's it!</para> - -</sect1> -</chapter> - -<chapter id="testing-the-network"> -<title>Testing the Network</title> - -<para> Once you've completed that appropriate tasks above you should have -a functioning PPP gateway to the Internet.</para> - - -<sect1> -<title>Testing the Dial-Up link:</title> - -<para> The first thing to test is that the connection is being made -between your modem and the ISP.</para> - -</sect1> - -<sect1> -<title>Testing the Ethernet LAN</title> - -<para> *** TBD ***</para> - -</sect1> -</chapter> - -<chapter> -<title>Exercises for the Interested Student</title> - - -<sect1> -<title>Creating a mini-DNS system</title> - -<para>While managing a Domain Name Service (DNS) hierarchy can be a black -art, it is possible to set up a Mini-DNS server on the FreeBSD system -that also acts as your gateway to your ISP.</para> - -<para>Building on the files in <filename>/etc/namedb</filename> when the FreeBSD -system was installed it's possible to create a name server that is -both authoritative for the example network shown here as well as a -front-door to the Internet DNS architecture.</para> - -<para>In this minimal DNS configuration, only three files are necessary: -<informalexample> -<screen>/etc/namedb/named.boot -/etc/namedb/named.root -/etc/namedb/mydomain.db</screen> -</informalexample> -</para> - -<para>The <filename>/etc/namedb/named.root</filename> file is automatically installed -as part of the FreeBSD base installation; the other two files must be -created manually.</para> - - -<sect2> -<title>The <filename>/etc/namedb/named.boot</filename> file</title> - -<para>The <filename>/etc/namedb/named.boot</filename> file controls the startup -settings of the DNS server. -Esentially, it tells the Name Server: -<orderedlist> - -<listitem> -<para>Where to find configuration files,</para> -</listitem> - -<listitem> -<para>What "domain names" it's responsible for, and</para> -</listitem> - -<listitem> -<para>Where to find other DNS servers.</para> -</listitem> - -</orderedlist> -</para> - -<para>Using the '<emphasis remap=tt>ee</emphasis>' editor, create a -<filename>/etc/namedb/named.boot</filename> with the following contents: -<informalexample> -<screen>; boot file for mini-name server - -directory /etc/namedb - -; type domain source host/file backup file - -cache . named.root -primary my.domain. mydomain.db</screen> -</informalexample> -</para> - -<para>Lines that begin with a semi-colon are comments. The significant -lines in this file are: -<itemizedlist> - -<listitem> -<para><command>directory /etc/namedb</command> -</para> - -<para>Tells the Name Server where to find the configuration files -referenced in the remaining sections of the -'<filename>/etc/namedb/named.boot</filename>' file.</para> -</listitem> - -<listitem> -<para><emphasis remap=tt>cache . named.root</emphasis> -</para> - -<para>Tells the Name Server that the list of "Top-Level" DNS servers for -the Internet can be found in a file called '<filename>named.root</filename>'. -(This file is included in the base installation and its -contents are not described in this document.)</para> -</listitem> - -<listitem> -<para><emphasis remap=tt>primary my.domain. mydomain.db</emphasis> -</para> - -<para>Tells the Name Server that it will be "authoritative" for a DNS -domain called "my.domain" and that a list of names and IP addresses -for the systems in "my.domain" (the local network) -can be found in a file named '<filename>mydomain.db</filename>'.</para> -</listitem> - -</itemizedlist> -</para> - -<para>Once the <filename>/etc/namedb/named.boot</filename> file has been created and -saved, proceed to the next section to create the -<filename>/etc/namedb/mydomain.db</filename> file.</para> - -</sect2> - -<sect2> -<title>The <filename>/etc/namedb/mydomain.db</filename> file</title> - -<para>The <filename>/etc/namedb/mydomain.db</filename> file lists the names and IP -addresses of <emphasis>every</emphasis> system in the Local Area Network.</para> - -<para><emphasis>For a detailed description of the statements used in this file, -refer to the <emphasis remap=tt>named</emphasis> manpage.</emphasis></para> - -<para>The <filename>/etc/namedb/mydomain.db</filename> file for our minimal DNS -server has the following contents: -<informalexample> -<screen>@ IN SOA my.domain. root.my.domain. ( - 961230 ; Serial - 3600 ; Refresh - 300 ; Retry - 3600000 ; Expire - 3600 ) ; Minimum - IN NS curly.my.domain. - -curly.my.domain. IN A 192.168.1.1 # The FreeBSD box -larry.my.domain. IN A 192.168.1.2 # The Win'95 box -moe.my.domain. IN A 192.168.1.3 # The WfW box -shemp.my.domain. IN A 192.168.1.4 # The Windows NT box - -$ORIGIN 1.168.192.IN-ADDR.ARPA - IN NS curly.my.domain. -1 IN PTR curly.my.domain. -2 IN PTR larry.my.domain. -3 IN PTR moe.my.domain. -4 IN PTR shemp.my.domain. - -$ORIGIN 0.0.127.IN-ADDR.ARPA - IN NS curly.my.domain. -1 IN PTR localhost.my.domain.</screen> -</informalexample> -</para> - -<para>In simple terms, this file declares that the local DNS server is: -<itemizedlist> - -<listitem> -<para>The Start of Authority for ("SOA") for a domain called -'my.domain',</para> -</listitem> - -<listitem> -<para>The Name Server ("NS") for 'my.domain',</para> -</listitem> - -<listitem> -<para>Responsible for the reverse-mapping for all IP addresses that -start with '192.168.1.' and -'127.0.0.' ("$ORIGIN ...")</para> -</listitem> - -</itemizedlist> -</para> - -<para>To add workstation entries to this file you'll need to add two -lines for each system; one in the top section where the name(s) are -mapped into Internet Addresses ("IN A"), and another line that maps -the addresses back into names in the <filename>$ORIGIN -1.168.192.IN-ADDR.ARPA</filename> section.</para> - -</sect2> - -<sect2> -<title>Starting the DNS Server</title> - -<para>By default the DNS server ('<filename>/usr/sbin/named</filename>') is not -started when the system boots. You can modify this behavior by -changing a single line in '<filename>/etc/rc.conf</filename>' as follows:</para> - -<para> Using the '<emphasis remap=tt>ee</emphasis>' editor, load <filename>/etc/rc.conf</filename>. Scroll -down approximately 40 lines until you come to the section that says: -<informalexample> -<screen>--- -named_enable="NO" # Run named, the DNS server (or NO). -named_flags="-b /etc/namedb/named.boot" # Flags to named (if enabled). ----</screen> -</informalexample> - -Change this section to read: -<informalexample> -<screen>--- -named_enable="YES" # Run named, the DNS server (or NO). -named_flags="-b /etc/namedb/named.boot" # Flags to named (if enabled). ----</screen> -</informalexample> - -Save the file and reboot.</para> - -<para>Alternatively, start the Name Server daemon by entering the following -command: -<informalexample> -<screen># named -b /etc/namedb/named.boot</screen> -</informalexample> -</para> - -<para>Whenever you modify any of the files in <filename>/etc/namedb</filename> you'll -need to kick-start the Name Server process to make it pick up the -modifications. This is performed with the following system command: -<informalexample> -<screen># kill -HUP `cat /var/run/named.pid`</screen> -</informalexample> -</para> - -</sect2> -</sect1> - -<sect1> -<title>Playing with PPP filters</title> - -<para>The PPP program has the ability to apply selected filtering rules -to the traffic it routes. While this is not nearly as secure as a -formal firewall it does provide some access control as to how the link -is used.</para> - -<para>('<emphasis remap=tt>man ipfw</emphasis>' for information on setting up a more secure -FreeBSD system.)</para> - -<para>The complete documentation for the various filters and rules under -PPP are availabe in the PPP manpage.</para> - -<para>There are four distinct classes of rules which may be applied to -the PPP program: -<itemizedlist> - -<listitem> -<para><emphasis>alive</emphasis> filter - Access Counter (or "Keep Alive") filters -</para> - -<para>These control which events are ignored by the <literal>set timeout=</literal> -statement in the configuration file.</para> -</listitem> - -<listitem> -<para><emphasis>dial</emphasis> filter - Dialing filters -</para> - -<para>These filtering rules control which events are ignored by the -demand-dial mode of PPP.</para> -</listitem> - -<listitem> -<para><emphasis>in</emphasis> filter - Input filters -</para> - -<para>Control whether incoming packets should be discarded or passed into -the system.</para> -</listitem> - -<listitem> -<para><emphasis>out</emphasis> filter - Output filters -</para> - -<para>Control whether outgoing packets should be discarded or passed into -the system.</para> -</listitem> - -</itemizedlist> -</para> - -<para>What follows is a snippet from an operating system which provides a -good foundation for "normal" Internet operations while preventing PPP -from pumping <emphasis>all</emphasis> data over the dial-up connection. Comments -briefly describe the logic of each rule set: -<informalexample> -<screen># -# KeepAlive filters -# Don't keep Alive with ICMP,DNS and RIP packet -# - set filter alive 0 deny icmp - set filter alive 1 deny udp src eq 53 - set filter alive 2 deny udp dst eq 53 - set filter alive 3 deny udp src eq 520 - set filter alive 4 deny udp dst eq 520 - set filter alive 5 permit 0/0 0/0 -# -# Dial Filters: -# Note: ICMP will trigger a dial-out in this configuration! -# - set filter dial 0 permit 0/0 0/0 -# -# Allow ident packet pass through -# - set filter in 0 permit tcp dst eq 113 - set filter out 0 permit tcp src eq 113 -# -# Allow telnet connection to the Internet -# - set filter in 1 permit tcp src eq 23 estab - set filter out 1 permit tcp dst eq 23 -# -# Allow ftp access to the Internet -# - set filter in 2 permit tcp src eq 21 estab - set filter out 2 permit tcp dst eq 21 - set filter in 3 permit tcp src eq 20 dst gt 1023 - set filter out 3 permit tcp dst eq 20 -# -# Allow access to DNS lookups -# - set filter in 4 permit udp src eq 53 - set filter out 4 permit udp dst eq 53 -# -# Allow DNS Zone Transfers -# - set filter in 5 permit tcp src eq 53 - set filter out 5 permit tcp dst eq 53 -# -# Allow access from/to local network -# - set filter in 6 permit 0/0 192.168.1.0/24 - set filter out 6 permit 192.168.1.0/24 0/0 -# -# Allow ping and traceroute response -# - set filter in 7 permit icmp - set filter out 7 permit icmp - set filter in 8 permit udp dst gt 33433 - set filter out 9 permit udp dst gt 33433 -# -# Allow cvsup -# - set filter in 9 permit tcp src eq 5998 - set filter out 9 permit tcp dst eq 5998 - set filter in 10 permit tcp src eq 5999 - set filter out 10 permit tcp dst eq 5999 -# -# Allow NTP for Time Synchronization -# - set filter in 11 permit tcp src eq 123 dst eq 123 - set filter out 11 permit tcp src eq 123 dst eq 123 - set filter in 12 permit udp src eq 123 dst eq 123 - set filter out 12 permit udp src eq 123 dst eq 123 -# -# SMTP'd be a good idea! -# - set filter in 13 permit tcp src eq 25 - set filter out 13 permit tcp dst eq 25 -# -# -# We use a lot of `whois`, let's pass that -# - set filter in 14 permit tcp src eq 43 - set filter out 14 permit tcp dst eq 43 - set filter in 15 permit udp src eq 43 - set filter out 15 permit udp dst eq 43 -# -# If none of above rules matches, then packet is blocked. -#-------</screen> -</informalexample> -</para> - -<para>Up to 20 distinct filtering rules can be applied to each class of -filter. Rules in each class are number sequentially from 0 to 20 -<emphasis>but none of the rules for a particular filter class take affect -until ruleset '0' is defined!</emphasis></para> - -<para>If you choose <emphasis>not</emphasis> to use Filtering Rules in the PPP -configuration then <acronym>ALL</acronym> traffic will be permitted both into and -out of your system while it's connected to your ISP.</para> - -<para>If you decide that you want to implement filtering rules, add the -above lines to your <filename>/etc/ppp/ppp.conf</filename> file in either the -"default:", "demand:", or "interactive:" section (or all of them - the -choice is yours).</para> - -</sect1> -</chapter> -</book> |