aboutsummaryrefslogtreecommitdiff
path: root/handbook/slips.sgml
blob: 799ead042ec1485aa703f620f98c9cc8b90519cf (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
<!-- This is an SGML version in the linuxdoc DTD of the SLIP Server
     FAQ by Guy Helmer.

     This guide provides instruction in configuring and preparing
     a FreeBSD system to be a dialup SLIP server.

<title>
Setting up FreeBSD as a SLIP Server
<author>Guy Helmer, <tt/ghelmer@alpha.dsu.edu/
<date>v0.2, 20 March 1995

-->

<sect><heading>Setting up a SLIP server</heading>

<p><em>Contributed by &a.ghelmer;.</em>

This document provides suggestions for setting up SLIP Server services
on a FreeBSD system, which typically means configuring your system to
automatically startup connections upon login for remote SLIP clients.
I've written this document based on my own experience; however, as
your system and needs may be different, this document may not answer
all of your questions, and I cannot be responsible if you damage your
system or lose data due to attempting to follow the suggestions here.

I have only setup SLIP Server services on a FreeBSD 1.1 system, so if
you are running a different version (such as FreeBSD 2.0), your system
may be different.

<sect1><heading>Prerequisites<label id="prereqs"></>

<p>
This document is very technical in nature, so background knowledge is
required.  I must assume that you are familiar with the TCP/IP network
protocol, and in particular, network and node addressing, network
address masks, subnetting, routing, and routing protocols, such as
RIP.  Configuring SLIP services on a dial-up server requires a
knowledge of these concepts, and if you are not familiar with them,
please read a copy of either Craig Hunt's <em>TCP/IP Network
Administration</em> published by O'Reilly &amp; Associates, Inc. (ISBN
Number 0-937175-82-X), or Douglas Comer's book on the TCP/IP protocol.

I will assume that you have already setup your modem(s) and configured
the appropriate system files to allow logins through your modems (see
the manual pages for <tt>sio(4)</tt> for information on the serial
port device driver and <tt>ttys(5)</tt>, <tt>gettytab(5)</tt>,
<tt>getty(8)</tt>, &amp; <tt>init(8)</tt> for information relevant to
configuring the system to accept logins on modems, and perhaps
<tt>stty(1)</tt> for information on setting serial port parameters
&lsqb;such as <tt>clocal</tt> for directly-connected serial
interfaces&rsqb;).

<sect1>Quick Overview

<p>
In its typical configuration, using FreeBSD as a SLIP server works as
follows: a SLIP user dials up your FreeBSD SLIP Server system and logs
in with a special SLIP login ID that uses <tt>/usr/sbin/sliplogin</tt>
as the special user's shell.  The <tt/sliplogin/ program browses the
file <tt>/etc/slip.hosts</tt> to find a matching line for the special
user, and if it finds a match, connects the serial line to an
available SLIP interface and then runs the shell script
<tt>/etc/slip.login</tt> to configure the SLIP interface.

<sect2>An Example of a SLIP Server Login

<p>
For example, if my SLIP user ID were <tt>Shelmerg</tt>, that user's
entry in <tt>/etc/master.passwd</tt> would look something like this
(except it would be all on one line):

<tscreen><verb>
Shelmerg:password:1964:89::0:0:Guy Helmer - SLIP:
        /usr/users/Shelmerg:/usr/sbin/sliplogin
</verb></tscreen>

and, when I log in with that user ID, <tt>sliplogin</tt> will search
<tt>/etc/slip.hosts</tt> for a line that had a matching user ID; on my
system, I may have a line in <tt>/etc/slip.hosts</tt> that reads:

<tscreen><verb>
Shelmerg        dc-slip sl-helmer       0xfffffc00      autocomp
</verb></tscreen>

sliplogin will find that matching line, hook the serial line I'm on
into the next available SLIP interface, and then execute
<tt>/etc/slip.login</tt> like this:

<tscreen><verb>
/etc/slip.login 0 19200 Shelmerg dc-slip sl-helmer 0xfffffc00 autocomp
</verb></tscreen>

If all goes well, <tt>/etc/slip.login</tt> will issue an
<tt>ifconfig</tt> for the SLIP interface to which sliplogin attached
itself (slip interface 0, in the above example, which was the first
parameter in the list given to <tt>slip.login</tt>) to set the local
IP address (<tt>dc-slip</tt>), remote IP address (<tt>sl-helmer</tt>),
network mask for the SLIP interface (<tt>0xfffffc00</tt>), and any
additional flags (<tt>autocomp</tt>).  If something goes wrong,
sliplogin usually logs good informational messages via the daemon
syslog facility, which usually goes into <tt>/var/log/messages</tt>
(see the manual pages for <tt>syslogd(8)</tt> and
<tt>syslog.conf(5)</tt>, and perhaps check <tt>/etc/syslog.conf</tt>
to see to which files <tt>syslogd</tt> is logging).

OK, enough of the examples -- let's dive into setting up the system.

<sect1>Kernel Configuration
<p>
FreeBSD's default kernels usually come with two SLIP interfaces
defined (<tt>sl0</tt> and <tt>sl1</tt>); you can use <tt>netstat
-i</tt> to see whether these interfaces are defined in your kernel.

Sample output from <tt>netstat -i</tt>:

<tscreen><verb>
Name  Mtu   Network     Address            Ipkts Ierrs    Opkts Oerrs  Coll
ed0   1500  <Link>0.0.c0.2c.5f.4a         291311     0   174209     0   133
ed0   1500  138.247.224 ivory             291311     0   174209     0   133
lo0   65535 <Link>                            79     0       79     0     0
lo0   65535 loop        localhost             79     0       79     0     0
sl0*  296   <Link>                             0     0        0     0     0
sl1*  296   <Link>                             0     0        0     0     0
</verb></tscreen>

The <tt>sl0</tt> and <tt>sl1</tt> interfaces shown in <tt>netstat
-i</tt>'s output indicate that there are two SLIP interfaces built
into the kernel.  (The asterisks after the <tt>sl0</tt> and
<tt>sl1</tt> indicate that the interfaces are ``down''.)

However, FreeBSD's default kernels do not come configured to forward
packets (ie, your FreeBSD machine will not act as a router) due to
Internet RFC requirements for Internet hosts (see RFC's 1009
&lsqb;Requirements for Internet Gateways&rsqb;, 1122
&lsqb;Requirements for Internet Hosts -- Communication Layers&rsqb;,
and perhaps 1127 &lsqb;A Perspective on the Host Requirements
RFCs&rsqb;), so if you want your FreeBSD SLIP Server to act as a
router, you'll have to add the line <tt>options GATEWAY </tt> to your
machine's kernel configuration file and re-compile the kernel anyway.
(Trivia: ``Gateways'' are the Internet's old name for what are now
usually called ``routers''.)

Please see the BSD System Manager's Manual chapter on ``Building
Berkeley Kernels with Config'' &lsqb;the source for which is in
<tt>/usr/src/share/doc/smm</tt>&rsqb; and ``FreeBSD Configuration
Options'' &lsqb;in <tt>/sys/doc/options.doc</tt>&rsqb; for more
information on configuring and building kernels.  You may have to
unpack the kernel source distribution if haven't installed the system
sources already (<tt>srcdist/srcsys.??</tt> in FreeBSD 1.1,
<tt>srcdist/sys.??</tt> in FreeBSD 1.1.5.1, or the entire source
distribution in FreeBSD 2.0) to be able to configure and build
kernels.

You'll notice that near the end of the default kernel configuration
file (<tt>/sys/i386/conf/GENERICAH</tt>) is a line that reads:

<tscreen><verb>
pseudo-device sl 2
</verb></tscreen>

which is the line that defines the number of SLIP devices available in
the kernel; the number at the end of the line is the maximum number of
SLIP connections that may be operating simultaneously.

See the document ``Building Berkeley Kernels with Config'' and the
manual page for <tt>config(8)</tt> to see how to configure and build
kernels.

<sect1>Sliplogin Configuration

<p>
As mentioned earlier, there are three files in the <tt>/etc</tt> directory that are part of the configuration for
<tt>/usr/sbin/sliplogin</tt> (see <tt>sliplogin(8)</tt> for the actual
manual page for <tt>sliplogin</tt>): <tt>slip.hosts</tt>, which
defines the SLIP users &amp; their associated IP addresses;
<tt>slip.login</tt>, which usually just configures the SLIP interface;
and (optionally) <tt>slip.logout</tt>, which undoes <tt>slip.login</tt>'s
effects when the serial connection is terminated.

<sect2>slip.hosts Configuration

<p>
<tt>/etc/slip.hosts</tt> contains lines which have at least four items
listed:

<itemize>
<item> SLIP user's login ID
<item> Local address (local to the SLIP server) of the SLIP link
<item> Remote address of the SLIP link
<item> Network mask
</itemize>

The local and remote addresses may be host names (resolved to IP
addresses by <tt>/etc/hosts</tt> or by the domain name service,
depending on your specifications in <tt>/etc/host.conf</tt>), and I
believe the network mask may be a name that can be resolved by a
lookup into <tt>/etc/networks</tt>.  On one of my systems,
<tt>/etc/slip.hosts</tt> looks like this:

<tscreen><verb>
----- begin /etc/slip.hosts -----
#
# login local-addr      remote-addr     mask            opt1    opt2 
#                                               (normal,compress,noicmp)
#
Shelmerg  dc-slip       sl-helmerg      0xfffffc00      autocomp
----- end /etc/slip.hosts ------
</verb></tscreen>

At the end of the line is one or more of the options:

<itemize>
<item> <tt>normal</tt> - no header compression
<item> <tt>compress</tt> - compress headers
<item> <tt>autocomp</tt> - compress headers if the remote end allows it
<item> <tt>noicmp</tt> - disable ICMP packets (so any ``ping'' packets will be
	dropped instead of using up your bandwidth)
</itemize>

Your choice of local and remote addresses for your SLIP links depends
on whether you are going to dedicate a TCP/IP subnet or if you are
going to use ``proxy ARP'' on your SLIP server (it's not ``true'' proxy
ARP, but that is the terminology that I will use in this document to
describe it).  If you're not sure which method to select or how to
assign IP addresses, please refer to the TCP/IP books referenced in
the <ref id="prereqs"> section and/or consult your IP network manager.

If you are going to use a separate subnet for your SLIP clients, you
will need to allocate the subnet number out of your assigned IP
network number and assign each of your SLIP client's IP numbers out of
that subnet.  Then, you will probably either need to configure a
static route to the SLIP subnet via your SLIP server on your nearest
IP router, or install <tt>gated</tt> on your FreeBSD SLIP server and
configure it to talk the appropriate routing protocols to your other
routers to inform them about your SLIP server's route to the SLIP
subnet.

Otherwise, if you will use the ``proxy ARP'' method, you will need to
assign your SLIP client's IP addresses out of your SLIP server's
Ethernet subnet, and you'll also need to adjust your
<tt>/etc/slip.login</tt> and <tt>/etc/slip.logout</tt> scripts to use
<tt>arp(8)</tt> to manage the proxy-ARP entries in the SLIP server's
ARP table.

<sect2>slip.login Configuration

<p>
The typical <tt>/etc/slip.login</tt> file looks like this:

<tscreen><verb>
----- begin /etc/slip.login -----
#!/bin/sh -
#
#	@(#)slip.login  5.1 (Berkeley) 7/1/90

#
# generic login file for a slip line.  sliplogin invokes this with
# the parameters:
#      1        2         3        4          5         6     7-n
#   slipunit ttyspeed loginname local-addr remote-addr mask opt-args
#
/sbin/ifconfig sl$1 inet $4 $5 netmask $6
----- end /etc/slip.login -----
</verb></tscreen>

This <tt>slip.login</tt> file merely ifconfig's the appropriate SLIP
interface with the local and remote addresses and network mask of the
SLIP interface.

If you have decided to use the ``proxy ARP'' method (instead of using
a separate subnet for your SLIP clients), your <tt>/etc/slip.login</tt>
file will need to look something like this:

<tscreen><verb>
----- begin /etc/slip.login for "proxy ARP" -----
#!/bin/sh -
#
#	@(#)slip.login  5.1 (Berkeley) 7/1/90

#
# generic login file for a slip line.  sliplogin invokes this with
# the parameters:
#      1        2         3        4          5         6     7-n
#   slipunit ttyspeed loginname local-addr remote-addr mask opt-args
#
/sbin/ifconfig sl$1 inet $4 $5 netmask $6 
# Answer ARP requests for the SLIP client with our Ethernet addr
/usr/sbin/arp -s $5 00:11:22:33:44:55 pub
----- end /etc/slip.login for "proxy ARP" -----
</verb></tscreen>

The additional line in this <tt>slip.login</tt>, <tt>arp -s &dollar;5
00:11:22:33:44:55 pub</tt>, creates an ARP entry in the SLIP server's
ARP table.  This ARP entry causes the SLIP server to respond with the
SLIP server's Ethernet MAC address whenever a another IP node on the
Ethernet asks to speak to the SLIP client's IP address.

When using the example above, be sure to replace the Ethernet MAC
address (<tt>00:11:22:33:44:55</tt>) with the MAC address of your
system's Ethernet card, or your ``proxy ARP'' will definitely not work!
You can discover your SLIP server's Ethernet MAC address by looking at
the results of running <tt>netstat -i</tt>; the second line of the output
should look something like:

<tscreen><verb>
ed0   1500  <Link>0.2.c1.28.5f.4a         191923     0   129457     0   116
                  ^^^^^^^^^^^^^^^
</verb></tscreen>

which indicates that this particular system's Ethernet MAC address is
<tt>00:02:c1:28:5f:4a</tt> -- the periods in the Ethernet MAC address
given by <tt>netstat -i</tt> must be changed to colons and leading zeros
should be added to each single-digit hexadecimal number to convert the
address into the form that <tt>arp(8)</tt> desires; see the manual page on
<tt>arp(8)</tt> for complete information on usage.

Note that when you create <tt>/etc/slip.login</tt> and
<tt>/etc/slip.logout</tt>, the ``execute'' bit (ie, <tt>chmod 755
/etc/slip.login /etc/slip.logout</tt>) must be set, or
<tt>sliplogin</tt> will be unable to execute it.

<sect2>slip.logout Configuration

<p>

<tt>/etc/slip.logout</tt> isn't strictly needed (unless you are
implementing ``proxy ARP''), but if you decide to create it, this is
an example of a basic <tt>slip.logout</tt> script:

<tscreen><verb>
----- begin /etc/slip.logout -----
#!/bin/sh -
#
#	slip.logout

#
# logout file for a slip line.  sliplogin invokes this with
# the parameters:
#      1        2         3        4          5         6     7-n
#   slipunit ttyspeed loginname local-addr remote-addr mask opt-args
#
/sbin/ifconfig sl$1 down
----- end /etc/slip.logout -----
</verb></tscreen>

If you are using ``proxy ARP'', you'll want to have
<tt>/etc/slip.logout</tt> remove the ARP entry for the SLIP client:

<tscreen><verb>
----- begin /etc/slip.logout for "proxy ARP" -----
#!/bin/sh -
#
#       @(#)slip.logout

#
# logout file for a slip line.  sliplogin invokes this with
# the parameters:
#      1        2         3        4          5         6     7-n
#   slipunit ttyspeed loginname local-addr remote-addr mask opt-args
#
/sbin/ifconfig sl$1 down
# Quit answering ARP requests for the SLIP client
/usr/sbin/arp -d $5
----- end /etc/slip.logout for "proxy ARP" -----
</verb></tscreen>

The <tt>arp -d &dollar;5</tt> removes the ARP entry that the ``proxy ARP''
<tt>slip.login</tt> added when the SLIP client logged in.

It bears repeating: make sure <tt>/etc/slip.logout</tt> has the
execute bit set for after you create it (ie, <tt>chmod 755
/etc/slip.logout</tt>).

<sect1>Routing Considerations

<p>
If you are not using the ``proxy ARP'' method for routing packets
between your SLIP clients and the rest of your network (and perhaps
the Internet), you will probably either have to add static routes to
your closest default router(s) to route your SLIP client subnet via
your SLIP server, or you will probably need to install and configure
<tt>gated</tt> on your FreeBSD SLIP server so that it will tell your
routers via appropriate routing protocols about your SLIP subnet.

<sect2>Static Routes

<p>
Adding static routes to your nearest default routers can be
troublesome (or impossible, if you don't have authority to do so...).
If you have a multiple-router network in your organization, some
routers, such as Cisco and Proteon, may not only need to be configured
with the static route to the SLIP subnet, but also need to be told
which static routes to tell other routers about, so some expertise and
troubleshooting/tweaking may be necessary to get static-route-based
routing to work.

<sect2>Running gated

<p>
An alternative to the headaches of static routes is to install
<tt>gated</tt> on your FreeBSD SLIP server and configure it to use the
appropriate routing protocols (RIP/OSPF/BGP/EGP) to tell other routers
about your SLIP subnet.  <tt/gated/ is available via anonymous ftp from
<tt>ftp.gated.cornell.edu</tt> in the directory <tt>/pub/gated</tt>; I
believe the current version as of this writing is
<tt>gated-R3_5Alpha_8.tar.Z</tt>, which includes support for FreeBSD
``out-of-the-box''.  Complete information and documentation on
<tt>gated</tt> is available on the Web starting at
<tt>http://www.gated.cornell.edu/</tt>.  Compile and install it, and
then write a <tt>/etc/gated.conf</tt> file to configure your gated;
here's a sample, similar to what I use on my FreeBSD SLIP server:

<tscreen><verb>
----- begin sample /etc/gated.conf for gated version 3.5Alpha5 -----
#
# gated configuration file for dc.dsu.edu; for gated version 3.5alpha5
# Only broadcast RIP information for xxx.xxx.yy out the ed Ethernet interface
#
#
# tracing options
#
traceoptions "/var/tmp/gated.output" replace size 100k files 2 general ;

rip yes {
 interface sl noripout noripin ;
 interface ed ripin ripout version 1 ;
 traceoptions route ;
} ;

#
# Turn on a bunch of tracing info for the interface to the kernel:
kernel {
 traceoptions remnants request routes info interface ;
} ;

#
# Propagate the route to xxx.xxx.yy out the Ethernet interface via RIP
#

export proto rip interface ed {
        proto direct {
                xxx.xxx.yy mask 255.255.252.0 metric 1; # SLIP connections
        } ;
} ;

#
# Accept routes from RIP via ed Ethernet interfaces

import proto rip interface ed {
        all ;
} ;

----- end sample /etc/gated.conf -----
</verb></tscreen>

The above sample <tt>gated.conf</tt> file broadcasts routing
information regarding the SLIP subnet <tt>xxx.xxx.yy</tt> via RIP onto
the Ethernet; if you are using a different Ethernet driver than the
<tt/ed/ driver, you'll need to change the references to the <tt/ed/
interface appropriately.  This sample file also sets up tracing to
<tt>/var/tmp/gated.output</tt> for debugging <tt>gated</tt>'s
activity; you can certainly turn off the tracing options if
<tt>gated</tt> works OK for you.  I've changed my SLIP subnet's
address to <tt>xxx.xxx.yy</tt> throughout the above file; you'll need
to change the <tt>xxx.xxx.yy</tt>'s into the network address of your
own SLIP subnet (be sure to change the net mask in the <tt>proto
direct</tt> clause as well).

When you get <tt>gated</tt> built and installed and create a
configuration file for it, you'll need to run <tt>gated</tt> in place
of <tt>routed</tt> on your FreeBSD system; change the
<tt>routed/gated</tt> startup parameters in <tt>/etc/netstart</tt> as
appropriate for your system.  Please see the manual page for
<tt>gated</tt> for information on <tt>gated</tt>'s command-line
parameters.

<sect1>Acknowledgements

<p>
Thanks to these people for comments and advice regarding this FAQ:

<descrip>
<tag/Wilko Bulte/  &lt;wilko@yedi.iaf.nl&gt;
<tag/Piero Serini/ &lt;Piero@Strider.Inet.IT&gt;
</descrip>

<!-- </article> -->