Hi Lynn,
You may want to mention that some versions of LEAF have serial.o compiled in with it - I'm pretty sure Dachstein's "normal" (not "small") version has it compiled in, for console purposes. This is probably out of date info, and I'm not certain what bearing this has on Bering.
Thanks for updating the info - my little box keeps running, and I haven't been keeping up with the developments.
- Jon
Lynn Avants wrote:
Unless anyone sees any glaring errors (other than spell-checking), I'll go ahead and add this to the FAQ's as it seems there is more requests on the mailing-lists for this type of service.
Thanks, ~Lynn
On Saturday 12 April 2003 02:31 am, Lynn Avants wrote:
Hello list,
I'm am submitting a first draft (sans spell-check) of an updated 'dial-in/pppd howto' for review. This is based off of Jon French's HowTo on the c0ws archive and is intended to replace it as such in the consolidation of the c0ws/LEAF documentation.
Let me know if there is any glaring errors or other things I may have missed!
Thx, ~Lynn
######### BEGINNING OF HOWTO ################## DIAL-IN SERVER HOWTO
TABLE OF CONTENTS: 1) PREFACE 2) LICENSE 3) PACKAGES and MODULES 4) SETTING UP THE SYSTEM DIAL-IN USER 5) MODEM CONFIGURATION 6) PPP CONFIGURATION 7) FINAL NOTES 8) REFERENCES
1) PREFACE This document details the setup of a dial-in server for those wishing to access an existing network from a remote location via a telephone modem connection. This document can also be modified to add shell access or network resource sharing via the connection, but at this point in time only details internet access such as that you would receive via a dial-up ISP.
The use of the server capabilities of the Point-to-point protocol (PPP) is used and does not consider the concurrent use of PPP for client use at the same time. So consideration and modification for using both the client and server configuration at the same time is left to you if applicable.
You may also need to modify your firewall ruleset for proper operation. If this is the case, please check with the documentation of your firewall creation program to make any nessary changes that are beyond the scope of this document.
This document is based from my own experience, the HowTo Jon French wrote for the Linux Router Project (LRP), the PPP HowTo from the Linux Documentation Project, and other various resources on the internet.
2) LICENSE This document is copyrighted per the GPL-documentation license and no warranty or guarantee is made for any errors or problems that might arise from use of this document as such.
3) PACKAGES and MODULES Packages needed: pppd, mgetty Modules needed: serial.o, slhc.o, ppp.o
At the present time, these packages can be found at: http://leaf.sourceforge.net/devel/thc/files/kwarchive/
You may also need to download and install the required modules from the respective site for the particular LEAF variant/kernel version you are using.
4) SETTING UP THE SYSTEM DIAL-IN USER None of the LEAF variants available have a user defined for use of PPP. I personally find this preferred as having a dedicated user defined for the PPP-server connection avoids the undesirable behavior of giving shell access to the router during use of the dial-up connection. The end result is you get network and/or internet access through the dial-up connection, but the router is invisible to the dial-up connection and far more secure.
Creating the user is slightly tricky due to the inheirent lack of the 'useradd' command in the LEAF variants. Lack of this utility mandates that you create the user by hand. I am using the example user 'ppp' in this cofiguration, however this will need to be modified for the username that is desired to be logged in with over the dial-in connection. The process of creating the user by hand is as follows:
Add this line to the '/etc/passwd' file: ppp:x:101:101:ppp:/home/ppp:/usr/sbin/pppd
Add this line to the '/etc/shadow' file: ppp:*:10091:0:99999:7:::
If you would like to set a password for this user, use this command: passwd ppp
The method of using 'pppd' for the login shell directly starts the connection automatically and does not give shell access to the user.
5) MODEM CONFIGURATION Recent versions of LEAF variants do not have mgetty defined for the router to use a modem. The router interfaces the modem with the 'mgetty' package, so we will need to load and configure mgetty. Mgetty will answer the phone for us, so the modem will need to be setup so it will NOT answer the phone itself. In the following examples the use of the first serial port (COM1=ttyS0) and a line speed of 115200 is used; you may need to adjust these settings for your particular setup.
Add a line to the '/etc/inittab' file: # Example of dial-in service with mgetty on COM1 T0:23:respawn:/sbin/mgetty ttyS0 -D ttyS0 -s 115200
Modify the '/etc/mgetty/mgetty.config' file: # mgetty configuration file port ttyS0 init-chat "" AT&F1&C1&D2 speed 115200 debug 3 data-only y
Modify the '/etc/mgetty/login.config' file: /AutoPPP/ ppp ttyS0 /usr/sbin/pppd
6) PPP CONFIGURATION This section details how to set up the server configuration. You'll need to manually enter your dns-server(s), netmask, ip address of the external interface on the router, and the ip address of the remote computer (the machine dialing-in to the router). The use of the 'proxy-arp' option builds a direct tunnel to the external interface and bypasses the need to change the routing table on the router. The use of 'PAP' authentication instead of 'CHAP' makes life much easier (though less-secure) for Win 95/98 machines. You may be hard pressed to find a 'pppd' package for LEAF that supports MSCHAP, which is a special compile-time option with PPPd. /etc/ppp/pap-secrets also needs to be set to allow authentication against the system password file that has already been set and is more secure than PAP-authentication alone.
A further note for users that are also using 'ppp' (dial-up) for their outgoing internet connection. You will want to move any and all conflicting options from the '/etc/ppp/ppp.options' file to the respective '/etc/ppp/options.ttySX' file so that both the client and server configuration work properly together.
Modify the '/etc/ppp/ppp.options' file: # /etc/ppp/options dns-addr 192.168.1.254 asyncmap 0 crtscts lock modem netmask 255.255.255.0 -detach +pap -chap debug proxyarp login <external-ip-router>:<ip-to-use-on-remote-machine>
Modify the '/etc/ppp/pap-secrets' file: # Secrets for authentication using PAP # client server secret IP addresses * * "login" *
7) FINAL NOTES When this has been finished, the 'etc', 'mgetty', and 'pppd' packages will need to be backed-up via the 'lrcfg' menu and added to the 'syslinux.cfg' file on your floppy. You will also need to reboot the router for all the changes to take effect.
If luck is with you, everything should work first attempt. However if it doesn't you'll need to consult with troubleshooting that is beyond the scope of this document and readily available on the internet. Good luck and enjoy the use of your new dial-in server!
8) REFERENCES http://leaf.sourceforge.net/devel/thc/dox/pppserv.txt http://www.tldp.org/HOWTO/PPP-HOWTO/
######### END OF HOWTO ########################
------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com.
_______________________________________________ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
