On Sat, Sep 04, 1999 at 09:32:54PM -0400, fred smith wrote:
[snip]
> The docs with diald are great, just not sufficiently low-level for my
> level of expertise.
You mean high level. low-level documentation requires more expertise to
understand.
>For example, I'd love to see a sample set of
> scripts for initializing diald from /etc/rc.d and how to make it
Diald comes with a sample rc file. If not, just copy a pre-existing rc
file and modify it to suit your needs. ls /etc/rc.d/init should show
you what exists (on the systems most people here are probably running)
> correctly interact with ip-masquerading, especially for a site where
Again, quite simple to setup.
If you are using ipfwadm, put your firewall and masquerading rules in a
script and call it when the your IP address is assigned. I use this
line in my /etc/ppp/ip-up.local
/etc/firewall/firewall.up $@
Since I have separate static and dynamic firewall rules. I can
send them to you if you want. In fact, I should put them on my site...
> IP address before dialup (though I could make some guesses about the
> remote host if I were forced to).
You don't have to know them in advance. Just allocate two unused IPs
from your network to the local and remote sides in the config files.
They will be replaced with the real IP's when that information is
available.
>
> I've been gathering info from various sources. One thing I have here
> (and I can't recall where I got it) is a short 1/2 page blurb with items
> numbered from 1 thru 5 (without attribution). It says that masquerading
> shouldn't be started until after diald brings up the outbound
> connection. Then it says that masquerading can be started either from
> ip-up, or from "your diald addroute script". OK, what is the "diald
> addroute script", where does it go, what should it contain? How do I
> find out?
Yes. You do want to setup masquerading after the link come up since
masquerading requires that you know the IP address for the dynamic
interface. Two other issues to deal with:
1. Static firewall rules don't have to change when the link comes up.
2. The dynamic rules have to be removed when the link goes down.
I solve problem 1 by setting up the static rules at boot time through
/etc/rc.d/rc.local and problem two by calling a script from
/etc/ppp/ip-down.local
>
> It also says not to use defaultroute, but "use addroute to set the masq
> rules, then add a default route". My level of knowledge is sufficiently
> low that while I kinda/sorta have an idea what this means I haven't
> really a good enough grasp to figure out how to actually DO it.
>
> Then it says that when the link goes down to delete the masquerade rules
> from within "your diald delroute script". Again, I haven't a clue what
> file this is or where it goes (or what goes in it).
Have you read the documentation for ipfwadm or its replacement,(the name
slips my mind at the moment)?
>
> I've been reading other docs, too, one is the "TrinityOS" document, as
> well as the "Linux IP Masquerade mini HOWTO" by David Ranch, V 1.76 July
> 1999. Both of these documents allude to issues with using diald and
> ip masq at the same time, but again I don't quite get it from what little
> info they provide.
>
> Further, the diald "make install" installs a file named "connect" in
> the same place as the "standard.filter". But again I haven't figured
> out how one uses this.
standard filter usually goes in /usr/local/lib/diald/
connect usually goes in /etc/diald or some other place of your choosing.
Read the Makefile to see where it defaults to. Change it if you want.
Specify this location in /etc/diald.conf by saying:
connect "/etc/diald/connect"
or where ever you put it.
>
> And then there's the document by Harish Pillay ([EMAIL PROTECTED])
> entitled "Setting up diald for Linux - an example" which seems to do
> it still differently.
I believe that document is a little dated. The syntax has
changed since that document. Read it for the concepts, not for the syntax.
--
Gyepi Sam --+-- Designer/Programmer --+-- Network/System Administrator
[EMAIL PROTECTED] --+-- http://www.praxis-sw.com/gyepi
And that's the way it is... -- Walter Cronkite
-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
