Re: How do I find my local IP assigned by my ISP when using pon, etc?
On 28 Jul 2001, Randolph S. Kahle <[EMAIL PROTECTED]> wrote: >On 28 Jul 2001 11:11:58 -0500, John Hasler wrote: >> Randy writes: >> > The user will be able, from a user account, do a pon, poff, etc. to >> > connect to the ISP. So, my challenge is to have the scripts run from >> > user level security and install the firewall rules. >> >> > How do I do this? >> >> The scripts in /etc/ppp/ip-up.d and /etc/ppp/ip-down.d are run when ppp >> comes up and goes down respectively. They are run by pppd and so run as >> root no matter who ran pon and poff. > >Great! That is what I needed to know. Randolph, there are two ways to deal with that. Option 1) Reset all ipchains rules whenever the interface goes up/down. /etc/ppp/ip-up is called with a number of arguments. You should export those to meaningful variables you can use in the scripts in /etc/ppp/ip-up.d. Make sure you have something like the following in /etc/ppp/ip-up if it isn't there yet: --- /etc/ppp/ip-up --- # This script is called with the following arguments: #Arg Name Example #$1 Interface nameppp0 #$2 The tty ttyS1 #$3 The link speed38400 #$4 Local IP number 12.34.56.78 #$5 Peer IP number 12.34.56.99 #$6 Optional ``ipparam'' valuefoo # These variables are for the use of the scripts run by run-parts export PPP_IFACE="$1" export PPP_TTY="$2" export PPP_SPEED="$3" export PPP_LOCAL="$4" export PPP_REMOTE="$5" export PPP_IPPARAM="$6" export PPP_TTYNAME=`/usr/bin/basename "$2"` # Run scripts in /etc/ppp/ip-up.d run-parts /etc/ppp/ip-up.d Now you could use $PPP_LOCAL in /etc/ppp/ip-up.d/00ipchains. Some goes for /etc/ppp/ip-down and /etc/ppp/ip-down.d/99ipchains. Option 2) Use static filter rules which filter by interface. You don't need to change them when the ppp0 interface is brought up or down. Probably easier unless you absolutely need the IP address in your ruleset. -- Philipp Lehman <[EMAIL PROTECTED]>
Re: How do I find my local IP assigned by my ISP when using pon, etc?
Joost Kooij writes: > Make sure that the user is in the "dialout" group, so she can run pon and > poff to start and stop a dialin session determined by one of the files in > /etc/ppp/peers/. There is no need to put the user in the 'dialout' group. That is for direct access to the the serial ports, which is not needed for pon and poff. The user _does_ need to be in the 'dip' group, and pppconfig can arrange that. -- John Hasler [EMAIL PROTECTED] Dancing Horse Hill Elmwood, Wisconsin
Re: How do I find my local IP assigned by my ISP when using pon, etc?
On 28 Jul 2001, Randolph S. Kahle <[EMAIL PROTECTED]> wrote: >On 28 Jul 2001 19:01:07 +0200, Philipp Lehman wrote: >> On 28 Jul 2001, John Hasler <[EMAIL PROTECTED]> wrote: >> >> >Randy writes: >> >> The user will be able, from a user account, do a pon, poff, etc. to >> >> connect to the ISP. So, my challenge is to have the scripts run from >> >> user level security and install the firewall rules. >> > >> >> How do I do this? >> > >> >The scripts in /etc/ppp/ip-up.d and /etc/ppp/ip-down.d are run when ppp >> >comes up and goes down respectively. They are run by pppd and so run as >> >root no matter who ran pon and poff. >> >> Alternatively, he could use the interface as a filter target instead >> of the IP address. Should be fine on stand-alone machine with a single >> external interface. > > >Oh! I did not know I could do that. Are you saying that I could have the >ipchain rules read. > >$IPCHAINS -A tcpOutB -p tcp -s $NETWORK_PRIVATE $PORTS_UNPRIV \ > -d ppp0 $PORTS_WWW -j ACCEPT That's basically right, although you should check 'man ipchains' for the correct syntax (it's '-i ppp0'). -- Philipp Lehman <[EMAIL PROTECTED]>
Re: How do I find my local IP assigned by my ISP when using pon, etc?
On Sat, Jul 28, 2001 at 09:07:13AM -0700, Randolph S. Kahle wrote: > Thank you for the reply. I forgot to mention one complication, I am > setting this machine up for someone who will not have root access (I > will retain that). I am doing this so that they cannot "mess up" their > own machine... > > The user will be able, from a user account, do a pon, poff, etc. to > connect to the ISP. So, my challenge is to have the scripts run from > user level security and install the firewall rules. > > How do I do this? Make sure that the user is in the "dialout" group, so she can run pon and poff to start and stop a dialin session determined by one of the files in /etc/ppp/peers/. When ppp has brought up a link, it starts the /etc/ppp/ip-up and passes it several parameters, among which is the assigned local ip address. When you install the ipmasq package, it installs a script in the /etc/ppp/ip-up.d/ directory, that is read in turn by /etc/ppp/ip-up. The ipmasq script will automatically setup your machine as a masquerading gateway. Cheers, Joost
Re: [SOLUTION!] How do I find my local IP assigned by my ISP when using pon, etc?
First, Thank you to everyone that sent email about my question. The solution turned out to be very simple. When pon causes a connection to be made to an ISP, the script /etc/ppp/ip-up is run. In Debian (2.2r3) this script accepts several parameters from pppd. They are set and exported as: PPP_IFACE PPP_TTY PPP_SPEED PPP_LOCAL PPP_REMOTE PPP_IPPARM ip-up then runs all scripts it finds in /etc/ppp/ip-up.d In that directory I created a link ln -s /etc/ipchains/rules-T22 firewall-up and in my firewall rules set I set IPADR_INTERNET="$PPP_LOCAL" and I am done. (I have a regular set of ipchain rule files, so this is the only link I need to my previous work). I made the corresponding links, etc for ip-down.d Very slick! Thanks again. Regards, Randy On 28 Jul 2001 08:16:05 -0700, Randolph S. Kahle wrote: > > I am running potato and trying to configure dial-up Internet access. > > Everything is running fine - I can dial the ISP, authenticate, get an IP > address, etc. > > Now I am trying to write firewall rules that will adapt to whatever IP I > am assigned. > > I think I am two questions away from getting this to work: > > * What script is run when the connection to the ISP completes? > > * How do I know, in that script, what my assigned IP is? > > I see that there are directories /etc/ppp/ip-up.d and > /etc/ppp/ip-down.d. What is the function of those directories? Are the > scripts in those directories all run on "up" and "down" state > transitions for ppp? > > -- Randy > > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > >
Re: How do I find my local IP assigned by my ISP when using pon, etc?
On 28 Jul 2001 11:11:58 -0500, John Hasler wrote: > Randy writes: > > The user will be able, from a user account, do a pon, poff, etc. to > > connect to the ISP. So, my challenge is to have the scripts run from > > user level security and install the firewall rules. > > > How do I do this? > > The scripts in /etc/ppp/ip-up.d and /etc/ppp/ip-down.d are run when ppp > comes up and goes down respectively. They are run by pppd and so run as > root no matter who ran pon and poff. Great! That is what I needed to know. > -- > John Hasler > [EMAIL PROTECTED] (John Hasler) > Dancing Horse Hill > Elmwood, WI > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > >
Re: How do I find my local IP assigned by my ISP when using pon, etc?
On 28 Jul 2001 19:01:07 +0200, Philipp Lehman wrote: > On 28 Jul 2001, John Hasler <[EMAIL PROTECTED]> wrote: > > >Randy writes: > >> The user will be able, from a user account, do a pon, poff, etc. to > >> connect to the ISP. So, my challenge is to have the scripts run from > >> user level security and install the firewall rules. > > > >> How do I do this? > > > >The scripts in /etc/ppp/ip-up.d and /etc/ppp/ip-down.d are run when ppp > >comes up and goes down respectively. They are run by pppd and so run as > >root no matter who ran pon and poff. > > Alternatively, he could use the interface as a filter target instead > of the IP address. Should be fine on stand-alone machine with a single > external interface. Oh! I did not know I could do that. Are you saying that I could have the ipchain rules read. $IPCHAINS -A tcpOutB -p tcp -s $NETWORK_PRIVATE $PORTS_UNPRIV \ -d ppp0 $PORTS_WWW -j ACCEPT ??? Regards, Randy > > -- > Philipp Lehman <[EMAIL PROTECTED]> > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > >
Re: How do I find my local IP assigned by my ISP when using pon, etc?
On 28 Jul 2001, John Hasler <[EMAIL PROTECTED]> wrote: >Randy writes: >> The user will be able, from a user account, do a pon, poff, etc. to >> connect to the ISP. So, my challenge is to have the scripts run from >> user level security and install the firewall rules. > >> How do I do this? > >The scripts in /etc/ppp/ip-up.d and /etc/ppp/ip-down.d are run when ppp >comes up and goes down respectively. They are run by pppd and so run as >root no matter who ran pon and poff. Alternatively, he could use the interface as a filter target instead of the IP address. Should be fine on stand-alone machine with a single external interface. -- Philipp Lehman <[EMAIL PROTECTED]>
Re: How do I find my local IP assigned by my ISP when using pon, etc?
On Sat, Jul 28, 2001 at 09:07:13AM -0700, Randolph S. Kahle wrote: | Thank you for the reply. I forgot to mention one complication, I am | setting this machine up for someone who will not have root access (I | will retain that). I am doing this so that they cannot "mess up" their | own machine... Sounds good. | The user will be able, from a user account, do a pon, poff, etc. to | connect to the ISP. So, my challenge is to have the scripts run from | user level security and install the firewall rules. | | How do I do this? No problem -- just install the ipmasq package. This is how I have my system setup. I provided a login for my family to use and they just run 'pon' (or the scrIpt i made call dial-modem.sh that doesn't terminate until the ppp0 interface exists). Regular users can still run /sbin/ifconfig, it just isn't in their path. -D
Re: How do I find my local IP assigned by my ISP when using pon, etc?
Randy writes: > The user will be able, from a user account, do a pon, poff, etc. to > connect to the ISP. So, my challenge is to have the scripts run from > user level security and install the firewall rules. > How do I do this? The scripts in /etc/ppp/ip-up.d and /etc/ppp/ip-down.d are run when ppp comes up and goes down respectively. They are run by pppd and so run as root no matter who ran pon and poff. -- John Hasler [EMAIL PROTECTED] (John Hasler) Dancing Horse Hill Elmwood, WI
Re: How do I find my local IP assigned by my ISP when using pon, etc?
What kernel are you using? On 28 Jul 2001, Randolph S. Kahle wrote: > Date: 28 Jul 2001 09:07:13 -0700 > From: Randolph S. Kahle <[EMAIL PROTECTED]> > To: dman <[EMAIL PROTECTED]> > Cc: debian help > Subject: Re: How do I find my local IP assigned by my ISP when using pon, > etc? > Resent-From: debian-user@lists.debian.org > > Thank you for the reply. I forgot to mention one complication, I am > setting this machine up for someone who will not have root access (I > will retain that). I am doing this so that they cannot "mess up" their > own machine... > > The user will be able, from a user account, do a pon, poff, etc. to > connect to the ISP. So, my challenge is to have the scripts run from > user level security and install the firewall rules. > > How do I do this? > > Thanks -- Randy > > > > On 28 Jul 2001 11:20:22 -0400, dman wrote: > > > > /sbin/ifconfig will tell you what your IP is. It is also in > > /var/log/syslog. > > > > On Sat, Jul 28, 2001 at 08:16:05AM -0700, Randolph S. Kahle wrote: > > | > > | I am running potato and trying to configure dial-up Internet access. > > | > > | Everything is running fine - I can dial the ISP, authenticate, get an IP > > | address, etc. > > | > > | Now I am trying to write firewall rules that will adapt to whatever IP I > > | am assigned. > > > > apt-get install ipmasq > > > > It works great out-of-the-box. (I'm using it right now :-)) > > > > -D > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > > > > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > >
Re: How do I find my local IP assigned by my ISP when using pon, etc?
Salut,
On Sat, Jul 28, 2001 at 08:16:05AM -0700, Randolph S. Kahle wrote:
>
>
> I think I am two questions away from getting this to work:
>
> * What script is run when the connection to the ISP completes?
>
> * How do I know, in that script, what my assigned IP is?
Actually you could do something like
$IP=`ifconfig ppp0 | sed -e 's/^.*inet addr:\([0-9.]*\).*/\1/' | awk -F:\
'{print $2}'`
(I think, this works if you want the ip of ppp0)
but you will not need it for firewalling, because ipchains can
handle devices, e.g.
`ipchains -A input -i ppp0 -p tcp --syn -s 0/0 -d 0/0 -j DENY`
will deny all incoming syn tcp packets.
>
> I see that there are directories /etc/ppp/ip-up.d and
> /etc/ppp/ip-down.d. What is the function of those directories? Are the
> scripts in those directories all run on "up" and "down" state
> transitions for ppp?
Exactly. Take a look at `man pppd` and search for 'ip-{up,down}'.
>
> -- Randy
jops,
Christoph.
>
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
--
Anything that is good and useful is made of chocolate.
Re: How do I find my local IP assigned by my ISP when using pon, etc?
Thank you for the reply. I forgot to mention one complication, I am setting this machine up for someone who will not have root access (I will retain that). I am doing this so that they cannot "mess up" their own machine... The user will be able, from a user account, do a pon, poff, etc. to connect to the ISP. So, my challenge is to have the scripts run from user level security and install the firewall rules. How do I do this? Thanks -- Randy On 28 Jul 2001 11:20:22 -0400, dman wrote: > > /sbin/ifconfig will tell you what your IP is. It is also in > /var/log/syslog. > > On Sat, Jul 28, 2001 at 08:16:05AM -0700, Randolph S. Kahle wrote: > | > | I am running potato and trying to configure dial-up Internet access. > | > | Everything is running fine - I can dial the ISP, authenticate, get an IP > | address, etc. > | > | Now I am trying to write firewall rules that will adapt to whatever IP I > | am assigned. > > apt-get install ipmasq > > It works great out-of-the-box. (I'm using it right now :-)) > > -D > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > >
Re: How do I find my local IP assigned by my ISP when using pon, etc?
/sbin/ifconfig will tell you what your IP is. It is also in /var/log/syslog. On Sat, Jul 28, 2001 at 08:16:05AM -0700, Randolph S. Kahle wrote: | | I am running potato and trying to configure dial-up Internet access. | | Everything is running fine - I can dial the ISP, authenticate, get an IP | address, etc. | | Now I am trying to write firewall rules that will adapt to whatever IP I | am assigned. apt-get install ipmasq It works great out-of-the-box. (I'm using it right now :-)) -D
How do I find my local IP assigned by my ISP when using pon, etc?
I am running potato and trying to configure dial-up Internet access. Everything is running fine - I can dial the ISP, authenticate, get an IP address, etc. Now I am trying to write firewall rules that will adapt to whatever IP I am assigned. I think I am two questions away from getting this to work: * What script is run when the connection to the ISP completes? * How do I know, in that script, what my assigned IP is? I see that there are directories /etc/ppp/ip-up.d and /etc/ppp/ip-down.d. What is the function of those directories? Are the scripts in those directories all run on "up" and "down" state transitions for ppp? -- Randy
