Re: [leaf-devel] dial-in server howto
Hi Lynn, You may want to mention that some versions of LEAF have serial.o compiled in with it - I'm pretty sure Dachstein's normal (not small) version has it compiled in, for console purposes. This is probably out of date info, and I'm not certain what bearing this has on Bering. Thanks for updating the info - my little box keeps running, and I haven't been keeping up with the developments. - Jon Lynn Avants wrote: Unless anyone sees any glaring errors (other than spell-checking), I'll go ahead and add this to the FAQ's as it seems there is more requests on the mailing-lists for this type of service. Thanks, ~Lynn On Saturday 12 April 2003 02:31 am, Lynn Avants wrote: Hello list, I'm am submitting a first draft (sans spell-check) of an updated 'dial-in/pppd howto' for review. This is based off of Jon French's HowTo on the c0ws archive and is intended to replace it as such in the consolidation of the c0ws/LEAF documentation. Let me know if there is any glaring errors or other things I may have missed! Thx, ~Lynn # BEGINNING OF HOWTO ## DIAL-IN SERVER HOWTO TABLE OF CONTENTS: 1) PREFACE 2) LICENSE 3) PACKAGES and MODULES 4) SETTING UP THE SYSTEM DIAL-IN USER 5) MODEM CONFIGURATION 6) PPP CONFIGURATION 7) FINAL NOTES 8) REFERENCES 1) PREFACE This document details the setup of a dial-in server for those wishing to access an existing network from a remote location via a telephone modem connection. This document can also be modified to add shell access or network resource sharing via the connection, but at this point in time only details internet access such as that you would receive via a dial-up ISP. The use of the server capabilities of the Point-to-point protocol (PPP) is used and does not consider the concurrent use of PPP for client use at the same time. So consideration and modification for using both the client and server configuration at the same time is left to you if applicable. You may also need to modify your firewall ruleset for proper operation. If this is the case, please check with the documentation of your firewall creation program to make any nessary changes that are beyond the scope of this document. This document is based from my own experience, the HowTo Jon French wrote for the Linux Router Project (LRP), the PPP HowTo from the Linux Documentation Project, and other various resources on the internet. 2) LICENSE This document is copyrighted per the GPL-documentation license and no warranty or guarantee is made for any errors or problems that might arise from use of this document as such. 3) PACKAGES and MODULES Packages needed: pppd, mgetty Modules needed: serial.o, slhc.o, ppp.o At the present time, these packages can be found at: http://leaf.sourceforge.net/devel/thc/files/kwarchive/ You may also need to download and install the required modules from the respective site for the particular LEAF variant/kernel version you are using. 4) SETTING UP THE SYSTEM DIAL-IN USER None of the LEAF variants available have a user defined for use of PPP. I personally find this preferred as having a dedicated user defined for the PPP-server connection avoids the undesirable behavior of giving shell access to the router during use of the dial-up connection. The end result is you get network and/or internet access through the dial-up connection, but the router is invisible to the dial-up connection and far more secure. Creating the user is slightly tricky due to the inheirent lack of the 'useradd' command in the LEAF variants. Lack of this utility mandates that you create the user by hand. I am using the example user 'ppp' in this cofiguration, however this will need to be modified for the username that is desired to be logged in with over the dial-in connection. The process of creating the user by hand is as follows: Add this line to the '/etc/passwd' file: ppp:x:101:101:ppp:/home/ppp:/usr/sbin/pppd Add this line to the '/etc/shadow' file: ppp:*:10091:0:9:7::: If you would like to set a password for this user, use this command: passwd ppp The method of using 'pppd' for the login shell directly starts the connection automatically and does not give shell access to the user. 5) MODEM CONFIGURATION Recent versions of LEAF variants do not have mgetty defined for the router to use a modem. The router interfaces the modem with the 'mgetty' package, so we will need to load and configure mgetty. Mgetty will answer the phone for us, so the modem will need to be setup so it will NOT answer the phone itself. In the following examples the use of the first serial port (COM1=ttyS0) and a line speed of 115200 is used; you may need to adjust these settings for your particular setup. Add a line to the '/etc/inittab' file: # Example of dial-in service with mgetty on COM1 T0:23:respawn:/sbin/mgetty ttyS0 -D ttyS0 -s 115200 Modify the '/etc/mgetty/mgetty.config' file: # mgetty configuration file port ttyS0 init-chat
Re: [Leaf-devel] Kernel 2.2.19 internal ATAPI ZIP data disk problem
Hi Dave everybody, Ok, got it working: 1) NO scsi modules in the kernel 2) Put ide-floppy in kernel (probably could be module) 3) set append hdc=ide-floppy in syslinux.cfg 4) compiled vfat as a module 5) Put a jumper on the middle block of the zip drive (makes it ignore the partition table?) 6) mount -t vfat /dev/hdc /mnt Ok, this is probably obvious, but for some reason it wouldn't work. I could have been due to the scsi (it did detect the zip drive), or more likely the jumper allowed it to work. Ok, removed the jumper, and again I can't read the drive, so it would appear that for SOME internal ATAPI ZIP 100 drives, you need to jump the middle set of terminals (idea came from http://www.win.tue.nl/~aeb/linux/zip/zip-1.html ). - Jon ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Hard-Hat
Hmm...I forget not everyone has a CD rom burner yet. Perhaps a qualifer for any disto should be the ability to mirror the CD and/or sell copies at minimal cost... Hmmm. Okay, nutty idea. If an ISO image contains the entire CDROM filesystem, shouldn't there be a way (perhaps not written yet) to mount the ISO image file as its own filesystem? Sort of a file that is a read-only file system? That way if one does not have a CDROM burner, one could still access the files in the image. I googled a bit and checked freshmeat, but I came up empty. I don't suppose mount -t iso9600 /home/some_iso_image.iso /mnt would work... - Jon ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] New Project
A new user comes along (with or without UNIX/network tech), boots with two disks (yes two), and then goes through this initial setup step by step, with a boot disk to be configured in hand. Once this is all done, then the disk is backed up to another, the configuration saved, and the user reboots with this ONE disk for a router. To extend this a bit further, how about having the setup disk be a bootable cdrom? Then you could fit all the modules packages on the setup disk, and put just what the user needs on the router disk. Even worse - for the Expert mode, include gcc, the kernel source and the kernel configs for specific apps so the user can recompile kernels without having to set up and maintain a seperate machine for that purpose. Or perhaps the CDROM would set up a generic hard disk install for developers with only the tools we need for LRP development rather than a full blown distribution. To update several packages I had to search about to get the correct distribution, source, patches, etc, and when everyone is ready to move to 2.2, I'd have to go through all of that again... For the former proposition, say the new TREE distribution: Terribly Reduced Execution Enviroment Or perhaps someone can come up with a better acronym... We now return to our regularly scheduled programming. - Jon ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
[Leaf-devel] dhclient, rc.pf and psentry in harmony
Howdy, I've been upgrading to 2.9.8/2.0.36, and I finally decided to try out Matthew Schalit's rc.pf script. I'd like to present to the developers what I worked out before I post the linuxrouter.org, to flush out any errors. I decided to figure out how to allow for dhcp, rc.pf and psentry to exist in harmony. This is my story... dhclient calls dhclient-script with enviroment variables for every dhcp thing you could want. Try this: in the dhclient-script BOUND section, after gateway routing add: printenv /root/dhclient.env and check the results to get all of the available variables. Since dhclient-script is called when the IP address changes, it seems a natural place to call rc.pf. So, in the BOUND and TIMEOUT sections, right after the gateway routing, I put a simple /etc/rc.pf start $new_dhcp_server_identifier $new_ip_address This way, every time the server or client dhcp address changes, it will get updated. Then, in rc.pf, I set DHCP_C="$3" DHCP_S="$2" This lets you update the firewall while supplying the correct addresses manually. And of course IPI="$DHCP_C" As mentioned in previous posts, we need to be able to talk with the dhcp server, so after the dns: $E "Dhcp-1:"; $FW -O -a accept -W eth0 -P udp -S $IPX/32 68 -D 0/0 67 -o $E "Dhcp-2:"; $FW -I -a accept -W eth0 -P udp -S $DHCP_S/24 67 -D IPX/32 68 -o NOTE: I used a /24 instead of /32 with DHCP_S since my server seems to always stay on the same subnet but does occasionally change. This way, when the PC goes to get a new address, it allows its old address and a subnet of the server address. Then the call to rc.pf will reset the firewall rules to the correct new values (hopefully). I also realized, in paranoia, that if the IP address changes, portsentry wouldn't have the correct ignore ip address for the external nic, so in dhclient-script, after the rc.pf calls, I added: /etc/init.d/psentry stop rm /var/psentry/portsentry.ignore /etc/init.d/psentry start That forces psentry to make a new portsentry.ignore file. Thanks for listening. Any thoughts or problems forseen? Also, that rc.pf is a great script, Matt - thank you for your work. - Jon ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
