Take a look at my homepage link "My links for Linux PPP". You can find
there my configuration for such a server.
Kalevi J Hautaniemi, Marjatankatu 12, 33730 Tampere, FINLAND.
**** http://oh3tr.ele.tut.fi/~oh3fg/ **** On air: OH3FG, KO4BC ****
tel:+358-3-364-7446 fax:+358-3-364-2476 mobile:+358-50-590-2243
> SETTING UP A MACHINE FOR INCOMING PPP CONNECTIONS
> Suppose you want to permit another machine to call yours up and start
> a PPP session. This is possible using Linux PPP.
> One way is to create an account named, say, 'ppp', with the login
> shell being a short script that starts pppd. For example, the passwd
> entry might look like this:
> ppp:(encrypted password):102:50:PPP client login:/home/ppp:/usr/sbin/pppd
> In addition, you would edit the file ~ppp/.ppprc to have the following
> pieces of information:
> Here we will insist that the remote machine use IP address 126.96.36.199,
> while the local PPP interface will use the IP address associated with
> this machine's hostname in /etc/hosts. The '-detach' option is required
> for a server. It tells the pppd process not to terminate until the modem
> is disconnected. Should it fork, the init process would restart the getty
> process and the this would cause a severe conflict over the port.
> The 'modem' option indicates that the connection is via a switched circuit
> (using a modem) and that the pppd process should monitor the DCD signal
> from the modem.
> The 'crtscts' option tells the pppd process to use hardware RTS/CTS flow
> control for the modem.
> The 'lock' option tells pppd to lock the tty device. This will use the UUCP
> style locking file in the lock directory.
> This setup is sufficient if you just want to connect two machines so
> that they can talk to one another. If you want to use Linux PPP to
> connect a single machine to an entire network, or to connect two
> networks together, then you need to arrange for packets to be routed
> from the networks to the PPP link. Setting up a link between networks
> is beyond the scope of this document; you should examine the routing
> options in the manual page for pppd carefully and find out about
> routed, etc.
> Let's consider just the first case. Suppose you have a Linux machine
> attached to an Ethernet, and you want to allow its PPP peer to be able
> to communicate with hosts on that Ethernet. To do this, you should
> have the remote machine use an IP address that would normally appear
> to be on the local Ethernet segment and you should give the 'proxyarp'
> option to pppd on the server. Suppose, for example, we have this
> 188.8.131.52 184.108.40.206
> +-----------+ PPP link +----------+
> | chelseapc | ------------------- | billpc |
> +-----------+ +----------+
> | Ethernet
> ----------------------------------- 192.1.2.x
> Here the PPP and Ethernet interfaces of billpc will have IP address
> 220.127.116.11. (It's OK for one or more PPP interfaces on a machine to
> share an IP address with an Ethernet interface.) There is an
> appropriate entry in /etc/passwd on billpc to allow chelseapc to call
> in. It will run pppd when the user signs on to the system and pppd will
> take the options from the user option file.
> In addition, you would edit the file ~ppp/.ppprc to have the following
> piece of information:
> When the link comes up, pppd will enter a "proxy arp" entry for
> chelseapc into the arp table on billpc. What this means effectively
> is that billpc will pretend to the other machines on the 192.1.2.x
> Ethernet that its Ethernet interface is ALSO the interface for
> chelseapc (18.104.22.168) as well as billpc (22.214.171.124). In practice
> this means that chelseapc can communicate just as if it was directly
> connected to the Ethernet.
> SETTING UP A MACHINE FOR INCOMING PPP CONNECTIONS WITH DYNAMIC IP
> The use of dynamic IP assignments is not much different from that
> using static IP addresses. Rather than putting the IP address into the
> single file ~ppp/.ppprc, you would put the IP address for each of the
> incoming terminals into the /etc/ppp/options.tty files. ('tty' is the
> name of the tty device. For example /etc/ppp/options.ttyS0 is used for
> the /dev/ttyS0 device.)
> To each of the serial devices, you would attach a modem. To the
> modems, attach the telephone lines. Place all of the telephone lines
> into a hunt group so that the telephone system will select the
> non-busy telephone and subsequently, the modem. By selecting the
> modem, the user will select a tty device and the tty device will
> select the IP address. Run a getty process against the tty device such
> as /dev/ttyS0.
> (The general consensus among the users is that you should *not* use
> the agetty process to monitor a modem. Use either getty_ps' uugetty
> process or mgetty from the mgetty+sendfax package.)
> SECURITY CONCERNS ABOUT INCOMING PPP CONNECTIONS
> The following security should be considered with the ppp connections.
> 1. Never put the pppd program file into the /etc/shells file. It is not
> a legal shell for the general user. In addition, if the shell is missing
> from the shells file, the ftpd process will not allow the user to access
> the system via ftp. You would not want Joe Hacker using the ppp account
> via ftp.
> 2. Ensure that the directory /etc/ppp is owned by 'root' and permits
> only write access to the root user.
> 3. The files /etc/ppp/options must be owned by root and accessible only
> from that user. Never permit any other user access to this file.
> 4. The files /etc/ppp/ip-up and /etc/ppp/ip-down will be executed by the
> pppd process while it is root. Ensure that these files are writable only
> from the root user.
> 5. If you use an incoming PPP connection, you should do the following as
> the root user:
> a) Invalidate the files for rhosts and forward
> rm -f ~ppp/.rhosts ~ppp/.forward
> touch ~ppp/.rhosts ~ppp/.forward
> chmod 444 ~ppp/.rhosts ~ppp/.forward
> b) Prevent users from sending mail to the user 'ppp'.
> This is best performed by creating a system alias 'ppp' and have it
> point to the name "THIS_USER_CANNOT_RECEIVE_MAIL". It has no special
> meaning other than the obvious one.
> For sendmail, the sequence is fairly easy. Edit the /etc/aliases file
> and add the line:
> Then run the sendmail program with the option '-bi' to rebuild the
> alias database.
> c) Secure the ppp file properly.
> chown root ~ppp/.ppprc
> chmod 444 ~ppp/.ppprc
> You may wish to extend the security by creating a group 'ppp' and putting
> the ppp user into that group, along with the binaries for pppd and pppstats.
> Then you may secure the binaries so that they are executable from the owner
> (which should be root) and the group only. All other users would be denied
> all access to the files and executables.
> d) Prevent the motd file from being sent to the ppp user.
> touch ~ppp/.hushlogin
> chown root ~ppp/.hushlogin
> chmod 444 ~ppp/.hushlogin
We are trying to run PPP thru a NULL-MODEM connection between
-PC running LINUX (running kernel ver. 2.0.0, PPP ver. 2.2.0)
-Macintosh running FreePPP ver. 2.5 and apple TCP/IP 1.1
Of course, we want LINUX to be the PPP-server and the Mac to be
This is how far we get:
as root, we run:
/usr/sbin/pppd -detach modem crtscts lock :126.96.36.199 /dev/ttyS1
In the terminal window FreePPP recognises the ppp-startup string
sent by linux. The local IP is also set.
Anyway, all seems to go well. FreePPP says:
-(short time passes)
-connection was established but it is not a reliable connection
meanwhile at LINUX:
Sep 29 17:18:34 zorn pppd: pppd 2.2.0 started by root, uid 0
Sep 29 17:18:58 zorn pppd: Serial connection established.
Sep 29 17:18:59 zorn pppd: Using interface ppp0
Sep 29 17:18:59 zorn pppd: Connect: ppp0 <--> /dev/ttyS1
Sep 29 17:19:01 zorn pppd: local IP address 188.8.131.52
Sep 29 17:19:01 zorn pppd: remote IP address 184.108.40.206
We have the feeling we are quite close to succes... :-}
Can anybody help us out?
Thanks in advance!
Maarten and David