Linux as a PPP Server ?

Linux as a PPP Server ?

Post by Thomas Hora » Tue, 20 Oct 1998 04:00:00



Hi, I want to set up my Linux server as a PPP server for dial in
connections, I can so far dial in to my linux box and get a prompt so I want
to change the shell frm bash to some sort of ppp connection ! But how do I
do this ??????
 
 
 

Linux as a PPP Server ?

Post by Han » Tue, 20 Oct 1998 04:00:00



>Hi, I want to set up my Linux server as a PPP server for dial in
>connections, I can so far dial in to my linux box and get a prompt so I want
>to change the shell frm bash to some sort of ppp connection ! But how do I
>do this ??????

mgetty-1.1.18, ppp-2.2.0f
compile mgetty with -DAUTO_PPP and look in login.config

Hans

 
 
 

Linux as a PPP Server ?

Post by Kalevi Hautanie » Wed, 21 Oct 1998 04:00:00


: Hi, I want to set up my Linux server as a PPP server for dial in
: connections, I can so far dial in to my linux box and get a prompt so I want
: to change the shell frm bash to some sort of ppp connection ! But how do I
: do this ??????

Take a look at my homepage link "My links for Linux PPP". You can find
there my configuration for such a server.

Kalevi

--
Kalevi J Hautaniemi,      Marjatankatu 12,     33730 Tampere,  FINLAND.
****  http://oh3tr.ele.tut.fi/~oh3fg/ ****  On air:  OH3FG, KO4BC  ****
tel:+358-3-364-7446    fax:+358-3-364-2476    mobile:+358-50-590-2243

 
 
 

Linux as a PPP Server ?

Post by Maur » Wed, 21 Oct 1998 04:00:00



> Hi, I want to set up my Linux server as a PPP server for dial in
> connections, I can so far dial in to my linux box and get a prompt so I want
> to change the shell frm bash to some sort of ppp connection ! But how do I
> do this ??????

Take a look at this doc from RH5.0
Quote:

> SETTING UP A MACHINE FOR INCOMING PPP CONNECTIONS

> Suppose you want to permit another machine to call yours up and start
> a PPP session.  This is possible using Linux PPP.

> One way is to create an account named, say, 'ppp', with the login
> shell being a short script that starts pppd.  For example, the passwd
> entry might look like this:

>   ppp:(encrypted password):102:50:PPP client login:/home/ppp:/usr/sbin/pppd

> In addition, you would edit the file ~ppp/.ppprc to have the following
> pieces of information:

> -detach
> modem
> crtscts
> lock
> :192.1.2.33

> Here we will insist that the remote machine use IP address 192.1.2.33,
> while the local PPP interface will use the IP address associated with
> this machine's hostname in /etc/hosts.  The '-detach' option is required
> for a server. It tells the pppd process not to terminate until the modem
> is disconnected. Should it fork, the init process would restart the getty
> process and the this would cause a severe conflict over the port.

> The 'modem' option indicates that the connection is via a switched circuit
> (using a modem) and that the pppd process should monitor the DCD signal
> from the modem.

> The 'crtscts' option tells the pppd process to use hardware RTS/CTS flow
> control for the modem.

> The 'lock' option tells pppd to lock the tty device. This will use the UUCP
> style locking file in the lock directory.

> This setup is sufficient if you just want to connect two machines so
> that they can talk to one another.  If you want to use Linux PPP to
> connect a single machine to an entire network, or to connect two
> networks together, then you need to arrange for packets to be routed
> from the networks to the PPP link.  Setting up a link between networks
> is beyond the scope of this document; you should examine the routing
> options in the manual page for pppd carefully and find out about
> routed, etc.

> Let's consider just the first case.  Suppose you have a Linux machine
> attached to an Ethernet, and you want to allow its PPP peer to be able
> to communicate with hosts on that Ethernet.  To do this, you should
> have the remote machine use an IP address that would normally appear
> to be on the local Ethernet segment and you should give the 'proxyarp'
> option to pppd on the server.  Suppose, for example, we have this
> setup:

>  192.1.2.33                        192.1.2.17
> +-----------+      PPP link       +----------+
> | chelseapc | ------------------- |  billpc  |
> +-----------+                     +----------+
>                                         |           Ethernet
>                             ----------------------------------- 192.1.2.x

> Here the PPP and Ethernet interfaces of billpc will have IP address
> 192.1.2.17.  (It's OK for one or more PPP interfaces on a machine to
> share an IP address with an Ethernet interface.)  There is an
> appropriate entry in /etc/passwd on billpc to allow chelseapc to call
> in. It will run pppd when the user signs on to the system and pppd will
> take the options from the user option file.

> In addition, you would edit the file ~ppp/.ppprc to have the following
> piece of information:

> -detach
> modem
> crtscts
> lock
> 192.1.2.17:192.1.2.33
> proxyarp

> When the link comes up, pppd will enter a "proxy arp" entry for
> chelseapc into the arp table on billpc.  What this means effectively
> is that billpc will pretend to the other machines on the 192.1.2.x
> Ethernet that its Ethernet interface is ALSO the interface for
> chelseapc (192.1.2.33) as well as billpc (192.1.2.17).  In practice
> this means that chelseapc can communicate just as if it was directly
> connected to the Ethernet.

> SETTING UP A MACHINE FOR INCOMING PPP CONNECTIONS WITH DYNAMIC IP

> The use of dynamic IP assignments is not much different from that
> using static IP addresses. Rather than putting the IP address into the
> single file ~ppp/.ppprc, you would put the IP address for each of the
> incoming terminals into the /etc/ppp/options.tty files. ('tty' is the
> name of the tty device. For example /etc/ppp/options.ttyS0 is used for
> the /dev/ttyS0 device.)

> To each of the serial devices, you would attach a modem. To the
> modems, attach the telephone lines. Place all of the telephone lines
> into a hunt group so that the telephone system will select the
> non-busy telephone and subsequently, the modem. By selecting the
> modem, the user will select a tty device and the tty device will
> select the IP address. Run a getty process against the tty device such
> as /dev/ttyS0.

> (The general consensus among the users is that you should *not* use
> the agetty process to monitor a modem. Use either getty_ps' uugetty
> process or mgetty from the mgetty+sendfax package.)

> SECURITY CONCERNS ABOUT INCOMING PPP CONNECTIONS

> The following security should be considered with the ppp connections.

> 1. Never put the pppd program file into the /etc/shells file. It is not
> a legal shell for the general user. In addition, if the shell is missing
> from the shells file, the ftpd process will not allow the user to access
> the system via ftp. You would not want Joe Hacker using the ppp account
> via ftp.

> 2. Ensure that the directory /etc/ppp is owned by 'root' and permits
> only write access to the root user.

> 3. The files /etc/ppp/options must be owned by root and accessible only
> from that user. Never permit any other user access to this file.

> 4. The files /etc/ppp/ip-up and /etc/ppp/ip-down will be executed by the
> pppd process while it is root. Ensure that these files are writable only
> from the root user.

> 5. If you use an incoming PPP connection, you should do the following as
> the root user:

> a) Invalidate the files for rhosts and forward
> rm -f     ~ppp/.rhosts ~ppp/.forward
> touch     ~ppp/.rhosts ~ppp/.forward
> chmod 444 ~ppp/.rhosts ~ppp/.forward

> b) Prevent users from sending mail to the user 'ppp'.

> This is best performed by creating a system alias 'ppp' and have it
> point to the name "THIS_USER_CANNOT_RECEIVE_MAIL". It has no special
> meaning other than the obvious one.

> For sendmail, the sequence is fairly easy. Edit the /etc/aliases file
> and add the line:

> ppp:THIS_USER_CANNOT_RECEIVE_MAIL

> Then run the sendmail program with the option '-bi' to rebuild the
> alias database.

> c) Secure the ppp file properly.
> chown root ~ppp/.ppprc
> chmod 444  ~ppp/.ppprc

> You may wish to extend the security by creating a group 'ppp' and putting
> the ppp user into that group, along with the binaries for pppd and pppstats.
> Then you may secure the binaries so that they are executable from the owner
> (which should be root) and the group only. All other users would be denied
> all access to the files and executables.

> d) Prevent the motd file from being sent to the ppp user.
> touch ~ppp/.hushlogin
> chown root ~ppp/.hushlogin
> chmod 444  ~ppp/.hushlogin

 
 
 

1. LINUX<(nullmodem)>Mac PPP connection; LINUX as PPP-server

Hi!

We are trying to run PPP thru a NULL-MODEM connection between
  -PC running LINUX (running kernel ver. 2.0.0, PPP ver. 2.2.0)
    and a
  -Macintosh running FreePPP ver. 2.5 and apple TCP/IP 1.1

Of course, we want LINUX to be the PPP-server and the Mac to be
the client.

This is how far we get:

LINUX:
   as root, we run:

   /usr/sbin/pppd -detach modem crtscts lock :192.1.2.23 /dev/ttyS1
57600

MAC:
   In the terminal window FreePPP recognises the ppp-startup string
   sent by linux. The local IP is also set.
   Anyway, all seems to go well. FreePPP says:
      -establishing communicatiom
      -succesful
      -established communication
      -(short time passes)
      -link dead
      -connection was established but it is not a reliable connection
and
       was terminated.

meanwhile at LINUX:
/var/adm/messages reads:
Sep 29 17:18:34 zorn pppd[147]: pppd 2.2.0 started by root, uid 0
Sep 29 17:18:58 zorn pppd[147]: Serial connection established.
Sep 29 17:18:59 zorn pppd[147]: Using interface ppp0
Sep 29 17:18:59 zorn pppd[147]: Connect: ppp0 <--> /dev/ttyS1
Sep 29 17:19:01 zorn pppd[147]: local  IP address 194.109.45.55
Sep 29 17:19:01 zorn pppd[147]: remote IP address 194.109.6.110

We have the feeling we are quite close to succes... :-}
Can anybody help us out?

Thanks in advance!

Maarten and David

2. Latest stable kernel 2.0.36?

3. Windows NT 3.51 as PPP server and Linux PPP client

4. Bus Error with NetScape -- which libc to use?

5. Win95's PPP <-> Linux PPP server?

6. linux & laptops

7. Linux PPP connection with WinNT PPP server?

8. 2 IDE Dr + 2port cntrlr card,can i one master each port ? NEED MORE INFO

9. PPP help needed to linux ppp server

10. Win95 PPP and Linux PPP Server

11. PPP connection via mac or win modem dialup to dedicated Linux ppp server

12. PPP: WIN95 to Linux PPP Server

13. CISCO PPP server + Linux PPP Client + CHAP