Very Computer

I just read about the "ktune" option for pppd (I'm running RHL 7.2
with the latest 2.4.9-34 colonel), which SOUNDS (ahem) like it sets
the things that need to be set for me (I think).  From the pppd man:

ktune
Enables pppd to alter kernel settings as appropriate. Under Linux,
pppd will enable IP forwarding (i.e. set /proc/sys/net/ipv4/ip_forward
to 1) if the proxyarp option is used, and will enable the dynamic IP
address option (i.e. set /proc/sys/net/ipv4/ip_dynaddr to 1) in demand
mode if the local address changes.

   Currently, I clear "ip_forward", do my IPTABLES setup, enable
"ip_forward", then enable pppd.  What the man page doesn't say is
whether or not "ip_forward" is cleared when pppd disconnects (or if it
SHOULD be cleared).  I'm also not sure about the "ip_dynaddr" option,
as only 1 of the many FAQ/HOW-TO/man/books I've read even mentions it.
 I'm also not sure about "proxyarp".  Do I need the routing entry
added by "proxyarp" for the other machines?  Doesn't "defaultroute"
take care of that?  The linux box is attempting to be a DHCP, Samba,
firewall & caching-only DNS server.  I'm connecting to Earthlink via
dialup modem, and getting a unique local and remote IP everytime
(according to /var/log/messages).  I use the "demand" option, and pppd
correctly dials out when it needs to.  A whole lot more then it needs
to actually, but I think this is a WinXP box trying to get to MSN.

Quote:> I just read about the "ktune" option for pppd (I'm running RHL 7.2
> with the latest 2.4.9-34 colonel), which SOUNDS (ahem) like it sets

                           ^^^^^^^
Err... do you mean "kernel?"

Quote:> the things that need to be set for me (I think).  From the pppd man:
> ktune
> Enables pppd to alter kernel settings as appropriate. Under Linux,
> pppd will enable IP forwarding (i.e. set /proc/sys/net/ipv4/ip_forward
> to 1) if the proxyarp option is used, and will enable the dynamic IP
> address option (i.e. set /proc/sys/net/ipv4/ip_dynaddr to 1) in demand
> mode if the local address changes.

For just connecting to an ISP you don't need any of this, except that
ip_dynaddr could be of value.  I'm not sure just how much value it is
anymore but it won't hurt to enable it in a file in /etc/rc.d* so it
will be turned on at boot, which is what I do.

Quote:>    Currently, I clear "ip_forward", do my IPTABLES setup, enable
> "ip_forward", then enable pppd.  What the man page doesn't say is
> whether or not "ip_forward" is cleared when pppd disconnects (or if it
> SHOULD be cleared).  I'm also not sure about the "ip_dynaddr" option,
> as only 1 of the many FAQ/HOW-TO/man/books I've read even mentions it.
>  I'm also not sure about "proxyarp".  Do I need the routing entry
> added by "proxyarp" for the other machines?  Doesn't "defaultroute"

You need proxyarp only if the "other machines" are able to access the
Internet through the PPP link.  That usually requires a routable subnet
for the local LAN, not likely the case here.  IP masquerading might
be able to provide them access through the PPP link but I haven't ever
done it.

Quote:> take care of that?  The linux box is attempting to be a DHCP, Samba,
> firewall & caching-only DNS server.  I'm connecting to Earthlink via
> dialup modem, and getting a unique local and remote IP everytime
> (according to /var/log/messages).  I use the "demand" option, and pppd
> correctly dials out when it needs to.  A whole lot more then it needs
> to actually, but I think this is a WinXP box trying to get to MSN.

Microsoft is very likely the culprit.  You might try using tcpdump to
find out and then take steps to prevent the unwanted connections by
filtering, or by configuring the MS box to stop it's foolishness.

--

PPP-Q&A links, downloads:    http://users3.ev1.net/~ckite/public_html/
/* They that can give up essential liberty to obtain a little temporary
   safety deserve neither liberty nor safety."  Benjamin Franklin */

That man needs psychiatric help.

Peter