Sharing internet connection with dialup ppp clients

Sharing internet connection with dialup ppp clients

Post by Perry Kunder » Wed, 13 Feb 2002 05:18:45



I've scoured the web for instructions on how to do this, but in vain...
I can't believe that I am the only human being on the the planet that
has a home linux computer with a cable connection, and wants to dial
into their home linux computer from a remote (say, office) location,
and share the Internet connection!

But, I seriously can't find anyone that has published exactly how to set
this up!  Lots of people that have a linux box with TWO NIC's installed
(one to their local network, and one to the Internet) and show how to
set up a firewall that allows the other computers on a local LAN to use
the one computer as a gateway to the internet, but no one seems to have
THREE separate networks (the office Windows Me computer dialing into the
home linux box via PPP, the linux box on the home network (with just one
computer), and then the NIC connecting to the internet.

I have a cable connection to the Internet on eth0 of my Mandrake 8.0
box.  It is a dynamic IP, but I've aliased eth0:0 to 192.168.1.1 (so, I
basically have another little network with a single linux computer on it.)

I have an office with 4 computers, on a little 192.168.0.x LAN network.
  We presently use a dialup ISP to connect to the Internet when we need
it.  I want to have my office Windows Me computer(s) dial in to my linux
box instead, for Internet access.

Here's the configuration (notice some computers have 2 or 3 separate
interfaces, each with their own IP address):

|---------- The Office ----------| |------ Home -----------|

              LAN                MODEMS                     CABLE
192.168.0.4 --|
               |      (Win. ME)            (linux box)
192.168.0.3 --|     192.168.0.22 ---ppp0-192.168.1.102
               |---- 192.168.0.2          192.168.1.1           / the
192.168.0.1 --|                          24.64.??.??? -eth0---| net!
                                                                \

So, to ``ping'' my office Windows Me computer from home (linux), I would
use ``ping 192.168.0.102'' from a linux terminal.  To ping my home
computer from the office, I would run ``ping 192.168.0.22'' from an
MS-DOS prompt window.  Am I insane?  This just doesn't make much sense
to me...

I've got mgetty set up to successfully accept dialins, and fire up pppd.
  The client Windows Me computer can connect successfully.  We can ping
each other.  But I cannot figure out how to set up the networking to
allow the Windows Me ppp client computer to access the Internet!

I don't really know if/why I need to alias eth0:0 to make myself a
little ``home'' network with just my one linux computer on it; can't I
somehow set up the ppp0 interface to just route packets to my eth0
connection to the internet?  It's the default route on my linux box;
shouldn't pppd somehow just set that up automagically when it brings up
the ppp0 interface, and the packets have nowhere to go?

Also, I seem to have to give a different IP address to each ``end'' of
the ppp0 connection to my office network; my computer at the office is
known as 192.168.0.2 on the local lan; but, I seem to have to assign the
ppp interface on that computer a different IP address (192.168.0.22)?!?

Clearly, I don't have a clue how IP networks really work.  I used to
think that each ``computer'' had a single IP address, but somehow each
interface on each computer has different IP address; and each END of
each interface has a different IP address!?!

So, here's the questions:

1) Do I run a series of ``ipchain'' commands in /etc/ppp/ip-up.local to
route packets from the ppp0 interface out to the eth0 interface?

2) If so, what would they be?  And what about undoing it all when the
ppp0 interface goes down (in /etc/ppp/ip-down.local)?

3) If not, what do I do?  I sort of assumed that when the ppp0 interface
came up, that there would be some default routes set up to automatically
use the default route on my linux box, or something.  Isn't that what
``proxyarp'' is supposed to do (in /etc/ppp/options.server)?

Here's the output of ``route'' (with the ppp0 interface NOT up).
Everything not addressed to the local LAN goes out the eth0 interface (I
think):
----------------------------------------------------------------
Kernel IP routing table
Destination  Gateway      Genmask        Flags Metric Ref Use Iface
192.168.0.0  *            255.255.255.0  U     0      0    0 eth0
24.64.160.0  *            255.255.252.0  U     0      0    0 eth0
127.0.0.0    *            255.0.0.0      U     0      0    0 lo
default      24.64.160.1  0.0.0.0        UG    0      0    0 eth0
----------------------------------------------------------------

Here's the output of ``ifconfig'', showing my little fake home network
192.168.0.1 on eth0:0, and my current dynamic IP address on eth0.  This
is when ppp is NOT up:
----------------------------------------------------------------
eth0      Link encap:Ethernet  HWaddr 00:50:04:85:B2:19
           inet addr:24.64.162.141 Bcast:24.64.163.255 Mask:255.255.252.0
           UP BROADCAST NOTRAILERS RUNNING  MTU:1500  Metric:1
           RX packets:1316753 errors:0 dropped:0 overruns:0 frame:0
           TX packets:1238828 errors:0 dropped:0 overruns:0 carrier:1
           collisions:6557 txqueuelen:100
           RX bytes:1591503566 (1517.7 Mb)  TX bytes:666166188 (635.3 Mb)
           Interrupt:11 Base address:0xec00

eth0:0    Link encap:Ethernet  HWaddr 00:50:04:85:B2:19
           inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
           UP BROADCAST NOTRAILERS RUNNING  MTU:1500  Metric:1
           Interrupt:11 Base address:0xec00

lo        Link encap:Local Loopback
           inet addr:127.0.0.1  Mask:255.0.0.0
           UP LOOPBACK RUNNING  MTU:16436  Metric:1
           RX packets:49509 errors:0 dropped:0 overruns:0 frame:0
           TX packets:49509 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:3947075 (3.7 Mb)  TX bytes:3947075 (3.7 Mb)
----------------------------------------------------------------

I have a domain name set to point to my dynamic IP address:
krusader.2y.net.  (I have to go and change it every time my dynamic IP
address changes; what a pain...)  I have specified my little home
network as a gateway, and call it ``gw'', but I don't use it anywhere! I
can't figure out how and/or why, but here it is:

/etc/hosts:
----------------------------------------------------------------
127.0.0.1
localhost.localdomain
localhost
192.168.0.1
gw.krusader.2y.net
gw
----------------------------------------------------------------

Here is my pppd setup.  It allows connections to be set up fine, and I
try to specify my 'net provider's DNS servers, but they don't seem to
get sent to the Windows Me client when it connects (or they do, but the
name server requests it sends can't find their way out to the Internet...)

/etc/ppp/options.server:
----------------------------------------------------------------
-detach
debug
auth
-chap
+pap
login
asyncmap 0
crtscts
modem
ms-dns 24.71.223.144
ms-dns 24.71.223.145
netmask 255.255.255.0
192.168.0.22:192.168.1.102
proxyarp
----------------------------------------------------------------

Here is my mgetty setup.  All this stuff seems to work; it allows my
office computer to dial in, accepts the call, and fires up the ppp
connection.  I can ping 192.168.1.102 from my linux box, and it seems to
be going over the modem (the ping delay is appropriate).  Also, on my
Windows computer, I can ping 192.168.0.22 (the ppp0 interface), and the
ping turnaround seems to indicated that it is connecting over the modem.
    Nothing much else seems to work, though:

/etc/mgetty+sendfax/mgetty.config
----------------------------------------------------------------
#
# Modem port.  Turn off auto-answer, and turn on caller-ID
#
port ttyS4
   modem-type   auto
   data-only    yes
   speed                115200
   rings                2
   cnd-program  /etc/ppp/pppconditional
   init-chat    "" ATZ OK AT&F1M1E1Q0#CID=1&S0=0 OK AT
   answer-chat  "" ATA CONNECT \c \r
----------------------------------------------------------------

/etc/mgetty+sendfax/login.config
----------------------------------------------------------------
/AutoPPP/ -     perry   /usr/sbin/pppd file /etc/ppp/options.server
----------------------------------------------------------------

Incidentally, here is the configuration file and script that I use to
allow mgetty to determine whether or not to accept the call. It also
``speaks'' the caller's name and/or number using a speech sythesis
program called ``festival'' which is available for free!  The (exit)
code from the pppconditional script, the callers name a number, and the
speech string to say (with $NAME and $NMBR variable substitution) is all
configurable.  Sort of a 30 minute hack, but works pretty cool...

/etc/ppp/pppconditional.conf
----------------------------------------------------------------
#
# NAME
#     pppconditional.conf
#
# DESCRIPTION
#
#     Specifies the return status, and the speech (if any) for
# different patterns of caller ID information.  The "shell"
# variables $NAME and $NMBR are available for substitution
# in the speech string.

#   $NAME $NMBR    (exit) Speech
     *     4035434707  0   Call\ from\ office\ computer.
     P     *           1   Call\ from\ unknown\ caller\ at\ $NMBR.
     *     P           1   Call\ from\ $NAME\ at\ unknown\ number.
     *     *           1   Call\ from\ $NAME\ at\ $NMBR.
----------------------------------------------------------------

/etc/ppp/pppconditional
----------------------------------------------------------------
#! /bin/bash

# NAME
#     pppconditional
#
# DESCRIPTION
#     Determines what to do, depending on the source of the call.  Also,
# annunciates the caller ID information using speech synthesis.
#
#
# RESULTS
#     0 exit code - Accept the call.
#     1 exit code - Reject call.  Do not connect
#
#
#

PORT=$1
NMBR=$2
NAME=$3
DRNG=$4 ...

read more »

 
 
 

Sharing internet connection with dialup ppp clients

Post by David Efflan » Wed, 13 Feb 2002 11:54:06



> I've scoured the web for instructions on how to do this, but in vain...
> I can't believe that I am the only human being on the the planet that
> has a home linux computer with a cable connection, and wants to dial
> into their home linux computer from a remote (say, office) location,
> and share the Internet connection!

> But, I seriously can't find anyone that has published exactly how to set
> this up!  Lots of people that have a linux box with TWO NIC's installed
> (one to their local network, and one to the Internet) and show how to
> set up a firewall that allows the other computers on a local LAN to use
> the one computer as a gateway to the internet, but no one seems to have
> THREE separate networks (the office Windows Me computer dialing into the
> home linux box via PPP, the linux box on the home network (with just one
> computer), and then the NIC connecting to the internet.

> I have a cable connection to the Internet on eth0 of my Mandrake 8.0
> box.  It is a dynamic IP, but I've aliased eth0:0 to 192.168.1.1 (so, I
> basically have another little network with a single linux computer on it.)

> I have an office with 4 computers, on a little 192.168.0.x LAN network.
>   We presently use a dialup ISP to connect to the Internet when we need
> it.  I want to have my office Windows Me computer(s) dial in to my linux
> box instead, for Internet access.

> Here's the configuration (notice some computers have 2 or 3 separate
> interfaces, each with their own IP address):

>|---------- The Office ----------| |------ Home -----------|

>               LAN                MODEMS                     CABLE
> 192.168.0.4 --|
>                |      (Win. ME)            (linux box)
> 192.168.0.3 --|     192.168.0.22 ---ppp0-192.168.1.102
>                |---- 192.168.0.2          192.168.1.1           / the
> 192.168.0.1 --|                          24.64.??.??? -eth0---| net!

I don't know the status of routing in WinME, but it was broken in Win95.
However by using Nat32 (www.nat32.com) I was able to set up this:

192.168.0.4 --|
              |     (Win95)                           (linux)
192.168.0.3 --|   192.168.0.10-nat32-172.16.1.2--ppp0-172.16.1.1
              |---192.168.0.2
192.168.0.2 --|

Yes, I had 2 IPs on the same Win95 nic, by simply telling Nat32 to use a
different IP than Win was using.  And Win95 could access the LAN while
simultaniously communicating with the remote.  Although, in my case I was
simply trying to get into the LAN.  In your case you would need proper
routing, ip_forward and masquerading for anything going out eth0 of Linux.

In this example boxes on the LAN would need to point to 192.168.0.10 as a
gateway.  They would also need DNS entries, either for your cable DNS or
the Linux ppp IP if you run your own.

Quote:> So, to ``ping'' my office Windows Me computer from home (linux), I would
> use ``ping 192.168.0.102'' from a linux terminal.  To ping my home
> computer from the office, I would run ``ping 192.168.0.22'' from an
> MS-DOS prompt window.  Am I insane?  This just doesn't make much sense
> to me...

The 192.168.1.0 host route to eth0:0 might interfere with getting a
response from 192.168.1.102 Linux ppp IP.  192.168.0.22 should work from
either end.  Not sure what is responding to 192.168.0.102 unless it is
because Win thinks it has a route to that whole subnet.

Quote:> I've got mgetty set up to successfully accept dialins, and fire up pppd.
>   The client Windows Me computer can connect successfully.  We can ping
> each other.  But I cannot figure out how to set up the networking to
> allow the Windows Me ppp client computer to access the Internet!

> I don't really know if/why I need to alias eth0:0 to make myself a
> little ``home'' network with just my one linux computer on it;

You don't need it if there is nothing using it.

Quote:> can't I somehow set up the ppp0 interface to just route packets to my eth0
> connection to the internet?  It's the default route on my linux box;
> shouldn't pppd somehow just set that up automagically when it brings up
> the ppp0 interface, and the packets have nowhere to go?

Yes, but assuming that you have ip_forward enabled (do you?), since you
proxyarp ppp0 to your nic, packets might go out, but the internet would
not know where to find the private 192.168.0.0/24 subnet to reply.  
Actually I do not think you want to use proxyarp here.

Quote:> So, here's the questions:

> 1) Do I run a series of ``ipchain'' commands in /etc/ppp/ip-up.local to
> route packets from the ppp0 interface out to the eth0 interface?

Yes.  Maybe your distro has some way to help you with that.  SuSE make it
all too easy, so I do not know details from scratch.  But basically if you
can find an example to Masquerade ppp0, you want to turn that around and
masquerade anything going out eth0.

Quote:> 2) If so, what would they be?  And what about undoing it all when the
> ppp0 interface goes down (in /etc/ppp/ip-down.local)?

You probably want to keep some sort of firewall in place for the cable
connection, and reset that from dhcp scripts when your cable IP changes.

Quote:> 3) If not, what do I do?  I sort of assumed that when the ppp0 interface
> came up, that there would be some default routes set up to automatically
> use the default route on my linux box, or something.  Isn't that what
> ``proxyarp'' is supposed to do (in /etc/ppp/options.server)?

For some background you might see the IP-Masquerading HOWTO.  But for
iptables see if you have a Packet-Filtering HOWTO or do a web search for
'iptables howto'.

(snip)

Quote:> I have a domain name set to point to my dynamic IP address:
> krusader.2y.net.  (I have to go and change it every time my dynamic IP
> address changes; what a pain...)

I would hope that they would have a Linux client that could update that
automatically from your dhcp scripts.  But I cannot help with that.  I
update my no-ip.com names for pppoe from /etc/ppp/ip-up.local.

Quote:> /etc/hosts:
> ----------------------------------------------------------------
> 127.0.0.1
> localhost.localdomain
> localhost
> 192.168.0.1
> gw.krusader.2y.net
> gw
> ----------------------------------------------------------------

The proper format for that is whitespace separated (spaces, tabs, etc.):
IP      primary_name aliases
(if yours works, newlines apparently also count as whitespace)

--
David Efflandt - All spam is ignored - http://www.de-srv.com/
http://www.autox.chicago.il.us/  http://www.berniesfloral.net/
http://cgi-help.virtualave.net/  http://hammer.prohosting.com/~cgi-wiz/