![]() |
![]()
![]() ![]() ![]()
![]() |
![]() |
Be a Linux-based ISPBy Charles Fisher If one word could be said about Microsoft Windows
products, the word would be ubiquitous. For better or for worse,
the stuff is everywhere. While it is fairly simple to make Linux
and Windows 95 inter-operate over a LAN, the Windows PPP
(Point-to-Point Protocol) implementation is much more exacting.
Rather than pour over manual pages on
This article has been updated for Red Hat Linux 5.0, and it now contains additional information on automatic DNS configuration for Windows clients. Graphical browsers will show the new material in a distinct color. Those using non-graphical browsers look for the text ``Red Hat 5.0 Update''. Questions regarding this article should be directed to the author at cfisher@netexpress.net How You Can Use This InformationThere are a number of different applications for a Windows Dial-Up server:
Each of these target audiences will install their server differently. A startup ISP on a limited budget might tend to put all their services on a single machine. A single-server solution should work for the common services, including DNS, electronic mail, WWW server, FTP server, but not NNTP. If a site does not outsource NNTP services , then plan on a separate machine with nine gigabytes of disk space for a full feed. An established ISP might be deploying Linux systems next to commercial terminal servers. Users within a corporate environment might require NIS, DNS, or mail services provided by different departments. However, the configuration of the Dial-Up lines remains the same under all environments for this article. The information presented within this document is intended for
Intel-based systems running Red Hat Linux 4.2. Much reference is
made to Red Hat RPM archives and the out-of-box configuration
files on a freshly installed Red Hat system. Much of the same
information will be applicable, however, to other Unix platforms
where the PPP daemon and
Red Hat 5.0 Update
.
This article assumes that you have a system that reliably runs Red Hat 4.2. It is also assumed that your network interface cards are properly configured, that your serial boards and associated device files have been installed, that your network routers are functioning, and that you have added user accounts to your Unix system for each of your Dial-Up users. Major ChallengesThe Linux
The various getty implementations are usually responsible for establishing modem sessions. However, most of these know nothing about PPP network sessions. A further difficulty is in
There are two software components that will solve these
problems. First,
Compiling mgettyAn RPM containing
Red Hat 5.0 Update
rpm -Uvh ftp://ftp.redhat.com/pub/redhat/redhat-5.0/i386/RedHat/ RPMS/mgetty-1.1.9-3.i386.r pm Red Hat's FTP server is sometimes quite busy; you may have to run the command several times before a successful download and install occurs. If you don't have a direct Internet connection, you will have to get the file from your installation CD or another source. Then, install the package manually with: rpm -Uvh mgetty-1.1.9-3.i386.rpm Once you have installed this package, you may proceed with the
modification of
The binary distribution is still compiled without
optimization. If you would like to compile an optimized version,
download the source
Assuming that you are running as root on Red Hat 4.2 and your
mkdir mgetty cd mgetty rpm2cpio < ../mgetty-1.1.5-1.src.rpm | cpio -i tar xvzf mgetty1.1.5-Apr16.tar.gz cd mgetty-1.1.5 patch < ../mgetty-1.1.5-config.patch patch < ../mgetty-1.1.5-makekvg.patch patch < ../mgetty-1.1.5-sendmail.patch Red Hat 5.0 Update
.
mkdir mgetty cd mgetty rpm2cpio < ../mgetty-1.1.9-3.src.rpm | cpio -i tar xvzf mgetty1.1.9-Aug17.tar.gz cd mgetty-1.1.9 patch < ../mgetty-1.1.5-config.patch patch < ../mgetty-1.1.5-makekvg.patch patch < ../mgetty-1.1.5-sendmail.patch Modify the CFLAGS line in the
T
his will prepare a version of the
Next, edit the
CFLAGS=$(RPM_OPT_FLAGS) -Wall -pipe -DAUTO_PPP You might also add ``-s -O2 -fomit-frame-pointer'' to the previous command to create a smaller binary image, if you are comfortable with the optimizer. Now, enter the last command sequence: make; make install
You should modify the file
speed 115200 modem-type data rings 1 If you want to enable FAX transmissions with
You should also modify the file
/AutoPPP/ - a_ppp /usr/sbin/pppd 115200 There will be another commented
When
Compiling p ppdThis section addresses
This section is optional; you can configure a working dialup
system with the standard
The reason that you might want to make use of shadow passwords is simple. When you use Telnet, Rlogin, or Ftp, you transmit your password over the Internet in clear text form. Anyone who has a packet sniffer running somewhere on the network between you and your server can read the password. On a conventional Unix system, if the party who has stolen
your password logs into your server, they can see the DES-encrypted
passwords for all the other users on the system in the
If your system supports shadow passwords, there is an
Shadow passwords are not enabled by default on Red Hat Linux (other distributions may differ). You can find instructions on how to enable them in the shadow documentation at the Red Hat web site. Red Hat 5.0 Update
.
If you make the decision to use shadow passwords, you must
recompile
The current beta of
An RPM containing
Assuming that you have placed the
mkdir ppp cd ppp rpm2cpio < ../ppp-2.2.0f-3.src.rpm | cpio -i tar xvzf ppp-2.2.0f.tar.gz patch < ppp-2.20f-glibc.patch gzip -cd pppd-2.2.0eglibc.patch.gz | \ sed 's|/usr/src/redhat/BUILD/ppp-2.2.0e|ppp-2.2.0f|' | patch cd ppp-2.2.0f ./configure cd pppd Red Hat 5.0 Update
.
Future releases of Red Hat Linux might include this daemon by
default. You can determine what version of
If you either desire or are forced to use the newer version of
rpm -Uvh ftp://ftp.redhat.com/pub/redhat/redhat-5.0/updates/ i386/ppp-2.3.3-2.i386.rpm After you have installed the new daemon, run the following
command to configure your
echo '* * "" *' >> /etc/ppp/pap-secrets After this command is complete, skip to the next section.
Caution:
Do not remove the
If you would like t
o use the older daemon, an RPM for Red Hat
Linux 5.0 containing
Enter this command sequence to prepare the daemon for compilation: mkdir ppp cd ppp rpm2cpio < ../ppp-2.2.0f-5.src.rpm | cpio -i tar xvzf ppp-2.2.0f.tar.gz patch < ppp-2.20f-glibc.patch gzip -cd pppd-2.2.0eglibc.patch.gz | \ sed 's|/usr/src/redhat/BUILD/ppp-2.2.0e|ppp-2.2.0f|' | patch cd ppp-2.2.0f ./configure cd pppdEnd of Update Now, the following changes have to be made in the
Red Hat 5.0 Update
.
End of Update After you have finished patching the daemon, use root to run
the command ``
Please note that, if you install the shadow
Obviously, this is a great deal of work.
Conscientious
administrators will of course take all these steps on their own,
as
Red Hat 5.0 Update
.
Options in /etc/pppBefore you go any further, you need to assign IP addresses
to
each of the modem lines that will be providing PPP services.
These IP addresses will be recorded in the
Your
auth -chap +pap login modem crtscts lock proxyarp dns-addr x.x.x.x dns-addr y.y.y.y All of these options are discussed in the
Red Hat 5.0 Update
.
auth login modem crtscts lock proxyarp ms-dns x.x.x.x ms-dns y.y.y.y All options are the same as described above with the exception of
You should also remove the file
Now, each serial device that will support PPP must have a
unique option file. If you plan to attach a modem to
Let's pretend that I have an Internet server at IP address
1.2.3.1, and that I have allocated 1.2.3.4 as the IP address that
I want to assign for the PPP dialup. Let's also pretend that I
am using a Comtrol Rocketport serial device that is known on my
system as
If this were the case, I would require a file
1.2.3.1:1.2.3.4 The first parameter above is the IP address of the dialup server. The second parameter is the IP assigned for that line. Each serial line must have a different IP address. The ``
proxyarp'' option listed above deserves greater
attention. If proxyarp is excluded, the serial devices will be
able to transmit network data to the server, but they will not be
able to communicate with any other machine. (The proxyarp option
configures the Ethernet devices to answer ARP requests for the
PPP IP addresses.) If you have some dialup lines that you want
to configure for email access only, you might move the proxyarp
parameter out of
If you have no IP addresses to allocate for your serial devices, you might consider using bogus IP addresses in the 192.168.x.x range, and proxy software like the free TIS FireWall ToolKit or the old CERN WWW Server . You normally cannot use proxyarp in such a situation. Information on IP Masquerade might also be helpful. Adding mgetty to /etc/inittabEach serial line will be controlled by an entry in
S0:345:respawn:/usr/sbin/mgetty ttyS0 Red Hat 5.0 Update
.
S0:345:respawn:/sbin/mgetty ttyS0End of Update. You must add similar lines describing each serial device on
your system that is participating in the
After you have made your changes to
You can recycle all your inactive modems at any time by entering the command ``killall mgetty'' (be careful of this command on non-Red Hat systems). TestingRed Hat 5.0 Update
.
echo 1 > /proc/sys/net/ipv4/ip_forward This should be inserted into the system startup scripts. One way to do so is with the following command: echo 'echo 1 > /proc/sys/net/ipv4/ip_forward' >> /etc/rc.d/rc.local Red Hat does not prefer this method. They suggest that a
modification be made to the
FORWARD_IPV4=no To enable forwardi ng in a way that is compatible with the Red Hat configuration scripts, change the line to: FORWARD_IPV4=yes There is more documentation about the contents of the
If you don't enable packet forwarding across the network
interfaces, the dialup users will be able to send packets to your
Linux host, but not to any other machine on the network. That
is, it will appear as if you have forgotten the
First, you have to set up a Dial-Up Networking icon on a Windows 95 system that will connect to your server. I have prepared a Windows 95 document that describes this procedure , and a similar document that describes the connection under Windows 3 .1 and Trumpet Winsock . You should change the name ``ACME'' (and ``acme'') in the document to the name of your own organization, the IP addresses of the name servers (1.2.3.4, 5.6.7.8) to your own DNS servers, and the phone number (123-456-7890). For larger ISPs, Netscape has a kit for Internet connection software and Navigator . Microsoft also has a kit that creates a custom version of Internet Explorer . It also configures Dial-Up Networking. To connect a Macintosh to your Dial-Up server, get the FreePPP (www.rockstar.com) package. Of course, you are running getty so you can use terminal programs (or terminals) with modems for dialup shell access. HyperTerminal works from Windows 95, minicom works from Linux. To connect another Linux system to y our Dial-Up Networking server, you should place the following files on the remote Linux system: In the
#!/bin/sh exec /usr/sbin/pppd -detach lock modem crtscts defaultroute user USERNAME /dev/cua0 38400 \ connect "/usr/sbin/chat -f /sbin/network.chat" And in the
'ABORT' 'BUSY' 'ABORT' 'ERROR' 'ABORT' 'NO CARRIER' 'ABORT' 'NO DIALTONE' 'ABORT' 'Invalid Login' 'ABORT' 'Login incorrect' '' 'ATZ' 'OK' 'ATDT 1234567' 'CONNECT' '' ogin:--ogin: '' And in the
# Secrets for authentication using PAP # client server secret IP addresses USERNAME "" PASSWORD The scripts above will require some modifications:
When these files are in place and the user execute bit is set
for
Non-root users can also use the script if root runs the command
``
You can find more information on attaching Linux to an ISP in the ISP-Hookup-HOWTO (<URL:ftp://tsx-11.mit.edu/pub/linux/docs/HOWTO/ISP-Hookup-HOWTO>) ConclusionFor all Microsoft's advertising, a Unix Dial-Up server is much less expensive than RAS under NT. If you consider the added cost of proxy software, should it be necessary, the price gap is even more stark. Windows NT server costs approximately $1,000 (or more, depending upon user licenses). The GPL release of Red Hat Linux is available from Linux Systems Labs for the cost of the distribution media ($1.95). Linux also includes an unlimited-seat SMB server, FTP, WWW, Telnet, X Window System, NFS, and electronic mail servers. Some of these items are very pricey on Windows NT. Network equipment vendors such as Cisco or Livingston also offer products that perform the same function as a Linux Dial-Up server, but they l ack the tremendous flexibility of a full Unix operating system. If you need an inexpensive, reliable Dial-Up Networking solution that offers the flexibility of Unix, Linux is the way to go. Author BiographyCharles Fisher is a writer and consultant who specializes in Linux. He has a home page that describes his personal and professional interests.
|
||||||||||||||||
With any suggestions or questions please feel free to contact us |