"Perez, Victor" wrote:
> Hi there:
>
> Can somebody please post working config files of a small network connected
> via modem to the internet using diald and masquerading?
>
> -
> Atentamente,
> Victor Perez Muena
> IS&T Support - Port Area (Los Vilos)
> Los Pelambres Project - Bechtel Chile Ltda.
> Ext. 8033, Phone: (2) 361-8033 - Fax: (2) 361-8025
>
Victor and Jeff,
This is pretty basic, but it works for my network at home, using Linux to
masquerade a couple of other machines. Each machine is on an ethernet LAN
with private class C addresses, and points to the diald box as the default
gateway. I use my ISP's name servers for all machines on the network. Make
sure that all of the machines in the network have three name servers in their
configs, even if you have to repeat entries. Three name servers allows
enough retries to let diald get the ppp connection started.
As part of /etc/rc.d/rc.local I added the following:
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
diald -f /etc/diald/diald.conf
/sbin/ipchains-restore < /etc/ipchains.conf
where /etc/ipchains.conf is:
:input ACCEPT
:forward DENY
:output ACCEPT
-A forward -s 192.168.10.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j MASQ
-A forward -s 192.168.100.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j MASQ
This file was generated from an ipchains-save command after I had gotten
masquerading to work. This is not a very secure firewall, but I was more
interested in getting the new ipchains working. Also I do some experimenting
on the 192.168.100 subnet, thus the second -A forward... line.
As for the diald part, here is my diald.conf, it is hacked from one of the
diald samples:
#
# diald.conf for anathoth
#
# Select the demand dial rules you want
# Bring the link up for anything, timeout in seconds. Use this for
# when the dompute has its own phone line
accept any 300 any
# Use the filter file that comes with diald. This can be a bit drastic,
# so use the filter below
# include /usr/lib/diald/standard.filter
# or use the filter that brings the link up for use on a line shared with
# a phone
# include /etc/diald/phone.filter
# stuff to set up the diald connection
device /dev/ttyS1
speed 115200
lock
mode ppp
# We may get another terminal server, thus use
# 'dynamic' and do not tell PPP the IP number of the other end
# For use with gated, comment out the 'dynamic' option, and
# set remote to be the same as local
dynamic
local 10.0.0.1
remote 10.0.0.2
pppd-options asyncmap 0 user myuserID remotename ISPName
defaultroute
modem
crtscts
connect "/usr/sbin/chat -f /etc/ppp/pppchat"
redial-timeout 10
fifo /etc/diald/diald.ctl
/etc/ppp/pppchat is as follows:
ABORT "NO DIALTONE"
ABORT BUSY
ABORT "NO CARRIER"
REPORT "CONNECT"
"" ATZ
OK AT&F&C1E0s11=55L0M0S95=1X4W2&Q5&D3
OK ATDT8888888
CONNECT ""
/etc/ppp/pap-secrets is as follows:
# PAP secrets file
# remotenames ppp<n> are reserved for netcfg
#
# Format:
#name remote secret
myuserID ISPName password
Disclaimer:
The modem strings in pppchat are for a Zoom Dualmode external and may not
work with yours. They are Rockwell-centric. Put your user ID, remote name
and password in pap-secrets and set its mode to 600. And put your ISP's
telephone number in pppchat after the ATDT. You may need to experiment with
loading some of the masquerading modules if you need more than email, http,
etc. My client machines run ftp in pasv mode to avoid special masquerading
configurations. The ip_masq_xxx modules worked fine with ip masquerading
prior to ipchains, and should still work. You will also need to enable the
appropriate kernel items, such as ppp, slip, masquerading, firewalling, the
packet socket items, and support for the ethertap devices (see the diald docs
for the ethertap info).
I hope this helps.
Good Luck!
Bob...
--
--------------------------------------------------------
Bob Chiodini [EMAIL PROTECTED]
--------------------------------------------------------
-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
