> On Friday, September 24, 1999 3:36 AM, Bill Hults
> [SMTP:[EMAIL PROTECTED]] wrote:
>
> Bill:
>
> > Hi
> > OK we're making progress thanks to your help. I don't remember where
> > the
> > list of aliases is. I'm getting a char_major_208 though it seems to
> > ignore
> > it.
Are you talking about the "modprobe: can't locate module char_major_108"
message?
The module is not needed for kernels 2.0.x and 2.2.x.
'alias char_major_108 off' in conf.modules
- FYI: you can skip this explanation -
pppd 2.3.9+ were designed to support the new kernel 2.3.x setup which has
been broken the ppp driver into two modules: ppp_generic and ppp_async.
If you were using kernel 2.3.x you would need to add two aliases to
conf.modules
alias char-major-108 ppp_generic
alias tty-ldisc-3 ppp_async
and you'd need to use mknod to add /dev/ppp
The message is generated in the code section that attempts to create
/dev/ppp if it does not already exist (it's a safety check before opening
the ppp device).
-
> > Diald now works from the Linux box. i can ping & do nslookup's etc.
> > but I
> > get no response from diald when I try to connect to the
> internet from
> > my NT
> > box.
There are lots of possible reasons for this. Some obvious questions: did
you set up the NT box to use the linux box as it's default gateway, did you
set up a DNS server entry on the NT box, did you enable forwarding on the
linux machine?
> > I just noticed that the kernel (2.2.12) is using ppp2.3.7
> and pppd is
> > 2.3.9. Does that mean anything?
> > TIA for any thoughts
>
> Have to get back on you about "char-major-208".
>
> Kernel is using version 2.3.7 of the ppp driver and you are using
> version 2.3.9 of the ppp daemon, no problem for what I know if both
> keep to 2.3.x (my driver is 2.3.3 and my daemon is 2.3.10).
>
> Now you really should read the small letters, ;). I think you
> need the
> IP Masquerade HOWTO, the IPCHAINS HOWTO and the ipchains man page.
>
> I'll give you a hint but its no favor I'm making, you
> _should_ read the
> above mentioned for security reasons.
>
> Somewhere in your startup files (I use it before the network
> is up) you
> should run the following script:
>
> -cut here-
> #!/bin/sh
>
> # Set the following line to your gateway device
> # if different from ppp0.
> #IF_OUT=ppp1
>
> ipchains -P forward REJECT
> ipchains -A forward -i ${IF_OUT:="ppp0"} -j MASQ
> -cut here-
That's a security hole as written, anybody on the internet could forward
through your machine and be masq'd to your address. Source and destination
addresses default to anybody (0.0.0.0/0) if not specified. So even though
you've set the policy to reject, you've opened access to the world by not
limiting the source address range.
Changing the final rule to something similar to the following would help.
--
#change LOCAL_NET to match your setup
LOCAL_NET=192.168.1.0/24
ipchains -A forward -i ${IF_OUT:="ppp0"} -s $LOCAL_NET -j MASQ
--
A full set of ipchains rules should follow this but it's beyond the scope of
this mailing list. :)
> And do not forget to set the FORWARD_IPV4 option to "yes" in
> /etc/sysconfig/network.
If you are not using RedHat you need to
'echo 1 > /proc/sys/net/ipv4/ip_forward'
(you can add it to the ipchains script above). RedHat does this for you in
/etc/rc.d/init.d/network (which reads the value of FORWARD_IPV4 in
/etc/sysconfig/network).
> I hope this helps.
Same here. :)
Lourdes
-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
