On Thu, 14 Jan 1999, Jon August wrote:
|
|Can someone point me to explicit docs on setting up the PPP daemon and the
|getty so that it automatically goes into PPP upon connection and
|authentication. My machine justs gives a standard login prompt and upon
|login it drops into bash. . .
|
|Also, I would appreciate pointers on setting up the machine to forward
|packets to the rest of the network. . . I can manually establish PPP, but
|the buck stops at the PPP server. Do I need gated or something?
|
Well, I0ll send you a web pasge where you may learn something about this
if after this you still have doubts then email me as soon as you receive
the doubt.
Please note that there is a line wich says something as
tty -echo
it should be stty -echo ok ?
Regards
Yurais
>From [EMAIL PROTECTED] Fri Jan 15 11:32:52 1999
To: [EMAIL PROTECTED]
Date: Thu, 7 Jan 1999 14:01:25 +0900 (JST)
From: [EMAIL PROTECTED]
Subject: SETTING UP A PPP/POP DIAL-IN SERVER LG #36 (URL:
http://www.linuxgazette.com/issue36/ali.html)
This mail is not a spam but the automatic reply to your mail;
From: Yurais Fernandez Leal <[EMAIL PROTECTED]>
To: DNA Agora Server <[EMAIL PROTECTED]>
Date: Wed, 6 Jan 1999 22:06:37 -0500 (EST)
---------------------------
To get help, just send a mail to [EMAIL PROTECTED] with the body WWW
Due to the heavy load of the server, please restrict your request to
research and academic sites only. This helps the server live longer.
SETTING UP A PPP/POP DIAL-IN SERVER LG #36
"Linux Gazette...making Linux just a little more fun!"
___________________________________
SETTING UP A PPP/POP DIAL-IN SERVER USING RED HAT LINUX 5.1
By Hassan Ali[1]
___________________________________
DISCLAIMER:
This worked for me. Your mileage may vary!
OBJECTIVES:
To install PPP and POP/IMAP services on a Red Hat Linux 5.1 server for
dial-in users.
TOOLS:
Red Hat Linux 5.1 CDs
ASSUMPTIONS:
You have a PC with basic installation of Red Hat Linux 5.1 with a Linux
kernel that supports IP forwarding.
___________________________________
STEP 1: Install "mgetty" (if not yet installed) from Red Hat 5.1 CD #1
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Login as "root", insert Red Hat 5.1 CD #1 in the CD-ROM drive and mount
it using the command:
# mount -t iso9660 /dev/hdb /mnt/cdrom
(It is assumed that your CD-ROM drive is device /dev/hdb, if not change
it accordingly)
Get to the RPMS directory:
# cd /mnt/cdrom/RedHat/RPMS
Install "mgetty" rpm files:
# rpm -Uvh mgetty*
This will install mgetty and all its cousins, but who cares!! If you hate
extended family, have your way and replace "mgetty*" with
"mgetty-1.1.14-2.i386.rpm".
At the end of /etc/mgetty+sendfax/mgetty.config file, add the following
set of three lines for each serial port connected to a modem for dial-in
users. Here is an example for /dev/ttyS1 and /dev/ttyC15:
# For US Robotics Sportster 28.8 with speaker off
port ttyS1
init-chat "" ATZ OK AT&F1M0E1Q0S0=0 OK
answer-chat "" ATA CONNECT \c \r
# For Practical Peripheral 14.4 with fax disabled and prolonged
# carrier wait time (90 sec)
port ttyC15
init-chat "" ATZ OK AT&F1M0E1Q0S0=0S7=90+FCLASS=0 OK
answer-chat "" ATA CONNECT \c \r
Notes:
AT&F1 sets hardware flow-control mode on many modems. For other modems
use appropriate initializations in the init-chat line.
Just in case you wonder why I took as an example a ttyC15 port; well, you
may have such a port if you have a multiport serial card. If you need
one, I recommend Cyclades cards.
In /etc/mgetty+sendfax/login.config file, search for the line that starts
with /AutoPPP/. Make sure that it is not commented (i.e. there is no "#"
at the beginning of the line), and edit it to be:
/AutoPPP/ - a_ppp /etc/ppp/ppplogin
If you wish to have users' login names (rather than "a_ppp") to appear in
the /var/run/utmp and /var/log/wtmp log files, then the above line should
be:
/AutoPPP/ - - /etc/ppp/ppplogin
In /etc/inittab file, search for the section that runs "getty" processes
and add at the end of that section one line of the following form for
each modem port. Example here is given for ttyS1 and ttyC15.
7:2345:respawn:/sbin/mgetty -x 3 ttyS1
8:2345:respawn:/sbin/mgetty -x 3 ttyC15
[the first number (7,8) is arbitrary (in fact I have seen in some cases
"s1", "s2", etc, used instead). Just give a different number for each
port. And why not you go by the order!!? Me wonders!]
Connect the modems to the serial ports, switch them ON and then
initialize "mgetty" with the command:
# init q
NOTE: If you spawn "mgetty" on a serial port with no modem connected to
it, or the modem is not switched ON, you'll get lots of error messages in
"/var/log/messages" or/and in the other mgetty ("/var/log/log_mg.ttyXX")
log files. In fact those error messages may continuosly pop up on your
screen. Quite annoying, eh? To avoid this annoyance, each serial port
that has no modem connected to it should have its corresponding lines
commented out in /etc/inittab and in /etc/mgetty+sendfax/mgetty.config
files.
___________________________________
STEP 2: Install PPP (if not installed) from Red Hat 5.1 CD #1
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
If the Red Hat CD #1 is properly mounted (see STEP 1.1), to install PPP
type the following command:
# rpm -Uvh /mnt/cdrom/RedHat/RPMS/ppp*
Edit /etc/ppp/options files to read as follows:
-detach
crtscts
netmask 255.255.255.0
asyncmap 0
modem
proxyarp
NOTES:
Use appropriate netmask for your network. It doesn't have to be
255.255.255.0, in fact in my case it was 255.255.255.224
Read man pages for "pppd" to understand those options.
Edit /etc/ppp/ppplogin file (create it if it doesn't exist) to read as
follows:
mesg n
tty -echo
/usr/sbin/pppd silent auth -chap +pap login
Make the file executable using command:
# chmod +x /etc/ppp/ppplogin
NOTE: We're going to use PAP authentication BUT using the ordinary
/etc/passwd password file. That's what "+pap login" means.
For each serial port connected to a modem, create a corresponding
/etc/ppp/options.ttyXX file, where "XX" is "S1" for ttyS1 port, "S2" for
ttyS2 port, "C15" for ttyC15, etc. In one such file put the following
line:
myhost:ppp01
where "myhost" is the hostname of the PPP server - change it accordingly
to the actual hostname of your Linux box. If you're more forgetful than
you can REMEMBER to admit, remind yourself of the hostname of your server
using the "hostname" command.
# hostname
The word "ppp01" used above is just an arbitrarily chosen name for the
virtual host associated with one of the PPP dial-in lines and its
corresponding IP address as defined in /etc/hosts file (to be discussed
later). In another /etc/ppp/options.ttyXX file, you may wish to type in
the following line:
myhost:ppp02
That is, here you define a different PPP hostname, "ppp02". Use a
different hostname for each serial port. You can choose any names that
your lil' old heart desires! They don't have to be ppp01, ppp02, ppp03,
etc. They can be "junkie", "newbie", "noname", whatever!
Edit /etc/ppp/pap-secrets file and add one line as shown below for each
IP address that is to be dynamically assigned to PPP dial-in users. This,
of course, assumes that you have a pool of IP addresses that you can
assign to your dial-in clients:
# Secrets for authentication using PAP
# client server secret IP addresses
* * "" 10.0.0.3
* * "" 10.0.0.4
This says: no PAP secrets (passwords) set for any client from anywhere in
the world with the shown IP address. We don't need to use PAP secrets if
we will be using /etc/passwd instead. If you are REALLY not paranoid, you
can have just one following line that will serve all the IP addresses
(yours and your neighbour's!):
# Secrets for authentication using PAP
# client server secret IP addresses
* * "" *
Make /usr/sbin/pppd program setuid "root" by using command:
# chmod u+s /usr/sbin/pppd
Edit /etc/hosts file to assign IP addresses to all PPP hostnames you used
in STEP 2.4. Use the pool of IP addresses used in STEP 2.5:
10.0.0.3 ppp01 ppp01.mydomain.com
10.0.0.4 ppp02 ppp02.mydomain.com
NOTE: Replace "mydomain.com" with the actual domain name of your PPP
server. Just in case you're confused, I assume your PPP server is
"myhost.mydomain.com".
___________________________________
STEP 3: Install POP/IMAP servers (if not installed) from Red Hat 5.1 CD #1
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
With the Red Hat CD #1 properly mounted, issue the following command to
install POP and IMAP:
# rpm -Uvh /mnt/cdrom/RedHat/RPMS/imap*
Check /etc/inetd.conf file to see if "pop-2", "pop-3", and "imap" service
lines are all uncommented. If not, uncomment them (i.e remove the leading
"#"). If you only want to support POP3 clients, just uncomment the
"pop-3" line. If POP2 and POP3 files are not in the "imap*" RPM file, try
to see if you have "ipop*" RPM file and use it instead.
Activate the new services by using command:
# kill -HUP `cat /var/run/inetd.pid`
___________________________________
STEP 4: Enable IP fowarding
~~~~~~~~~~~~~~~~~~~~~~~~~~~
If you use the already compiled Linux kernel that comes with Red Hat 5.1,
it does normally have support for IP forwarding. If you compile your own
Linux kernel, you have to enable "IP: forwarding/gatewaying" networking
option during compilation. For RFC compliance, the default bootup process
does not enable IP forwarding. Enable IP forwarding by setting it to
"yes" in /etc/sysconfig/network file, like so:
FORWARD_IPV4=yes
Activate IP forwarding by using command:
# echo "1" > /proc/net/ip_forward
or by rebooting the system.
___________________________________
STEP 5: Test the server
~~~~~~~~~~~~~~~~~~~~~~~
First create users (if not ready). You can give them "/home/username"
home directory and "/bin/bash" login shell if you want them to have both
"PPP" and shell access. Give them "/home/username" home directory and
"/etc/ppp/ppplogin" login program if you want them to have PPP access but
not shell access. It's better to use "usercfg" tool to set-up new users.
Typical /etc/passwd file entries may be as follows:
jodoe:tdgsHjBn/hkg.:509:509:John Doe:/home/jodoe:/bin/bash
jadoe:t8j/MonJd9kxy:510:510:Jane Doe:/home/jadoe:/etc/ppp/ppplogin
In this example, John Doe will have both PPP and shell access, while Jane
Doe will only have PPP access. If you have just started to wonder how
John Doe may have PPP access, the answer lies with the /AutoPPP/
configuration in "mgetty" - it does the magic. Any user that will dial in
and talk PPP, mgetty will give him/her the /etc/ppp/ppplogin program.
So, if John Doe dials-in using Windows 95 dial-up adaptor which is set up
to make a PPP connection, mgetty will give John Doe PPP access. If he
dials in with any other communication software e.g HyperTerminal, (with
no PPP negotiation) he will be given the normal login shell. This will
never happen for Jane Doe. She will always be welcome by the
"/etc/ppp/ppplogin" program.
In fact "mgetty" allows you to use the same modem lines for various
protocols. For example, your UUCP clients (if you have any) may use the
same modem lines as your PPP clients! Of course, you have to give your
UUCP clients "/var/spool/uucppublic" home directory and
"/usr/sbin/uucico" login program.
Assuming you have a web server (Apache) already setup (it's a
piece-a-cake to setup Apache), use a web browser, and a POP e-mail client
(e.g Eudora) on a remote PC connected to a modem and a phone line. If it
is a Windows 95/98 PC, setup the Dial-up Adaptor appropriately by
specifying the IP address of the PPP server as the Gateway, use correct
DNS IP address, and specify that the server will assign an IP address
automatically. In the POP client (e.g Eudora), set SMTP and POP host as
the IP address of the PPP/POP server.
Now dial-up the server and wait for connection. Test out web browsing,
and POP mail sending and receiving. If it doesn't work... something is
wrong somewhere ;-)
___________________________________
REFERENCES:
1. PPP-HOWTO 2. NET-3-HOWTO 3. "Using Linux", Bill Ball, published by Que
(around US$30 - highly recommended) 4. mgetty documentation
___________________________________
Copyright © 1999, Hassan O. Ali
Published in Issue 36 of Linux Gazette, January 1999
___________________________________
[ TABLE OF CONTENTS ][2][ FRONT PAGE ][3] Back [4] Next [5]
___________________________________
*** References from this document ***
[orig] http://www.linuxgazette.com/issue36/ali.html
[1] mailto:[EMAIL PROTECTED]
[2] http://www.linuxgazette.com/issue36/lg_toc36.html
[3] http://www.linuxgazette.com/lg_frontpage.html
[4] http://www.linuxgazette.com/issue36/merlino.html
[5] http://www.linuxgazette.com/issue36/bennetjan.html
Yurais Fernandez Leal
LAN SysAdmin, TinoRED SCU
Mail-To: [EMAIL PROTECTED]
[EMAIL PROTECTED]
Phone; (226) 27309
------- LINUX SANTIAGO -------
-
To unsubscribe from this list: send the line "unsubscribe linux-ppp" in
the body of a message to [EMAIL PROTECTED]
