I'm trying to configure a system to allow dial-in ppp access to my LAN
and am having a serious problem.
Sorry about the length of this message, but I'm trying to provide
complete information...
Background:
The LAN consists of 5 linux boxes and about 15 Win95 boxes.
Everything on the LAN is running tcp/ip with addresses from 192.168.1.X.
The linux boxes are all running samba and function as file/print servers
and workstations.
One linux box uses a modem and diald to connect to the internet for mail
and general access. This box is configured with ip masq and diald with a
static 'real' ip address so the internet is accessable from everything
else on the network. This machine also runs named to provide local DNS
and sendmail for LAN mail services.
Another linux box has two modems and runs hylafax 4.0pl2 for two
incoming fax lines.
All the linux boxes are running 2.0.33. The sambas are a combination of
1.9.16p11 and 1.9.18p4.
I have tried ppp-2.02f and also ppp-2.3.5, both with the same results.
Everything described above works fine and has been running for 3-4 years
now. (Not with those software versions - it's been upgraded as new
versions come out - it's been on 2.0.33 since shortly after that was
released.)
I have enabled ppp dial-in on ttyS0 & ttyS1 of the box running hylafax,
using its faxgetty to run agetty for data call logins. This works fine I
- can dial in with anything which will run ppp and am able to connect to
that machine with no problem. I'm starting pppd manually with a script
after login and that also comes up fine.
Once an external system is connected with ppp I can ping it from
anything on the LAN. It can ping anything on the LAN if you specify the
correct ip address manually (it isn't able to see the name server, see
below) or get it from a hosts table on the remote machine. I can use ftp
and telnet services, as well as http, on the box I have dialed into (the
'fax' system). While one line is running ppp the other is able to
receive incomming faxes.
I can also get to the internet from the remote system by trying to
access something off the 192.168.1.X local net which causes diald to
bring up the masq'ed connection on the other end of the LAN. Once the
connection's up the remote has full internet access thru the masq box.
The problem:
The box on the outboard end of the ppp link (the remote) is unable to
access any services on the LAN (ftp, telnet, dns, etc.) except on the
box running ppp (the 'fax' system). It is, however, able to get out thru
the masq box...
The system dialing in logs in via the shell and then starts ppp with the
/etc/ppplogin script:
#!/bin/bash
exec /usr/sbin/pppd passive
This is the options.ttyS0 file I'm using:
-detach
modem
crtscts
lock
192.168.1.40:192.168.15
netmask 255.255.255.0
proxyarp
ms-dns 192.168.1.99
The 'fax' system is 192.168.1.40, the remote is 192.168.1.15. The remote
is a laptop which usually lives on the LAN with a pcmcia ethernet card.
When it's traveling, I want to be able to connect it to the LAN with ppp
and have it behave as when it's in the office. I have tried this with
forcing the remote ip address in the options file as shown, and also
leaving that blank and having it accept the address sent from the remote
- the results are the same either way.
The particular laptop I'm using as the remote right now has win98, but
this has been tried with win95 and also with a palm pilot running
tcp/ip. Both are configured with the correct ip addresses (ie. those
they use when directly connected to the LAN) and exhibit the problem
described above - they can only access tcp services on the machine they
dial into.
Once connected, 'route -n' on the 'fax' box gives:
Destination Gateway Genmask Flags Metric Ref Use
Iface
192.168.1.200 0.0.0.0 255.255.255.255 UH 0 0 0
eth0:0
192.168.1.15 0.0.0.0 255.255.255.255 UH 0 0 0
ppp0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 382
eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 5
lo
0.0.0.0 192.168.1.99 0.0.0.0 UG 1 0 12
eth0
An 'arp -a' on th e'fax' box gives:
Address HWtype HWaddress Flags Mask Iface
192.168.1.99 ether 00:02:67:09:79:C6 C * eth0
192.168.1.38 ether 00:00:C0:68:F9:B2 C * eth0
192.168.1.15 ether 00:C0:4F:D2:C8:39 CMP * eth0
/sbin/ifconfig gives:
lo Link encap:Local Loopback
inet addr:127.0.0.1 Bcast:127.255.255.255 Mask:255.0.0.0
UP BROADCAST LOOPBACK RUNNING MTU:3584 Metric:1
RX packets:3147 errors:0 dropped:0 overruns:0
TX packets:3147 errors:0 dropped:0 overruns:0
eth0 Link encap:10Mbps Ethernet HWaddr 00:C0:4F:D2:C8:39
inet addr:192.168.1.40 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:97989 errors:0 dropped:0 overruns:0
TX packets:54828 errors:0 dropped:0 overruns:0
Interrupt:10 Base address:0x210
eth0:0 Link encap:10Mbps Ethernet HWaddr 00:C0:4F:D2:C8:39
inet addr:192.168.1.200 Bcast:192.168.1.255
Mask:255.255.255.0
UP RUNNING MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0
TX packets:0 errors:0 dropped:0 overruns:0
ppp0 Link encap:Point-Point Protocol
inet addr:192.168.1.40 P-t-P:192.168.1.15 Mask:255.255.255.0
UP POINTOPOINT RUNNING MTU:1500 Metric:1
RX packets:33 errors:0 dropped:0 overruns:0
TX packets:8 errors:0 dropped:0 overruns:0
(192.168.1.200 is an apache web server running on the LAN on this box as
'www'.)
I assume that the route table on the remote must be OK, because it can
ping everything on the LAN and is able to get off the LAN thru the masq
box. Note, however, that I can't access anything on the masq box,
itself...
The problem appears to be that none of the LAN systems except the 'fax'
box can get back to the remote. I have used tcplog to look at what's
going on and this is typical:
1. from the remote do 'telnet 192.168.1.99'
(that's the ip address for newgate.tesnet.com)
2. on the 192.168.1.99 machine tcp log says:
Aug 28 13:03:04 newgate tcplog: telnet request from nb3.tesnet.com
Aug 28 13:03:04 newgate in.telnetd[621]: error: can't get client
address: Connection reset by peer
Aug 28 13:03:04 newgate in.telnetd[621]: connect from unknown
(the remote is nb2.tesnet.com)
3. the remote telnet fails because it can't open the connection.
I think I've got a routing problem, but after reading everything I can
find, spending hours serarching dejanews, the archives of this list,
etc. and screwing
around with it for almost 2 weeks now, I'm stumped...
I suspect this is going to be really embarassing once I finally get it
fixed, but am beginning to think that I may never be able to do that! If
anybody could tell me how to fix this I would be EXTREMELY GRATEFUL!!!
thanks,
Larry
--
-----------------------------------
Wm. L. Townsend [EMAIL PROTECTED]
TES, Inc.
2903 Ravogli Avenue
Cincinnati, OH 45211-7848
(513)661-3200 fax:(513)661-3732
-----------------------------------
-
To unsubscribe from this list: send the line "unsubscribe linux-ppp" in
the body of a message to [EMAIL PROTECTED]
