> Right. Here's another New Feature bundled with 2.3.9 that does not
> require an option to activate.
Actually it's been there since ppp-2.3.6.
> I run the modem pool software at umkc.edu, and in general my default
> route
> is out the ethernet line. I bring up the modem to test the dialin pool,
> without bringing down my ethernet.
Sure. Run as root, use the noauth option. Or if you want ordinary
users to be able to dial out from that machine (why?), create a file
under /etc/ppp/peers containing the device name, connect script and
the noauth option and they can use that with the `call' option.
> There are other configurations imaginable where one would have a default
> route
> to the LAN but still want to connect to a remote modem pool AS A
> CLIENT. For
> instance you are defeating a corporate firewall by using a modem for
> direct
> access. (I've seen this sort of thing at Sprint.)
That's an unusual configuration, and it has routing implications which
mean that you need to know what you're doing.
There is nothing to stop you putting the `noauth' option in
/etc/ppp/options, thereby allowing any peers to use any IP address it
likes. I discourage this, because it makes it possible for anyone who
can run pppd to spoof arbitrary IP addresses.
> With 2.3.8 (and previous) I am able to bring up ppp and have it replace
> the
> ethernet line as my outgoing link, which actually improves performance
> for me when
> the ethernet is busy since I wind up only using it for incoming packets.
I hope you don't mean to allow ordinary users to do this.
> 2.3.9 sees I have a default route and incorrectly assumes that I am a
> modem pool
> instead of a client.
I don't know of any case where an ordinary user on a system has been
able to become root by using pppd, and I want to keep it that way.
The starting point for me is that pppd should only let the peer use IP
addresses that the system administrator has authorized for that peer.
As an exception, to ease administration in the common case of a
machine where your dialup link to your ISP is your only connection to
the internet, pppd will by default allow an unauthenticated peer to
use an IP address if the system doesn't already have a route to that
address. I put in that exception because I thought the possibility of
a successful IP spoofing attack in that case was low.
There's nothing to stop you (as the system administrator) configuring
pppd for any sort of dial-in, out, up or down link you like. Don't
expect the default configuration to do everything you want.
Paul.
-
To unsubscribe from this list: send the line "unsubscribe linux-ppp" in
the body of a message to [EMAIL PROTECTED]
