At 22:44 2001.11.15 -0500, you wrote: >On Fri, Nov 16, 2001 at 01:49:23AM +0700, AD Marshall wrote: >> I was just wondering if either (or both ;) of you could share some >> of your ppp config' files or scripts with me. Backchannel is fine. > >I'll send you a mail off-list later. It will probably be tomorrow >morning before I can, though.
Thanks, sincerely. But if they're not for dial-on-demand, do you think it would still be worthwhile? > >> I've no problems with the MTUs matching, at 1500, between ppp0 and >> eth0, so far -- though i'm not really clear on how this causes IP >> fragmentation... a digression for me. > >I didn't realize I had this problem for a while. If you can get to >certain websites from your gateway machine, but not from the internal >MASQed machines, you've probably got the fragmentation problem. A >couple of sites that always gave me trouble were > >http://www.staples.com >http://www.faqs.org I had no problem with either of those urls just now. But the sources of our problems are quite different. Here, the more propoganda-paranoid (often atavistic) comrades in HaNoi have kept a single state company in monopoly control of the gateways between VietNam and the rest of the world -- prior internetworking experience: zilch (though they have learned a lot since start-up in '97). Incentive to reinvest and cut costs: next to nil. That one company maintains the proscribed set of firewalls between the whole danged nation and the rest of the world, with only 5 ports officially open to the dial-up public. Even the traceroute and ssh ports are blocked. Obviously, i'm a bit bitter about these bozos right now. Next... As monopolistic pricing implies, Net access is already expensive and static IP address cost a king's ransom, around $900/month for 64Kb and you'll only get some 20% of the bandwidth you buy, if that. >My understanding (and I'm no expert, so I could be wrong here) is that >the problem with fragmented packets comes when the remote machine >blocks all ICMP messages. ICMP messages are supposed to be used to >tell your machine to drop the MTU, but that can't happen because they >can't get through. The result is that you just sit there waiting for >a response that never comes. Something like that... :) I even had to look up ICMP. First hit on google: International Congress on Maxillofacial Prosthetics. ;) Since my MTUs from ifconfig are 1500 for both ppp0 and eth0, i'm guessing this in not a problem for me. But two none-too-long pages are "Path MTU Discovery and Filtering ICMP", http://www.worldgate.com/~marcs/mtu/ and "IP Fragmentation", http://irm.fnal.gov/software/locsys/syscode/ipsoftware/IPFragmentation.html -- the latter shouting, "Fix your filters!" in bold red text. >> I've already got IP-Masquerading set up to share my modem-link with >> my workstations via my RH7.1 box (with the iptables commands now >> in /etc/rc.d/rc.local and starting on bootup, thanks to Ben). > >Do you have a static IP? Nope, as above. >I had to put a call to my firewall (and >IP-MASQ rules) in /etc/ppp/ip-up.local because I need to get my >dynamic IP each time I connect. Duh. You're not using dial-up to your ISP and you still get a dynamic IP?!? >> And i've tried Glenn's earlier advice to someone else, re. dial-on- >> demand (DOD), ie, adding to /etc/sysconfig/network-scripts/ifcfg-ppp0: >> demand=yes >> idle=600 >> though left unchanged the idle line to "IDLETIMEOUT=600", assuming >> it a new version since RH7.1 set that as default. >> >> But i still have not been able to get D0D to execute. I still have >> to use wvdial or kppp instead. > >I can't help much there as I don't use DOD. I did have it working a >time or two though, and it seems like you have to specify some extra >options (in addition to 'demand' and 'idle') in the ifcfg-ppp0 file. >Seems like you've got to give it your ISP's IP addr--I can't remember. >I think you also have to run 'ifup ppp?' to start pppd, so that it can >listen for traffic. Does the PPP-Howto have anything to say about >DOD? All the options are needed, plus other configs, for redhat *6.2*, are supposed to be at http://www-jerry.oit.duke.edu/linux/HOWTO/AAAfirewall_install_with_ppp_v62.html. I was just hoping someone using seawolf would have configs specific to this release since there seem to be so many changes implemented between 7.1 and 6.2. >I never could quite get DOD to do what I wanted because there was >always something bringing the link up when I didn't want it to. I run >named and several other servers on my LAN, including Apache. Quite >often, I or one of my users will load Netscape to look at a local >document, and Netscape tries to connect to its home causing the link >to come up. That kind of thing was always happening, so I disabled >DOD. You might also be interested in diald. I can't remember the >url, but I'm sure it's listed at freshmeat. Masochistically, i suppose, i've wanted to do this without diald first, for the learning experience. I should even be uninstalling wvdial, since this is adding some confusing configuration overhead as well. Though, from what you've just written, i'm wondering if DOD will be the death of me. >I wrote a set of tcl scripts that take care of the ppp link for me. A >server runs on the gateway machine and receives requests for connects >from clients on all machines. It keeps a list of who has requested a >connection from which machine, and that way no one disconnects anyone >else accidentally. (No more yelling "Can I (dis)connect" accross the >house. :) Too bad. I've no clue about tcl so far. :( best, AD >Regards, >Ben > >-- >Ben Logan: blogan at newcreature dot org >OpenPGP Key KeyID: A1ADD1F0 > > > >_______________________________________________ >Seawolf-list mailing list >[EMAIL PROTECTED] >https://listman.redhat.com/mailman/listinfo/seawolf-list *--------------------------------------------------* AD Marshall, VietInfoComm&Edu [VICE]-8 Consulting Vietnam Information Communications & Education mailto:[EMAIL PROTECTED] Web: HTTP://ParadoxCafe.Net Cellular: +84 (0)903871313 _______________________________________________ Seawolf-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/seawolf-list
