Advanced.Linux.Networking..Roderick.Smith [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

Advanced.Linux.Networking..Roderick.Smith [Electronic resources] - نسخه متنی

Roderick W. Smith

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
ارسال به دوستان
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات
توضیحات
افزودن یادداشت جدید









Using a PPP Link



Most of this book assumes that the network to which the Linux
computer is connected is a dedicated one, such as an Ethernet network. In this environment,
it''s possible to run servers, as discussed in href="http:// /?xmlid=0-201-77423-2/part02#part02"> Parts II and href="http:// /?xmlid=0-201-77423-2/part03#part03"> III ; the security and router issues of href="http:// /?xmlid=0-201-77423-2/part04#part04"> Part IV are very important, as well. Some
configurations, though, use a less permanent type of network link. These
connections use a telephone modem and PPP to create a temporary connection to
the Internet, or at least to one other computer. Although you''re not likely to
run servers over a PPP link, they do have their place. For instance, you might
run a small office or home office network, and so use various local network
servers, as discussed in href="http:// /?xmlid=0-201-77423-2/part02#part02"> Part II , but use a PPP link to connect that
network to the Internet on an as-needed basis. You can even share this
connection among all the computers on the network by setting up Network Address
Translation (NAT; also called IP masquerading), as discussed in href="http:// /?xmlid=0-201-77423-2/ch25#ch25"> Chapter 25 . In order to do these things,
though, you''ll first have to establish the PPP connection. This section
describes how to do this.


style=''width:90.0%''>




PPP over Ethernet



Some low-end DSL connections use a variant of PPP, known as
PPPoE. The 2.4.


x Linux kernel includes PPPoE
support, but it''s considered experimental. The most common PPPoE tool for
Linux in 2002 is the Roaring Penguin PPPoE client (href="http://www.roaringpenguin.com/pppoe/" target="_blank">http://www.roaringpenguin.com/pppoe/ ). This
package comes in source code form or as RPM packages for a variety of
platforms.


After you install Roaring Penguin, type adsl-setup or tkpppoe to configure the tool. (The
latter command requires installation of Roaring Penguin GUI tools; the former
is a text-based program.) You''ll be asked for information such as your username
and password, and the script will store all the information and create a
dialing script called adsl-start .
You can run this script to initiate a PPPoE connection.


It''s important to note that Roaring Penguin requires that
you have support for your network device. Linux works with all external
Ethernet-based DSL modems, provided you have a supported Ethernet card. If
your DSL modem is USB-based or internal, though, you''ll need to locate
drivers for it, and these are rare in 2002.



Using
a GUI Dialer



PPP can be a tricky tool to use; the protocol has many options
that, if set incorrectly, can disrupt the PPP connection or even prevent it
from coming up initially. For this reason, many people find it easier to use
PPP via a GUI dialer than through configuration scripts. In fact, many Linux
GUI PPP dialers closely resemble their counterparts in other OSs, such as
Windows, so if you''re familiar with PPP in another OS, you shouldn''t have too
much difficulty using a Linux GUI PPP dialer.


Different GUI dialers differ in some details, but they are
similar in broad outline. This section presents information on the popular KPPP
dialer, which is part of the K Desktop Environment (KDE). You can use KPPP even
if you don''t use KDE; or you can use GNOME PPP (part of the GNU Network Object
Model Environment, or GNOME) or a dialer that''s not part of any desktop
environment, such as X-ISP (http://xisp.hellug.gr ).


NOTE

style=''width:90.0%''>





align=left border=0>


Before using KPPP, you must sign up for a dial-up account
and test your modem''s functionality in Linux. Check your telephone book for
ISPs to obtain an account, or consult an online resource such as The List (href="http://www.thelist.com" target="_blank">http://www.thelist.com )
if you''ve got access through some other computer. To test the modem, connect
it and (if it''s an external model) turn it on. You should be able to send
data to /dev/ttyS0 , /dev/ttyS1 , or some other port. If
you''re using the new devfs (href="http://www.atnf.csiro.au/~rgooch/linux/docs/devfsl" target="_blank">http://www.atnf.csiro.au/~rgooch/linux/docs/devfsl )
to automatically create device files, you''ll use /dev/tts/0 , /dev/tts/1 ,
and so on. You can most easily test this configuration by using a terminal
program like the text-based minicom
or the GUI Seyon, both of which ship with most Linux distributions. If you
can get an AT prompt from the
modem, you know that Linux can use the modem.



To start KPPP, you can select it from a menu on your desktop
environment, or you can type kppp
in an xterm. The result should resemble href="http:// /JVXSL.asp?x=1&mode=section&sortKey=insertDate&sortOrder=desc&view=&xmlid=0-201-77423-2/ch02lev1sec4&open=true&title=New%20This%20Week&catid=&s=1&b=1&f=1&t=1&c=1&u=1#ch02fig04#ch02fig04"> Figure 2.4 , except that the first time you
launch KPPP, it probably won''t include any ISP names in the Connect To list,
nor a login ID or password. In order to set the program up to use an account,
follow these steps:


name=ch02pr01>1.


Click the Setup button. This action will produce the KPPP
Configuration dialog box shown in href="http:// /JVXSL.asp?x=1&mode=section&sortKey=insertDate&sortOrder=desc&view=&xmlid=0-201-77423-2/ch02lev1sec4&open=true&title=New%20This%20Week&catid=&s=1&b=1&f=1&t=1&c=1&u=1#ch02fig05#ch02fig05"> Figure 2.5 . From here, you can enter critical
account information for future connections.


name=ch02fig05> Figure 2.5.
The KPPP Configuration dialog box controls hardware features associated with a
PPP connection, such as what modem device to use, and lets you modify specific
accounts using other dialog boxes.



border=0 width=393 height=411 src="/image/library/english/10035_image002.gif"
> 2.


Click New to create a new account. KPPP asks if you want to use a
wizard or set up via dialog boxes. Although the wizard is purported to be
easier, it begins by asking for your country, and there''s no entry for the
United States. I therefore present the dialog box procedure, which produces the
New Account dialog box shown in href="http:// /JVXSL.asp?x=1&mode=section&sortKey=insertDate&sortOrder=desc&view=&xmlid=0-201-77423-2/ch02lev1sec4&open=true&title=New%20This%20Week&catid=&s=1&b=1&f=1&t=1&c=1&u=1#ch02fig06#ch02fig06"> Figure 2.6 .


name=ch02fig06> Figure 2.6.
The New Account dialog box lets you enter many important account details.



border=0 width=470 height=464 src="/image/library/english/10035_image003.gif"
> 3.


Type the name of your ISP into the Connection Name field.



4.


Click Add. This action produces a small dialog box in which you may
enter a telephone number for your ISP. Be sure to include any digits you need
to dial an outside line, or the area code if you need to dial it. When you
click OK in this dialog box, the Phone Number field should reflect the
addition. You may repeat this step if you want to enter multiple numbers that
the dialer will attempt in sequence, should one number be busy.



5.


Most ISPs today use the Password Authentication Protocol (PAP) for
communicating the username and password, so you should probably leave the
Authentication selector in the New Account dialog box set to PAP. You can
change this to various other options if required, though. Of particular
interest is the Challenge Handshake Authentication Protocol (CHAP), which some
ISPs use.



6.


If your ISP gave you a list of DNS servers as part of your sign-up
process, click the DNS tab of the New Account information and enter each IP
address in the DNS IP Address field, clicking Add after entering each address.



7.


Click OK in the New Account dialog box. You should see the new entry
appear in the list in the KPPP Configuration dialog box (href="http:// /JVXSL.asp?x=1&mode=section&sortKey=insertDate&sortOrder=desc&view=&xmlid=0-201-77423-2/ch02lev1sec4&open=true&title=New%20This%20Week&catid=&s=1&b=1&f=1&t=1&c=1&u=1#ch02fig05#ch02fig05"> Figure 2.5 ).



8.


Click the Device tab in the KPPP Configuration dialog box. Set the
Modem Device to whatever device name your system uses for the modem. This is
often /dev/modem (the default),
but may be /dev/ttyS0 , / dev/ttyS1 , or something more exotic. You
may also want to adjust the Connection Speed option on this tab. The default is
57,600, but 115,200 provides better speed on most systems. (Higher values don''t
work on most hardware.) The speed you set here is for communication between
your computer and your modem. The connect speed between your modem and your ISP
is likely to be lower, but if your modem uses compression, a local connection
speed of about twice the modem-to-modem speed is optimal.



9.


Click OK in the KPPP Configuration dialog box. You should now be able
to select your new account in the main KPPP window (href="http:// /JVXSL.asp?x=1&mode=section&sortKey=insertDate&sortOrder=desc&view=&xmlid=0-201-77423-2/ch02lev1sec4&open=true&title=New%20This%20Week&catid=&s=1&b=1&f=1&t=1&c=1&u=1#ch02fig04#ch02fig04"> Figure 2.4 ), if it''s not selected by default.



Figure 2.4. GUI PPP dialers usually
provide some way of selecting an account, entering a username and password, and
initiating a connection.



NOTE

style=''width:90.0%''>





align=left border=0>


The KPPP Configuration and New Account dialog boxes both
include tabs and options I''ve not discussed here. In most cases, you won''t
need to adjust these values, but sometimes they''re vital. If you have
problems connecting or if you want to enable a feature you''ve heard about but
that''s not covered here, check these tabs for options that might help. The
PPP HOWTO document (target="_blank">http://www.linuxdoc.org/HOWTO/PPP-HOWTO/ )
includes additional information on PPP and debugging PPP connections.



Using a GUI PPP dialer is a fairly simple matter; after launching
the program, you need only click the Connect button (which may be called
something else in some programs). Some dialers will provide you with an
indication of their progress during the connection phase, and many modems will
echo the sounds of the modem negotiations. In KPPP, clicking the Show Log
Window button will provide added details. Some dialers, including KPPP, require
you to enter the username (in the Login ID field) and password before clicking
Connect. Others will ask for this information after you click Connect. Many let
you store your password on disk (the Store Password check box in the KPPP New
Account dialog box lets you set this option).


WARNING

style=''width:90.0%''>





align=left border=0>


Storing your PPP dialup password on the computer is a
potential security risk. This risk may be small for an isolated computer that
you use to initiate connections, but if the computer has many users, some of
whom shouldn''t have access to the PPP account, the risk may be greater. At
the very least, you should not use your PPP dialup account password for any
other purpose, so that if the PPP password is stolen you need not change any
other passwords.



Once a connection is initiated, the Connect button changes
names so that you can break a connection. (Some dialers may use a different
button or present another dialog box to let you end a connection.) If your ISP
or telephone company charges by the minute, remember to do this or you''ll get
an unexpectedly large bill!


Adjusting
Configuration Scripts



GUI dialers are a convenient way to get started with PPP, but
they aren''t ideal for all situations. For instance, if you want to initiate a
PPP connection automatically, a GUI dialer won''t do the job, because it
requires manual intervention to begin the call. For this reason, PPP connection
scripts can also initiate connections. You may use these scripts manually or as
part of an auto-dialing scheme, as discussed in the next section, "href="http:// /JVXSL.asp?x=1&mode=section&sortKey=insertDate&sortOrder=desc&view=&xmlid=0-201-77423-2/ch02lev1sec4&open=true&title=New%20This%20Week&catid=&s=1&b=1&f=1&t=1&c=1&u=1#ch02lev2sec10#ch02lev2sec10"> Configuring Dial-on-Demand ." Using the
scripts requires setting authentication options and configuring the scripts
themselves.


Setting
PPP Authentication Options



As noted earlier, most ISPs use a protocol called PAP for
authenticating dial-in users. In order to use this protocol from a dialing
script, you need to edit the file /etc/ppp/pap-secrets .
(A similar file, called /etc/ppp/
chap-secrets
, is used by another protocol that some ISPs use. Both
files use the same format, so you can edit both, if you like.) This file
consists of a series of lines, one for each PPP account you have. The format of
each line is as follows:


username server password IP_address
Each of these elements is separated by one or more spaces or
tabs. Their meanings are as follows:


username
This is the username to be used on the ISP''s system. This username is unrelated
to your Linux username; it''s the one your ISP gave you.


server
This is the name of the computer to which yours communicates. You don''t
normally know this name, so this field should contain a single asterisk ( * ), to denote that PPP will accept any
hostname.


password
As you might guess, this is the password on the remote system.


IP_address
This is the IP address your system expects to get. Most PPP systems don''t
guarantee you a specific IP address, so this field is empty (the line has only
three fields).


WARNING

style=''width:90.0%''>





align=left border=0>


The pap-secrets
file must store the password in an unencrypted form. This fact means that the
file is extremely sensitive; if an unauthorized party obtains the file, that
individual will be able to use your PPP account without your authorization.
If possible, you shouldn''t use this password for anything other than basic
access; try to use a different password for e-mail retrieval or to log on to
any other computer or network, for instance. For security, most distributions
ship with pap-secrets set to root ownership, and only root has read access to the file. You
should leave it this way unless you have a good reason for changing it.



Most systems connect to just one ISP, so the pap-secrets file will have just one line.
This line might resemble the following:


penguin * w8terfow1

Configuring
Dialing Scripts



Once you''ve set up the PAP or CHAP authentication file, you
can begin adjusting the dialing scripts themselves. Because GUI dialers have
become so prevalent, most distributions now hide these scripts in a
documentation directory, such as /usr/share/doc/ppp-version/scripts ,
where version is the
version of PPP your distribution uses, such as 2.4.0 .
There are three scripts that are of interest:


ppp-on
This script sets important variables, such as your ISP''s telephone number, and
calls the Linux PPP utility ( pppd ).


ppp-on-dialer
ppp-on passes this script to pppd , which uses it to control the initial
stages of communication with the ISP''s system.


ppp-off
This script terminates a PPP session.


You''ll need to modify ppp-on ,
and possibly ppp-on-dialer , in
order to connect to an ISP. You''ll also probably want to move all three scripts
to a convenient location, like /usr/local/bin .
In ppp-on , set the following
items:


Locate the TELEPHONE
variable and set it to your ISP''s telephone number. For instance, the line
might read TELEPHONE=555-9876
when it''s set correctly.


Set the values for the ACCOUNT
and PASSWORD variables. If your
ISP uses PAP, these variables won''t actually be used, so you should set them to
some dummy values, such as the values they contain by default.


If your ISP provides you with a fixed IP address or if you know
the IP address of the system to which you''ll be connecting, you can set the LOCAL_IP and REMOTE_IP variables appropriately. Likewise, you can change
the NETMASK variable if you know
what your network mask should be. You can usually leave all three of these
variables alone.


Locate the DIALER_SCRIPT
variable and set it to point to the location of your ppp-on-dialer script. (Point to the copy
you intend to modify, not the original in the documentation directory.) The
default value is /etc/ppp/ppp-on-dialer ,
and you can put your script there if you like.


The end of the script is a call to pppd . This is Linux''s PPP tool, and it supports a large
number of options. You should not have to modify most of these, but there are
some exceptions. Specifically, you may need to set the device file used by your
modem (the default is usually /dev/ttyS0 ),
as well as the connection speed (the default is normally 38400 , but 115200 usually works better).


Once you''ve adjusted your ppp-on
script to your needs, you should examine the ppp-on-dialer
script. This script controls pppd ''s
interactions with your modem, including sending the commands that cause it to
dial, and any interactions required to log in if your ISP doesn''t use PAP or
CHAP. The script does this by calling a utility known as chat , which handles automated exchanges
with tools that expect text-based input. Most of this script is a series of
expect/reply strings, arranged in columns. The first column is the value for
which the script looks, and the second column is the response that chat sends in response. Some of these,
such as an expect value of ABORT ,
carry special meaning; for instance, ABORT
tells chat when to halt because
of an error. Most of the lines end in a backslash ( \ ), the common convention for a line continuation. (In
reality, chat expects a single
line with interspersed expect/reply pairs; they''re grouped in columns only for
the convenience of humans.) The final line lacks a backslash.


The main feature that may need adjustment is the final three
lines of the ppp-on-dialer
script. The default script is usually written with the expectation that the ISP
is not using PAP, so it concludes with two
lines that echo your username and password (as entered in the ACCOUNT and PASSWORD variables in ppp-on ).
You may need to delete these lines or comment them out (by preceding them with
pound signs, # ). If you do this,
you''ll also have to remove the backslash from the third-to-last line, which
normally begins with an expect string of CONNECT .
Removing these final two lines and adjusting the preceding one will cause chat
to terminate immediately after connection, whereupon pppd will try to use PAP or CHAP to
authenticate the connection. If your ISP does not
use PAP or CHAP, you may need to modify the expect portions of these lines to
match the prompts your ISP uses for your username and password, and possibly
add more prompts if you have to enter additional commands yourself, such as a
command to explicitly start PPP on the ISP''s system.


Using
PPP Dialing Scripts



Editing the script files is the most difficult part of initiating
a PPP connection via these scripts. When this task is done, you need only type ppp-on (preceded by a complete path to
the script, if you didn''t put it somewhere on your path) to initiate a
connection. If your modem is external, you should see its lights blink, and if
it''s configured to echo sounds to its speaker during dialing, you should hear
this process. If all goes well, after a few seconds you should be able to
access the Internet using Linux''s normal networking tools.


If you encounter problems, you should first check the log file
to which pppd logs its actions
(normally /var/log/messages ).
The end of this file should contain information on pppd ''s actions, including whatever caused it to faila
timeout waiting for PAP, a failure when running chat , or what have you. If this output is cryptic or
doesn''t provide you with the clues you need, try searching for keywords related
to your problem on http://groups.google.com . This site hosts
archives of recent posts to Usenet newsgroups, where discussions of problems
with PPP and other Linux networking tools frequently appear. Searching there
will quite possibly turn up an answer, or at least a lead you can follow. The
PPP HOWTO document, mentioned earlier, also has PPP debugging tips.


One drawback to connecting via scripts is that most
distributions are configured in such a way that only root may initiate a PPP connection. This
can be an important security measure on a multi-user system, because you may
not want unauthorized personnel making random PPP connections. It can be a
nuisance, though. The GUI dialers get around this problem by using the set user
ID (SUID) bit to have the GUI dialer run with root
privileges. Of course, this opens up the system to the security problems of
allowing random users access to the dialer. (You may restrict execute
privileges to the GUI dialer by creating a PPP users group, assigning the GUI
dialer to that group, and denying world execute privileges on the program.) Many ISPs communicate the IP addresses of DNS servers along
with other information as part of the PPP negotiation. Sometimes, though,
you''ll need to enter this information in /etc/resolv.conf
yourself, as described earlier in this chapter in "href="http:// /?xmlid=0-201-77423-2/ch02lev1sec3#ch02lev2sec4"> Configuring DNS ." You should be able to
set up your DNS servers permanently.


Configuring
Dial-on-Demand



When your computer is used primarily as a
single-user workstation, GUI dialers or manually launched scripts like ppp-on are
good methods of initiating PPP connections. In a multi-user environment,
though, these tools have their problems. Users could try to initiate
connections when they''re already up, terminate connections when other users are
using them, or accidentally leave connections active for long periods of time. For
this reason, Linux supports a procedure known as dial-on-demand,
which is implemented through a program called diald . This tool detects
outgoing network traffic, initiates a PPP connection in response to the
traffic, and terminates the connection after a specified period of time with no
network activity. The result is that users may use network tools almost as if
they were on an always-up network connection; they need take no explicit
actions to start or stop the PPP link. There will be a delay, however, between
the time when diald detects the outgoing traffic and the time the connection is
finished (after all, the system has to dial the modem, and the modem must
negotiate the connection). If you program the system to drop a connection too
soon after the cessation of network activity, this can result in annoying
delays during normal network usesay, a long pause when a user clicks on a link
in a Web page, because the connection timed out when the user was reading the
first page.


To use diald , you must have SLIP
support compiled in your kernel, as described in href="http:// /?xmlid=0-201-77423-2/ch01#ch01"> Chapter 1 . This is
because diald uses SLIP to set up a virtual connection, essentially linking your
computer to the diald program itself. Programs therefore see an always-up network
interface, and diald receives the network traffic so that it can control when to
initiate the real connection.


Unfortunately, most Linux distributions don''t
ship with diald . You can obtain the package from its home Web site, href="http://diald.sourceforge.net" target="_blank">http://diald.sourceforge.net ,
or you can search for a prebuilt binary on href="http://www.rpmfind.net" target="_blank">http://www.rpmfind.net or href="http://www.debian.org/distrib/packages" target="_blank">http://www.debian.org/distrib/packages for RPM or Debian packages, respectively.


The diald program is
controlled through three configuration files:


/etc/diald.conf This file sets many of the configuration options that are normally
handled by ppp-on , including the modem device filename ( device ) and connect speed
( speed ). The local and remote options set the IP addresses used internally by diald . You
should set both addresses to ones on the same network segment, but neither
address should be used on the Internet or your own local network (if you have
one). Addresses in the 192.168.


x.x range are
typically good choices.


/etc/ppp/diald-dialer This file is essentially identical to the ppp-on-dialer script described earlier. You should adjust it just as you would ppp-on-dialer .


/usr/lib/diald/standard.filter This file defines the timeout periods that diald uses to
decide when to drop a connection. You can specify different types of
connections by the destination connection type, as shown in /etc/services .
In each case, you tell diald to remain up for a given number of seconds. The default file should
be a reasonable starting point, and you can modify it if you find that diald is
dropping connections too soon.


In addition to these configuration files, you
must edit your /etc/ppp/
pap-secrets
or /etc/ppp/chap-secrets file if your ISP uses PAP or CHAP, just as for a regular script-based PPP
connection. You may also need to enter your ISP''s DNS server addresses in /etc/resolv.conf , as described earlier. To use diald , type /usr/sbin/diald as root to start the program. It should then detect outgoing network
activity and initiate a connection. Because of the connection delays, though, a
first attempt to use a tool may fail; for instance, a Web browser may time out
before it can display a page. The second attempt should work, though.


If you want your system to start diald automatically when it boots, you can create a SysV
startup script, or add an entry to a local startup script, such as /etc/rc.d/rc.local or /etc/rc.d/boot.local . Whether you start it
manually or automatically, diald
can detect network traffic that originates on a local network if you configure
your computer to function as a NAT router, as described in href="http:// /?xmlid=0-201-77423-2/ch25#ch25"> Chapter 25 . Thus, you can link a small local
network to the Internet via a Linux computer and modem, and configure your
local computers as if they were on the Internet at large, using the Linux
system as the local gateway.




/ 201