Peter Horton <[EMAIL PROTECTED]> writes:
> On Sat, Dec 16, 2000 at 07:58:57PM +0100, Felix Natter wrote:
> >
> > I just tried to set up isdn exactly the way Marcus Jodorf described in his
> > mail a few months ago (configure modules, create config files with
> > isdnconfig and edit them).
> >
>
> If you turn on 'debug' in the ipppd config file what
> output do you get in /var/log/messages ?
"debug" was enabled. I alsa tried isdnctrl verbose 1000, but I still get
the same (few!) messages...
-------------------------- "ipppd.ippp0": ---------------------------------
# Options file for ipppd.
# ipppd will not read /etc/ppp/options or /etc/ppp/ioptions or any other
# config file. Everything has to be in here.
# REMOVE the next line once configuration is complete #########################
# REMOVE the above line once configuration is complete ########################
# "peer" is the name for our syncppp partner.
# STANDARD OPTIONS
debug # enable debugging
kdebug 10 # set kernel debugging level to X
#nodetach # (no) fork to the background
#callback X # ask for callback (parameter X ?)
#lock # create a lock file for device
#domain X # add domain X to a given hostname
#pidfile X # save pid in file X
#call X # take options from privileges file (???)
#idle X # idle time limit (seconds)
#holdoff X # holdoff time limit (seconds)
#maxconnect X # set maximum connection time (in seconds ?)
#+mp # enable multi line ppp
#+pwlog # log password (WARNING: possible security hole)
#nomagic # magic number negotiation
# ppp handshake : tuning
#silent # don't even try to initiate the connection
#passive # wait for the peer to initiate the connection
#lcp-echo-failure X # consecutive echo failures
#lcp-echo-interval X # time for lcp echo events
lcp-restart 1 # Set timeout for LCP
#lcp-max-terminate X # Set max #xmits for term-reqs
#lcp-max-configure X # Set max #xmits for conf-reqs
#lcp-max-failure X # Set max #conf-naks for LCP
# AUTHENTICATION
name 83755 # set local name for auth XXX_
#user X # set name for auth with peer; default is value for name
#usehostname # use hostname for auth
#remotename X # set remote name for auth
#noauth # (dont) require peer (the other) to auth
#require-pap # allow only pap authentication (dialin only)
#require-chap # allow only chap authentication (dialin only)
#login # use system password database for pap
#papcrypt # pap passwords are encrypted
# AUTHENTICATION TUNING
#pap-restart X # Set retransmit timeout for PAP
#pap-max-authreq X # Set max #xmits for auth-reqs
#pap-timeout X # Set time limit for peer PAP auth.
#chap-restart X # Set timeout for CHAP
#chap-max-challenge X # Set max #xmits for challenge
#chap-interval X # Set interval for rechallenge
# COMPRESSION
noaccomp # address compression on/off
nopcomp # protocol field compression on/off
novj # van jacobsen compression on/off
novjccomp # van jacobsen connection-ID compression on/off
#vj-max-slots X # tune maximum vj header slots
nobsdcomp # bsd compression on/off
nodeflate # deflate compression on/off
nopredictor1 # predictor1 compression in/off
noccp # compression negotation on/off
nolzs # LZS compression off (not yet supported fully)
# IP NETWORKING
#noip # en/disable ip transfer
#X:Y # set local ip to X, remote ip to Y
noipdefault # don't use name for default ip addr
useifip # use ip addresses form interface
#usefirstip # use first ip from auth file for remote
netmask 255.255.255.255 # set netmask, 255.255.255.255 is for pointopoint
#defaultroute # (dont) set default route
nohostroute # dont set host route
#noproxyarp # (dont) set an proxy arp entry
#mru X # set maximum size of recive units to X
#default-mru # disable mru negotation
mtu 1500 # set maximum size of transmit units to X (1500 is OK)
#useifmtu # use mtu from interface
#ipparam X # set ip parameters in script X
#ms-dns X # dns address for the peers use (dialin only)
#ms-wins X # wins address for the peers use (dialin only)
#ms-get-dns # accept peers suggestion of dns address (dialout)
#set_userip # define valid ip addresses in /etc/ppp/useriptab
#ipcp-restart X # Set timeout for IPCP
#ipcp-max-terminate X # Set max #xmits for term-reqs
#ipcp-max-configure X # Set max #xmits for conf-reqs
#ipcp-max-failure X # Set max #conf-naks for IPCP
ipcp-accept-local # Accept peer's address for us
ipcp-accept-remote # Accept peer's address for it
# IPX NETWORKING
noipx # en/disable ipx
#ipx-network X # IPX network number
#ipxcp-accept-network # Accept peer netowrk
#ipx-node X # IPX node number
#ipxcp-accept-local # Accept our address
#ipxcp-accept-remote # Accept peer's address
#ipx-routing X # IPX routing proto number
#ipx-router-name X # IPX router name
#ipxcp-restart X # Set timeout for IPXCP
#ipxcp-max-terminate X # max #xmits for term-reqs
#ipxcp-max-configure X # max #xmits for conf-reqs
#ipxcp-max-failure X # max #conf-naks for IPXCP
------------------------ "device.ippp0": ---------------------------------
#!/bin/sh
# REMOVE the next line once configuration is complete #########################
# REMOVE the above line once configuration is complete ########################
# Instructions: read the comments for each command, and if necessary, edit
# the command (e.g. replace EAZ with your real EAZ or MSN). Look for lines
# marked with XXX_, which is probably all you need to change.
# If the command is commented out, remove the leading '#' to enable it if
# the command is needed.
#
# After you have configured this file, remove the "Warning!" line above to
# enable this file.
# If using dynamic IP addresses:
# Check out the /etc/ppp/ip-up.d/isdnutils and /etc/ppp/ip-down.d/isdnutils
# scripts, to ensure that any routing is done correctly there (the
# ip-up.d/isdnutils script is run after a syncPPP link is established, and the
# ip-down.d/isdnutils script is run after the link goes down).
# You need to have the ppp package installed for those scripts to work.
set -e # exit on _any_ error
# Get the device name
device=`basename $0`; device=${device#*.}
# The (dummy) IP addresses
#
# Use 10.0.0.1 for LOCALIP and 10.0.0.2 for REMOTEIP if you have
# dynamic IP addresses; with static address fill in the real values!
LOCALIP=10.0.0.1 # XXX_
REMOTEIP=10.0.0.2 # XXX_
# Phone numbers (without the leading zero)
#
# REMOTEMSN may be a list of numbers to dial, separated by a space.
# If you do that, DO put quotes around the whole value! Like:
# REMOTEMSN='221345788 221345789'
#
# The REMOTEMSN must be the areacode (without the leading zero) + phonenumber!
#
# Example: areacode: 0221 phonenumber: 345789
# => REMOTEMSN='221345789'
#
# EXPLANATION:
# A zero is added below when it is used as the outgoing number;
# when it it used as the incoming number, it must be without a leading zero
# (which is why you must leave that leading zero out below).
# The local number must also be given without the leading zero!
#
# EXCEPTION:
# In countries where there are NO areacodes, this leading zero must NOT be
# added. In that case, change the value of LEADINGZERO below to ''
# LEADINGZERO could conceivably need to be something else in certian
# situations, so it is configurable.
LOCALMSN=2244873331 # XXX_
REMOTEMSN=2289354890 # XXX_
LEADINGZERO=0 # XXX_ use LEADINGZERO='' if you have no areacodes.
# DIALMODE:
# New with kernel 2.0.36 is the `dialmode' setting.
# dialmode=auto is compatible with the old behaviour (dial-on-demand enabled).
# Read the isdnctrl manpage for more info.
# Change the value below if you want a different setting when the interface is
# started.
# DIALMODE=auto
DIALMODE=off # XXX_ other values can be 'on' and 'off'
# Encapsulation (default is syncppp for ipppX devices, rawip for isdnX devices)
# Change the next four lines if you need some other value.
if expr ${device} : ippp > /dev/null
then ENCAP=syncppp
else ENCAP=rawip
fi
# Configuration (start)
case "$1" in
start)
# XXX_
# If running kernel 2.0.31 or higher, enable the IP dynamic hack
# (if needed). See linux/Documentation/networking/ip_dynaddr.txt .
# Default is: enabled. If you have static IP numbers, you can remove
# the next line.
[ -f /proc/sys/net/ipv4/ip_dynaddr ] && echo 5 >
/proc/sys/net/ipv4/ip_dynaddr
# First you need to create the interface
isdnctrl addif ${device}
# eaz name num
# Set the EAZ (German 1TR6 protocol) or MSN (Euro-ISDN E-DSS1) for
# interface "name" to "num". For an EAZ this is only one digit, for a
# MSN "num" is the whole MSN.
# In the Netherlands this includes the areacode, but not the leading 0.
# (other countries?)
isdnctrl eaz ${device} $LOCALMSN
# addphone name out num
# Set the phone number(s) of the remote site for the IP-interface
# "name". More than one number can be set by calling isdnctrl addphone
# repeatedly. If more than one number is set these will be tried one
# after another. When using an german SPV-type connection, with a
# ICN-card, the number has to be preceeded by a capital S.
# This is the "normal" number.
if [ ! -z "$REMOTEMSN" ]
then
for MSN in $REMOTEMSN; do
isdnctrl addphone ${device} out $LEADINGZERO$MSN
done
fi
# addphone name in num
# Set the phone number(s) that the IP-interface "name" is supposed to
# accept for incoming calls. If no number is given, incoming calls are
# disabled. More than one number can be set by calling isdnctrl addphone
# repeatedly. Also wildcards can be used (see below).
# In the Netherlands (and elsewhere?),
# this is with areacode but without leading 0
#if [ ! -z "$REMOTEMSN" ]
#then
# for MSN in $REMOTEMSN; do
# isdnctrl addphone ${device} in $MSN
# done
#fi
# secure name on|off
# Turns on or off the security feature for interface "name". If set to
# on, incoming calls will only be accepted if the calling number has
# been added to the access list with isdnctrl addphone name in.
isdnctrl secure ${device} on
# huptimeout name seconds
# Set the hangup timeout for interface "name" to "seconds". If there
# is inactivity (i.e. no traffic on the interface) for the given time
# the driver automatically shuts down the connection.
# Default is 60 seconds
isdnctrl huptimeout ${device} 60 # XXX_
# dialmax name num
# Set the number of dial atempts for interface "name" to "num". If
# dialing, each phonenumber is tried this many times before giving up.
#isdnctrl dialmax ${device} NUM
# ihup name on|off
# Turn on or off the hangup timeout for incoming calls on interface name
#isdnctrl ihup ${device} on
# encap name encapname
# Set the encapsulation mode for interface "name". Possible modes for
# encapname are: rawip ip cisco_h ethernet syncppp uihdlc
# (most people use rawip, syncppp or cisco_h; syncppp is normal for
# ISP's, rawip is normal for semi-fixed linux-linux connections)
isdnctrl encap ${device} $ENCAP
# l2_prot name protocol
# Set the layer-2 protocol for interface "name". Possible values for
# "protocol" are x75i, x75ui, x75bui and hdlc
# (most people use hdlc)
isdnctrl l2_prot ${device} hdlc
# l3_prot name protocol
# Set the layer-3 protocol for interface "name". At the moment only
# trans is supported. If protocol is omitted the current setting is
# printed.
isdnctrl l3_prot ${device} trans
# verbose num
# Set verbosity level to <num>.
# (2 shows the first package of every connection, that is very useful.)
# WARNING: this is a global parameter, that affects all isdn devices!
isdnctrl verbose 2
# CHARGEHUP FUNCTION
# chargehup name on|off
# Turn on or off hangup before next charge info for interface name. This
# can only be used if the ISDN provider transmits charge info during and
# after the connection. If set to on, the driver will close the
# connection just before the next charge info will be received if the
# interface is inactive.
#isdnctrl chargehup ${device} on
# chargeint name seconds
# When "seconds" are given, the charge interval for the given interface
# is set. This may be of use on ISDN lines with no chargeinfo or no
# online chargeinfo. The connection will only be closed 2 seconds before
# the end of the next charge interval and only, if huptime out seconds
# of inactivity have been reached. If ihup is on, also incomming
# connections are closed by this mechanism.
#isdnctrl chargeint ${device} NUM
# CALLBACK FUNCTION
# callback name off|in|out
# Selects callback mode for interface "name". If call-back mode is in,
# then after getting an incoming call, a callback is triggered. If
# callback mode is out, then this system does the initial call, then
# waiting for callback of the remote machine.
#isdnctrl callback ${device} MODE
# cbdelay name seconds
# Set the callback delay for interface "name" to "seconds". If callback
# mode for this interface is in, dialing is delayed the given time. If
# the callback mode is out, after dialing out and waiting the given
# time, a hangup is issued to free the line for the incoming callback
# from the remote machine. This hangup-after-dial is disabled by setting
# cbdelay to 0.
#isdnctrl cbdelay ${device} SECONDS
# cbhup name on|off
# Turns on or off Hangup (Reject) for interface "name" before starting
# Callback.
#isdnctrl cbhup ${device} MODE
# OTHER OPTIONS
# There are other options not used by most people. You can insert these
# options here.
# See also : isdnctrl(8), isdnctrl help text
# pppbind is needed when using one ipppd per ippp interface
# (like Debian does)
bindnum=`expr $device : 'ippp\(.*\)'` || true
if [ ! -z "$bindnum" ]
then
isdnctrl pppbind ${device} $bindnum
fi
# NETWORK SETUP
# Network device setup as usual.
# See also : ifconfig(8) route(8) or any book about unix networking.
ifconfig ${device} $LOCALIP pointopoint $REMOTEIP netmask
255.255.255.255
ifconfig ${device} up
set +e # ignore errors from here on
route del -host $REMOTEIP ${device} 2>/dev/null
route add -host $REMOTEIP ${device}
# setting default route here is only useful if this is your only
# outside connection... The default is ippp0 for the default route.
if [ "$bindnum" = 0 ]; then
route del default 2>/dev/null
route add default netmask 0 ${device}
fi
# FIREWALL RULES XXX_
# Explicitly list what's allowed, and then deny the rest.
# I'm assuming kernel 2.2.x here, hence ipchains instead of ipfwadm.
#
# The firewall rules below will only work here if using static IP
# addresses!!! For dynamic addresses the rules should be added in
# /etc/ppp/ip-up.d/00-isdnutils and deleted in
# /etc/ppp/ip-down.d/99-isdnutils .
# Also note you usually only want a setup as below for the interface
# facing the internet, not if you're using the interface to connect a
# local subnet (unless you're using masquerading).
# Also be sure to check the config to make sure it fits what you want.
#
# ipchains -A input -j ACCEPT -i ${device} -p TCP -d ${LOCALIP} 1000:
# ipchains -A input -j ACCEPT -i ${device} -p TCP -d ${LOCALIP} ssh
# ipchains -A input -j ACCEPT -i ${device} -p TCP -d ${LOCALIP} smtp
# ipchains -A input -j ACCEPT -i ${device} -p TCP -d ${LOCALIP} ident
# ipchains -A input -j ACCEPT -i ${device} -p TCP -d ${LOCALIP} ftp
# ipchains -A input -j ACCEPT -i ${device} -p TCP -d ${LOCALIP} http
# ipchains -A input -j ACCEPT -i ${device} -p UDP -d ${LOCALIP} 1024:
# ipchains -A input -j ACCEPT -i ${device} -p ICMP -d ${LOCALIP}
# ipchains -A input -j DENY -i ${device}
# If you don't have masquerading set up yet, try the following.
# Replace 192.168.1 with the network number you use on the hosts
# that will use masquerading.
# ipchains -I forward -j MASQ -s 192.168.1.0/24
# ignore errors in case of older kernel
isdnctrl dialmode $device $DIALMODE >/dev/null 2>&1
;;
# Delete the interface
stop)
set +e # ignore errors from here on
isdnctrl dialmode $device off >/dev/null 2>&1
# FIREWALL RULES XXX_
# Undo the things done above.
#
# ipchains -D input -j ACCEPT -i ${device} -p TCP -d ${LOCALIP} 1000:
# ipchains -D input -j ACCEPT -i ${device} -p TCP -d ${LOCALIP} ssh
# ipchains -D input -j ACCEPT -i ${device} -p TCP -d ${LOCALIP} smtp
# ipchains -D input -j ACCEPT -i ${device} -p TCP -d ${LOCALIP} ident
# ipchains -D input -j ACCEPT -i ${device} -p TCP -d ${LOCALIP} ftp
# ipchains -D input -j ACCEPT -i ${device} -p TCP -d ${LOCALIP} http
# ipchains -D input -j ACCEPT -i ${device} -p UDP -d ${LOCALIP} 1024:
# ipchains -D input -j ACCEPT -i ${device} -p ICMP -d ${LOCALIP}
# ipchains -D input -j DENY -i ${device}
# If you don't have masquerading set up yet, try the following.
# Replace 192.168.1 with the network number you use on the hosts
# that will use masquerading.
# ipchains -D forward -j MASQ -s 192.168.1.0/24
# Commands to undo the network stuff
route del $REMOTEIP $device 2> /dev/null
# only delete default route if set above!
# The default is to use ippp0 for your default route.
bindnum=`expr $device : 'ippp\(.*\)'`
if [ "$bindnum" = 0 ]; then
route del default netmask 0 2>/dev/null
fi
ifconfig $device down 2> /dev/null
isdnctrl delif $device 2> /dev/null
;;
# the rest is generic, don't touch
*)
echo "Usage: $0 {start|stop}"
exit 1
;;
esac
exit 0
thanks,
--
Felix Natter
