Linux Home Networking, Part 5 - page 2
Dialing into the Internet
The ipchains program was discussed in the last article. The script used in that article needs to be modified slightly because the pppd program will be obtaining an IP address from the ISP when a connection is made. The masquerading support for ppp0 must also be enabled when the connection is made and disabled when the connection is terminated. This is not too difficult since the pppd program will run a different script file for each of these actions.
The initial firewall script can still be run but the last line, shown below, needs to be removed.
ipchains -A forward -i $extif -s $intnet -d 0.0.0.0/0 -j MASQ
The initial firewall script also includes commands for restrictions on incoming and outgoing packets that include the $extip argument. The references to $extip must be removed as well since the IP address is not known when the script is run.
Digg
del.icio.us
Slashdot
DZone
Reddit
StumbleUpon
Facebook
FriendFeed
Furl
Newsvine
Google
LinkedIn
MySpace
Technorati
Twitter
Windows Live
YahooBuzzThe pppd program runs a number of script files when certain actions occur such as when a connection is made. In particular, the /etc/ppp/ip-up script is run after a connection is made and the /etc/ppp/ip-down script is run after a connection is terminated. The script is passed the following parameters:
interface-name
tty-device
speed
local-IP-address
remote-IP-address
ipparam
The ipparam is one that is set from the script that starts pppd. The other parameters are those associated with a particular connection. In our case, the interface-name will wind up being ppp0. The tty-device would be ttyS1. The speed is the baud rate. A simple ip-up script is:
#!/bin/sh # Sample /etc/ppp/ip-up script # Assign internal IP variables intnet= 192.168.1.0/24" /sbin/ipchains -A forward -i $1 -s $intnet -d 0.0.0.0/0 -j MASQ /bin/echo 1 > /proc/sys/net/ipv4/ip_forward
This matches the script used in the prior article. A simplified version with a less strict of the next to last line in the script is:
/sbin/ipchains -A forward -i $1 -j MASQ
The ip-down script has a similar configuration shown in the following sample.
#!/bin/sh # Sample /etc/ppp/ip-up script # Assign internal IP variables intnet= 192.168.1.0/24" /sbin/ipchains -D forward -i $1 -s $intnet -d 0.0.0.0/0 -j MASQ /bin/echo 1 > /proc/sys/net/ipv4/ip_forward
The only difference between the two scripts is the -A and -D arguments to ipchains. One adds the rule. The other deletes it. Combining the two scripts into one is possible and a relatively simple chore for anyone familiar with shell scripts.
Adding some logging support can help when debugging the pppd scripts if
necessary. For example, adding the following line will save the arguments
passed to the script in the debug.log file:
echo Parameters: $1 $2 $3 $4 $5 $6 >>/etc/ppp/debug.log
- Skip Ahead
- 1. Dialing into the Internet
- 2. Dialing into the Internet
- 3. Dialing into the Internet
Solid state disks (SSDs) made a splash in consumer technology, and now the technology has its eyes on the enterprise storage market. Download this eBook to see what SSDs can do for your infrastructure and review the pros and cons of this potentially game-changing storage technology.
