Linux Home Networking, Part 5 - page 2
Dialing into the Internet
The ipchains program was discussed in the last article. The script used in that article needs to be modified slightly because the pppd program will be obtaining an IP address from the ISP when a connection is made. The masquerading support for ppp0 must also be enabled when the connection is made and disabled when the connection is terminated. This is not too difficult since the pppd program will run a different script file for each of these actions.
The initial firewall script can still be run but the last line, shown below, needs to be removed.
ipchains -A forward -i $extif -s $intnet -d 0.0.0.0/0 -j MASQ
The initial firewall script also includes commands for restrictions on incoming and outgoing packets that include the $extip argument. The references to $extip must be removed as well since the IP address is not known when the script is run.
The pppd program runs a number of script files when certain actions occur such as when a connection is made. In particular, the /etc/ppp/ip-up script is run after a connection is made and the /etc/ppp/ip-down script is run after a connection is terminated. The script is passed the following parameters:
interface-name tty-device speed local-IP-address remote-IP-address ipparam
The ipparam is one that is set from the script that starts pppd. The other parameters are those associated with a particular connection. In our case, the interface-name will wind up being ppp0. The tty-device would be ttyS1. The speed is the baud rate. A simple ip-up script is:
#!/bin/sh # Sample /etc/ppp/ip-up script # Assign internal IP variables intnet= 192.168.1.0/24" /sbin/ipchains -A forward -i $1 -s $intnet -d 0.0.0.0/0 -j MASQ /bin/echo 1 > /proc/sys/net/ipv4/ip_forward
This matches the script used in the prior article. A simplified version with a less strict of the next to last line in the script is:
/sbin/ipchains -A forward -i $1 -j MASQ
The ip-down script has a similar configuration shown in the following sample.
#!/bin/sh # Sample /etc/ppp/ip-up script # Assign internal IP variables intnet= 192.168.1.0/24" /sbin/ipchains -D forward -i $1 -s $intnet -d 0.0.0.0/0 -j MASQ /bin/echo 1 > /proc/sys/net/ipv4/ip_forward
The only difference between the two scripts is the -A and -D arguments to ipchains. One adds the rule. The other deletes it. Combining the two scripts into one is possible and a relatively simple chore for anyone familiar with shell scripts.
Adding some logging support can help when debugging the pppd scripts if
necessary. For example, adding the following line will save the arguments
passed to the script in the
echo Parameters: $1 $2 $3 $4 $5 $6 >>/etc/ppp/debug.log