November 30, 2015

Linux Home Networking, Part 5 - page 2

Dialing into the Internet

  • October 10, 2000
  • By William Wong

The ipchains program was discussed in the last article. The script used in that article needs to be modified slightly because the pppd program will be obtaining an IP address from the ISP when a connection is made. The masquerading support for ppp0 must also be enabled when the connection is made and disabled when the connection is terminated. This is not too difficult since the pppd program will run a different script file for each of these actions.

The initial firewall script can still be run but the last line, shown below, needs to be removed.

ipchains -A forward -i $extif -s $intnet -d -j MASQ

The initial firewall script also includes commands for restrictions on incoming and outgoing packets that include the $extip argument. The references to $extip must be removed as well since the IP address is not known when the script is run.

The pppd program runs a number of script files when certain actions occur such as when a connection is made. In particular, the /etc/ppp/ip-up script is run after a connection is made and the /etc/ppp/ip-down script is run after a connection is terminated. The script is passed the following parameters:


The ipparam is one that is set from the script that starts pppd. The other parameters are those associated with a particular connection. In our case, the interface-name will wind up being ppp0. The tty-device would be ttyS1. The speed is the baud rate. A simple ip-up script is:

# Sample /etc/ppp/ip-up script
# Assign internal IP variables
/sbin/ipchains -A forward -i $1 -s $intnet -d -j MASQ
/bin/echo 1 > /proc/sys/net/ipv4/ip_forward

This matches the script used in the prior article. A simplified version with a less strict of the next to last line in the script is:

/sbin/ipchains -A forward -i $1 -j MASQ

The ip-down script has a similar configuration shown in the following sample.

# Sample /etc/ppp/ip-up script
# Assign internal IP variables
/sbin/ipchains -D forward -i $1 -s $intnet -d -j MASQ
/bin/echo 1 > /proc/sys/net/ipv4/ip_forward

The only difference between the two scripts is the -A and -D arguments to ipchains. One adds the rule. The other deletes it. Combining the two scripts into one is possible and a relatively simple chore for anyone familiar with shell scripts.

Adding some logging support can help when debugging the pppd scripts if necessary. For example, adding the following line will save the arguments passed to the script in the debug.log file:

echo Parameters: $1 $2 $3 $4 $5 $6 >>/etc/ppp/debug.log
Sitemap | Contact Us