opitai:
Setting Up a PPP/POP Dial-in Server USING Red Hat Linux 5.1
By Hassan Ali
DISCLAIMER:
This worked for me. Your mileage may vary!
OBJECTIVES:
To install PPP and POP/IMAP services on a Red Hat Linux 5.1
server
for dial-in users.
TOOLS:
Red Hat Linux 5.1 CDs
ASSUMPTIONS:
You have a PC with basic installation of Red Hat Linux 5.1
with a Linux
kernel that supports IP forwarding.
STEP 1: Install "mgetty" (if not yet installed) from Red
Hat 5.1 CD #1
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~
Login as "root", insert Red Hat 5.1 CD #1 in the CD-ROM
drive and
mount it using the command:
# mount -t iso9660 /dev/hdb /mnt/cdrom
(It is assumed that your CD-ROM drive is device /dev/hdb,
if not change
it accordingly)
Get to the RPMS directory:
# cd /mnt/cdrom/RedHat/RPMS
Install "mgetty" rpm files:
# rpm -Uvh mgetty*
This will install mgetty and all its cousins, but who
cares!! If you hate
extended family, have your way and replace "mgetty*" with
"mgetty-1.1.14-2.i386.rpm".
At the end of /etc/mgetty+sendfax/mgetty.config file, add
the following
set of three lines for each serial port connected to a modem
for dial-in
users. Here is an example for /dev/ttyS1 and /dev/ttyC15:
# For US Robotics Sportster 28.8 with speaker off
port ttyS1
init-chat "" ATZ OK AT&F1M0E1Q0S0=0 OK
answer-chat "" ATA CONNECT \c \r
# For Practical Peripheral 14.4 with fax disabled and
prolonged
# carrier wait time (90 sec)
port ttyC15
init-chat "" ATZ OK AT&F1M0E1Q0S0=0S7=90+FCLASS=0 OK
answer-chat "" ATA CONNECT \c \r
Notes:
AT&F1 sets hardware flow-control mode on many modems. For
other
modems use appropriate initializations in the init-chat
line.
Just in case you wonder why I took as an example a ttyC15
port; well,
you may have such a port if you have a multiport serial
card. If you need
one, I recommend Cyclades cards.
In /etc/mgetty+sendfax/login.config file, search for the
line that starts
with /AutoPPP/. Make sure that it is not commented (i.e.
there is no "#"
at the beginning of the line), and edit it to be:
/AutoPPP/ - a_ppp /etc/ppp/ppplogin
If you wish to have users' login names (rather than
"a_ppp") to appear
in the /var/run/utmp and /var/log/wtmp log files, then the
above line
should be:
/AutoPPP/ - - /etc/ppp/ppplogin
In /etc/inittab file, search for the section that runs
"getty" processes and
add at the end of that section one line of the following
form for each
modem port. Example here is given for ttyS1 and ttyC15.
7:2345:respawn:/sbin/mgetty -x 3 ttyS1
8:2345:respawn:/sbin/mgetty -x 3 ttyC15
[the first number (7,8) is arbitrary (in fact I have seen
in some cases
"s1", "s2", etc, used instead). Just give a different number
for each port.
And why not you go by the order!!? Me wonders!]
Connect the modems to the serial ports, switch them ON and
then
initialize "mgetty" with the command:
# init q
NOTE: If you spawn "mgetty" on a serial port with no modem
connected to it, or the modem is not switched ON, you'll get
lots of
error messages in "/var/log/messages" or/and in the other
mgetty
("/var/log/log_mg.ttyXX") log files. In fact those error
messages may
continuosly pop up on your screen. Quite annoying, eh? To
avoid this
annoyance, each serial port that has no modem connected to
it should
have its corresponding lines commented out in /etc/inittab
and in
/etc/mgetty+sendfax/mgetty.config files.
STEP 2: Install PPP (if not installed) from Red Hat 5.1 CD
#1
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~
If the Red Hat CD #1 is properly mounted (see STEP 1.1), to
install
PPP type the following command:
# rpm -Uvh /mnt/cdrom/RedHat/RPMS/ppp*
Edit /etc/ppp/options files to read as follows:
-detach
crtscts
netmask 255.255.255.0
asyncmap 0
modem
proxyarp
NOTES:
Use appropriate netmask for your network. It doesn't have to
be
255.255.255.0, in fact in my case it was 255.255.255.224
Read man pages for "pppd" to understand those options.
Edit /etc/ppp/ppplogin file (create it if it doesn't exist)
to read as follows:
#!/bin/sh
mesg n
stty -echo
/usr/sbin/pppd silent auth -chap +pap login
Make the file executable using command:
# chmod +x /etc/ppp/ppplogin
NOTE: We're going to use PAP authentication BUT using the
ordinary
/etc/passwd password file. That's what "+pap login" means.
For each serial port connected to a modem, create a
corresponding
/etc/ppp/options.ttyXX file, where "XX" is "S1" for ttyS1
port, "S2" for
ttyS2 port, "C15" for ttyC15, etc. In one such file put the
following line:
myhost:ppp01
where "myhost" is the hostname of the PPP server - change
it
accordingly to the actual hostname of your Linux box. If
you're more
forgetful than you can REMEMBER to admit, remind yourself of
the
hostname of your server using the "hostname" command.
# hostname
The word "ppp01" used above is just an arbitrarily chosen
name for the
virtual host associated with one of the PPP dial-in lines
and its
corresponding IP address as defined in /etc/hosts file (to
be discussed
later). In another /etc/ppp/options.ttyXX file, you may wish
to type in the
following line:
myhost:ppp02
That is, here you define a different PPP hostname, "ppp02".
Use a
different hostname for each serial port. You can choose any
names that
your lil' old heart desires! They don't have to be ppp01,
ppp02, ppp03,
etc. They can be "junkie", "newbie", "noname", whatever!
Edit /etc/ppp/pap-secrets file and add one line as shown
below for each
IP address that is to be dynamically assigned to PPP dial-in
users.
This, of course, assumes that you have a pool of IP
addresses that you
can assign to your dial-in clients:
# Secrets for authentication using PAP
# client server secret IP
addresses
* * "" 10.0.0.3
* * "" 10.0.0.4
This says: no PAP secrets (passwords) set for any client
from
anywhere in the world with the shown IP address. We don't
need to use
PAP secrets if we will be using /etc/passwd instead. If you
are REALLY
not paranoid, you can have just one following line that will
serve all the
IP addresses (yours and your neighbour's!):
# Secrets for authentication using PAP
# client server secret IP
addresses
* * "" *
Make /usr/sbin/pppd program setuid "root" by using command:
# chmod u+s /usr/sbin/pppd
Edit /etc/hosts file to assign IP addresses to all PPP
hostnames you
used in STEP 2.4. Use the pool of IP addresses used in STEP
2.5:
10.0.0.3 ppp01 ppp01.mydomain.com
10.0.0.4 ppp02 ppp02.mydomain.com
NOTE: Replace "mydomain.com" with the actual domain name of
your
PPP server. Just in case you're confused, I assume your PPP
server is
"myhost.mydomain.com".
STEP 3: Install POP/IMAP servers (if not installed) from
Red Hat 5.1
CD #1
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~
With the Red Hat CD #1 properly mounted, issue the following
command to install POP and IMAP:
# rpm -Uvh /mnt/cdrom/RedHat/RPMS/imap*
Check /etc/inetd.conf file to see if "pop-2", "pop-3", and
"imap" service
lines are all uncommented. If not, uncomment them (i.e
remove the
leading "#"). If you only want to support POP3 clients, just
uncomment
the "pop-3" line. If POP2 and POP3 files are not in the
"imap*" RPM
file, try to see if you have "ipop*" RPM file and use it
instead.
Activate the new services by using command:
# kill -HUP `cat /var/run/inetd.pid`
STEP 4: Enable IP fowarding
~~~~~~~~~~~~~~~~~~~~~~~~~~~
If you use the already compiled Linux kernel that comes with
Red Hat
5.1, it does normally have support for IP forwarding. If you
compile your
own Linux kernel, you have to enable "IP:
forwarding/gatewaying"
networking option during compilation. For RFC compliance,
the default
bootup process does not enable IP forwarding. Enable IP
forwarding by
setting it to "yes" in /etc/sysconfig/network file, like so:
FORWARD_IPV4=yes
Activate IP forwarding by using command:
# echo "1" > /proc/net/ip_forward
or by rebooting the system.
STEP 5: Test the server
~~~~~~~~~~~~~~~~~~~~~~~
First create users (if not ready). You can give them
"/home/username"
home directory and "/bin/bash" login shell if you want them
to have both
"PPP" and shell access. Give them "/home/username" home
directory
and "/etc/ppp/ppplogin" login program if you want them to
have PPP
access but not shell access. It's better to use "usercfg"
tool to set-up
new users. Typical /etc/passwd file entries may be as
follows:
jodoe:tdgsHjBn/hkg.:509:509:John
Doe:/home/jodoe:/bin/bash
jadoe:t8j/MonJd9kxy:510:510:Jane
Doe:/home/jadoe:/etc/ppp/ppplogin
In this example, John Doe will have both PPP and shell
access, while
Jane Doe will only have PPP access. If you have just started
to wonder
how John Doe may have PPP access, the answer lies with the
/AutoPPP/ configuration in "mgetty" - it does the magic. Any
user that
will dial in and talk PPP, mgetty will give him/her the
/etc/ppp/ppplogin
program.
So, if John Doe dials-in using Windows 95 dial-up adaptor
which is set
up to make a PPP connection, mgetty will give John Doe PPP
access.
If he dials in with any other communication software e.g
HyperTerminal,
(with no PPP negotiation) he will be given the normal login
shell. This
will never happen for Jane Doe. She will always be welcome
by the
"/etc/ppp/ppplogin" program.
In fact "mgetty" allows you to use the same modem lines for
various
protocols. For example, your UUCP clients (if you have any)
may use
the same modem lines as your PPP clients! Of course, you
have to give
your UUCP clients "/var/spool/uucppublic" home directory and
"/usr/sbin/uucico" login program.
Assuming you have a web server (Apache) already setup (it's
a
piece-a-cake to setup Apache), use a web browser, and a POP
e-mail
client (e.g Eudora) on a remote PC connected to a modem and
a phone
line. If it is a Windows 95/98 PC, setup the Dial-up Adaptor
appropriately by specifying the IP address of the PPP server
as the
Gateway, use correct DNS IP address, and specify that the
server will
assign an IP address automatically. In the POP client (e.g
Eudora), set
SMTP and POP host as the IP address of the PPP/POP server.
Now dial-up the server and wait for connection. Test out web
browsing,
and POP mail sending and receiving. If it doesn't work...
something is
wrong somewhere ;-)
REFERENCES:
1. PPP-HOWTO 2. NET-3-HOWTO 3. "Using Linux", Bill Ball,
published
by Que (around US$30 - highly recommended) 4. mgetty
documentation
Copyright © 1999, Hassan O. Ali
Published in Issue 36 of Linux Gazette, January 1999
|