userppp.html

这是很好的学习嵌入式LINUX的文章

<h4 class="SECT4"><a id="AEN30496" name="AEN30496">21.2.1.3.11 MS Extensions</a></h4>

<p>It is possible to configure PPP to supply DNS and NetBIOS nameserver addresses on
demand.</p>

<p>To enable these extensions with PPP version 1.x, the following lines might be added to
the relevant section of <tt class="FILENAME">/etc/ppp/ppp.conf</tt>.</p>

<pre class="PROGRAMLISTING">
enable msext
set ns 203.14.100.1 203.14.100.2
set nbns 203.14.100.5
</pre>

<p>And for PPP version 2 and above:</p>

<pre class="PROGRAMLISTING">
accept dns
set dns 203.14.100.1 203.14.100.2
set nbns 203.14.100.5
</pre>

<p>This will tell the clients the primary and secondary name server addresses, and a
NetBIOS nameserver host.</p>

<p>In version 2 and above, if the <var class="LITERAL">set dns</var> line is omitted, PPP
will use the values found in <tt class="FILENAME">/etc/resolv.conf</tt>.</p>
</div>

<div class="SECT4">
<h4 class="SECT4"><a id="USERPPP-PAPNCHAP" name="USERPPP-PAPNCHAP">21.2.1.3.12 PAP and
CHAP Authentication</a></h4>

<p>Some ISPs set their system up so that the authentication part of your connection is
done using either of the PAP or CHAP authentication mechanisms. If this is the case, your
ISP will not give a <samp class="PROMPT">login:</samp> prompt when you connect, but will
start talking PPP immediately.</p>

<p>PAP is less secure than CHAP, but security is not normally an issue here as passwords,
although being sent as plain text with PAP, are being transmitted down a serial line
only. There is not much room for crackers to ``eavesdrop''.</p>

<p>Referring back to the <a href="userppp.html#USERPPP-STATICIP">PPP and Static IP
addresses</a> or <a href="userppp.html#USERPPP-DYNAMICIP">PPP and Dynamic IP
addresses</a> sections, the following alterations must be made:</p>

<pre class="PROGRAMLISTING">
13      set authname <var class="REPLACEABLE">MyUserName</var>
14      set authkey <var class="REPLACEABLE">MyPassword</var>
15      set login
</pre>

<div class="VARIABLELIST">
<dl>
<dt>Line 13:</dt>

<dd>
<p>This line specifies your PAP/CHAP user name. You will need to insert the correct value
for <var class="REPLACEABLE">MyUserName</var>.</p>
</dd>

<dt>Line 14:</dt>

<dd>
<p>This line specifies your PAP/CHAP password. You will need to insert the correct value
for <var class="REPLACEABLE">MyPassword</var>. You may want to add an additional line,
such as:</p>

<pre class="PROGRAMLISTING">
16      accept PAP
</pre>

<p>or</p>

<pre class="PROGRAMLISTING">
16      accept CHAP
</pre>

<p>to make it obvious that this is the intention, but PAP and CHAP are both accepted by
default.</p>
</dd>

<dt>Line 15:</dt>

<dd>
<p>Your ISP will not normally require that you log into the server if you are using PAP
or CHAP. You must therefore disable your ``set login'' string.</p>
</dd>
</dl>
</div>
</div>

<div class="SECT4">
<h4 class="SECT4"><a id="AEN30553" name="AEN30553">21.2.1.3.13 Changing Your <tt
class="COMMAND">ppp</tt> Configuration on the Fly</a></h4>

<p>It is possible to talk to the <tt class="COMMAND">ppp</tt> program while it is running
in the background, but only if a suitable diagnostic port has been set up. To do this,
add the following line to your configuration:</p>

<pre class="PROGRAMLISTING">
set server /var/run/ppp-tun<var class="REPLACEABLE">%d</var> DiagnosticPassword 0177
</pre>

<p>This will tell PPP to listen to the specified <span class="TRADEMARK">UNIX</span>
domain socket, asking clients for the specified password before allowing access. The <var
class="LITERAL">%d</var> in the name is replaced with the <tt class="DEVICENAME">tun</tt>
device number that is in use.</p>

<p>Once a socket has been set up, the <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=pppctl&sektion=8"><span
class="CITEREFENTRY"><span class="REFENTRYTITLE">pppctl</span>(8)</span></a> program may
be used in scripts that wish to manipulate the running program.</p>
</div>
</div>

<div class="SECT3">
<h3 class="SECT3"><a id="USERPPP-NAT" name="USERPPP-NAT">21.2.1.4 Using PPP Network
Address Translation Capability</a></h3>

<p>PPP has ability to use internal NAT without kernel diverting capabilities. This
functionality may be enabled by the following line in <tt
class="FILENAME">/etc/ppp/ppp.conf</tt>:</p>

<pre class="PROGRAMLISTING">
nat enable yes
</pre>

<p>Alternatively, PPP NAT may be enabled by command-line option <var
class="LITERAL">-nat</var>. There is also <tt class="FILENAME">/etc/rc.conf</tt> knob
named <var class="LITERAL">ppp_nat</var>, which is enabled by default.</p>

<p>If you use this feature, you may also find useful the following <tt
class="FILENAME">/etc/ppp/ppp.conf</tt> options to enable incoming connections
forwarding:</p>

<pre class="PROGRAMLISTING">
nat port tcp 10.0.0.2:ftp ftp
nat port tcp 10.0.0.2:http http
</pre>

<p>or do not trust the outside at all</p>

<pre class="PROGRAMLISTING">
nat deny_incoming yes
</pre>
</div>

<div class="SECT3">
<h3 class="SECT3"><a id="USERPPP-FINAL" name="USERPPP-FINAL">21.2.1.5 Final System
Configuration</a></h3>

<p>You now have <tt class="COMMAND">ppp</tt> configured, but there are a few more things
to do before it is ready to work. They all involve editing the <tt
class="FILENAME">/etc/rc.conf</tt> file.</p>

<p>Working from the top down in this file, make sure the <var
class="LITERAL">hostname=</var> line is set, e.g.:</p>

<pre class="PROGRAMLISTING">
hostname="foo.example.com"
</pre>

<p>If your ISP has supplied you with a static IP address and name, it is probably best
that you use this name as your host name.</p>

<p>Look for the <var class="LITERAL">network_interfaces</var> variable. If you want to
configure your system to dial your ISP on demand, make sure the <tt
class="DEVICENAME">tun0</tt> device is added to the list, otherwise remove it.</p>

<pre class="PROGRAMLISTING">
network_interfaces="lo0 tun0"
ifconfig_tun0=
</pre>

<div class="NOTE">
<blockquote class="NOTE">
<p><b>Note:</b> The <var class="LITERAL">ifconfig_tun0</var> variable should be empty,
and a file called <tt class="FILENAME">/etc/start_if.tun0</tt> should be created. This
file should contain the line:</p>

<pre class="PROGRAMLISTING">
ppp -auto mysystem
</pre>

<p>This script is executed at network configuration time, starting your ppp daemon in
automatic mode. If you have a LAN for which this machine is a gateway, you may also wish
to use the <var class="OPTION">-alias</var> switch. Refer to the manual page for further
details.</p>
</blockquote>
</div>

<p>Make sure the router program set to <var class="LITERAL">NO</var> with following line
in your <tt class="FILENAME">/etc/rc.conf</tt>:</p>

<pre class="PROGRAMLISTING">
router_enable="NO"
</pre>

<p>It is important that the <tt class="COMMAND">routed</tt> daemon is not started (it is
by default), as <tt class="COMMAND">routed</tt> tends to delete the default routing table
entries created by <tt class="COMMAND">ppp</tt>.</p>

<p>It is probably worth your while ensuring that the <var
class="LITERAL">sendmail_flags</var> line does not include the <var
class="OPTION">-q</var> option, otherwise <tt class="COMMAND">sendmail</tt> will attempt
to do a network lookup every now and then, possibly causing your machine to dial out. You
may try:</p>

<pre class="PROGRAMLISTING">
sendmail_flags="-bd"
</pre>

<p>The downside of this is that you must force <tt class="COMMAND">sendmail</tt> to
re-examine the mail queue whenever the ppp link is up by typing:</p>

<pre class="SCREEN">
<samp class="PROMPT">#</samp> <kbd class="USERINPUT">/usr/sbin/sendmail -q</kbd>
</pre>

<p>You may wish to use the <tt class="COMMAND">!bg</tt> command in <tt
class="FILENAME">ppp.linkup</tt> to do this automatically:</p>

<pre class="PROGRAMLISTING">
1     provider:
2       delete ALL
3       add 0 0 HISADDR
4       !bg sendmail -bd -q30m
</pre>

<p>If you do not like this, it is possible to set up a ``dfilter'' to block SMTP traffic.
Refer to the sample files for further details.</p>

<p>All that is left is to reboot the machine. After rebooting, you can now either
type:</p>

<pre class="SCREEN">
<samp class="PROMPT">#</samp> <kbd class="USERINPUT">ppp</kbd>
</pre>

<p>and then <tt class="COMMAND">dial provider</tt> to start the PPP session, or, if you
want <tt class="COMMAND">ppp</tt> to establish sessions automatically when there is
outbound traffic (and you have not created the <tt class="FILENAME">start_if.tun0</tt>
script), type:</p>

<pre class="SCREEN">
<samp class="PROMPT">#</samp> <kbd class="USERINPUT">ppp -auto provider</kbd>
</pre>
</div>

<div class="SECT3">
<h3 class="SECT3"><a id="AEN30651" name="AEN30651">21.2.1.6 Summary</a></h3>

<p>To recap, the following steps are necessary when setting up ppp for the first
time:</p>

<p>Client side:</p>

<div class="PROCEDURE">
<ol type="1">
<li>
<p>Ensure that the <tt class="DEVICENAME">tun</tt> device is built into your kernel.</p>
</li>

<li>
<p>Ensure that the <tt class="FILENAME">tun<var class="REPLACEABLE">N</var></tt> device
file is available in the <tt class="FILENAME">/dev</tt> directory.</p>
</li>

<li>
<p>Create an entry in <tt class="FILENAME">/etc/ppp/ppp.conf</tt>. The <tt
class="FILENAME">pmdemand</tt> example should suffice for most ISPs.</p>
</li>

<li>
<p>If you have a dynamic IP address, create an entry in <tt
class="FILENAME">/etc/ppp/ppp.linkup</tt>.</p>
</li>

<li>
<p>Update your <tt class="FILENAME">/etc/rc.conf</tt> file.</p>
</li>

<li>
<p>Create a <tt class="FILENAME">start_if.tun0</tt> script if you require demand
dialing.</p>
</li>
</ol>
</div>

<p>Server side:</p>

<div class="PROCEDURE">
<ol type="1">
<li>
<p>Ensure that the <tt class="DEVICENAME">tun</tt> device is built into your kernel.</p>
</li>

<li>
<p>Ensure that the <tt class="FILENAME">tun<var class="REPLACEABLE">N</var></tt> device
file is available in the <tt class="FILENAME">/dev</tt> directory.</p>
</li>

<li>
<p>Create an entry in <tt class="FILENAME">/etc/passwd</tt> (using the <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=vipw&sektion=8"><span
class="CITEREFENTRY"><span class="REFENTRYTITLE">vipw</span>(8)</span></a> program).</p>
</li>

<li>
<p>Create a profile in this users home directory that runs <tt class="COMMAND">ppp
-direct direct-server</tt> or similar.</p>
</li>

<li>
<p>Create an entry in <tt class="FILENAME">/etc/ppp/ppp.conf</tt>. The <tt
class="FILENAME">direct-server</tt> example should suffice.</p>
</li>

<li>
<p>Create an entry in <tt class="FILENAME">/etc/ppp/ppp.linkup</tt>.</p>
</li>

<li>
<p>Update your <tt class="FILENAME">/etc/rc.conf</tt> file.</p>
</li>
</ol>
</div>
</div>
</div>
</div>

<div class="NAVFOOTER">
<hr align="LEFT" width="100%" />
<table summary="Footer navigation table" width="100%" border="0" cellpadding="0"
cellspacing="0">
<tr>
<td width="33%" align="left" valign="top"><a href="ppp-and-slip.html"
accesskey="P">Prev</a></td>
<td width="34%" align="center" valign="top"><a href="index.html"
accesskey="H">Home</a></td>
<td width="33%" align="right" valign="top"><a href="ppp.html" accesskey="N">Next</a></td>
</tr>

<tr>
<td width="33%" align="left" valign="top">PPP and SLIP</td>
<td width="34%" align="center" valign="top"><a href="ppp-and-slip.html"
accesskey="U">Up</a></td>
<td width="33%" align="right" valign="top">Using Kernel PPP</td>
</tr>
</table>
</div>

<p align="center"><small>This, and other documents, can be downloaded from <a
href="ftp://ftp.FreeBSD.org/pub/FreeBSD/doc/">ftp://ftp.FreeBSD.org/pub/FreeBSD/doc/</a>.</small></p>

<p align="center"><small>For questions about FreeBSD, read the <a
href="http://www.FreeBSD.org/docs.html">documentation</a> before contacting &#60;<a
href="mailto:questions@FreeBSD.org">questions@FreeBSD.org</a>&#62;.<br />
For questions about this documentation, e-mail &#60;<a
href="mailto:doc@FreeBSD.org">doc@FreeBSD.org</a>&#62;.</small></p>
</body>
</html>