676-680.html

来自「linux-unix130.linux.and.unix.ebooks130 l」· HTML 代码 · 共 131 行

<HTML>
<HEAD>
<TITLE>Linux Unleashed, Third Edition:SLIP and PPP</TITLE>
<SCRIPT>
<!--
function displayWindow(url, width, height) {
        var Win = window.open(url,"displayWindow",'width=' + width +
',height=' + height + ',resizable=1,scrollbars=yes');
}
//-->
</SCRIPT>
</HEAD>

 -->


<!--ISBN=0672313723//-->
<!--TITLE=Linux Unleashed, Third Edition//-->
<!--AUTHOR=Tim Parker//-->
<!--PUBLISHER=Macmillan Computer Publishing//-->
<!--IMPRINT=Sams//-->
<!--CHAPTER=38//-->
<!--PAGES=676-680//-->
<!--UNASSIGNED1//-->
<!--UNASSIGNED2//-->

<CENTER>
<TABLE BORDER>
<TR>
<TD><A HREF="674-676.html">Previous</A></TD>
<TD><A HREF="../ewtoc.html">Table of Contents</A></TD>
<TD><A HREF="../ch39/681-684.html">Next</A></TD>
</TR>
</TABLE>
</CENTER>
<P><BR></P>
<P>Again, you will have an entry for each remote machine you may need to authenticate. You can see that you will end up having mirror-image entries for the client and server fields for each machine you connect to (as either end may require authentication at any time). A simple <TT>/etc/ppp/chap-secrets</TT> file, however, looks like this:</P>
<!-- CODE SNIP //-->
<PRE>
#   client            server           string       addresses
merlin.tpci.com      big_guy.big_net.com  &#147;I hate DOS&#148;
big_guy.big_net.com  merlin.tpci.com      &#147;Size isn&#146;t everything&#148;
merlin.tpci.com      chatton.cats.com     &#147;Meow, Meow, Meow&#148;
chatton.cats.com     merlin.tpci.com      &#147;Here, Kitty, Kitty&#148;
merlin.tpci.com      roy.sailing.ca       &#147;Hoist the spinnaker&#148;
roy.sailing.ca       merlin.tpci.com      &#147;Man overboard&#148;
</PRE>
<!-- END CODE SNIP //-->
<P>The size of the file can get quite large, so CHAP allows you to use a wildcard match, usually only for your local machine:
</P>
<!-- CODE SNIP //-->
<PRE>
#   client            server            string      addresses
merlin.tpci.com      big_guy.big_net.com  &#147;I hate DOS&#148;
big_guy.big_net.com  merlin.tpci.com      &#147;Size isn&#146;t everything&#148;
merlin.tpci.com      chatton.cats.com     &#147;Meow, Meow, Meow&#148;
chatton.cats.com     merlin.tpci.com      &#147;Here, Kitty, Kitty&#148;
merlin.tpci.com      roy.sailing.ca       &#147;Hoist the spinnaker&#148;
*                    merlin.tpci.com      &#147;Man overboard&#148;
</PRE>
<!-- END CODE SNIP //-->
<P>In this <TT>/etc/pp/chap-secrets</TT> file, the last entry allows any other machine connecting to the local host and requiring authentication to use the same string. Of course, the remote must have the same string in its <TT>chap-secrets</TT> file. This is a little less secure than a dedicated string for each remote, but can be a handy timesaver when using a number of machines only rarely.</P>
<P>The addresses field, which isn&#146;t used in the samples above, lets you list either symbolic names or IP addresses for the clients. This is necessary if the remote wants to use an IP address other than its normal one, which would typically cause the authentication to fail. If the address field is empty (as they all are in the samples), any IP address is allowed. A hyphen in the field disallows all IP addresses with that client.</P>
<P>The <TT>/etc/ppp/pap-secrets</TT> file is much the same as the<TT>chap-secrets</TT> file. The fields in the <TT>pap-secrets</TT> file are the client (called a user in the <TT>pap-secrets</TT> format) and server names, a secret string, and valid address aliases. However, the look of the file is different because the client and server names are not full domain names and the secret string is a single block of text. A sample <TT>pap-secrets</TT> file looks like this:</P>
<!-- CODE SNIP //-->
<PRE>
# /etc/ppp/pap-secrets
#    user     server      string      addresses
merlin        darkstar    yG55Sj29    darkstar.big_net.com
darkstar      merlin      5Srg7S      merlin.tpci.com
merlin        chatton     MeowMeow    chatton.cats.com
chatton       merlin      73wrh6s     merlin.tpci.com
</PRE>
<!-- END CODE SNIP //-->
<P>In this example, the first two lines show a connection to the machine <TT>darkstar</TT>. The first line is how to authenticate a request from <TT>darkstar</TT> and the second how to authenticate a request from us to them. The username in the first column is the name to send to the remote, while the server field is their identification to us. This poses a problem: The <TT>pppd</TT> daemon has no way of knowing the remote host&#146;s name&#151;all it gets is an IP address. You can put the IP address in the addresses column of the file or specify the remote hostname at the end of the <TT>pppd</TT> command line like this:</P>
<!-- CODE SNIP //-->
<PRE>
pppd &#133;.. remotename chatton user merlin
</PRE>
<!-- END CODE SNIP //-->
<P>This shows that the remote is called <TT>chatton</TT>, and our local host is <TT>merlin</TT>. The last portion giving the local hostname overrides the default values, if specified.</P>
<H3><A NAME="Heading12"></A><FONT COLOR="#000077">Using DNS with SLIP and PPP</FONT></H3>
<P>If you are using SLIP or PPP to connect to the Internet for more than simple tasks (such as downloading email and news), you will probably want to use DNS. The easiest method of using DNS for your SLIP and PPP connections is to put the IP address of a name server you can access in the <TT>/etc/resolv.conf</TT> file. For example, if you can access a name server with an IP address of <TT>145.2.12.1</TT>, make the following addition to your <TT>/etc/resolv.conf</TT> file:</P>
<!-- CODE SNIP //-->
<PRE>
# /etc/resolv.conf
domain       merlin.com      # the local domain
nameserver   145.2.12.1      # the Internet name server
</PRE>
<!-- END CODE SNIP //-->
<P>After this entry has been established, SLIP or PPP sends requests for address resolution to the name server and waits for replies. The more accessible the name server is, the better the performance is. For this reason, choose a name server that is relatively close (in network terms).
</P>
<P>Using this approach has a problem, however: All address resolution attempts must go out over the SLIP or PPP line. This can slow down applications, as well as increase the amount of network traffic over your SLIP or PPP line, sometimes to the detriment of other applications.</P>
<P>A way around this problem is to set up a cache-only name server on your machine. To set up a cache-only name server, you need to modify the <TT>/etc/named.boot</TT> file. To set your local machine up as a cache-only name server, your <TT>named.boot</TT> file will look like this:</P>
<!-- CODE SNIP //-->
<PRE>
; /etc/named.boot
directory    /var/named
cache        .db.cache               ; cache-only
primary      0.0.147.in-addr-arpa    db.cache ; loopback
</PRE>
<!-- END CODE SNIP //-->
<P>The preceding file uses the local network name in IN-ADDR-ARPA format to specify the loopback driver, and the cache points to the file <TT>db.cache</TT>, which contains a list of root name servers.</P>
<H3><A NAME="Heading13"></A><FONT COLOR="#000077">Summary</FONT></H3>
<P>Configuring PPP and SLIP on a Linux machine is not overly complex, although it does require proper attention to details as you modify files. After they&#146;re set up, though, PPP and SLIP can be used for Internet access, as well as access to other machines on a one-to-one basis. For more information on this subject, check out the following chapters:
</P>
<DL>
<DD>General networking on Linux is discussed in Chapter 37, &#147;Networking.&#148;
<DD>NIS and YP, which add flexibility to your Linux machine on a network are discussed in Chapter 44, &#147;NIS and YP.&#148;
<DD>Setting up your own Internet site is discussed in Part VII starting with Chapter 47, &#147;Setting Up an Internet Site.&#148;
</DL>
<P><BR></P>
<CENTER>
<TABLE BORDER>
<TR>
<TD><A HREF="674-676.html">Previous</A></TD>
<TD><A HREF="../ewtoc.html">Table of Contents</A></TD>
<TD><A HREF="../ch39/681-684.html">Next</A></TD>
</TR>
</TABLE>
</CENTER>


</td>
</tr>
</table>
<!-- begin footer information -->



</body></html>