Configuring FreeBSD for dial-in service *
This article talks about how you can configure FreeBSD to accept incoming connections over a modem (i.e. a dial-in service). This will be done via PPP.See also http://www.ssimicro.com/~jeremyc/ppp.html which I’m told is quite good.
Where to start
The first place I started was with the FreeBSD Handbook. I went straight to the PPP and Slip section. You should scroll down until you see Receiving incoming calls with ppp. I also used Dialin Service.I installed 3.2-RELEASE and mgetty+sendfax on both machines.
Where I stopped
Well, that was about it. I didn’t continue. Then NutBoy on Undernet sent me the following. I have not tried this. Comments on this article will be appreciated.NutBoy’s article (wolfnet@wolfnet-irc.org)
I decided I’d try to set up my dual 450 box for dialin service, so when I was away or at work I could dial in on my second line and connect to the Internet. I had many many problems and this will show you what exactly to check.I started out with the dial-in section in the FreeBSD Handbook which ended up being semi-useless and outdated as I am running a 3.2-stable machine.
What I ended up doing was:
in /etc/rc.conf:
enable proxy gateway=enable
I used getty, not mgetty.
Add a new user whom you want to let use ppp. In this test circumstance, I used the user "ppp" with home being /home/ppp and shell being /etc/ppp/ppp-shell.
/etc/ppp/ppp-shell:
#!/bin/sh IDENT=`echo $0 | sed -e 's/^.*-\(.*\)$/\1/'` CALLEDAS="$IDENT" TTY=`tty` if [ x$IDENT = xdialup ]; then IDENT=`basename $TTY` fi echo "PPP for $CALLEDAS on $TTY" echo "Starting PPP for $IDENT" exec /usr/sbin/ppp -direct $IDENT
I then made 2 files in the ppp home directory:
-r--r--r-- 1 root wheel 0 Jul 26 05:43 .hushlogin -r--r--r-- 1 root wheel 0 Jul 26 05:45 .rhosts
I then added a /etc/ppp/ppp.conf script:
ttyd0: enable pap enable passwdauth set ifaddr 209.64.46.23 209.64.46.25 255.255.255.255 enable proxy
This set the dialin with the IP 209.64.46.25.
I then added a /etc/ppp/ppp.linkup addition:
ttyd0: add 209.64.46.25 netmask 255.255.255.255 HISADDR
I then made a ppp.secret addition (for use with PAP). If you aren’t using PAP you will not need this:
# Authname Authkey Peer's IP address ppp password 209.64.46.25
After that I checked /etc/ttys and /etc/gettytab and enabled ttyd0 and made sure that a reasonable speed setting was there and placed.
After all this I was ready to try…..Nothing….the box wouldn’t answer the phone.
Two days later:
I realized that my modem isn’t ansering and there is no setup utility to change the nvram. There are also no jumpers to make it autoanswer. Off to the store. I picked up a new modem that has config jumpers. I changed it to serial port 1 and to autoanswer. Booted up….Perfect, answers the connection and everything is fine.
For a while, I was stuck trying to figure out how to configure both ends of a PPP "WAN," such that the BSD machines on each end could dial the other side of the WAN, or an ISP for internet service. The whole mess would’ve been handled through some CGI scripts, so less savvy users could dial and hang up connections from their home page.
I wanted to run a very open firewall on the WAN link, but keep the internet connection secured. I was lost, I was confused, and I asked a number of people- most of whom told me "What? You can’t do that! Buy DSL!"
Well, you can do it, and there’s an easy way. (Thanks to Brian Somers, maintainer of the OpenBSD PPP port, for explaining this to me.)
Userland ppp has the "-unit" option, specifying the "tun" interface that it uses. Without it, it simply picks the first available interface.
However, if you want to use IPF, PF, or another seperate firewall, just configure your rules for a specific tun interface, and call ppp with the proper option:
ppp -ddial -unit0 myisp
or
ppp -ddial -unit1 officenetwork
As a caveat, your packet filter may need to be restarted when the interfaces are assigned new IP addresses, but I’ve been waiting for an opportunity to get this ‘secret’ out. If you use ppp’s built-in firewall and NAT services, you’ll have a much easier ride- but if you’re itching to use the standalone filters that all the self-help books document, this is how you pull it off without running everything as root.
Of course, buying DSL does have its advantages, and if one end of your WAN can serve a VPN to the internet-at-large, you dramatically simplify the problem.
[As to the auto-answer problem… Hasn’t anyone heard of an init string? ;)]
I read the freebsd handbook and did what it said. I was wondering what program would work best at just connecting to the internet from X. And is there a program that detects modems?
thx