Dial-up Networking (PPP) II

Summary:

• Testing Your Configuration
• Running pppd As A User
• Running Programs After Connect/Disconnect
• Making pppd Connect Automatically

Testing Your Configuration

Believe it or not, but you are (quite) set ;-). Still being 'root', issue the command

pppd call {peerfilename}

with {peerfilename} being the name of the file you've created in '/etc/ppp/peers/'. In my demonstration case that would be

pppd call isp1

Hold the connection you've got now in order to do some testing, using

ping

ping {IP-Number}

You should get something like this:

PING &#123;IP-NUMBER&#125; (&#123;IP-NUMBER&#125;): 56 data bytes<br> 64 bytes from &#123;IP-NUMBER&#125;: icmp_seq=0 ttl=39 time=239.2 ms<br> 64 bytes from &#123;IP-NUMBER&#125;: icmp_seq=1 ttl=39 time=230.0 ms<br> 64 bytes from &#123;IP-NUMBER&#125;: icmp_seq=2 ttl=39 time=230.0 ms

Stop it with CTRL-c. Now let's see if you can reach some outward machine:

ping 216.71.159.34

You should get something like the above (if the server here isn't down, that is ;-).

Now try if the name-serving stuff works:

ping netscape.com

If you get

PING netscape.com (207.200.75.200): 56 data bytes<br> 64 bytes from 207.200.75.200: icmp_seq=0 ttl=39 time=229.3 ms<br> 64 bytes from 207.200.75.200: icmp_seq=1 ttl=39 time=230.1 ms

your PPP-network works perfectly. You can close the uplink with

killall pppd

Congratulations, you did it1.1 :-)

If one of these steps fails continually, consult the page on PPP troubleshooting.

section index

Running pppd As A User

Since the PPP daemon needs access to vital parts of the system, it can only be run by 'root'. It is possible however to change this. This involves changing permissions and some editing for the sake of system security.

In Unix it is possible to give programs permissions that differ from those of the user who started the program. The program gets a fixed user identification number (UID), therefore this process is called 'setuid'. It is usually done to give programs 'root' permissions. Needless to say that such programs are a security-threat, so it is advisable to restrict access to this program to a specified group of users. That's what you are to do now. You need to be 'root'.

chmod 4750 /usr/sbin/pppd && chown root:pppusers /usr/sbin/pppd

(Note to 'Linuxconf'-users: you should perform this step with 'Linuxconf', otherwise it will revoke these changes. The dialog for this is in 'Control'- 'Control files and systems'-'Configure file permission and ownership').

Now

ls -l /usr/sbin/pppd

-rwsr-x––- 1 root pppusers

The 's' marks the 'setuid' bit that you've set with the digit '4' in the 'chmod' command. As you can see, only 'root' and members of the group 'pppusers' are allowed to execute pppd. (If you have no idea of what I am talking about, you might want to read the page on file permissions.).
Compile a list of all users that should be able to connect to the Internet. Edit '/etc/group' and add them to the 'pppusers' group by adding their names to the appropriate entry.
As long as you've not logged out and back in, the system doesn't know about the change in '/etc/group'. Therefore, type

newgrp pppusers

/usr/sbin/pppd call {name}

with {name} being the name of your peers-file in '/etc/ppp/peers'. Since '/ usr/sbin' is not part of a user's $PATH, you have to give the full pathname to pppd, otherwise the shell won't find it.

killall pppd

You can now add icons to your desktop that call and terminate pppd. Or you can get a fancy wrapper that will show modem lights on your desktop while you are connected. Or you can start your connection via an 'alias' in '. bash_profile' or even a keyboard-shortcut. (Read more about 'aliases')

section index

Running Programs After Connect/Disconnect

Create scripts called 'ip-up.local' and 'ip-down.local' in '/etc/ppp' and put the commands you want to have executed in there. Keep in mind that every program you start from there runs with 'root'-privileges.

Some suggestions:

• Automatically send and receive mail and news every time you connect.
• Run mirroring tools (e.g. 'rsync') to keep your website in sync with local files.
• Resume down- or uploads.

#1.1 / bin/sh

chmod +x

section index

Making pppd Connect Automatically

Wouldn't it be nice if you wouldn't have to dial each time you want to connect?
It's quite easy to configure this. Your '/etc/ppp/options' file should look like this:

lock<br> defaultroute<br> demand<br> nopersist<br> 192.168.0.3:192.168.0.4<br> ipcp-accept-remote<br> ipcp-accept-local<br> holdoff 5<br> idle 30

What does it do? It defines two bogus IPs for the local and the remote IP. This is necessary because otherwise pppd won't do dial on demand. If you have a local network, make sure these addresses do not exist in it.
The clever thing is to reset these bogus addresses with the next two lines, so that your machine will accept the local and remote IPs assigned by your ISP upon connection.

holdoff 5

idle 30

Notes:

• Please test this first1.1 Have a look at your modem and see if it connects to your ISP without you demanding it. System services like Samba or Sendmail may try to do DNS queries and so activate the link. Consult the documentation of the offending program for ways to turn off these queries.
• There is also a distinct program for this functionality available, called diald. Its configuration is somewhat more involved and prone to errors. Use it for advanced tasks like masquerading a larger network.
• The 'nopersist' option seems to be a good means to prevent pppd from dialing at random. (Thanks to Mandrake Linux user Michael Siepmann for this hint)

Related Resources:

man pppd

man chat

man pppstats

Revision / Modified: July 31, 2001 / Feb. 27, 2002
Author: Tom Berger

Legal: This page is covered by the GNU Free Documentation License. Standard disclaimers of warranty apply. Copyright LSTB and Mandrakesoft.