[Tech] Interfaccia parzialmente rabbonita
Leonardo Boselli
leo@dicea.unifi.it
Gio 10 Ago 2000 19:31:20 CEST
Allora: dopo armeggiamenti vari sono riuscito a fargli fare una cosa:
se la chiamo risponde e mi fa fare il login !
PERO` ancora non va:
Mi collego, ma riesco a vedere solo
150.217.9.149 (se stessa)
150.217.9.148 (il localip del server ppp)
150.217.9.239 (il numero "vero" del server ppp (eth0))
Dove e` l' errore ?????
[debian potato con kernel 2.2.16]
forse qualche ipchains da dare ?????
dove ???? (Forse l; errore e` nel file ipppd.ippp0 che sta in fondo a
questo messaggio) ... chiedo aiuto !
Inoltre come faccio a fare un log dei collegamenti (ossia che mi dica solo
login e logout ?)
Adesso leggete il file device.isdn0 :
(device.ipppd0 e` identico )
> #!/bin/sh
>
> set -e # exit on _any_ error
>
> # Get the device name
> device=`basename $0`; device=${device#*.}
>
> # The (dummy) IP addresses
> #
> # Use 10.0.0.1 for LOCALIP and 10.0.0.2 for REMOTEIP if you have
> # dynamic IP addresses; with static address fill in the real values!
>
> LOCALIP=150.217.9.148 # XXX_
> REMOTEIP=150.217.9.149 # XXX_
>
> # Phone numbers (without the leading zero)
> # EXCEPTION:
> # In countries where there are NO areacodes, this leading zero must NOT be
> # added. In that case, change the value of LEADINGZERO below to ''
> # LEADINGZERO could conceivably need to be something else in certian
> # situations, so it is configurable.
>
> LOCALMSN=554627468 # XXX_
> REMOTEMSN=55476812 # XXX_
> LEADINGZERO='0' # XXX_ use LEADINGZERO='' if you have no areacodes.
>
> # DIALMODE:
> # New with kernel 2.0.36 is the `dialmode' setting.
> # Read the isdnctrl manpage for more info.
>
> DIALMODE=auto # XXX_ other values can be 'on' and 'off'
>
> # Encapsulation (default is syncppp for ipppX devices, rawip for isdnX devices)
> # Change the next four lines if you need some other value.
> if expr ${device} : ippp > /dev/null
> then ENCAP=syncppp
> else ENCAP=rawip
> fi
>
> # Configuration (start)
>
> case "$1" in
> start)
> # XXX_
> # If running kernel 2.0.31 or higher, enable the IP dynamic hack
> # (if needed). See linux/Documentation/networking/ip_dynaddr.txt .
> # Default is: enabled. If you have static IP numbers, you can remove
> # the next line.
> [ -f /proc/sys/net/ipv4/ip_dynaddr ] && echo 5 > /proc/sys/net/ipv4/ip_dynaddr
>
> # First you need to create the interface
> isdnctrl addif ${device}
>
> isdnctrl eaz ${device} $LOCALMSN
>
> # addphone name out num
> # Set the phone number(s) of the remote site for the IP-interface
> # "name". More than one number can be set by calling isdnctrl addphone
> # repeatedly. If more than one number is set these will be tried one
> # after another. When using an german SPV-type connection, with a
> # ICN-card, the number has to be preceeded by a capital S.
> # This is the "normal" number.
>
> if [ ! -z "$REMOTEMSN" ]
> then
> for MSN in $REMOTEMSN; do
> isdnctrl addphone ${device} out $LEADINGZERO$MSN
> done
> fi
>
> # addphone name in num
>
> # secure name on|off
> # Turns on or off the security feature for interface "name". If set to
> # on, incoming calls will only be accepted if the calling number has
> # been added to the access list with isdnctrl addphone name in.
> isdnctrl secure ${device} off
>
> # huptimeout name seconds
> # Set the hangup timeout for interface "name" to "seconds". If there
> # is inactivity (i.e. no traffic on the interface) for the given time
> # the driver automatically shuts down the connection.
> # Default is 60 seconds
> isdnctrl huptimeout ${device} 60 # XXX_
>
> # See also : isdnctrl(8), isdnctrl help text
>
> # pppbind is needed when using one ipppd per ippp interface
> # (like Debian does)
> bindnum=`expr $device : 'ippp\(.*\)'` || true
> if [ ! -z "$bindnum" ]
> then
> isdnctrl pppbind ${device} $bindnum
> fi
>
> # NETWORK SETUP
>
> # Network device setup as usual.
> # See also : ifconfig(8) route(8) or any book about unix networking.
>
> ifconfig ${device} $LOCALIP pointopoint $REMOTEIP netmask 255.255.255.255
> ifconfig ${device} up
>
> set +e # ignore errors from here on
>
> route del -host $REMOTEIP ${device} 2>/dev/null
> route add -host $REMOTEIP ${device}
>
> # setting default route here is only useful if this is your only
> # outside connection... The default is ippp0 for the default route.
> # if [ "$bindnum" = 0 ]; then
> # route del default 2>/dev/null
> # route add default netmask 0 ${device}
> # fi
>
> # FIREWALL RULES XXX_
>
> # Explicitly list what's allowed, and then deny the rest.
> # I'm assuming kernel 2.2.x here, hence ipchains instead of ipfwadm.
> #
> # The firewall rules below will only work here if using static IP
> # addresses!!! For dynamic addresses the rules should be added in
> # /etc/ppp/ip-up.d/00-isdnutils and deleted in
> # /etc/ppp/ip-down.d/99-isdnutils .
> # Also note you usually only want a setup as below for the interface
> # facing the internet, not if you're using the interface to connect a
> # local subnet (unless you're using masquerading).
> # Also be sure to check the config to make sure it fits what you want.
> #
> # ipchains -A input -j ACCEPT -i ${device} -p TCP -d ${LOCALIP} 1000:
> # ipchains -A input -j ACCEPT -i ${device} -p TCP -d ${LOCALIP} ssh
> # ipchains -A input -j ACCEPT -i ${device} -p TCP -d ${LOCALIP} smtp
> # ipchains -A input -j ACCEPT -i ${device} -p TCP -d ${LOCALIP} ident
> # ipchains -A input -j ACCEPT -i ${device} -p TCP -d ${LOCALIP} ftp
> # ipchains -A input -j ACCEPT -i ${device} -p TCP -d ${LOCALIP} http
> # ipchains -A input -j ACCEPT -i ${device} -p UDP -d ${LOCALIP} 1024:
> # ipchains -A input -j ACCEPT -i ${device} -p ICMP -d ${LOCALIP}
> # ipchains -A input -j DENY -i ${device}
>
> # If you don't have masquerading set up yet, try the following.
> # Replace 192.168.1 with the network number you use on the hosts
> # that will use masquerading.
> # ipchains -I forward -j MASQ -s 192.168.1.0/24
>
> # ignore errors in case of older kernel
> isdnctrl dialmode $device $DIALMODE >/dev/null 2>&1
> ;;
>
> # Delete the interface
> stop)
> set +e # ignore errors from here on
>
> isdnctrl dialmode $device off >/dev/null 2>&1
>
> # FIREWALL RULES XXX_
>
> # Undo the things done above.
> #
> # ipchains -D input -j ACCEPT -i ${device} -p TCP -d ${LOCALIP} 1000:
> # ipchains -D input -j ACCEPT -i ${device} -p TCP -d ${LOCALIP} ssh
> # ipchains -D input -j ACCEPT -i ${device} -p TCP -d ${LOCALIP} smtp
> # ipchains -D input -j ACCEPT -i ${device} -p TCP -d ${LOCALIP} ident
> # ipchains -D input -j ACCEPT -i ${device} -p TCP -d ${LOCALIP} ftp
> # ipchains -D input -j ACCEPT -i ${device} -p TCP -d ${LOCALIP} http
> # ipchains -D input -j ACCEPT -i ${device} -p UDP -d ${LOCALIP} 1024:
> # ipchains -D input -j ACCEPT -i ${device} -p ICMP -d ${LOCALIP}
> # ipchains -D input -j DENY -i ${device}
>
> # If you don't have masquerading set up yet, try the following.
> # Replace 192.168.1 with the network number you use on the hosts
> # that will use masquerading.
> # ipchains -D forward -j MASQ -s 192.168.1.0/24
>
> # Commands to undo the network stuff
> route del $REMOTEIP $device 2> /dev/null
> # only delete default route if set above!
> # The default is to use ippp0 for your default route.
> bindnum=`expr $device : 'ippp\(.*\)'`
> if [ "$bindnum" = 0 ]; then
> route del default netmask 0 2>/dev/null
> fi
> ifconfig $device down 2> /dev/null
> isdnctrl delif $device 2> /dev/null
> ;;
>
> # the rest is generic, don't touch
> *)
> echo "Usage: $0 {start|stop}"
> exit 1
> ;;
> esac
>
> exit 0
Ed ora il file ipppd.ippp0:
> # Options file for ipppd.
> # ipppd will not read /etc/ppp/options or /etc/ppp/ioptions or any other
> # config file. Everything has to be in here.
>
> # REMOVE the next line once configuration is complete #########################
> # Warning! is configured yet!
> # REMOVE the above line once configuration is complete ########################
>
> # "peer" is the name for our syncppp partner.
>
> # STANDARD OPTIONS
>
> debug # enable debugging
> #kdebug X # set kernel debugging level to X
> #nodetach # (no) fork to the background
> #callback X # ask for callback (parameter X ?)
> #lock # create a lock file for device
> #domain X # add domain X to a given hostname
> #pidfile X # save pid in file X
> #call X # take options from privileges file (???)
> #idle X # idle time limit (seconds)
> #holdoff X # holdoff time limit (seconds)
> #maxconnect X # set maximum connection time (in seconds ?)
> #+mp # enable multi line ppp
> #+pwlog # log password (WARNING: possible security hole)
> #nomagic # magic number negotiation
>
> # ppp handshake : tuning
>
> #silent # don't even try to initiate the connection
> #passive # wait for the peer to initiate the connection
> #lcp-echo-failure X # consecutive echo failures
> #lcp-echo-interval X # time for lcp echo events
> lcp-restart 1 # Set timeout for LCP
> #lcp-max-terminate X # Set max #xmits for term-reqs
> #lcp-max-configure X # Set max #xmits for conf-reqs
> #lcp-max-failure X # Set max #conf-naks for LCP
>
>
> # AUTHENTICATION
>
> name leo # set local name for auth XXX_
> #user # set name for auth with peer; default is value for name
> #usehostname # use hostname for auth
> #remotename X # set remote name for auth
> noauth # (dont) require peer (the other) to auth
> #require-pap # allow only pap authentication (dialin only)
> #require-chap # allow only chap authentication (dialin only)
> login # use system password database for pap
> #papcrypt # pap passwords are encrypted
>
> # AUTHENTICATION TUNING
> #pap-restart X # Set retransmit timeout for PAP
> #pap-max-authreq X # Set max #xmits for auth-reqs
> #pap-timeout X # Set time limit for peer PAP auth.
> #chap-restart X # Set timeout for CHAP
> #chap-max-challenge X # Set max #xmits for challenge
> #chap-interval X # Set interval for rechallenge
>
> # COMPRESSION
>
> #noaccomp # address compression on/off
> #nopcomp # protocol field compression on/off
> #novj # van jacobsen compression on/off
> #novjccomp # van jacobsen connection-ID compression on/off
> #vj-max-slots X # tune maximum vj header slots
> #nobsdcomp # bsd compression on/off
> #nodeflate # deflate compression on/off
> #nopredictor1 # predictor1 compression in/off
> noccp # compression negotation on/off
> nolzs # LZS compression off (not yet supported fully)
>
>
> # IP NETWORKING
>
> #noip # en/disable ip transfer
> 150.217.9.148:150.217.9.149 # set local ip to X, remote ip to Y
> noipdefault # don't use name for default ip addr
> #useifip # use ip addresses form interface
> #usefirstip # use first ip from auth file for remote
> netmask 255.255.255.255 # set netmask, 255.255.255.255 is for pointopoint
> #defaultroute # (dont) set default route
> nohostroute # dont set host route
> #noproxyarp # (dont) set an proxy arp entry
> #mru X # set maximum size of recive units to X
> #default-mru # disable mru negotation
> mtu 1500 # set maximum size of transmit units to X (1500 is OK)
> #useifmtu # use mtu from interface
> #ipparam X # set ip parameters in script X
> ms-dns 150.217.9.3 # dns address for the peers use (dialin only)
> ms-wins 150.217.9.11 # wins address for the peers use (dialin only)
> #ms-get-dns # accept peers suggestion of dns address (dialout)
> #set_userip # define valid ip addresses in /etc/ppp/useriptab
>
>
> #ipcp-restart X # Set timeout for IPCP
> #ipcp-max-terminate X # Set max #xmits for term-reqs
> #ipcp-max-configure X # Set max #xmits for conf-reqs
> #ipcp-max-failure X # Set max #conf-naks for IPCP
> ipcp-accept-local # Accept peer's address for us
> ipcp-accept-remote # Accept peer's address for it
>
> # IPX NETWORKING
>
> noipx # en/disable ipx
> #ipx-network X # IPX network number
> #ipxcp-accept-network # Accept peer netowrk
> #ipx-node X # IPX node number
> #ipxcp-accept-local # Accept our address
> #ipxcp-accept-remote # Accept peer's address
> #ipx-routing X # IPX routing proto number
> #ipx-router-name X # IPX router name
> #ipxcp-restart X # Set timeout for IPXCP
> #ipxcp-max-terminate X # max #xmits for term-reqs
> #ipxcp-max-configure X # max #xmits for conf-reqs
> #ipxcp-max-failure X # max #conf-naks for IPXCP
>
> [GLOBAL]
> COUNTRYPREFIX=+
> AREAPREFIX=0
>
> # Change this to reflect your city
> COUNTRYCODE=31 # the Netherlands
> AREACODE=546 # Almelo
>
> # Isdnlog supports two databases for areacode -> name mapping.
> # avon is the old one, I recommend to use areacode, the new one.
> # However, it is easier to add to the avon database...
> CODELIB=AREACODE
> AREALIB=/usr/share/isdn/areacode.dat
> # for avon:
> # CODELIB=AVON
> # AVON=/usr/share/isdn/avon
>
> [VARIABLES]
>
> [ISDNLOG]
> CHARGEMAX = 9999.99
> # CURRENCY = 0.08,NLG # 8 cents/unit (approximation in NL!), currency notation
>
> ILABEL = %b %e %T %ICall to tei %t from %N2 on %n2
> OLABEL = %b %e %T %Itei %t calling %N2 with %n2
> # Alternates (easier to read):
> # ILABEL = %a %b %e %T incoming %I%n2 <- %N2
> # OLABEL = %a %b %e %T outgoing %I%n2 -> %N2
>
> # If you're in Germany, and subscribe to Telekom's "cityweekend" tariff:
> # CITYWEEKEND=Y
>
Maggiori informazioni sulla lista
flug-tech