next up previous contents
Next: 13 Raid on Linux Up: Redhat FAQ Previous: 11 Postfix   Contents

Subsections

12 PPP

This section describes setting up PPP for a single modem. It may not be suitable for use with a modem bank and multiple users. Before starting this, first setup regular dial in access. See Section 7

  1. Check the permissions on pppd
    $ ls -l /usr/sbin/pppd 
    -rwxr-xr-x 1  root root  184412 Jan 24 2003  /usr/sbin/pppd
  2. If it is not SUID root (and it probably isn't) change the permissions. Because the pppd program must manipulate a kernel device, the suid is necessary to allow an unprivileged dialup user to set up the connection.
    $ sudo chmod u+s /usr/sbin/pppd 
    $ ls -l /usr/sbin/pppd 
    -rwsr-xr-x 1  root root  184412 Jan 24 2003  /usr/sbin/pppd
  3. Next change the ownership to restrict pppd to users in the correct group.
    $ sudo chgrp pppusers /usr/sbin/pppd 
    $ sudo chmod o-rwx /usr/sbin/pppd 
    $ ls -l /usr/sbin/pppd  
    -rwsr-x-- 1  root pppusers  184412 Jan 24 2003   /usr/sbin/pppd
  4. Set up /etc/ppp/options
    asyncmap 0  
    netmask 255.255.255.252  
    proxyarp  
    lock  
    crtscts  
    modem
  5. Add a configuration for the dialup user addresses in /etc/ppp/options.ttyS0.
    172.16.254.1:172.16.254.2
  6. Add/edit the following line in /etc/mgetty+sendfax/login.config.
    /AutoPPP/ - a_ppp /usr/sbin/pppd auth -chap +pap login -detach
  7. In /etc/ppp/pap-secrets add the following line
    uucp   *    ``''       172.16.254.0/24
This means that the user uucp can connect from any server (*), will authenticate agaisnt the system password file (``''), and is authorized to use addresses in the 172.16.254.0/24 network. The allowed address must include whatever addresses were assigned above in step 5

12.1 Firewall

If there is a firewall running on the server, it must be configured to allow ppp traffic. I sue shorewall to configure iptables.

  1. Define the ppp zone. In zones add
    ppp   Dial Up   Point to point connection
  2. Associate the ppp zone with an interface. In interfaces add
    ppp   ppp0
  3. Define what services ppp can access. In params add
    PPP=smtp,pop
  4. Allow ppp to talk to the firewall. In rules add
    ACCEPT   ppp   fw   tcp   $PPP
  5. If you want ping to work add to rules
    ACCEPT   fw   ppp   icmp 
    ACCEPT   ppp  fw    icmp
  6. Check configuration. The check option is unsupperted but it will catch really stupid errors
    # shorewall check
  7. Restart shorewall
    # service shorewall restart

next up previous contents
Next: 13 Raid on Linux Up: Redhat FAQ Previous: 11 Postfix   Contents
2005-03-20