Building an ISP Using Linux and an Intranet
Once your connection to the Internet is stable, it is time to connect your network. Your Linux machine and your other machines should all have network cards installed, and your Linux machine should have the kernel compiled with the appropriate drivers.
Suppose you want to set up Doofus (a Windows 95 client) and hook into your network to give it access to the Internet. Pick an IP address for Doofus of 184.108.40.206 (it can be any number available within your Class C block). To set up the Windows 95 machine to access your Linux server, you must go into the Control Panel and pick Network. Make sure TCP/IP is bound to your network card. The Properties button lets you set up the following items on each of your machines:
IP Address: If you have a Class C address, you can assign an IP address 220.127.116.11 and a subnet mask of 255.255.255.0.
DNS Configuration: Pick Enable DNS and give your machine the name Doofus for the host and NetBrain.com for the domain. This setup provides the Windows machine with the name Doofus.NetBrain.com—or read another way, Doofus is within NetBrain.com. The DNS Server Search Order should have your DNS entries added to be the same as the Linux server's /etc/resolv.conf nameserver entries.
WINS Configuration: Pick Disable WINS Resolution
Bindings: Add a gateway to your Linux machine. The gateway helps your machine find its way out of the network and onto the Internet. We added 18.104.22.168 to the list of installed gateways.
After you've rebooted your Win95 machine, you should be able to ping it from your Linux host using ping 22.214.171.124. If it fails, possible problems could be the cable, Linux drivers, Win95 drivers or your Win95 configuration. Now from the other side... When you're ready to test your Windows 95 client, open an MS-DOS window and ping your server. The command ping 126.96.36.199 should get a response from your server. You should be able to TELNET to your machine (telnet mickeymouse.com) and should also be able to bring up a browser and go to any web site that interests you. It's that easy.
Most personal computers have only two serial ports, and one of those is usually used by the mouse. The best way to provide dial-up access is to purchase a multiport serial card. We use the Cyclades Cyclom 16Yep card, which provides 16 serial ports for modem use. More important, the drivers are built into the Linux kernel.
Before you purchase a specific card, make sure the drivers for the card exist and your machine has the drivers compiled into the kernel. You might have to create the ports your serial card uses with MAKEDEV. Our Cyclades card uses ttyC0-ttyC15 for the serial ports instead of the standard ttyS0 and ttyS1 for the standard serial ports. Fortunately, the Cyclades card came with a makecyc install script that did the work for me.
The program setserial needs to be called to initialize the serial port(s). The /etc/rc.d/rc.serial file may need to be edited to properly set up your server's serial ports. To use com2 for the dial-out modem, put the following line in rc.serial:
#standard serial port - com2: setserial /dev/cua1 spd_vhi auto_irq autoconfig
For the Cyclades card, I configured the ports 3-10 /dev/cub2 - /dev/cub10 (some unused—for expansion) as follows:
#configure Cyclades serial ports setserial -b /dev/cub2 spd_vhi autoirq skip_test setserial -b /dev/cub3 spd_vhi autoirq skip_test setserial -b /dev/cub4 spd_vhi autoirq skip_test setserial -b /dev/cub5 spd_vhi autoirq skip_test setserial -b /dev/cub6 spd_vhi autoirq skip_test setserial -b /dev/cub7 spd_vhi autoirq skip_test setserial -b /dev/cub8 spd_vhi autoirq skip_test setserial -b /dev/cub9 spd_vhi autoirq skip_testMake sure the rc.serial file is called from one of the startup rc files, usually rc.s. This will configure your serial ports automatically during boot.
Next, you need to configure the host to listen to the serial port for incoming connections and to to answer these connections. The /etc/gettydefs file is used to set up the gettys which make connections to the machine. When a standard version of Linux is installed, you find these lines in the /etc/gettydefs file:
c1:1235:respawn:/sbin/agetty 38400 tty1 linux c2:1235:respawn:/sbin/agetty 38400 tty2 linux c3:1235:respawn:/sbin/agetty 38400 tty3 linux c4:1235:respawn:/sbin/agetty 38400 tty4 linux c5:1235:respawn:/sbin/agetty 38400 tty5 linux c6:12345:respawn:/sbin/agetty 38400 tty6 linux
This provides your console (keyboard) with six virtual logins. The fourth item in the line /sbin/agetty is the program polling the console for a login. The following parameters describe the login speed, terminal number and terminal emulation. You add the following lines for dial-up lines after the parameters list.
# Dial-up lines using /sbin/getty # (actually getty_ps) s1:345:respawn:/sbin/getty ttyC2 115200 vt100 s2:345:respawn:/sbin/getty ttyC3 115200 vt100 s3:345:respawn:/sbin/getty ttyC4 115200 vt100We use a different getty (getty_ps) for our dial-up lines because of trouble using agetty on the serial port. We also also heard that getty_ps is more reliable. You can also use mgetty for the dial-up lines, but getty_ps works great for us. The parameters for getty_ps are slightly different, however: parameters following the getty name are the tty, the /etc/gettydef label and the terminal emulation default. The 115200 in the preceding lines refers to the label in /etc/gettydefs file shown here:
#/etc/gettydefs # Modem locked at 115200: Serial port is at # 115200, modem is much less, but should be # able to compress. # # Last line of this file is described in next # comment line as fields separated by # signs. # label # initial-flags # final-flags # login prompt # next label 115200# B115200 CS8 CRTSCTS # B115200 SANE -ISTRIP CRTSCTS #@S login: #115200Now you have to provide the getty_ps with the startup values. In the directory /etc/defaults, place the configuration files for each dial-up line. For the dial-up line /dev/ttyC2, we have a corresponding file called /etc/default/getty.ttyC2 shown in Listing 3.
If everything works as planned, the host should be able accept shell logins. You should be able to dial into your machine and run commands in the shell.
To monitor the dial-up connection, you can set the DEBUG=777 in the /etc/default/getty.tty?? file to create a log file. This will help you identify problems should the modem not answer or not configure properly. The output is dumped to the syslog file usually in /var/adm/syslog.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Firefox 46.0 Released
- Ubuntu Online Summit
- Devuan Beta Release
- The Qt Company's Qt Start-Up
- May 2016 Issue of Linux Journal
- The US Government and Open-Source Software
- The Death of RoboVM
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- Open-Source Project Secretly Funded by CIA
- New Container Image Standard Promises More Portable Apps
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide