Ghosting onto the Net
Next, I acquired and set up the dialer daemon, diald. This handy-dandy piece of software waits until it sees an IP packet destined for the Internet and, if the ppp connection is not up, automatically starts the ppp daemon, which then connects to the Internet.
This package can be obtained from http://www.dna.lth.se/~erics/diald.html. A word of caution—the latest version of diald is 0.16. I am using 0.14. I've tried 0.15, but it had problems reconnecting once I terminated a connection. I have not had time to test out version 0.16. Version 0.14 works just fine for me. If you are interested in upgrading to the latest and greatest diald, send me e-mail, and I'll let you know if it works now. I should have it tested by the time this article is published. Just follow the included instructions to build and install diald.
Once I installed diald, I created some scripts to bring it up and down easily. The script to bring it up is called /etc/ppp/diald-up and appears in Listing 4 with plenty of comments.
Since this script is somewhat obscure, I will cover it in more detail. The route command is used to tell the network software how to get from your computer to other computers and networks. Normally there is a default route the network software uses when it can't find another suitable route in the routing table. To view your routing table, use the netstat -rn command. For more information see the netstat man page.
The first command in Listing 4 removes the default route in order to make sure it is free for diald or the ppp daemon to use. This removal is necessary, since sometimes diald and ppp won't re-assign the default route if one is already assigned.
The second command starts the dialer daemon. (For more details refer to the diald man page.) To use this line in your script, you will need to change three items:
the communications device /dev/cua0
the local address 10.10.10.1
the remote address 192.168.1.2
If you have a fixed IP address, you'll also need to remove the dynamic switch line from the script.
The third, fourth and fifth commands are used to set up the firewall. These commands have to be run after the dialer daemon, because it does the masquerading from the network out to the Internet via the default route. Whenever a packet needs to leave via the default route, the dialer daemon senses it and makes a connection to the Internet using the ppp daemon.
I also have a script to shut down the dialer daemon gracefully. I call it /etc/ppp/diald-down and the source appears in Listing 5.
The dialer daemon can be communicated with using a named pipe specified on the diald command line in the diald-up script. I use the recommended name /etc/diald.fifo. This named pipe allows you to change various parameters of the program while it is running and to gracefully exit the program without resorting to the kill command.
The first command in Listing 5 tells the dialer daemon to clean up and get out. The second command resets the default route back to the Ethernet card.
To test the diald script, execute tail -f /var/log/messages in one virtual console, and in another type ping 126.96.36.199 to ping sun.com. After typing the ping command, you can toggle back over to the first console and watch diald spit out status messages. These status messages tell you if diald dials your modem and activates pppd correctly. If ppp appears to connect properly, you can toggle back over to the other console and see if the ping is returned. If not, don't panic—just break out of it using a Ctrl-C and try again. Sometimes packets get dropped when diald is switching the route from the slip interface to the ppp interface.
I used the IP address in the above commands on the assumption that you do not have a name server running on your machine. If you are interested in getting a name server up and running on your machine—something I recommend—a couple of good sources of information are the DNS HOWTO and the Linux Network Administrators Guide by Olaf Kirch.
Next I created an appear script. The appear script causes diald to connect to the Internet, then sends an indication of where the server can be reached to the desired location. I created a script called /etc/ppp/appear to do the work. This script appears in Listing 6.
Last, I added an entry to the /etc/crontab file. This file is used by the cron daemon to determine what to run when. (For more information on cron take a gander at the cron man page.) This is the line I added:
30 07 * * 1-5 root /etc/ppp/appear
This entry tells the cron daemon to start your appear script Monday through Friday at 7:30 AM. The appear script needs to be started this way only once per day; it will then restart itself whenever the time is right.
After completing all these steps, I was set up to ghost on and off the Internet, and if you've been following these steps, you will be ready too.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Ubuntu Online Summit
- Devuan Beta Release
- The Qt Company's Qt Start-Up
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- The US Government and Open-Source Software
- May 2016 Issue of Linux Journal
- The Death of RoboVM
- Open-Source Project Secretly Funded by CIA
- New Container Image Standard Promises More Portable Apps
- BitTorrent Inc.'s Sync
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide