Ghosting onto the Net
Recently I got the urge to tinker with managing my network at home in order to get some experience with Unix and heterogeneous network management. I have three Windows boxes (two with Windows 95 and one with Windows 3.1) hooked up to a Linux server. I use the LinTel box as both a local file server and as a gateway linking my home network to the Internet.
The software I use to handle the file server tasks is SAMBA. My primary reference for setting up SAMBA was the excellent article on the subject in the July, 1996 issue of Linux Journal.
In picking a dial-up program, I kept two requirements in mind:
I didn't want to manually log on to my ISP each time I wanted access to the Internet.
I didn't want my LinTel box to call up my ISP on startup and then remain connected until I shut it down. I wanted to be considerate of my ISP's other clients by not monopolizing a phone line.
A program written by Eric Schenk, called diald, satisfied both these requirements. I use diald to connect to my ISP whenever I have traffic destined for the Internet. It also automatically disconnects from my ISP if there is no traffic for a specified interval.
I work for various companies with access to the Net, and while at work, I like to access my home Linux server through the Net from time to time—just in case I find something neat during a lunch break that I want to tinker with at home. So I set up my server to connect to the Net at various random intervals between 15 and 60 minutes, loiter around for five minutes and disconnect if there is no traffic. While my server is connected I can download anything I wish. I call this process ghosting.
These are the steps I went through to get ghosting to work. Depending on whether you already have Linux installed and what flavor it is, you may be able to skip some steps.
The first thing I did was acquire Red Hat 4.0 from Red Hat Software, http://www.redhat.com/. I had heard good things about Red Hat and liked their “Red Hat Package Manager” for handling software bug fixes and upgrades—it sure makes life easier. I installed Red Hat by following the directions given during the install process.
Next, I downloaded the latest version of the kernel available at that time, 2.0.29, from sunsite.unc.edu, and configured my new kernel using hardware specific settings.
Another necessity for ghosting is IP masquerading. I found three good sources of information on IP masquerading:
The most definitive is the IP-Masquerading Resource home page at http://www.wwonline.com/~achau/ipmasq/.
The IP-Masquerading Mini-HOWTO, probably available at your favorite Linux site on the Net.
The last is the IP masquerading article in the July, 1996 Issue of Linux Journal. I downloaded the latest IP masquerading patch for kernel 2.0.28 and higher from the IP-Masquerading Resource home page, and it worked fine with my 2.0.29 kernel. Again, all I had to do was follow the instructions to reconfigure the kernel using the make menuconfig method. Here are the pertinent settings for IP masquerading to work:
Under Code Maturity Level Options, turn on “Prompt for development and/or incomplete code/drivers”. (The IP masquerading code is still considered alpha code.)
Under Networking Options, turn on “Network firewalls”, “Network aliasing”, “TCP/IP networking”, “IP forwarding/gatewaying”, “IP multicasting”, “IP firewalling”, “IP accounting”, “IP masquerading (EXPERIMENTAL)” and “IP tunneling”.
After configuring the rest of the kernel, I just continued following instructions to build it. I recommend doing a make zdisk and making sure the system boots fine from floppy before doing a make zlilo. That way the old kernel doesn't get accidently blown away. My make procedure is:
make dep make config make -j5 zdisk make -j5 modules make modules_install
I then reboot from the floppy and keep an eye on the startup information. With a successful reboot, go back into the Linux source directory and do a make zlilo. The -j5 switch causes make to spawn up to five compiles simultaneously. This method of compilation speeds up the build process tremendously.
After installing Red Hat I set up the point-to-point protocol daemon (pppd); this allows my Linux server to communicate with the Internet. The ppp daemon came with the Red Hat package, and installs automatically when a networking package is selected.
First, I set up a configuration file named /etc/ppp/options, then created a chat script to tell the ppp daemon how to communicate with my ISP. The configuration file I used looks like this:
modem /dev/cua0 38400 asyncmap 0 defaultroute
The man page for the ppp daemon explains these lines in detail. The default configuration file that comes with Red Hat should suit your purposes. The only line to be concerned about is /dev/cua0—this line tells the ppp daemon where to find your modem.
Before pppd can be used to communicate to the Internet, you have to dial and connect to your ISP. This usually involves a process called handshaking, implemented by a program called chat. A chat script sends the chat program the instructions for logging into your ISP. A chat script is basically a series of wait and send strings. Red Hat provides a network configuration tool that runs under X-Windows and can be used to create and test chat scripts. I had a chat script called /etc/sysconfig/network-scripts/chat-ppp0 (see Listing 1[footnote]). I symbolically linked this script into my /etc/ppp subdirectory using the following commands:
cd /etc/ppp ln -s /etc/sysconfig/network-scripts/chat-ppp0
You will need to modify my chat script by changing the phone number, username and password responses to match your own. You may also need to modify the line ppp default depending on the requirements of your ISP—contact your ISP for that information.
Now, there are some things I want the system to do right after a successful connect to, or disconnect from, the Internet. Fortunately, pppd has a couple of features that make this easy. When the ppp link comes up, the daemon checks for the existence of a script called /etc/ppp/ip-up. If this script exists, ppp daemon invokes it with the specified connection parameters. My version of this script appears in Listing 2—notice the comments at the top of the script indicate the parameters pppd passes to the script.
When the ppp link goes down, the ppp daemon checks for the existence of a file called /etc/ppp/ip-down. If this file exists, it is invoked when the ppp link is terminated. The contents of my script are shown in Listing 3. This script mainly does some cleanup—undoing what I did in the ip-up script.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Devuan Beta Release
- May 2016 Issue of Linux Journal
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The US Government and Open-Source Software
- The Humble Hacker?
- BitTorrent Inc.'s Sync
- The Death of RoboVM
- New Container Image Standard Promises More Portable Apps
- Open-Source Project Secretly Funded by CIA
- AdaCore's SPARK Pro
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide