Autor: Sascha Morr (sascha.morr_at_sturmkind.info)
Datum: 17. Jan 2003
Hallo Markus ;-)
Also ich mache es jetzt mal so das ich einfach meine /etc/isdn/device.ippp0 und meine /etc/isdn/ipppd.ippp0 hier rein kopiere.
Hier also die /etc/isdn/device.ippp0:
#!/bin/sh
# Instructions: read the comments for each command, and if necessary, edit
# the command (e.g. replace EAZ with your real EAZ or MSN). Look for lines
# marked with XXX_, which is probably all you need to change.
# If the command is commented out, remove the leading '#' to enable it if
# the command is needed.
#
# After you have configured this file, remove the "Warning!" line above to
# enable this file.
# If using dynamic IP addresses:
# Check out the /etc/ppp/ip-up.d/isdnutils and /etc/ppp/ip-down.d/isdnutils
# scripts, to ensure that any routing is done correctly there (the
# ip-up.d/isdnutils script is run after a syncPPP link is established, and the
# ip-down.d/isdnutils script is run after the link goes down).
# You need to have the ppp package installed for those scripts to work.
set -e # exit on _any_ error
# Get the device name
device=`basename $0`; device=${device#*.}
# this used to be simple, but POSIX is a bit more limited
# ippp0+8 -> devtype=ippp
devtype=${device%%[0-9]*}
# ippp0+8 -> devnums=0+8
devnums=${device##$devtype}
# ippp0+8 -> device=ippp8
device=$devtype${devnums#[0-9]*+}
dowhat="$1"
masterslave="$2"
case "x$masterslave" in
xmaster) master=true; slave=false;;
xslave) master=false; slave=true; masterdevice="$3";;
x) master=false; slave=false;;
*) echo "Error, $0 called with unknown 2nd arg '$masterslave', aborting!"
exit 1;;
esac
# The (dummy) IP addresses
#
# Use 10.0.0.1 for LOCALIP and 10.0.0.2 for REMOTEIP if you have
# dynamic IP addresses; with static address fill in the real values!
LOCALIP=10.0.0.1 # XXX_
REMOTEIP=10.0.0.2 # XXX_
# Phone numbers (without the leading zero)
#
# REMOTEMSN may be a list of numbers to dial, separated by a space.
# If you do that, DO put quotes around the whole value! Like:
# REMOTEMSN='221345788 221345789'
#
# The REMOTEMSN must be the areacode (without the leading zero) + phonenumber!
#
# Example: areacode: 0221 phonenumber: 345789
# => REMOTEMSN='221345789'
#
# EXPLANATION:
# A zero is added below when it is used as the outgoing number;
# when it it used as the incoming number, it must be without a leading zero
# (which is why you must leave that leading zero out below).
# The local number must also be given without the leading zero!
#
# EXCEPTION:
# In countries where there are NO areacodes, this leading zero must NOT be
# added. In that case, change the value of LEADINGZERO below to ''
# LEADINGZERO could conceivably need to be something else in certian
# situations, so it is configurable.
LOCALMSN='93451648541' # XXX_
REMOTEMSN='0319541011' # XXX_
# DIALMODE:
# New with kernel 2.0.36 is the `dialmode' setting.
# dialmode=auto is compatible with the old behaviour (dial-on-demand enabled).
# Read the isdnctrl manpage for more info.
# Change the value below if you want a different setting when the interface is
# started.
# For slave devices (channel bundling) dialmode _must_ be auto,
# so for slave devices this setting is ignored.
DIALMODE=auto # XXX_ other values can be 'on' and 'off'
# Encapsulation (default is syncppp for ipppX devices, rawip for isdnX devices)
# Change the next four lines if you need some other value.
if expr ${device} : ippp > /dev/null
then ENCAP=syncppp
else ENCAP=rawip
fi
# Configuration (start)
case "$dowhat" in
start)
# XXX_
# If running kernel 2.0.31 or higher, enable the IP dynamic hack
# (if needed). See linux/Documentation/networking/ip_dynaddr.txt .
# Default is: enabled. If you have static IP numbers, you can remove
# the next line.
[ -f /proc/sys/net/ipv4/ip_dynaddr ] && echo 5 > /proc/sys/net/ipv4/ip_dynaddr
# First you need to create the interface
if $slave
then isdnctrl addslave ${masterdevice} ${device}
else isdnctrl addif ${device}
fi
# eaz name num
# Set the EAZ (German 1TR6 protocol) or MSN (Euro-ISDN E-DSS1) for
# interface "name" to "num". For an EAZ this is only one digit, for a
# MSN "num" is the whole MSN.
# In the Netherlands this includes the areacode, but not the leading 0.
# (other countries?)
isdnctrl eaz ${device} $LOCALMSN
# addphone name out num
# Set the phone number(s) of the remote site for the IP-interface
# "name". More than one number can be set by calling isdnctrl addphone
# repeatedly. If more than one number is set these will be tried one
# after another. When using an german SPV-type connection, with a
# ICN-card, the number has to be preceeded by a capital S.
# This is the "normal" number.
if [ ! -z "$REMOTEMSN" ]; then
for MSN in $REMOTEMSN; do
isdnctrl addphone ${device} out $MSN
done
fi
# addphone name in num
# Set the phone number(s) that the IP-interface "name" is supposed to
# accept for incoming calls. If no number is given, incoming calls are
# disabled. More than one number can be set by calling isdnctrl addphone
# repeatedly. Also wildcards can be used (see below).
# In the Netherlands (and elsewhere?),
# this is with areacode but without leading 0
#if [ ! -z "$REMOTEMSN" ]; then
# for MSN in $REMOTEMSN; do
# isdnctrl addphone ${device} in $MSN
# done
#fi
# secure name on|off
# Turns on or off the security feature for interface "name". If set to
# on, incoming calls will only be accepted if the calling number has
# been added to the access list with isdnctrl addphone name in.
isdnctrl secure ${device} on
# huptimeout name seconds
# Set the hangup timeout for interface "name" to "seconds". If there
# is inactivity (i.e. no traffic on the interface) for the given time
# the driver automatically shuts down the connection.
# Default is 60 seconds
isdnctrl huptimeout ${device} 60 # XXX_
# dialmax name num
# Set the number of dial atempts for interface "name" to "num". If
# dialing, each phonenumber is tried this many times before giving up.
#isdnctrl dialmax ${device} NUM
# ihup name on|off
# Turn on or off the hangup timeout for incoming calls on interface name
#isdnctrl ihup ${device} on
# encap name encapname
# Set the encapsulation mode for interface "name". Possible modes for
# encapname are: rawip ip cisco-h ethernet syncppp uihdlc
# (most people use rawip, syncppp or cisco-h; syncppp is normal for
# ISP's, rawip is normal for semi-fixed linux-linux connections)
isdnctrl encap ${device} $ENCAP
# l2_prot name protocol
# Set the layer-2 protocol for interface "name". Possible values for
# "protocol" are x75i, x75ui, x75bui and hdlc
# (most people use hdlc)
isdnctrl l2_prot ${device} hdlc
# l3_prot name protocol
# Set the layer-3 protocol for interface "name". At the moment only
# trans is supported. If protocol is omitted the current setting is
# printed.
isdnctrl l3_prot ${device} trans
# verbose num
# Set verbosity level to <num>.
# (2 shows the first package of every connection, that is very useful.)
# WARNING: this is a global parameter, that affects all isdn devices!
isdnctrl verbose 2
# CHARGEHUP FUNCTION
# chargehup name on|off
# Turn on or off hangup before next charge info for interface name. This
# can only be used if the ISDN provider transmits charge info during and
# after the connection. If set to on, the driver will close the
# connection just before the next charge info will be received if the
# interface is inactive.
#isdnctrl chargehup ${device} on
# chargeint name seconds
# When "seconds" are given, the charge interval for the given interface
# is set. This may be of use on ISDN lines with no chargeinfo or no
# online chargeinfo. The connection will only be closed 2 seconds before
# the end of the next charge interval and only, if huptime out seconds
# of inactivity have been reached. If ihup is on, also incomming
# connections are closed by this mechanism.
#isdnctrl chargeint ${device} NUM
# CALLBACK FUNCTION
# callback name off|in|out
# Selects callback mode for interface "name". If call-back mode is in,
# then after getting an incoming call, a callback is triggered. If
# callback mode is out, then this system does the initial call, then
# waiting for callback of the remote machine.
#isdnctrl callback ${device} MODE
# cbdelay name seconds
# Set the callback delay for interface "name" to "seconds". If callback
# mode for this interface is in, dialing is delayed the given time. If
# the callback mode is out, after dialing out and waiting the given
# time, a hangup is issued to free the line for the incoming callback
# from the remote machine. This hangup-after-dial is disabled by setting
# cbdelay to 0.
#isdnctrl cbdelay ${device} SECONDS
# cbhup name on|off
# Turns on or off Hangup (Reject) for interface "name" before starting
# Callback.
#isdnctrl cbhup ${device} MODE
# OTHER OPTIONS
# There are other options not used by most people. You can insert these
# options here.
# See also : isdnctrl(8), isdnctrl help text
# pppbind is needed when using one ipppd per ippp interface
# (like Debian does)
bindnum=`expr $device : 'ippp\(.*\)'` || true
if [ ! -z "$bindnum" ]; then
isdnctrl pppbind ${device} $bindnum
fi
# NETWORK SETUP
# Network device setup as usual (not applicable to slave devices!)
# See also : ifconfig(8) route(8) or any book about unix networking.
if ! $slave; then
ifconfig ${device} $LOCALIP pointopoint $REMOTEIP netmask 255.255.255.255
set +e # ignore errors from here on
route del -host $REMOTEIP ${device} 2>/dev/null
route add -host $REMOTEIP ${device}
# setting default route here is only useful if this is your only
# outside connection... The default is ippp0 for the default route.
# NOTE: default route for ippp0 is also set in /etc/ppp/ip-up.d/00-ipppd
# and /etc/ppp/ip-down.d/99-ipppd ! So if you don't want the
# default route over ippp0, edit those scripts as well.
# Another solution is not to use ippp0 at all; this is only done
# for ippp0 so by skipping that (and starting with ippp1 for
# example) you don't have to edit anything to avoid changing the
# default route!
if [ "$bindnum" = 0 ]; then
route del default 2>/dev/null
route add default netmask 0 ${device}
fi
# FIREWALL RULES XXX_
# Explicitly list what's allowed, and then deny the rest.
# I'm assuming kernel 2.2.x here, hence ipchains
# instead of ipfwadm or iptables. Note also that this is pretty
# simple-minded, and offers only rudimentary protection.
#
# The firewall rules below will only work here if using static IP
# addresses!!! For dynamic addresses the rules should be added in
# /etc/ppp/ip-up.d/00-isdnutils and deleted in
# /etc/ppp/ip-down.d/99-isdnutils .
# Also note you usually only want a setup as below for the interface
# facing the internet, not if you're using the interface to connect a
# local subnet (unless you're using masquerading).
# Also be sure to check the config to make sure it fits what you want.
#
# ipchains -A input -j ACCEPT -i ${device} -p TCP -d ${LOCALIP} 1000:
# ipchains -A input -j ACCEPT -i ${device} -p TCP -d ${LOCALIP} ssh
# ipchains -A input -j ACCEPT -i ${device} -p TCP -d ${LOCALIP} smtp
# ipchains -A input -j ACCEPT -i ${device} -p TCP -d ${LOCALIP} ident
# ipchains -A input -j ACCEPT -i ${device} -p TCP -d ${LOCALIP} ftp
# ipchains -A input -j ACCEPT -i ${device} -p TCP -d ${LOCALIP} http
# ipchains -A input -j ACCEPT -i ${device} -p UDP -d ${LOCALIP} 1024:
# ipchains -A input -j ACCEPT -i ${device} -p ICMP -d ${LOCALIP}
# ipchains -A input -j DENY -i ${device}
# If you don't have masquerading set up yet, try the following
# (I recommend the ipmasq package).
# Replace 192.168.1 with the network number you use on the hosts
# that will use masquerading.
# ipchains -I forward -j MASQ -s 192.168.1.0/24
fi # not slave
# ignore errors in case of older kernel
if $slave
then isdnctrl dialmode $device auto >/dev/null 2>&1
else isdnctrl dialmode $device $DIALMODE >/dev/null 2>&1
fi
;;
# Delete the interface
stop)
set +e # ignore errors from here on
isdnctrl dialmode $device off >/dev/null 2>&1
if ! $slave; then
# FIREWALL RULES XXX_
# Undo the things done above.
#
# ipchains -D input -j ACCEPT -i ${device} -p TCP -d ${LOCALIP} 1000:
# ipchains -D input -j ACCEPT -i ${device} -p TCP -d ${LOCALIP} ssh
# ipchains -D input -j ACCEPT -i ${device} -p TCP -d ${LOCALIP} smtp
# ipchains -D input -j ACCEPT -i ${device} -p TCP -d ${LOCALIP} ident
# ipchains -D input -j ACCEPT -i ${device} -p TCP -d ${LOCALIP} ftp
# ipchains -D input -j ACCEPT -i ${device} -p TCP -d ${LOCALIP} http
# ipchains -D input -j ACCEPT -i ${device} -p UDP -d ${LOCALIP} 1024:
# ipchains -D input -j ACCEPT -i ${device} -p ICMP -d ${LOCALIP}
# ipchains -D input -j DENY -i ${device}
# If you don't have masquerading set up yet, try the following.
# Replace 192.168.1 with the network number you use on the hosts
# that will use masquerading.
# ipchains -D forward -j MASQ -s 192.168.1.0/24
# Commands to undo the network stuff
route del $REMOTEIP $device 2> /dev/null
# only delete default route if set above!
# The default is to use ippp0 for your default route.
bindnum=`expr $device : 'ippp\(.*\)'`
if [ "$bindnum" = 0 ]; then
route del default netmask 0 2>/dev/null
fi
ifconfig $device down 2> /dev/null
isdnctrl delif $device 2> /dev/null
# If this was the master device,
# the delif will also have removed the slaves.
fi
;;
# the rest is generic, don't touch
*)
echo "Usage: $0 {start|stop}"
exit 1
;;
esac
exit 0
# vim:set sw=4 si:
Und hier die /etc/isdn/ipppd.ippp0:
# Options file for ipppd.
# ipppd will not read /etc/ppp/options or /etc/ppp/ioptions or any other
# config file. Everything has to be in here.
# "peer" is the name for our syncppp partner.
# STANDARD OPTIONS
#debug # enable debugging
#kdebug X # set kernel debugging level to X
#nodetach # (no) fork to the background
#callback X # ask for callback (parameter X ?)
#lock # create a lock file for device
#domain X # add domain X to a given hostname
#pidfile X # save pid in file X
#call X # take options from privileges file (???)
#idle X # idle time limit (seconds)
#holdoff X # holdoff time limit (seconds)
#maxconnect X # set maximum connection time (in seconds ?)
#+mp # enable multi line ppp
#+pwlog # log password (WARNING: possible security hole)
#nomagic # magic number negotiation
# ppp handshake : tuning
#silent # don't even try to initiate the connection
#passive # wait for the peer to initiate the connection
#lcp-echo-failure X # consecutive echo failures
#lcp-echo-interval X # time for lcp echo events
lcp-restart 1 # Set timeout for LCP
#lcp-max-terminate X # Set max #xmits for term-reqs
#lcp-max-configure X # Set max #xmits for conf-reqs
#lcp-max-failure X # Set max #conf-naks for LCP
# AUTHENTICATION
name h0ujlu07jlu9977 # set local name for auth XXX_
#user X # set name for auth with peer; default is value for name
#usehostname # use hostname for auth
#remotename X # set remote name for auth
#noauth # (dont) require peer (the other) to auth
#require-pap # allow only pap authentication (dialin only)
#require-chap # allow only chap authentication (dialin only)
#login # use system password database for pap
#papcrypt # pap passwords are encrypted
# AUTHENTICATION TUNING
#pap-restart X # Set retransmit timeout for PAP
#pap-max-authreq X # Set max #xmits for auth-reqs
#pap-timeout X # Set time limit for peer PAP auth.
#chap-restart X # Set timeout for CHAP
#chap-max-challenge X # Set max #xmits for challenge
#chap-interval X # Set interval for rechallenge
# COMPRESSION
#noaccomp # address compression on/off
nopcomp # protocol field compression on/off
#novj # van jacobsen compression on/off
#novjccomp # van jacobsen connection-ID compression on/off
#vj-max-slots X # tune maximum vj header slots
#nobsdcomp # bsd compression on/off
#nodeflate # deflate compression on/off
#nopredictor1 # predictor1 compression in/off
noccp # compression negotation on/off
nolzs # LZS compression off (not yet supported fully)
# IP NETWORKING
#noip # (do not) disable ip transfer
#X:Y # (do not) set local ip to X, remote ip to Y
noipdefault # do not use name for default ip addr
#useifip # (do) use ip addresses from interface
#usefirstip # (do) use first ip from auth file for remote
netmask 255.255.255.255 # do set netmask, 255.255.255.255 for pointopoint
#defaultroute # (do not) set default route
nohostroute # do not set host route
#proxyarp # (do not) set an proxy arp entry
#mru X # (do not) set maximum size of receive units to X
#default-mru # (do not) enable mru negotation
mtu 1500 # do set max size of transmit units (1500 is OK)
#useifmtu # (do not) use mtu from interface
#ipparam X # (do not) set ip parameters in script X
#ms-dns X # (do not) set dns addr for the peers use (dialin only)
#ms-wins X # (do not) wins address for the peers use (dialin only)
ms-get-dns # (do not) accept peers suggestion of dns addr (dialout)
#set_userip # (do not) define valid ip addrs in /etc/ppp/useriptab
#ipcp-restart X # Set timeout for IPCP
#ipcp-max-terminate X # Set max #xmits for term-reqs
#ipcp-max-configure X # Set max #xmits for conf-reqs
#ipcp-max-failure X # Set max #conf-naks for IPCP
ipcp-accept-local # Accept peer's address for us
ipcp-accept-remote # Accept peer's address for it
# IPX NETWORKING
#noipx # en/disable ipx
#ipx-network X # IPX network number
#ipxcp-accept-network # Accept peer netowrk
#ipx-node X # IPX node number
#ipxcp-accept-local # Accept our address
#ipxcp-accept-remote # Accept peer's address
#ipx-routing X # IPX routing proto number
#ipx-router-name X # IPX router name
#ipxcp-restart X # Set timeout for IPXCP
#ipxcp-max-terminate X # max #xmits for term-reqs
#ipxcp-max-configure X # max #xmits for conf-reqs
#ipxcp-max-failure X # max #conf-naks for IPXCP
Bei Woody habe ich ISDN über _dpkg-reconfigure ipppd_ eingerichtet so das ich hinterher nichts mehr verändern mußte. Könnte es sein das diese Methode keinen DNS in der /etc/route.conf anlegt?
Grüße
Sascha
PS. Natürlich habe ich meinen Benutzernamen und die Telefonnummer verändert ;-)
Am 17 Jan 2003 12:44:11 +0100 schrieb Markus Hochholdinger <Markus_at_Hochholdinger.net>:
> Hi,
>
> Am Fre, 2003-01-17 um 07.48 schrieb Sascha Morr:
> > ich habe hier folgendes Problem. Wen ich den Rechner starte steht ISDN auf auto => /etc/isdn/device.ippp0
> > ...
> > DIALMODE=auto # XXX_ other values can be 'on' and 'off'
> > ...
> da gibt es doch noch andere wichtige Optionen. Wäre praktisch wenn Du
> alle Zeilen deiner Konfiguration, die mit XXX_ markiert sind, zeigen
> würdest.
>
> > Jedoch wen ich den Rechner gestartet und mich als Benutzer Sturmkind angemeldet habe muß ich immer in der Konsole mit su zu root werden und manuell eine Internetverbindung starten da Programme wie Sylpheed Claws oder Galeon zwar versuchen Daten übers Internet auszutauschen aber keine Internetverbindung aufgebaut wird.
> Was für eine route ist hier gesetzt? (route -n)
>
> > Das seltsame daran ist übrigens auch das wen ich die Verbindung auf die oben genannte Art gestartet habe und dann die Mails mit Sylpheed abgerufen habe, die Verbindung beim nächsten Abruf auch wieder aufgebaut wird, so wie es sein soll. Bei Galeon ist es genau das Selbe.
> > Weis einer von Euch was hier falsch laufen könnte?
> Ich könnte mir vorstellen, daß die Dummy IP Adressen, die Du in der
> Konfiguration irgendwo hast angeben müssen, Adressen deines Netzwerk
> sein könnten. Wenn darauf dann die default route gesetzt ist, meint Dein
> Rechner, daß er sich ja dafür nicht einwählen muß. Beim erneuten
> Verbindungsaufbau bleibt meistens die vorherige IP stehen, deswegen
> klappt es wahrscheinlich danach.
>
> Gruß
> \|/
> MH (o o)
> ------------------------------------------------------oOO--U--OOo--
> Markus Hochholdinger
> e-mail mailto:Markus_at_Hochholdinger.net .oooO
> www http://www.hochholdinger.net ( ) Oooo.
> ------------------------------------------------------\ (----( )-
> \_) ) /
> (_/
>
Dieses Archiv wurde generiert von hypermail 2.1.4 : 17. Jan 2003 CET