http://www.mandrakeuser.org/docs/connect/cppp2.html

MandrakeUser.Org - Your Mandrake-Linux Knowledge Base!

 
 

* DocIndex - Connectivity

Dial-up Networking (PPP) II

* Testing Your Configuration
* Running pppd As A User
* Running Programs After Connect/Disconnect
* Making pppd Connect Automatically

Related Resources:

man pppd
man chat
man pppstats

Revision / Modified: July 31, 2001 / Feb. 27, 2002
Author: Tom Berger

 

* Testing Your Configuration

Believe it or not, but you are (quite) set ;-). Still being 'root', issue the command

pppd call [peerfilename]

with [peerfilename] being the name of the file you've created in '/etc/ppp/peers/'. In my demonstration case that would be pppd call isp1. The modem should now connect and hold the connection. If it doesn't, recapitulate the steps you've taken so far and look for obvious errors (typos, wrong chat-filename). If the error isn't obvious, refer to the PPP troubleshooting page. The same applies to the following steps.

Hold the connection you've got now in order to do some testing, using ping. 'ping' sends small packets of data over the network and waits for replies. If you get 'ping' responses from a machine you can reach it. 'ping' is part of the 'iputils' package.
First try your ISP's name server(s). Take one of the IP values the PPP program has entered in '/etc/ppp/resolv.conf' and type

ping [IP-Number]

You should get something like this:

PING [IP-NUMBER] ([IP-NUMBER]): 56 data bytes
64 bytes from [IP-NUMBER]: icmp_seq=0 ttl=39 time=239.2 ms
64 bytes from [IP-NUMBER]: icmp_seq=1 ttl=39 time=230.0 ms
64 bytes from [IP-NUMBER]: icmp_seq=2 ttl=39 time=230.0 ms

Stop it with CTRL-c. Now let's see if you can reach some outward machine:

ping 216.71.159.34

You should get something like the above (if the server here isn't down, that is ;-).

Now try if the name-serving stuff works:

ping netscape.com

If you get

PING netscape.com (207.200.75.200): 56 data bytes
64 bytes from 207.200.75.200: icmp_seq=0 ttl=39 time=229.3 ms
64 bytes from 207.200.75.200: icmp_seq=1 ttl=39 time=230.1 ms

your PPP-network works perfectly. You can close the uplink with

killall pppd

Congratulations, you did it! :-)

If one of these steps fails continually, consult the page on PPP troubleshooting.

* section index * top

* Running pppd As A User

Since the PPP daemon needs access to vital parts of the system, it can only be run by 'root'. It is possible however to change this. This involves changing permissions and some editing for the sake of system security.

In Unix it is possible to give programs permissions that differ from those of the user who started the program. The program gets a fixed user identification number (UID), therefore this process is called 'setuid'. It is usually done to give programs 'root' permissions. Needless to say that such programs are a security-threat, so it is advisable to restrict access to this program to a specified group of users. That's what you are to do now. You need to be 'root'.

chmod 4750 /usr/sbin/pppd && chown root:pppusers /usr/sbin/pppd

(Note to 'Linuxconf'-users: you should perform this step with 'Linuxconf', otherwise it will revoke these changes. The dialog for this is in 'Control'- 'Control files and systems'-'Configure file permission and ownership').

Now ls -l /usr/sbin/pppd should look like this:

-rwsr-x--- 1 root pppusers

The 's' marks the 'setuid' bit that you've set with the digit '4' in the 'chmod' command. As you can see, only 'root' and members of the group 'pppusers' are allowed to execute pppd. (If you have no idea of what I am talking about, you might want to read the page on file permissions.).
Compile a list of all users that should be able to connect to the Internet. Edit '/etc/group' and add them to the 'pppusers' group by adding their names to the appropriate entry.
As long as you've not logged out and back in, the system doesn't know about the change in '/etc/group'. Therefore, type newgrp pppusers from your user account if you want to test your connection right now.
Now run:

/usr/sbin/pppd call [name]

with [name] being the name of your peers-file in '/etc/ppp/peers'. Since '/ usr/sbin' is not part of a user's $PATH, you have to give the full pathname to pppd, otherwise the shell won't find it.
killall pppd will close the link.

You can now add icons to your desktop that call and terminate pppd. Or you can get a fancy wrapper that will show modem lights on your desktop while you are connected. Or you can start your connection via an 'alias' in '. bash_profile' or even a keyboard-shortcut. (Read more about 'aliases')

* section index * top

* Running Programs After Connect/Disconnect

Create scripts called 'ip-up.local' and 'ip-down.local' in '/etc/ppp' and put the commands you want to have executed in there. Keep in mind that every program you start from there runs with 'root'-privileges.

Some suggestions:

  • Automatically send and receive mail and news every time you connect.
  • Run mirroring tools (e.g. 'rsync') to keep your website in sync with local files.
  • Resume down- or uploads.

Remember to give the shell path as the first line of the script (#!/ bin/sh), to provide the full path to programs you start from it, and to make the script executable with chmod +x.

* section index * top

* Making pppd Connect Automatically

Wouldn't it be nice if you wouldn't have to dial each time you want to connect?
It's quite easy to configure this. Your '/etc/ppp/options' file should look like this:

lock
defaultroute
demand
nopersist
192.168.0.3:192.168.0.4
ipcp-accept-remote
ipcp-accept-local
holdoff 5
idle 30

What does it do? It defines two bogus IPs for the local and the remote IP. This is necessary because otherwise pppd won't do dial on demand. If you have a local network, make sure these addresses do not exist in it.
The clever thing is to reset these bogus addresses with the next two lines, so that your machine will accept the local and remote IPs assigned by your ISP upon connection.
holdoff 5 tells pppd to redial after 5 seconds in case of a connection error. This comes in handy if your ISP's server is busy when you connect.
idle 30 tells pppd to terminate the link after 30 seconds of inactivity. If your browser displays a web page with rotating ads, hit the ESC- key to stop loading (otherwise the 'idle' setting will have no effect). Or you might use an ad-blocker like the Junkbuster.
You can now run the pppd command from '/etc/rc.d/rc.local' on boot. Now every time you request an outbound connection by clicking a link or query for mail, pppd will automatically connect to your ISP.

Notes:

  • Please test this first! Have a look at your modem and see if it connects to your ISP without you demanding it. System services like Samba or Sendmail may try to do DNS queries and so activate the link. Consult the documentation of the offending program for ways to turn off these queries.

  • There is also a distinct program for this functionality available, called diald. Its configuration is somewhat more involved and prone to errors. Use it for advanced tasks like masquerading a larger network.

  • The 'nopersist' option seems to be a good means to prevent pppd from dialing at random. (Thanks to Mandrake Linux user Michael Siepmann for this hint)

* Troubleshooting PPP


 
Legal: All texts on this site are covered by the GNU Free Documentation License. Standard disclaimers of warranty apply. Copyright LSTB (Tom Berger) and Mandrakesoft 1999-2002.