Believe it or not, but you are (quite) set ;-). Still being 'root', issue
the command
pppd call [peerfilename]
with [peerfilename] being the name of the file you've created in
'/etc/ppp/peers/'. In my demonstration case that would be pppd call
isp1 . The modem should now connect and hold the connection. If it
doesn't, recapitulate the steps you've taken so far and look for obvious
errors (typos, wrong chat-filename). If the error isn't obvious, refer to the
PPP troubleshooting page. The same applies to the
following steps.
Hold the connection you've got now in order to do some testing, using
ping . 'ping' sends small packets of data over the network and
waits for replies. If you get 'ping' responses from a machine you can reach
it. 'ping' is part of the 'iputils' package.
First try your ISP's name server(s). Take one of the IP values the PPP program
has entered in '/etc/ppp/resolv.conf' and type
ping [IP-Number]
You should get something like this:
PING [IP-NUMBER] ([IP-NUMBER]): 56 data bytes
64 bytes from [IP-NUMBER]: icmp_seq=0 ttl=39 time=239.2 ms
64 bytes from [IP-NUMBER]: icmp_seq=1 ttl=39 time=230.0 ms
64 bytes from [IP-NUMBER]: icmp_seq=2 ttl=39 time=230.0 ms
Stop it with CTRL-c. Now let's see if you can reach some outward
machine:
ping 216.71.159.34
You should get something like the above (if the server here isn't down,
that is ;-).
Now try if the name-serving stuff works:
ping netscape.com
If you get
PING netscape.com (207.200.75.200): 56 data bytes
64 bytes from 207.200.75.200: icmp_seq=0 ttl=39 time=229.3 ms
64 bytes from 207.200.75.200: icmp_seq=1 ttl=39 time=230.1 ms
your PPP-network works perfectly. You can close the uplink with
killall pppd
Congratulations, you did it! :-)
If one of these steps fails continually, consult the
page on PPP troubleshooting.
section index top
Since the PPP daemon needs access to vital parts of the system, it can only
be run by 'root'. It is possible however to change this. This involves
changing permissions and some editing for the sake of system security.
In Unix it is possible to give programs permissions that differ from those
of the user who started the program. The program gets a fixed user
identification number (UID), therefore this process is called 'setuid'. It is
usually done to give programs 'root' permissions. Needless to say that such
programs are a security-threat, so it is advisable to restrict access to this
program to a specified group of users. That's what you are to do now. You need
to be 'root'.
chmod 4750 /usr/sbin/pppd && chown root:pppusers
/usr/sbin/pppd
(Note to 'Linuxconf'-users: you should perform this step with 'Linuxconf',
otherwise it will revoke these changes. The dialog for this is in 'Control'-
'Control files and systems'-'Configure file permission and ownership').
Now ls -l /usr/sbin/pppd should look like this:
-rwsr-x--- 1 root pppusers
The 's' marks the 'setuid' bit that you've set with the digit '4' in the
'chmod' command. As you can see, only 'root' and members of the group
'pppusers' are allowed to execute pppd. (If you have no idea of what I am
talking about, you might want to read the
page on file permissions.).
Compile a list of all users that should be able to connect to the Internet.
Edit '/etc/group' and add them to the 'pppusers' group by adding their names
to the appropriate entry.
As long as you've not logged out and back in, the system doesn't know about
the change in '/etc/group'. Therefore, type newgrp pppusers from
your user account if you want to test your connection right now.
Now run:
/usr/sbin/pppd call [name]
with [name] being the name of your peers-file in '/etc/ppp/peers'. Since '/
usr/sbin' is not part of a user's $PATH, you have to give the full pathname to
pppd, otherwise the shell won't find it.
killall pppd will close the link.
You can now add icons to your desktop that call and terminate pppd. Or you
can get a fancy wrapper that will show modem lights on your desktop while you
are connected. Or you can start your connection via an 'alias' in '.
bash_profile' or even a keyboard-shortcut. (Read more about 'aliases')
section index top
Create scripts called 'ip-up.local' and 'ip-down.local' in '/etc/ppp' and
put the commands you want to have executed in there. Keep in mind that every
program you start from there runs with 'root'-privileges.
Some suggestions:
- Automatically send and receive mail and news
every time you connect.
- Run mirroring tools (e.g. 'rsync') to keep your website in sync with local
files.
- Resume down- or uploads.
Remember to give the shell path as the first line of the script (#!/
bin/sh ), to provide the full path to programs you start from
it, and to make the script executable with chmod +x .
section index top
Wouldn't it be nice if you wouldn't have to dial each time you want to
connect?
It's quite easy to configure this. Your '/etc/ppp/options' file should look
like this:
lock
defaultroute
demand
nopersist
192.168.0.3:192.168.0.4
ipcp-accept-remote
ipcp-accept-local
holdoff 5
idle 30
What does it do? It defines two bogus IPs for the local and the remote IP.
This is necessary because otherwise pppd won't do dial on demand. If you have
a local network, make sure these addresses do not exist in it.
The clever thing is to reset these bogus addresses with the next two lines, so
that your machine will accept the local and remote IPs assigned by your ISP
upon connection.
holdoff 5 tells pppd to redial after 5 seconds in case of a
connection error. This comes in handy if your ISP's server is busy when you
connect.
idle 30 tells pppd to terminate the link after 30 seconds of
inactivity. If your browser displays a web page with rotating ads, hit the
ESC- key to stop loading (otherwise the 'idle' setting will have no effect).
Or you might use an ad-blocker like the Junkbuster.
You can now run the pppd command from '/etc/rc.d/rc.local' on boot. Now every
time you request an outbound connection by clicking a link or query for mail,
pppd will automatically connect to your ISP.
Notes:
-
Please test this first! Have a look at your modem and see if it connects to
your ISP without you demanding it. System services like Samba or Sendmail may
try to do DNS queries and so activate the link. Consult the documentation of
the offending program for ways to turn off these queries.
-
There is also a distinct program for this functionality available, called
diald. Its configuration is somewhat more
involved and prone to errors. Use it for advanced tasks like masquerading a
larger network.
The 'nopersist' option seems to be a good means to prevent pppd from dialing
at random. (Thanks to Mandrake Linux user Michael Siepmann for this hint)
Troubleshooting PPP
|