Bering-uClibc 5.x - User Guide - IPv4 Networking - External Network Connections

From bering-uClibc
Jump to: navigation, search
IPv4 Networking - External Network Connections
Bering-uClibc 5.x - User Guide Next


Ethernet (e.g. Cable Modem)

Objectives

We assume here that you want to connect your LEAF router to the Internet via an Ethernet connection attached to the "first" Ethernet port on the LEAF machine (i.e. the port that Linux knows as eth0).

Such connections are often used in conjunction with Cable Modems.

The configuration required is different for DHCP versus Static IP addresses.

DHCP IP Address

Packages

The standard Bering-uClibc 5.x disk Images ship with the dhcpcd.lrp (DHCP Client Daemon) Package included in the LRP list within leaf.cfg, so no action is required to load this Package. dhcpcd.lrp replaces pump.lrp which was used for previous Bering-uClibc releases.

Interfaces File

The standard Bering-uClibc 5.x disk Images also ship with /etc/network/interfaces configured to run DHCP on the External interface. The relevant lines in this file are as follows and again no action is required:

# Option 1.1 (default): eth0 / dynamic IP from dhcpcd
auto eth0
iface eth0 inet dhcp

DNS

Warning: The connection to upstream DNS servers will NOT work unless the configuration is changed as described below.

dhcpcd.lrp will obtain the IP addresses for upstream DNS servers as long as these are specified by your ISP as part of the DHCP lease. The DNS server details are written to file /etc/dhcpc/resolv.conf but by default this is NOT referenced by the DNS server running on the LEAF router.

Follow the instructions on the dnsmasq page in order to have dnsmasq.lrp (which implements the local DNS server) reference the upstream DNS servers obtained by dhcpcd.lrp.

Question: Should we include this configuration setting as part of the default Bering-uClibc 5.x configuration?

Static IP Address

Packages

When using a static IP address which has been issued by your ISP there is no need for dhcpcd.lrp and this should be removed from the LRP list within leaf.cfg.

Interfaces File

File /etc/network/interfaces needs to be edited to comment out the default (Option 1.1) block of lines and un-comment the Option 1.2 block of lines which relate to a static IP address. The un-commented lines need to be edited to match the details provided by your ISP. For reference, the structure of the Option 1.2 block (with the relevant lines un-commented) is as follows:

# Option 1.2: eth0 / Fixed IP (assumed to be 1.2.3.4 on a /24 network). 
#               (broadcast/gateway optional)
auto eth0
iface eth0 inet static  
       address 1.2.3.4
       netmask 255.255.255.0
       broadcast 1.2.3.255
       gateway 1.2.3.1

DNS

When you have a static IP address your ISP will normally also provide details of the DNS server(s) to be used. The relevant IP address(es) should be added to /etc/resolv.conf. Dnsmasq refers to this file by default.

See this page for details of the /etc/resolv.conf file syntax.


PPPoE

Objectives

We assume here that you want to connect your LEAF router to the Internet via an ADSL PPPoE connection. What is described here corresponds to section 3.2.3 of the DSL How-To document. Your ADSL modem is supposed to be connected to eth0, while the traffic to your internal network goes through eth1.

The PPP-Howto and the DSL-Howto are two useful references for this section.

Step 1: Declare the pppoe package

The pppoe Package (and ppp which pppoe requires) are provided on the Bering-uClibc Images, but are not activated by default.

Boot a Bering-uClibc Image. Once the LEAF menu appears get access to the linux shell by (q)uitting the menu. Edit the leaf.cfg file and replace the dhcpcd entry by pppoe in the list of Packages to be loaded at boot. Check LEAF Packages to learn how to do that. The ppp Package is also required (and ppp.lrp needs to be on the disk) but gets loaded automatically and does not need to be specified.

For IPv4, the PPP negotiation includes the same sort of information that would be obtained using DHCP - DNS servers, netmask, gateway etc. - which is why there is no requirement for a DHCP client (like dhcpcd) when using PPP. If you happen to be using IPv6 via PPPoE you will find that you need to use DHCPv6 in addition to PPP for full configuration. See this page for more details.

Step 2: Declare the ppp and pppoe modules

In order to have a PPPoE connection working, you need to have ppp and pppoe support enabled through the appropriate kernel modules. You also need to make sure the driver(s) module(s) of your network card(s) has been loaded. All the modules which are necessary for a PPPoE connection are provided on the standard Bering-uClibc Images. You just need to "declare" them since they are not loaded by default. As far as your network cards are concerned, the most popular driver modules are provided in /lib/modules but you might need to add the one corresponding to your own hardware from the Bering-uClibc modules.tgz on your boot media. Refer to the Bering-uClibc Basic System Configuration to learn how to do that.

To declare your modules, go to the LEAF Packages configuration menu and choose modules. Enter 1) to edit the /etc/modules file and uncomment the line that relates to a PPPoE connection:

# Modules needed for PPP/PPPOE connection                   
pppoe

Important: The /etc/modules file provided in the Bering-uClibc distro is already setup with the entry commented out. Just remove the leading # sign to activate the corresponding module.

Step 3: Configure ppp

In the normal situation, you won't have to do anything here, the ppp is preconfigured for the standard situation.

Connection with your ISP will be handled by PPP. The PPP Howto document will give you very detailed information about this protocol and how to set-up its numerous parameters.

Please refer to the Serial Modem section of this user's guide to learn how to configure your ppp package.

The default options provided with the ppp.lrp should work and if you are not familiar with ppp leave them at first. After you get a connection you can "fine tune" your setup.

Step 4: Configure pppoe

Through the LEAF Package configuration menu choose pppoe. The following menu will appear:

                        pppoe configuration files

        1) DSL pppd options

  q) quit
  ----------------------------------------------------------------------------
        Selection:

Entry 1) allows you to adjust the parameter of your ppp connection through the /etc/ppp/peers/dsl-provider file. The most important argument is the name parameter which defines your login name.

Replace the field following the user statement in the /etc/ppp/peers/dsl-provider [ "login@isp.com" ] by the login name provided by your ISP.

 # Configuration file for PPP, using PPP over Ethernet
 # to connect to a DSL provider.
 #
 plugin /usr/lib/pppd/rp-pppoe.so

 # MUST CHANGE: Uncomment the following line, replacing the user@provider.net
 # by the DSL user name given to your by your DSL provider.
 # (There should be a matching entry in /etc/ppp/pap-secrets with the password.)
 name "eric12345@foobar.com"

 (...)
 

Through the LEAF packages configuration menu get access to ppp configuration. The following menu will show-up

                        ppp configuration files

        1) ISP pppd options
        2) ISP login script
        3) System wide pppd options
        4) chap secret
        5) pap secret

  q) quit
  ----------------------------------------------------------------------------
        Selection:

Entry 5) allows you to edit the /etc/ppp/pap-secrets. Enter in this file the login and password provided by your ISP. Your login name must exactly match the one given in the previous /etc/ppp/peers/dsl-provider file. If you have special characters in secret or username, you should put them in quotes

 # This is a pap-secrets file
 #
 #papname * papsecret
 "eric12345@foobar.com" * "secretfoo"
 

If you want to authenticate using CHAP, add the same entry to the CHAP item instead.

Step 5: Configure your interfaces file

Through the LEAF configuration menu type 1 to access to the network configuration menu and 1 again to edit your /etc/network/interfaces file. Enter the following information:

auto lo ppp0 eth1

iface lo inet loopback

iface ppp0 inet ppp
        pre-up ip link set eth0 up
        provider dsl-provider eth0

iface eth1 inet static
   address 192.168.1.254
   netmask 255.255.255.0
   broadcast 192.168.1.255

In this /etc/network/interfaces file the lo, ppp0 and eth1 interfaces are brought up automatically when the ifup -a statement is executed at boot time by the /etc/init.d/networking script.

The "iface ppp0 inet ppp" says:

  • Execute the "ip link set eth0 up" command BEFORE ppp0 is activated (pre-up statement)
  • Execute the /sbin/pon dsl-provider eth0 script to establish the PPPoE connection. The dsl-provider file used as input by /sbin/pon is provided in the pppoe.lrp package.

The "iface eth1 inet static" defines the internal address of the router.

Step 6: Configure Shorewall

Through the LEAF packages configuration menu, choose shorwall and check the three following files:

A) The interfaces file (entry 4) defines your interfaces. Here connection to the net goes through ppp0. So we must set:

 (...)
 #ZONE   INTERFACE       OPTIONS
 net     ppp0            routefilter
 loc     eth1            dhcp
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
 

B) The masq file (entry 8). With a PPPoE setup it should look like:

 (...)
 #INTERFACE:DEST         SOURCE
 ppp0                    192.168.1.0/24
 #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
 

C) You may also need to edit the config file (entry 11) to adjust the CLAMPMSS variable to "yes":

 (...)
 # Set this variable to "Yes" or "yes" if you want the TCP "Clamp MSS to PMTU"
 # option. This option is most commonly required when your internet
 # interface is some variant of PPP (PPTP or PPPoE). Your kernel must
 #
 # If left blank, or set to "No" or "no", the option is not enabled.
 #
 CLAMPMSS="yes"
 (...)
 

Step 7: Configure dnsmasq

This step is optional, but if IP addresses for DNS servers are supplied by your ISP as part of the PPP negotiation these will be written to file /etc/ppp/resolv.conf.

Follow the instructions on the dnsmasq page in order to have dnsmasq.lrp (which implements the local DNS server) reference the upstream DNS servers obtained by PPPoE.

Step 8: Configure up/down scripts

Another optional step, but if you wish to configure custom actions when PPP (including PPPoE) connections are brought up or taken down there is a useful Package called pppscrpt.lrp which creates a structure of files and directories under /etc/ppp/ which can be used to add custom action scripts.

Any files created in or under directory /etc/ppp/ are automatically backed up when the Bering-uClibc configuration is saved (thanks to a setting which is part of ppp.lrp) so it is not essential to add pppscrpt.lrp to leaf.cfg; simply load it interactively using e.g.

# apkg -i /mnt/pppscrpt.lrp

Note however that empty directories are not backed-up so those will disappear on a reboot, but can be re-created by re-loading the Package.

For example, to run a command whenever a PPP (IPv4) connection is established, create a script in directory /etc/ppp/ip-up.d/

Step 9: Save the changes

To save the changes, start lrcfg. The added modules will be saved to moddb with the command "m) Backup modules". The configuration changes are saved with "s) Save config".

Step 10: Reboot...

Your modem connection should be established automatically. Type plog to check the login sequence with your ISP. If there is no output check the various logs in /var/log/ to get a clue on potential problems.

An example: a PPPoE connection with a two PCMCIA cards setup

C. Hostelet is using an old laptop as a Bering-uClibc router. His hardware configuration consists of one HP Omnibook 3000 laptop (Pentium 233Mhz, 144MB Ram, CD-Rom drive module, no floppy, no HDD), one Xircom CEM56 Modem/ethernet PCMCIA card and one 3Com 3C589 PCMCIA card. The connection to the net is provided through the first PCMCIA card connected to an Alcatel SpeedTouch Home ethernet modem which gives him access to France Telecom "Netissimo" ADSL service. The connection to the local network is done trough the second PCMCIA card.

Here is his /etc/network/interfaces file:

auto lo

iface lo inet loopback

iface eth0 inet static
   address 10.0.0.1
   netmask 255.255.255.0
   broadcast 10.0.0.255
   up pon dsl-provider eth0
   up shorewall restart
   down shorewall stop
   down poff

iface eth1 inet static
   address 192.168.1.254
   netmask 255.255.255.0
   broadcast 192.168.1.255
   up /etc/init.d/dnscache restart
   down /etc/init.d/dnscache stop

Only lo is brought up automatically at boot time. eth0 and eth1 are brought up by the PCMCIA cardmgr program which calls the /etc/pcmcia/network script.

The connection with the Alcatel speedtouch modem is done through the eth0 interface at address 10.0.0.1

Once the eth0 interface is up the pppd daemon is called by the pon script. Shorewall must then be restarted since eth0 was not available at boot time.

Once the eth1 interface is up we restart dnscache which could not start at boot time since eth1 was not available.

PPTP/PPPoA

Objectives

We assume here that you want to connect your LEAF router to the Internet via an Alcatel SpeedTouch home ADSL modem which supports both PPPoE and PPPoA connections. The PPPoE connection is covered in another section. For the PPPoA connection, we assume that your modem is connected to a dedicated NIC as eth0 and will communicate with your router through the pptp protocol. What is described here corresponds to section 3.2.5 of the DSL How-To document. The traffic to your internal network goes through eth0 while access to the Internet via PPPoA goes through ppp0.

The PPP-Howto, the PPTP-Client project and the DSL- Howto are useful references for this section.

Thanks to Eric de Thouars, who suggested the required adjustment to Shorewall for this setup to work properly.

Step 1: Declare the ppp and the pptp packages

Boot a Bering-uClibc Image. Once the LEAF menu appears get access to the linux shell by (q)uitting the menu. Mount the boot media and edit the leaf.cfg file. Replace the dhcpcd entry by ppp,pptp in the list of packages to be loaded at boot. Check LEAF Packages to learn how to do that. Your leaf.cfg file will then look like (adjust to your tastes):

LRP="root,etc,local,modules,iptables,ppp,pptp,keyboard,shorwall,ulogd,dnsmasq"

Important: The line ("root ... dnsmasq") must be typed as a single one in leaf.cfg

The ppp and pptp package (pptp.lrp) are provided on the standard Bering-uClibc Images.

Step 2: Declare the ppp modules

In order to have a PPTP/PPPoA connection working, you need to have ppp support enabled through the appropriate kernel modules. You also need to make shure the driver(s) module(s) of your network card(s) has been loaded.

All the modules which are necessary for a PPTP/PPPoA connection are provided on the standard Bering-uClibc Images. You just need to "declare" them since they are not loaded by default. As far as your network cards are concerned, the most popular driver modules are provided in /lib/modules but you might need to add the one corresponding to your own hardware from the Bering-uClibc modules.tgz on your boot media. Refer to the Bering-uClibc Basic System Configuration to learn how to do that.

To declare your modules, go to the LEAF Packages configuration menu and choose modules. Enter 1) to edit the /etc/modules file and enter the following information:

 

 # Modules needed for PPTP/PPPoA connection
 slhc
 n_hdlc
 ppp_generic
 ppp_async

 # Masquerading 'helper' modules
 ip_conntrack_ftp
 ip_conntrack_irc
 ip_nat_ftp
 ip_nat_irc

Important: The /etc/modules file provided in the Bering-uClibc distro is already setup with those entries commented out. Just remove the leading # sign to activate the corresponding module.

Step 3: Configure ppp

Connection with your ISP will be handled by PPP. The PPP Howto document will give you very detailed information about this protocol and how to set-up its numerous parameters.

Through the LEAF packages configuration menu get access to ppp configuration. The following menu will show-up:

                        ppp configuration files

        1) ISP pppd options
        2) ISP login script
        3) System wide pppd options
        4) chap secret
        5) pap secret

  q) quit
  ----------------------------------------------------------------------------
        Selection:

Enter 1) and 2) and empty out the corresponding files completely.

Enter 3) allows you to adjust the parameter of your ppp connection through the /etc/ppp/options file. This file must contain:

debug
name "ISPUserID"
noauth
noipdefault
defaultroute

Edit either the CHAP (Entry 4) or PAP (Entry 5) option to set up how your system authenticates.

For PAP authentication, choose the PAP option and add a line saying "<ISPUserID> * <ISPUserPassword> to the bottom of the file. <ISPUserID> is the same entry that you made in Entry 3) - the "System wide pppd options" file. The <ISPUserPassword> entry is self-explanatory. The "*" can be replaced with the IP address or name of the server you are dialling into if you know it. Usually, an asterisk is sufficient.

If you want to authenticate using CHAP, add the same entry to the CHAP item instead.

Step 4: Configure your interfaces file

Through the LEAF configuration menu type 1 to access to the network configuration menu and 1 again to edit your /etc/network/interfaces file. Enter the following information:

auto lo eth0 eth1

iface lo inet loopback

iface eth0 inet static
   address 10.0.0.1
   netmask 255.255.255.0
   broadcast 10.0.0.255
   up pptp 10.0.0.138

iface eth1 inet static
   address 192.168.1.254
   masklen 255.255.255.0
   broadcast 192.168.1.255

In this /etc/network/interfaces file the lo, eth0 and eth1 interfaces are brought up automatically when the ifup -a statement is executed at boot time by the /etc/init.d/networking script.

The "iface eth0 inet static" section defines the external address of the router and says:

  • Bring up eth0 at address 10.0.0.1
  • Execute the pptp 10.0.0.138 command once eth0 is up to establish the PPTP/PPPoA connection.

The "iface eth1 inet static" defines the internal address of the router.

Step 5: Configure Shorewall

Through the LEAF packages configuration menu, choose shorwall and check the three following files:

A) The interfaces file (entry 3) defines your interfaces. Here connection to the net goes through ppp0. So we must set:

 (...)
 #ZONE   INTERFACE       BROADCAST       OPTIONS
 net     ppp0            -               routefilter
 adsl    eth0            10.0.0.255
 loc     eth1            detect          routestopped
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Warning: Do not forget the "-" under the BROADCAST heading for the net/ppp0 entry.

B) Add the following line to /etc/shorewall/policy. Now the policy for traffic between the firewall and the adsl zone is set to ACCEPT:

 (...)
 fw      adsl    ACCEPT

C) The masq file (entry 8). With a dial-up modem setup it should look like:

 (...)
 #INTERFACE              SUBNET
 ppp0                    eth1
 #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE

D) You may also need to edit the config file (entry 12) to adjust the CLAMPMSS variable to "yes":

 (...)
 # Set this variable to "Yes" or "yes" if you want the TCP "Clamp MSS to PMTU"
 # option. This option is most commonly required when your internet
 # interface is some variant of PPP (PPTP or PPPoE). Your kernel must
 #
 # If left blank, or set to "No" or "no", the option is not enabled.
 #
 CLAMPMSS="yes"
 (...)

Step 7: Save the changes

To save the changes, start lrcfg. The added modules will be saved to moddb with the command "m) Backup modules". The configuration changes are saved with "s) Save config".

Step 8: Reboot...

Your modem connection should be established automatically. Type plog to check the login sequence with your ISP. If there is no output check the logs in /var/log/ to get a clue on potential problems.


PPPoA

Objectives

We assume here that you want to connect your LEAF router to the Internet via PPPoA. The PPPoE connection is covered in another section of this user's guide. So is the PPTP/PPPoA connection. What is described here corresponds to section 3.2.4 of the DSL How-To document. The traffic to your internal network goes through eth0 while access to the Internet via PPPoA goes through ppp0.

The PPP-Howto and the DSL-Howto are two useful references for this section.

Step 1: Declare the pppoatm package

In order to be able to get connected through PPPoA you will need to load the pppoatm.lrp package together with ppp.lrp.

Boot your Bering-uClibc Image. Once the LEAF menu appears get access to the linux shell by (q)uitting the menu. Edit the leaf.cfg file and replace the dhcpcd entry by pppoatm in the list of Packages to be loaded at boot. Check LEAF Packages to learn how to do that.

The pppoatm.lrp Package is available on your Bering-uClibc Image.

Step 2: Declare the ppp and pppoatm modules

In order to have a PPPoA connection working, you need to have both ppp and pppoatm support enabled through the appropriate kernel modules. You also need to declare the driver(s) module(s) of your network card(s). You also need to make shure the driver(s) module(s) of your network card(s) has been loaded.

All the modules which are necessary for ppp support are provided on the standard Bering-uClibc Images. You just need to "declare" them since they are not loaded by default. As far as the pppoatm module and ATM drivers are concerned, you need to add them from the Bering-uClibc modules.tgz on your boot media. Refer to the Bering-uClibc Basic System Configuration to learn how to do that.

To declare your modules, go to the LEAF Packages configuration menu and choose modules. Enter 1) to edit the /etc/modules file and enter the following information:

 
 # Modules needed for PPP connection
 slhc
 ppp_generic

 # PPPOA support
 pppoatm

 # ATM-PCI "st" drivers
 ambassador

 # Masquerading 'helper' modules
 ip_conntrack_ftp
 ip_conntrack_irc
 ip_nat_ftp
 ip_nat_irc
 

Step 3: Configure pppoatm

Connection with your ISP will be handled by PPP. The PPP Howto document will give you very detailed information about this protocol and how to set-up its numerous parameters.

Through the LEAF packages configuration menu get access to pppoatm configuration. The following menu will show-up:

                        pppoatm configuration files

        1) DSL pppd options

  q) quit
  ----------------------------------------------------------------------------
        Selection:

Enter 1) and adjust the corresponding /etc/ppp/peers/dsl-provider file:

 #
 # Adjust here VP/VC - depends on country & ISP
 # UK/BT: 0.38 - US/BE/FR: 8.35
 #
 plugin /usr/lib/pppd/pppoatm.so 0.38
 #
 # If chap or pap identification uncomment the #name "ISPUserID" line
 # and replace ISPUserID with your ISP user name
 # There should be a matching entry in /etc/ppp/pap-secrets or chap-secrets
 #
 #name "ISPUserID"
 lock
 noipdefault
 noauth
 defaultroute
 hide-password
 lcp-echo-interval 20
 lcp-echo-failure 3
 maxfail 0
 persist
 

The most important parameters in this file are the VP.VC combination which depends on your country and/or your ISP and the name parameter.

Through the LEAF packages configuration menu get access to ppp configuration. The following menu will show-up:

                        ppp configuration files

        1) ISP pppd options
        2) ISP login script
        3) System wide pppd options
        4) chap secret
        5) pap secret

  q) quit
  ----------------------------------------------------------------------------
        Selection:

Edit either the CHAP (Entry 4) or PAP (Entry 5) option to set up how your system authenticates. If you edit chap, replace #ISPUserID and ISPUserPassword with the relevant information.

 # Secrets for authentication using CHAP
 # client        server  secret                  IP addresses
 #ISPUserID      *       ISPUserPassword
 

ISPUserID must exactly match the entry that you made for the name parameter in pppoatm Entry 1) "DSL pppd options" file. The "*" can be replaced with the IP address or name of the server you are dialling into if you know it. Usually, an asterisk is sufficient.

If you want to authenticate using PAP, add the same entry to the PAP item instead.

Step 4: Configure your interfaces file

Through the LEAF configuration menu type 1 to access to the network configuration menu and 1 again to edit your /etc/network/interfaces file. Enter the following information:

auto lo ppp0 eth0
iface lo inet loopback
iface ppp0 inet ppp
   provider dsl-provider
iface eth0 inet static
   address 192.168.1.254
   netmask 255.255.255.0
   broadcast 192.168.1.255

In this /etc/network/interfaces file the lo, ppp0 and eth0 interfaces are brought up automatically when the ifup -a statement is executed at boot time by the /etc/init.d/networking script.

The "iface ppp0 inet ppp" section defines the external address of the router and activates the pon script

The "iface eth0 inet static" defines the internal address of the router.

Step 5: Configure Shorewall

Through the LEAF packages configuration menu, choose shorwall and check the three following files:

A) The interfaces file (entry 3) defines your interfaces. Here connection to the net goes through ppp0. So we must set:

 (...)
 #ZONE   INTERFACE       BROADCAST       OPTIONS
 net     ppp0            -
 loc     eth0            detect          routestopped
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
 

Warning: Do not forget the "-" under the BROADCAST heading for the net/ppp0 entry.

B) The masq file (entry 8). It should look like:

 (...)
 #INTERFACE              SUBNET
 ppp0                    eth0
 #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
 

Step 7: Save the changes

To save the changes, start lrcfg. The added modules will be saved to moddb with the command "m) Backup modules". The configuration changes are saved with "s) Save config".

Step 8: Reboot...

Your PPPoA connection should be established automatically. Type plog to check the login sequence with your ISP. If there is no output check the various logs in /var/log/ to get a clue on potential problems.


Serial Modem

Objectives

We assume here that you can only get connected to internet through a serial modem connection and that you want to share that connection with other (internal) computers in your home or office. What follows describes the configuration of this dial-up modem router. Your external interface (to the internet) will be ppp0, your internal interface (to your internal network) is assumed to be done through an Ethernet network card (eth0).

The PPP-Howto is a useful reference for this section.

Bering-uClibc comes with two ppp daemons, one with filter support and one without. The ppp-filter.lrp Package can be used for demand-dialing mode and needs the libpcap.lrp Package. Before using the filter version, the package needs to be renamed to ppp.lrp.

The ppp source is version 2.4.4 and supports ipv6, mschapv2, mppe and optional pppoe, pppoatm or pppol2p with plugins

Step 1: Declare the ppp package

Boot your Bering-uClibc Image. Once the LEAF menu appears get access to the linux shell by (q)uitting the menu. Edit the leaf.cfg file and replace the dhcpcd entry by ppp in the list of packages to be loaded at boot. Check LEAF Packages to learn how to do that.

Step 2: Declare the ppp modules

In order to have a modem dialup connection working, you need to have ppp support enabled through the appropriate kernel modules.

To configure your modules, go to the LEAF Packages configuration menu and choose modules. Enter 1) to edit the /etc/modules file and enter the following information:

# Modules needed for PPP connection
slhc
ppp_generic
ppp_async
ppp_deflate

# Masquerading 'helper' modules
ip_conntrack_ftp
ip_conntrack_irc
ip_nat_ftp
ip_nat_irc

Step 3: Configure ppp

Connection with your ISP will be handled by PPP. The PPP How-to document will give you very detailed information about this protocol and how to set-up the numerous parameters.

Through the LEAF packages configuration menu get access to ppp configuration. The following menu will show-up:

                        ppp configuration files

        1) ISP pppd options
        2) ISP login script
        3) System wide pppd options
        4) chap secret
        5) pap secret

  q) quit
  ----------------------------------------------------------------------------
        Selection:

Entry 1) allows you to adjust the parameter of your ppp connection through the /etc/ppp/peers/provider file. The most important argument is the ttySx parameter which defines the serial port to which your modem is connected.

Tip: Look at your /var/log/syslog file after booting Bering-uClibc. It will give you the list of the serial ports recognized by your linux kernel.

A working /etc/ppp/peers/provider file for a Compuserve connection could look like:

# ISP pppd options file
# What follows is OK for Compuserve
#
noauth
debug           # log transaction to /var/log/messages
/dev/ttyS0      # (ttyS0=com1, ttyS1=com2, ...)
115200          # baud  rate
modem
crtscts         # use hardware flow control
asyncmap 0
defaultroute    # ppp becomes default route to the internet
noipdefault
lock            # don't let other processes besides PPP use the device
connect "/usr/sbin/chat -v -f /etc/chatscripts/provider"

If you plan to dial into a Windows RAS server or a server that uses PAP or CHAP authentication, you need to add a line to this file. Just above the "connect" command, on a line of its own, add:

name your_ISP_login
connect "/usr/sbin/chat -v -f /etc/chatscripts/provider"

You need this because ppp has to masquerade the firewall as you when using PAP or CHAP authentication.

Entry 2) allows you to adjust the communication script which will handle the connection with your ISP. This script is stored in the /etc/chatscripts/provider

A working script for a Compuserve connection could look like:

# ISP login script
# What follows is OK for Compuserve
# Adjust to your taste
ABORT "BUSY"
ABORT "NO CARRIER"
ABORT "VOICE"
ABORT "NO DIALTONE"
ABORT "NO ANSWER"
"" ATZ
# ISP telephone number: 124567890
OK ATDT1234567890#
CONNECT 
Name: CIS
# With compuserve your_login_account=12345,6789
ID: your_login_account/go:pppconnect
Password: your_password
PPP

If you are not using Compuserve you should also delete all of the lines below the <CONNECT > line. A few - very few - ISPs require the final "PPP" line these days.

Edit Entry 3) - /etc/ppp/options "System-wide pppd options" if you want the system to demand dial and to drop the line if idle for a preset time. To do this, change "persist" to "demand" and add another line below "demand" that says "idle 600", where 600 is the number of seconds the system should wait before dropping hanging up if there is no network traffic.

Edit either the PAP (Entry 4) or CHAP (Entry 5) option to set up how your system authenticates. For PAP authentication, choose the PAP option and add a line giving your ISP login and password. Your ISP login must be the same entry as the one provided after the name entry in your ISP pppd options file. If you want to authenticate using CHAP, add the same entry to the CHAP item instead.

# pppd: pap-secrets
 # Secrets for authentication using PAP
 # client        server  secret                  IP addresses
 your_ISP_login    *     your_password

The "*" can be replaced with the IP address or name of the server you are dialling into if you know it. Usually, an asterisk is sufficient.

Important: If you do not know if your ISP is using PAP or CHAP authentication just provide the information on both pap-secrets and chap-secrets files. They have exactly the same structure.

Step 4: Configure your interfaces file

Through the LEAF configuration menu type 1 to access to the network configuration menu and 1 again to edit your /etc/network/interfaces file. Enter the following information:

auto lo ppp0 eth0

iface lo inet loopback

iface ppp0 inet ppp
        provider provider

iface eth0 inet static
        address 192.168.1.254
        netmask 255.255.255.0
        broadcast 192.168.1.255

The "auto" statement declares all the interfaces that will be automatically set up at boot time. This job will be carried out by the "ifup -a" statement in the /etc/init.d/networking script.

The syntax of "iface" statements is explained in the Bering-uClibc's User Guide.

Step 5: Configure Shorewall

Through the LEAF packages configuration menu, choose shorwall and check the two following files:

A) The interfaces file (entry 3) defines your interfaces. Here connection to the net goes through ppp0 and the connection to the internal network through eth0. So we must set:

(...)
 #ZONE   INTERFACE       BROADCAST       OPTIONS
 net     ppp0            -
 loc     eth0            detect          routestopped
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Warning: Do not forget the "-" under the BROADCAST heading for the net/ppp0 entry

B) The masq file (entry 7). With a dial-up modem setup it should look like:

(...)
 #INTERFACE              SUBNET
 ppp0                    eth0
 #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE

Step 6: Make the connection persistent (optional)

If you want to make your connection persistent, i.e. redial automatically your ISP when your line drops down, do the following:

Go back to the option 1) of the ppp configuration file menu to edit the /etc/ppp/peers/provider file and add the following options after the "baud rate" entry:

(...)
115200          # baud  rate
persist
holdoff 10
(...)

Step 7: Save the changes

To save the changes, start lrcfg. The added modules will be saved to moddb with the command "m) Backup modules". The configuration changes are saved with "s) Save config".

Step 8: Reboot...

Your modem connection should be established automatically. Type plog to check the login sequence with your ISP. If there is no output check the logs in /var/log/ to get a clue on potential problems.

Tip: If you want to be sure that your modem and/or script parameters are OK before backing up ppp.lrp, you can launch the connection manually just by typing pon. Use the plog command to see how the connection is going and poff to close down your ppp connection.

ppp-filter.lrp

ppp-filter.lrp needs to be renamed to ppp.lrp before use and uses libpcap.lrp (which also needs to be loaded in leaf.cfg). The filter version can be used to specify a packet filter to be applied to data packets to determine which packets are to be regarded as link activity, and therefore reset the idle timer, or cause the link to be brought down in demand-dialing mode. The configuration (except for the filter-part) is done like the ppp package.

You can enable active filtering by setting (from the pppd man-page):

active-filter filter-expression

This option is useful in conjunction with the idle option if there are packets being sent or received regularly over the link (for example, routing information packets) which would otherwise prevent the link from ever appearing to be idle. The filter-expression syntax is as described for tcpdump, except that qualifiers which are inappropriate for a PPP link, such as ether and arp, are not permitted. Generally the filter expression should be enclosed in single-quotes to prevent whitespace in the expression from being interpreted by the shell.



Up Next