Linux Network Administrators' Guide

Podstrony

[ Pobierz całość w formacie PDF ]
.dnswalk has been released on comp.sources.misc recently, and should beavailable on all FTP sites that archive this group ftp.uu.net should be a safe bet if youdon't knowof any such site near you.Chapter 7Serial Line IPThe serial line protocols, SLIP and PPP, provide the Internet connectivity for the poor.Apart from a modem and a serial board equipped with a FIFO bu er, no hardware isneeded.Using it is not much more complicated than a mailbox, and an increasing numberof private organizations o er dial-up IP at an a ordable cost to everyone.There are both SLIP and PPP drivers available for Linux.SLIP has been there for quitea while, and works fairly reliable.A PPP driver has been developed recently by MichaelCallahan and Al Longyear.It will be described in the next chapter.7.1 General RequirementsTo use SLIP or PPP, you have to con gure some basic networking features as described inthe previous chapters, of course.At the least, you have to set up the looback interface, andprovide for name resolution.When connecting to the Internet, you will of course want touse DNS.The simplest option is to put the address of some name server into your resolv.confle; this server will be queried as soon as the SLIP link is activated.The closer this nameserver is to the point where you dial in, the better.However, this solution is not optimal, because all name lookups will still go through yourSLIP PPP link.If you worry about the bandwidth this consumes, you can also set up acaching-only name server.It doesn't really serve a domain, but only acts as a relay for allDNS queries produced on your host.The advantage of this scheme is that it builds up acache, so that most queries have to be sent over the serial line only once.A named.boot lefor a caching-only server looks like this:; named.boot file for caching-only serverdirectory var named1207.2.SLIP Operation 121primary 0.127.in-addr.arpa db.127.0 ; loopback netcache.db.cache ; root serversIn addition to this name.boot le, you also have to set up the db.cache le with a validlist of root name servers.This is described toward the end of the Resolver Con gurationchapter.7.2 SLIP OperationDial-up IP servers frequently o er SLIP service through special user accounts.After logginginto such an account, you are not dropped into the common shell; instead a program or shellscript is executed that enables the server's SLIP driver for the serial line and con gures theappropriate network interface.Then you have to do the same at your end of the link.On some operating systems, the SLIP driver is a user-space program; under Linux, it ispart of the kernel, which makes it a lot faster.This requires, however, that the serial linebe converted to SLIP mode explicitly.This is done by means of a special tty line discipline,SLIPDISC.While the tty is in normal line discipline DISC0 , it will exchange data onlywith user processes, using the normal read 2 and write 2 calls, and the SLIP driver isunable to write to or read from the tty.In SLIPDISC, the roles are reversed: now anyuser-space processes are blocked from writing to or reading from the tty, while all datacoming in on the serial port will be passed directly to the SLIP driver.The SLIP driver itself understands a number of variations on the SLIP protocol.Apartfrom ordinary SLIP, it also understands CSLIP, which performs the so-called Van Jacobsonheader compression on outgoing IP packets.1 This improves throughput for interactivesessions noticeably.Additionally, there are six-bit versions for each of these protocols.A simple way to convert a serial line to SLIP mode is by using the slattach tool.Assumeyou have your modem on dev cua3, and have logged into the SLIP server successfully.Youwill then execute:slattach dev cua3 &This will switch the line discipline of cua3 to SLIPDISC, and attach it to one of theSLIP network interfaces.If this is your rst active SLIP link, the line will be attached tosl0; the second would be attached to sl1 , and so on.The current kernels support up to eightsimultaneous SLIP links.1Van Jacobson header compression is described in RFC 1441.7.2.SLIP Operation 122The default encapsulation chosen by slattach is CSLIP.You may choose any other modeusing the -p switch.To use normal SLIP no compression , you would useslattach -p slip dev cua3 &Other modes are cslip, slip6, cslip6 for the six-bit version of SLIP , and adaptivefor adaptive SLIP.The latter leaves it to the kernel to nd out which type of SLIP encap-sulation the remote end uses.Note that you must use the same encapsulation as your peer does.For example, ifcowslip uses CSLIP, you have to do so, too.The symptoms of a mismatch will be thata ping to the remote host will not receive any packets back.If the other host pings you,you may also see messages like Can' t build ICMP header" on your console.One way toavoid these di culties is to use adaptive SLIP.In fact, slattach does not only allow you to enable SLIP, but other protocols that usethe serial line as well, like PPP or KISS another protocol used by ham radio people.Fordetails, please refer to the slattach 8 manual page.After turning over the line to the SLIP driver, you have to con gure the network interface.Again, we do this using the standard ifcon g and route commands.Assume that fromvlager, we have dialed up a server named cowslip.You would then executeifconfig sl0 vlager pointopoint cowsliproute add cowsliproute add default gw cowslipThe rst command con gures the interface as a point-to-point link to cowslip, whilethe second and third add the route to cowslip and the default route using cowslip as agateway.When taking down the SLIP link, you rst have to remove all routes through cowslipusing route with the del option, take the interface down, and send slattach the hangupsignal.Afterwards you have to hang up the modem using your terminal program again:route del defaultroute del cowslipifconfig sl0 downkill -HUP 5167.3.Using dip 1237.3 Using dipNow, that was rather simple.Nevertheless, you might want to automate the above steps sothat you only have to invoke a simple command that performs all steps shown above.This iswhat dip is for.2 The current release as of this writing is version 3.3.7.It has been patchedvery heavily by a number of people, so that you can't speak of the dip program anymore.These di erent strains of development will hopefully be merged in a future release.dip provides an interpreter for a simple scripting language that can handle the modem foryou, convert the line to SLIP mode, and con gure the interfaces.This is rather primitiveand restrictive, but su cient for most cases.A new release of dip may feature a moreversatile language one day.To be able to con gure the SLIP interface, dip requires root privilege.It would nowbetempting to make dip setuid to root, so that all users can dial up some SLIP server withouthaving to give them root access.This is very dangerous, because setting up bogus interfacesand default routes with dip may disrupt routing on your network badly.Even worse, thiswill give your users the power to connect to any SLIP server, and launch dangerous attackson your network.So if you want to allow your users to re up a SLIP connection, writesmall wrapper programs for each prospective SLIP server, and have these wrappers invokedip with the speci c script that establishes the connection.These programs can then safelybe made setuid root.37.3.1 A Sample ScriptA sample script is produced in gure 7.1.It can be used to connect to cowslip byinvoking dip with the script name as argument:dip cowslip.dipDIP: Dialup IP Protocol Driver version 3.3 [ Pobierz całość w formacie PDF ]

zanotowane.pl

doc.pisz.pl

pdf.pisz.pl

bezglutenowo.pev.pl