Solved

Route to a different machine

Posted on 1997-08-05
12
241 Views
Last Modified: 2010-03-18
I had asked how to have a dial in on (Machine #2) and really be loging in on (Machine #1), I was told to have machine #2 refuse all logins and route everything to machine #1.

How do I set it up so that 4 modem lines that are set for auto answer on Machine #2 have those lines route to Machine #1 and have users login on machine #1 not machine #2.

I Use Linux 2.0.28 on machine #1 and 2.0.0 on #2. I have been looking at rlogin a little to do this, but would like it a bit more smooth so I wouldn't have to try and get the older users new scripts to handle the extra login.

I don't know much about things that are told to do this with out much detail. Please provide detail or location of detail that will provide enough explanation to get it working.

Thanks
Bob Ross
0
Comment
Question by:bross073097
12 Comments
 
LVL 2

Expert Comment

by:jeffa072897
Comment Utility
bross, one important question first. How are you dialing in? Are you using dip?
A quick suggestion - have the users initial shell command in /etc/passwd call rlogin and move the login scripts to the new system.
0
 
LVL 1

Accepted Solution

by:
bcook earned 30 total points
Comment Utility
If you are just talking about terminal session logins to machine
#1, not PPP or SLIP dialups, then it means you're effectively treating machine #2 as a terminal server.

Simplest way is to set the program in /etc/inittab for those
dialin lines to somthing like:

S1:2345:respawn:/usr/bin/telnet machine1
S2:2345:respawn:/usr/bin/telnet machine1

What this would acheive is to run "telnet machine1" for each
serial line instead of the nornal getty process.

If you have a look at the serial.HOWTO you will see that you need to create an entry in /etc/inittab for each serial (dialup) line that you add to the system.

0
 
LVL 3

Expert Comment

by:sauron
Comment Utility
I'm not sure about this....

If you run telnet from inittab, as suggested, then you have no getty process. If this is the case, would those serial lines accept input at all, or would you just have a 'closed off' telnet session that you would never be able to access ??

I'd have to check myself to be sure though - maybe this will work ok.

As I see it, oyu have to go in one of two ways - set machine one up as a terminal server, or as a PPP server.

0
 

Author Comment

by:bross073097
Comment Utility
Well the PPP is hard to say because I'm not sure of what this involves setting up this second machine to do what I would like it to do. But yes they will use it, after they dial in on machine 2 and login on machine 1 they get to the internet.

I did set S1:2345:respawn:/usr/bin/telnet machine1

It telnets before any one connects to the modem, and when they do connect to the modem, it just gives them a blank screen.

Thanks
Bob Ross

0
 
LVL 1

Expert Comment

by:bcook
Comment Utility
Sorry I forget two critical bits:

S1:2345:respawn:/usr/bin/telnet machine1 </dev/ttyS1 >/dev/ttyS1

(It needs to know what to talk to)

getty is only importany for setting up a login session.

To set up an automatic PPP connection on the line you would do that same thing, only using PPPD.  You'd have to experiment at the command line to see what switches you'd need to give PPPD, and add those to the command line in inittab.

This would be better as it would allow the users full access to your other machine, not just telnet but ftp, etc also.

Another thing would be to create a script that runs on those ports (using inittab again), prompts the user for PPP, TELNET, and then execs the apropriate program.  (You use exec so that there are not other security degrading things hanging onto that port, and when they exit, init will automatically set up your
script for you again).

* The only possible problem is telnet interfering with the modem.
this should be fixed by setting the port's modem control up properly.


0
 

Author Comment

by:bross073097
Comment Utility
You now added something new to me.  I'm not sure on, how to put PPPD in the inittab. I have pppd in a shell under ppp, but have no idea to get it in inittab.

If this gets working I will have to increase the points.

Thanks
Bob Ross
bross@kingman.com
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 1

Expert Comment

by:bcook
Comment Utility
OK, try the telnet bit first.

The shell command you use for pppd (that dialin users use to start their ppp connection) should be able to be used as-is in the inittab entry (Make sure you get the device name parameter right)

Post your pppd command here, and I'll see if there's anything you would need to change.

0
 

Author Comment

by:bross073097
Comment Utility
OK the telnet first, I have even tried putting this as a dialin (d1) but the the difference is the system hangs up on them as soon as they connect.

Heres what I have in inittab

s1:respawn:/bin/telnet 207.254.58.3 </dev/ttyS1>/dev/ttyS1

no prompt from 207.254.58.3

the system still telnets to 207.254.58.3 before any modem connection then the machine 1 times out the telnet because no one is there, and then respawned again.

Thanks
Bob Ross

0
 
LVL 1

Expert Comment

by:bcook
Comment Utility
hmm.. looks like it's not obeying the tty status.

I've done this before. As sauron pointed out you need getty.
The reason for this is so that you have your line answered properly.

What we need to do is set getty up on the port, and get it to
then pass off to a script rather than login.

inittab:

s1:respawn:/sbin/getty -d /usr/TEST/getty.params /dev/ttyS1 38400 vt200

/usr/TEST/getty.params:
login=/usr/TEST/dialin-login.sh

/usr/TEST/dialin-login.sh
#!/bin/sh
exec telnet 207.254.58.3


The reason for using a shellscript is that getty will put a username into the argument list.  Also it will allow us to put the more complex pppd line into the thing later on.

We may need to use bash to get exec to work. (#!/bin/bash)

We use exec here so that if anything happens (telnet exits, or
the shell script is stopped), init will automatically restart getty.

To continue this in real time,
mail me  bcook@wantree.com.au
or right now,   talk  bruce@203.55.231.109
0
 

Author Comment

by:bross073097
Comment Utility
We have the machine routing to machine one using a modified getty, It brings up the login prompt of machine one, sends the user name, but this is where it stops. It will not send a return key, it will allow you to type more after the user name but not the return key. Any one have any Ideas please send them. I have been tring them all.

Thanks
Bob Ross

0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
Your return may be lost in one of those ttys, probably /dev/ttyS1.
Try a different entry in /etc/gettydefs for "38400", see man gettydefs for details (linux's man page is not very informable, it misses all the cool things to do with /etc/gettydefs, see man stty for values to add to the "initial-flags" and "final-flags").
0
 

Author Comment

by:bross073097
Comment Utility
I have been tring a lot of different settings in the gettydefs. Is there anyone that might be able to give us some ideas what should be in there to fix the final problem were having.

Thanks
Bob Ross


0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now