?
Solved

Remote Connection Problems-Can't get past the connect machine

Posted on 2000-01-11
13
Medium Priority
?
321 Views
Last Modified: 2013-12-15
I've set up my RH Linux6.0 machine as a dialup server using mgetty and pppd. Both of these work like they should I believe, the only problem is I cannot get past the machine I originally connect to on our local LAN. We're using the standard 192.168.3.* addressing for our LAN and I'm using a Win98 machine to connect. The DNS-ing is not working either, although we do have a DNS server on the LAN, but it is not the dialup server machine that has it.
So I have 2 questions:
1. Do I have to run a DNS server on the connect machine, or can I just set up a file that tells the remote users which one it is?
2. What organization do I have to contact(or do I have to at all) to get an IP address.(I'd like to use the dialup server as a point of access to the internet for remote users.)

Thank you and sorry about the low points, that's all I have. I'll increase it as soon as it goes up a bit.
0
Comment
Question by:tibori
  • 7
  • 6
13 Comments
 
LVL 1

Accepted Solution

by:
dirge earned 400 total points
ID: 2341969
1. Use "ms-dns a.b.c.d" option in pppd to specify DNS for the clients, where a.b.c.d is the IP address of the DNS server. Note that the DNS server must of course be reachable by the 192.168.x.x network.

2. Get "valid" IP addresses from your upstream ISP, or your regional NIC, e.g. APNIC for Asia Pacific. This might not come cheap. If your dialup clients don't require a "valid" IP, e.g. there's only a workstation on the other end, an alternative is simply to use 192.168.x.x or other "private" IP addresses and turn on IP Masquerading (ipchains) in the dial-up server. Note that you may need to add one or two ipchain rules so that your dialup users will not be able to access the LAN (unless of course these accounts are only for your employees).
0
 
LVL 3

Author Comment

by:tibori
ID: 2353351
I did the 1. step you suggest but it doesn't work. I've heard that for it to work, pppd has to be compiled with this option. Do you know if in RH6.0 this option is compiled in by default, or do I have to recompile the package?
I do need this only for the employees, so I wouldn't necessarily want to get a valid ip from a NIC, just because of the cost. Is it still possible to do it then through the ms-dns configuration?
Thanks
0
 
LVL 3

Author Comment

by:tibori
ID: 2353385
This is what my /etc/ppp/options file looks like. Is it correct?

#Do not fork
-detach
#Do not set up escaped control sequences
asyncmap 0
#use the modem control lines
modem
#use hardware flow control
crtscts
#use uucp style lock to ensure exclusive access to serial device
lock
#create a default route in the routing table
defaultroute

proxyarp
#set up DNS for microsoft(windows) machines
ms-dns 192.168.3.254                
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
LVL 1

Expert Comment

by:dirge
ID: 2354026
You're right...

http://www.linuxgazette.com/issue38/gentry.html

I'm not sure if stock RH6 pppd has this, but apparently not. Easiest way without recompiling is to run a caching-nameserver on the dialup machine which just has your real NS a forwarder in /etc/named.conf:

options {
        directory "/var/named";
        forwarders {
               192.168.3.254 ;
        }
}

but then, given the hassle of setting up a dns server (reverse IP lookups blah), perhaps you'd be better off recompiling.

Good luck!
0
 
LVL 3

Author Comment

by:tibori
ID: 2365231
I'm still not able to reach any other computer except the dial up server. I've used the "proxyarp" command(please see copy of 'options' file above) but it still does not work. I'm not even trying the DNS way yet, just through the IP.
I've downloaded and installed the new PPP package(rpm) Could the local firewall be causing a problem? I've assigned the ip address to the remote to be the in the same domain i.e. 192.168.3.*, but it still does not recognize other machines...not even through pinging. Although a ping does produce a "request timed out" instead of just hanging there...so I think it finds the other machines, it just can't connect to them. The other local machines don't have to run the pppd or something like that do they??
Thanks,
0
 
LVL 3

Author Comment

by:tibori
ID: 2368826
This is what I get when I run ifconfig:
ppp0      Link encap:Point-to-Point Protocol
          inet addr:192.168.3.60  P-t-P:192.168.3.25  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:63 errors:1 dropped:0 overruns:0 frame:1
          TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:10

Why does it say NOARP? Also the netmask should be 255.255.255.0(at least this is what it is on the lan) Where do I change these paramaters, or do I need to? I've tried adding "netmask 255.255.255.0" to the /etc/ppp/options file, but that did not help.
Please help,
Thank you
0
 
LVL 1

Expert Comment

by:dirge
ID: 2368896
Please check:

1. /etc/ppp/options.ttySx contains

hostip:clientip

2. /etc/mgetty+sendfax/login.conf contains

/AutoPPP/ -     -       /usr/sbin/pppd auth -chap +pap login

(you ARE using mgetty..?)

3. netmask 255.255.255.255 is normal for dialup ppp

4. NOARP is also ok

Have you tried putting a nameserver on the dialup box as a last resort?
0
 
LVL 3

Author Comment

by:tibori
ID: 2369195
I'm not using an options.ttySx file, just the old options file...is this bad?

I'm also not using autoppp, instead I set /sbin/pppd in /etc/passwd for a user named ppp. I can see the ppp daemon starting and it logs me onto the network from the dialup machine. I can telnet/ftp etc to the dialup server, and then of course telnet from there to the other machines, but I cannot do it directly. I cannot ping any other machine either. It will try to connect to it, but it gets "request timed out"

3. I am using mgetty which seems to be working fine.

Do I need to set up any other files? Do I need the "defaultroute" or not?

P.S. If we get this problem resolved I'll give you all the points I have...only another 65 extra, but you can have it all. Thanks for the help.
0
 
LVL 1

Expert Comment

by:dirge
ID: 2369251
1. How many dialup lines do you have connected to your server? If more than one, you need to use options.ttyS0, .ttyS1, etc.

2. Seems you don't have IP masquerading turned on... search for "Rusty's Three Line Guide to Masquerading" or some such.

Maybe you can start fresh...

1. install mgetty
2. edit /etc/mgetty+sendfax/login.conf so that ONLY the /AutoPPP/ line as described above is not commented out.
3. for each dialup port, add an /etc/ppp/options.ttySx as described above
4. run linuxconf. Add users using "Users accounts/Special accounts/PPP accounts"
5. Setup a caching-nameserver on your machine with your real DNS server as its forwarder
6. Make sure IP masquerading is turned on

Good luck! ... and no need for the extra points.
0
 
LVL 3

Author Comment

by:tibori
ID: 2369258
do I need to set up any type of packet forwarding etc in network setup.
Also I've tried specifying the DNS on the client(dialin) machine...didn't help.
0
 
LVL 1

Expert Comment

by:dirge
ID: 2369270
1. in /etc/rc.d/rc.local

ipchains -P forward DENY
ipchains -A forward -i ppp0 -j MASQ
echo "1" > /proc/sys/net/ipv4/ip_forward

also run those commands from the prompt

2. won't work unless you can reach the nameserver via a ping
0
 
LVL 3

Author Comment

by:tibori
ID: 2371661
dirge: IT WORKED!!

Thanks a lot. It was IP Masquerading that I needed to turn on. The syntax was a little different than what you specified above. In particular I used ACCEPT instead of DENY for the policy, and I modified the second line to allow only hosts from a specific domain to enter. Anyways, it worked!!
Thanks!!
0
 
LVL 1

Expert Comment

by:dirge
ID: 2372406
Congratulations! :)

Actually, I gave you the ipchains rules from the wrong server -- that's for a server connected to the net via dialup. My real dialup server uses "-i eth0" (net access via leased line on the gateway) and has a line not to allow access to the LAN -- only the 'Net. We have different requirements, I guess. My policy there is still DENY though.

Thanks for the nice grade...! Heheh, my original answer did have IP masq as one of the requirements ;)
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Often times it's very very easy to extend a volume on a Linux instance in AWS, but impossible to shrink it. I wanted to contribute to the experts-exchange community a way of providing a procedure that works on an AWS instance. It can also be used on…
Virtualization software lets you run different versions of Windows, Ubuntu Linux and other versions of Linux all at the same time, rather than running each one directly from your computer's hard drive.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Suggested Courses

588 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question