1021 lines
36 KiB
Plaintext
1021 lines
36 KiB
Plaintext
|
|
-->
|
|
|
|
HOW-TO FOR INHOUSE INTRANET
|
|
|
|
Author: Sarma Seetamraju
|
|
EMail: (sarma@usa.net)
|
|
Date: August 1997
|
|
|
|
Place: on the Amtrack and Path Trains on the way to Downtown Manhattan.
|
|
Notepad Used: a 16-Mhz 386 SX circa 1991 Magnavox notebook running linux.
|
|
(Just to show that if you ever complain about linux not running AS IS
|
|
on your computer, I am going to shove that computer up your .... )
|
|
|
|
Reformatted as HTML for: All abnormal people who cannot stand illegible
|
|
plain text.
|
|
|
|
Important: SOCKS is a FREE package for UNIX systems. I doubt its available for
|
|
OTHER platforms. If you wish to influence NETSCAPE to keep supporting SOCKS,
|
|
email me with your supporting statement (saying how you are using SOCKS).
|
|
|
|
|
|
_________________________________________________________________
|
|
|
|
This document describes the procedure to set up a NETWORK (INTRANET)
|
|
at your home. Then we shall setup up the network such that NETSCAPE
|
|
Clients can be used on ANY machine to access the internet...
|
|
|
|
The network we are talking about,
|
|
* has TWO or more computers...
|
|
* wherein, there is ONE (ONLY ONE) linux machine
|
|
* and the rest are Win95 or WinNT machines. (I doubt things will be
|
|
any different for a MACintosh).
|
|
* Only the LINUX machine has PPP access to the internet. The other
|
|
machines MAY have modems. I shall ignore those modems.
|
|
* if ANY of your clients are UNIX machines, you are perhaps better
|
|
off reading the "sockd" package's documentation, since you may be
|
|
needing the use of "rlogin", "ftp" etc... from within the UNIX
|
|
CLIENTS. This document will not help you in that aspect.
|
|
* The computer network is assumed to be TCP/IP over ethernet. No
|
|
netbeui, etc...
|
|
|
|
_The "single linux" machine will be referred to as the "LINUX SYSTEM".
|
|
while all others are referred to as "OTHER MACHINES" or also as
|
|
"CLIENT MACHINES". The linux machine is also referrred to as the
|
|
"SERVER" sometimes._
|
|
_________________________________________________________________
|
|
|
|
If you do not understand the next para, then jump to the FOR NETWORK
|
|
NOVICES ONLY section. Then come back here...
|
|
|
|
All of the following assumes that there is an IP address assigned
|
|
(using "ifconfig") to the eth0 port of your LINUX server.
|
|
|
|
Also, matter, this document does not restrict you to PPP only (it
|
|
could be SLIP, PPTP, etc...) The IP address of the "ppp0" port is
|
|
absolutely irrelevant. This document assumes you have one such port,
|
|
and that its UP.
|
|
|
|
|
|
_________________________________________________________________
|
|
|
|
_WHY WE NEED SUCH AN ARRANGEMENT:_
|
|
* The linux machine is to be used to connect to the world. Only the
|
|
linux machine has a REAL-WORLD IP address. (see below). (see
|
|
"ON-LINE services" section below). The linux machine has a
|
|
non-persistent PPP link to the world.
|
|
* The other machines in the network have IP addresses that are
|
|
either invalid or are unknown to the world.
|
|
* You need to use the "Other Machines", and NOT the linux machine to
|
|
access the internet, VIA NETSCAPE ONLY.
|
|
* I have no need to "telnet" or FTP directly from the "other m/c" to
|
|
the world. If I ever need to, I telnet manually into the linux
|
|
machine, and then into the world.
|
|
|
|
I did NOT want to spend much on a linux m/c that didn't run an X
|
|
server (much less any X applications). I bought a 486Dx/4 100 Mhz PCI
|
|
board (since I didn't want to be stuck with plain ISA slots), with a
|
|
$20 SVGA card and a $20 NE2000 compatible card, and an extra 20$ for
|
|
terminators+co-ax ('cos I didn't know how to convert a regular
|
|
Ethernet Hub connecter into a pt-2-pt connector).
|
|
|
|
And $90 worth of memory (it went all the way to $60 for 16megs) and I
|
|
had a fully functional linux system for $270. Don't intend to burden
|
|
that system with NT or any other memory-disk-cpu hogging OSes.
|
|
Ofcourse, my client machine is a 32-meg P100 machine with two hard
|
|
disks (one of which was transplanted as a linux machine's HD) and runs
|
|
95.
|
|
|
|
The linux system is sitting on top of a clean PizzaHut pizza box. I
|
|
couldn't affort another $50 for a tower, since I was getting a power
|
|
supply module from one of my friends.
|
|
|
|
|
|
_________________________________________________________________
|
|
|
|
_The reason I chose NETSCAPE_ is that I no longer use FTP manually.
|
|
Its simply, out of fashion. Every ftp site, worth its name and every
|
|
company, has a web site that lets me use the Netscape browser to
|
|
access their ftp site. I do need to telnet frequently, but go thru the
|
|
trouble of going from my win95/winNT4.0 machine to the linux machine,
|
|
and from there... Secondly, I am hooked to QuickTime and all those net
|
|
audio sites. And LINUX versions of those tools, do not exist. So, I
|
|
have to run stuff from Netscape ON windows platforms. And my LINUX
|
|
machine recvs EMail using sendmail... (remember, I have a fixed IP
|
|
address. Such fixed IP addresses are better ONLY for things like
|
|
recving email. Its no benefit for Surfing, Telnetting, etc...)
|
|
|
|
Lastly, we will never have a "Microsoft Explorer Browser" for linux,
|
|
and hence I never even considered using Explorer. Also something tells
|
|
me that its NOT going to be this easy to configure the Explorer as it
|
|
was to configure the NETSCAPE on the CLIENT machines (i.e., the other
|
|
machines).
|
|
_________________________________________________________________
|
|
|
|
|
|
|
|
PROXY SERVER
|
|
|
|
|
|
|
|
I am not giving directions to installing a PROXY server. This is about
|
|
installing a "socks" facility on the LINUX machine, which NETSCAPE on
|
|
the client machines can use to access the internet. NETSCAPE (as far
|
|
as I know) is the ONLY application that runs on NON-UNIX machines and
|
|
is aware of the SOCKS facility.
|
|
_________________________________________________________________
|
|
|
|
|
|
|
|
INTERNET Addresses
|
|
|
|
|
|
|
|
If you have a TCP/IP network, then you MUST have ATLEAST two IP
|
|
addresses for the machines (one for the LINUX machine and another for
|
|
the one of the Client Machines, and more IP addresses if you have more
|
|
than one client machine).
|
|
|
|
Read the other HOW-TOs on how to assign IP addresses to ALL your
|
|
machines on the TCP/IP network. (ESPECIALLY IF YOU DO NOT have a
|
|
REGISTERED internet domain).
|
|
|
|
I created a network 10.0.1.x out of the single LINUX machine and the
|
|
single Win95 machine. They were assigned 10.0.1.1 and 10.0.1.2
|
|
respectively. The 10.0.1.1 is the IP address of the ETHERNET port
|
|
(eth0) of the LINUX machine. The ppp0 port has another IP (which
|
|
[lucky me] has a fixed IP address). That IP address is irrelevant to
|
|
us, and also, being withheld for security reasons.
|
|
|
|
I also have a fixed domain name server on the other end of the PPP
|
|
link. (University machine).
|
|
|
|
The linux machine has a modem and CRONTAB entries, that automatically
|
|
dial up to the internet at fixed times daily. I also manually connect
|
|
to the internet, when I want to go surfing.
|
|
|
|
If you connect to the internet via ON-LINE services, see below...
|
|
_________________________________________________________________
|
|
|
|
|
|
|
|
ON-LINE services
|
|
|
|
|
|
|
|
If you connect to the world using ON-LINE services like AOL,
|
|
Compuserve, Sprynet, Netcom etc... then you may NOT have a fixed IP
|
|
address. That is of little relevance in getting your intrAnet hooked
|
|
up to the world. If you do not believe that, I request you to read
|
|
on... and become a believer...
|
|
_________________________________________________________________
|
|
|
|
|
|
|
|
Some Background Information
|
|
|
|
|
|
|
|
(For those who are like me and want to know what the hell is
|
|
happening...). Others may skip this section....
|
|
1. ... since you have ONLY one ethernet network, you do NOT need
|
|
routing within that network. And you perhaps have manually
|
|
hardcoded the IP addresses ( 10.0.1.1, 10.0.1.2 ) of ALL your
|
|
machines in /etc/hosts. If you did that, you are smart person.
|
|
Using "named" for a two or three computer network at home, is like
|
|
using the bulldozer instead of a spoon to eat.
|
|
2. What we would ideally like, is for ALL IP packets from the client
|
|
machines to go to the LINUX machine, which will then route
|
|
accordingly. Problem with this, you are exposing your computer to
|
|
hackers because if the LINUX machine routes, you DO NOT have
|
|
firewalling or proxy or whatever. Here in this document, we will
|
|
do firewalling unintentionally! while trying to get NETSCAPE to
|
|
access internet from the client machines.
|
|
|
|
One problem with this "re-routing" desired from the linux machine,
|
|
is that the clients MUST actually SEND ALL packets to the linux
|
|
machine, no matter what the destination address. To that end,
|
|
Win95 and WinNT will ONLY allow "proxy servers" (Which I intend to
|
|
figure out, and write another document on).
|
|
3. IF you are well versed with various free utils, you may have heard
|
|
of "term" package. It was designed simply because its easier to
|
|
configure networks being a "simple" user and NOT AS A ROOT/ADMIN
|
|
(on both client and server sides). The same logic goes with
|
|
NETSCAPE on the clients. It is easier to JUST GET the netscape to
|
|
access the internet and leave the rest of the features (FTP,
|
|
TELNET) unsupported.
|
|
4. If you think, having ONLY netscape access and NOT telnet / ftp
|
|
access to internet from the client machines, is a bummer, then you
|
|
are a dinosaur. Wake Up, Mr./Ms. Rip Van Winkle.
|
|
5. (TECHNICAL) The "named" which remained unused (as mentioned above)
|
|
will be put to use to support NETSCAPE (so that http:/www.sex.org
|
|
will be resolved right from the client machine).
|
|
6. (TECHNICAL) You will have to REBUILD your LINUX kernel to disable
|
|
IP forwarding. I intend to rebuild my kernel with forwarding
|
|
ENABLED and see if the socks package still works (I am betting it
|
|
will). If it does, then you will find a newer version of this
|
|
document. (What this means, is that, you can use the kernel
|
|
installed by your favorite LINUX installation package).
|
|
7. You will need ROOT access on the linux machine :-) You will need
|
|
to download the socks package and COMPILE it. It will NOT compile
|
|
'cos the MAKE file is bad.
|
|
8. (TECHNICAL) be prepared to edit the socks.c file, to comment out
|
|
ONLY two lines which place an entry in your syslog file (/var/adm)
|
|
for every data transfer via socks. For eg: a single page on
|
|
WWW.CNN.COM will have 10 pictures atleast and 5 separate text
|
|
objects. For each of them you will find an entry in syslog (that
|
|
it was transferred!). My syslog keeps filling up. I do NOT like
|
|
that. Maybe you might not mind.
|
|
9. This sockd package supports CLIENT machines ONLY. All applications
|
|
on the LINUX machine DO NOT need the sockd or any other package to
|
|
access the internet, since this LINUX machine connects to internet
|
|
directly using PPP.
|
|
|
|
|
|
_________________________________________________________________
|
|
|
|
|
|
|
|
PREPARING YOUR LINUX MACHINE
|
|
|
|
|
|
|
|
Read the NET-HOW-TO in /usr/doc/faq/howto on your linux machine (if
|
|
its slakware), or go to the www.linux.org and read the same NET-HOW-TO
|
|
there...
|
|
|
|
In that you will find how to down load the socks package and compile
|
|
it. You NEED TO READ the instructions there to setup the in-house
|
|
network. But you are welcome to read this :-) .
|
|
|
|
That document spends a lot of time, explaining how to configure UNIX
|
|
clients. Especially for "rlogin" "telnet" "ftp" etc... If you do not
|
|
have UNIX clients, then after compiling the SOCKS package, start
|
|
reading this document again, for using the socks package rather than
|
|
the readme file in that package.
|
|
|
|
I placed the tar file in /usr/local/ProxyServer and untarred it,
|
|
creating a "sockd4.2b" subdirectory within which there is a
|
|
"Makefile". As mentioned in the howto document, I had to struggle to
|
|
successfully do a make on the MAKEFILE.
|
|
|
|
|
|
_________________________________________________________________
|
|
|
|
For your convenience, the MAKEFILE is included at end...
|
|
|
|
Hopefully, you will have change line # 9 of my copy of the Makefile,
|
|
only.
|
|
_________________________________________________________________
|
|
|
|
Then I moved the sockd directory contents into its parent and changed
|
|
the line # 9 and did a make again -- successfully. So I guess I
|
|
"fixed" the MAKEFILE.
|
|
_________________________________________________________________
|
|
|
|
|
|
|
|
Setting UP the sockd daemon
|
|
|
|
|
|
|
|
You will find an executable called "sockd" in the sockd subdirectory.
|
|
|
|
|
|
Once you are done compiling, _COPY the following files to_ /usr/local/etc
|
|
(They SHOULD be in the same dir as the sockd directory)
|
|
sockd (The executable a.k.a daemon)
|
|
sockd.conf (configuration file)
|
|
sockd.route (configuration file)
|
|
socks.conf (configuration file)
|
|
|
|
# ### make a link called "socks" which points to "sockd" within the same dir.
|
|
# cd /usr/local/etc
|
|
# ln -s sockd socks
|
|
|
|
Then edit those three configuration files so that they are similar to
|
|
the ones given below (these are my settings for a two computer
|
|
network, made up of a LINUX "server" and a Win95/WinNT client
|
|
machine).
|
|
_________________________________________________________________
|
|
|
|
|
|
|
|
My sockd.conf file
|
|
|
|
|
|
|
|
permit 10.0.1.2 0.0.0.0
|
|
deny 0.0.0.0 0.0.0.0 : /usr/ucb/finger @%A | /usr/ucb/mail -s 'SOCKD: reject
|
|
ed -- from %u@%A to host %Z (service %S)' root
|
|
#BAD_ID: /usr/ucb/finger @%A | /usr/ucb/mail -s '%U pretends to be %u on host %
|
|
A' root@%A root
|
|
#NO_IDENTD: /usr/ucb/mail -s 'Please run identd on %A' %u@%A root@%A
|
|
#[EOF]
|
|
|
|
_NOTE_: 10.0.1.2 is my Win95/WinNT client machine's IP address. This
|
|
sockd.conf file MUST be on your LINUX server (in my case that the
|
|
ethernet port of the LINUX server has an IP address = 10.0.1.1)
|
|
|
|
_NOTE_: This sockd program is for CLIENT machines ONLY. All
|
|
applications on the LINUX machine DO NOT need the sockd or any other
|
|
package to access the internet, since this LINUX machine connects to
|
|
internet directly using PPP.
|
|
|
|
|
|
_________________________________________________________________
|
|
|
|
|
|
|
|
My sockd.route file
|
|
|
|
|
|
|
|
#! NoShell
|
|
10.0.1.1 10.0.1.0 255.255.255.0
|
|
#[EOF]
|
|
|
|
_NOTE_: The first IP address is the address of the LINUX machine's
|
|
eth0 PORT. The second IP number is NOT an IP address -- Its the
|
|
NETWORK address (basically, convert the last of the FOUR numbers of
|
|
the IP address into a ZERO).
|
|
_________________________________________________________________
|
|
|
|
|
|
|
|
My socks.conf file
|
|
|
|
|
|
|
|
direct 127.0.0.1 255.255.255.255
|
|
direct 10.0.1.1 255.255.255.255
|
|
direct 10.0.1.2 255.255.255.255
|
|
sockd @=199.99.99.99 10.0.1.1 0.0.0.0
|
|
|
|
|
|
_________________________________________________________________
|
|
|
|
|
|
_________________________________________________________________
|
|
|
|
|
|
_________________________________________________________________
|
|
|
|
|
|
|
|
Now to configure the LINUX machine
|
|
|
|
|
|
* _Step # 1:_ Check to see if "named" is already running in your
|
|
system. If it is -- then, you are on your own. Unless you know the
|
|
concepts of DNS very well, you may not be able to adapt the
|
|
contents of this document to suit your needs.
|
|
* _Step # 2:_ Copy the "named.boot" file given below into your
|
|
machine.
|
|
* _Step # 3_: copy the "root.cache" file given below into your
|
|
machine (follow instructions that come with it).
|
|
|
|
|
|
_________________________________________________________________
|
|
|
|
|
|
|
|
/etc/host.conf file
|
|
|
|
All programs that run on the LINUX machine WILL (you cannot prevent
|
|
that) use the resolver libraries -- which depend on the file
|
|
/etc/host.conf
|
|
|
|
You must make sure that NONE of these programs ever access the "named"
|
|
daemon on THAT VERY linux machine. To do that we shall specify to the
|
|
resolver routines (i.e., routines which convert www.cnn.com into the
|
|
numerical ip address) that those resolver routines MUST either check
|
|
the /etc/hosts file and then check the DNS servers mentioned in
|
|
/etc/resolv.conf
|
|
|
|
How do we do that? Simply, make sure the /etc/host.conf file is :-
|
|
|
|
|
|
order hosts, bind
|
|
multi on
|
|
|
|
If there is anything else, remove it, unless you know a lot about DNS
|
|
and "named".
|
|
|
|
The reason I insist on preventing the LINUX machine's applications
|
|
from accessing its own "named" server, is because it makes no sense.
|
|
And from my experience, such a "unnecessaries" may look technically
|
|
safe and harmless but will cause enough grief sooner or later...
|
|
|
|
The linux machine is obviously doing just great accessing the internet
|
|
via the PPP (or whatever link) link. We are installing "sockd" package
|
|
and the "named" daemon for the client machines. Let's not disturb the
|
|
LINUX system.
|
|
_________________________________________________________________
|
|
|
|
You DO NOT NEED to change the "/etc/gateways" or "/etc/hosts" file or
|
|
the "hosts.allow" or the "hosts.deny" file in order to get your socks
|
|
working.
|
|
|
|
Do not change any file unless someone suggests a change to that
|
|
file...
|
|
|
|
I will also assume that you have setup "resolv.conf" properly, to
|
|
enable your LINUX server to access the internet and the DNS (on the
|
|
"other end" of the PPP connection). My sample resolv.conf file is
|
|
available as a sample at the very end.
|
|
|
|
_
|
|
***********************************************
|
|
WARNING
|
|
***********************************************
|
|
For your own good, I suggest that you setup your
|
|
machine through the linux installation programs
|
|
(i.e., while installing linux on your computer.)
|
|
************************************************
|
|
_
|
|
|
|
|
|
_________________________________________________________________
|
|
|
|
|
|
|
|
My named.boot file
|
|
|
|
|
|
|
|
; boot file for name server
|
|
forwarders 128.112.129.111
|
|
directory /etc
|
|
cache . root.cache
|
|
primary 1.0.10.in-addr.arpa named_DNS_for_inTi_xwk
|
|
^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
NOTE: line # 2, contains the IP address of the DNS server in the
|
|
network to which your LINUX machine connects to using PPP(or
|
|
whatever).
|
|
|
|
*** How to determine this IP Address ****
|
|
|
|
SIMPLE ! on a command prompt type in the command "nslookup". The
|
|
response you see will CONTAIN such an IP address. (After noting the
|
|
DNS' IP address, exist "nslookup" using <CTL-D>.
|
|
|
|
_NOTE_: The LAST line contains the _name of a file_ called
|
|
"named_DNS_for_inTi_xwk' which MUST be in the "/etc" directory. The
|
|
contents of this file, is given below (you are free to give it a
|
|
better name :-) )
|
|
_________________________________________________________________
|
|
|
|
|
|
|
|
My "named_DNS_for_inTi_xwk" file
|
|
|
|
|
|
|
|
@ IN SOA 10.0.1.0 hostmaster.10.0.1.0 (
|
|
1 ; Serial
|
|
28800 ; Refresh
|
|
7200 ; Retry
|
|
604800 ; Expire
|
|
86400) ; Minimum TTL
|
|
NS 10.0.1.1
|
|
1 PTR MyLinuxMachine
|
|
|
|
_NOTE_: The last line (starts with a 1) contains the name
|
|
"MyLinuxMachine". replace it with the name in /etc/HOSTNAME. _NOTE_:
|
|
Again , as you have been doing so far, replace "10.0.1.1" with that of
|
|
your LINUX machine eth0 port's address, and replace "10.0.1.0" with
|
|
that of the network address of that port. _NOTE_: I really do not
|
|
understand every character of the above file. You will be better off
|
|
statisfying your curiousity by studying the documentation for the
|
|
NAMED daemon.
|
|
_________________________________________________________________
|
|
|
|
|
|
|
|
My root.cache file
|
|
|
|
|
|
|
|
_To get this file read the NET-HOW-TO documentation and the
|
|
documentation that comes with the socks package.
|
|
|
|
Those instructions are VERY simple...
|
|
|
|
All I did was to run a command mentioned there, and redirected it into
|
|
a file and called it "/etc/root.cache"
|
|
|
|
_
|
|
|
|
; > DiG 2.1 > ns
|
|
;; res options: init recurs defnam dnsrch
|
|
;; got answer:
|
|
;; ->>HEADER
|
|
|
|
|
|
__________________________________________________________________________
|
|
|
|
|
|
|
|
Add this to /etc/services
|
|
|
|
|
|
|
|
(add the single line starting with "socks"...)
|
|
|
|
# services This file describes the various services that are
|
|
# available from the TCP/IP subsystem. It should be
|
|
# consulted instead of using the numbers in the ARPA
|
|
# include files, or, worse, just guessing them.
|
|
# Version: @(#)/etc/services 3.02 02/21/93
|
|
# Author: Fred N. van Kempen,
|
|
|
|
... <lines delete>
|
|
|
|
socks 1080/tcp # sarma: Sep.15.96: Got this fr
|
|
om the ~sockd/include/socks.h file.
|
|
|
|
... <lines delete>
|
|
|
|
# End of services.
|
|
|
|
|
|
|
|
_NOTE_: This line is read ONLY by inetd daemon I think. This tells the inetd t
|
|
o invoke the "socks" program for all tcp connections to the port # 1080.
|
|
|
|
|
|
__________________________________________________________________________
|
|
|
|
|
|
|
|
Add this to your /etc/inetd.conf file
|
|
|
|
|
|
|
|
# I am just following instructions from ~sockd/doc/sockd.1 man pages...
|
|
socks stream tcp nowait root /usr/local/etc/socks
|
|
|
|
|
|
* NOTE: Make sure /usr/local/etc is in the SYSTEMS's default PATH.
|
|
* NOTE: For more instructions, read the SOCKD package's instruction
|
|
file. In that this very same line is mentioned, and also you will
|
|
get to know what it means...
|
|
* NOTE: As the filename indicates, this file tells the "inetd"
|
|
daemon where it can find the "socks" program, and what arguments
|
|
to pass it (always) etc...
|
|
|
|
|
|
__________________________________________________________________________
|
|
|
|
|
|
|
|
__________________________________________________________________________
|
|
|
|
|
|
|
|
__________________________________________________________________________
|
|
|
|
|
|
|
|
LET'S GET STARTED !
|
|
|
|
|
|
Now reboot your system (if you know how, you may instead send HUP to the approp
|
|
riate daemons). Your LINUX server is now set.
|
|
|
|
|
|
|
|
do a "tail -f /var/adm/messages" and a "tail -f /var/adm/syslog" simultaneousl
|
|
y and attempt to connect using NETSCAPE from your CLIENT machines.
|
|
|
|
|
|
|
|
Now let's configure the client machine's Netscape...
|
|
|
|
|
|
__________________________________________________________________________
|
|
|
|
|
|
|
|
Configuring NETSCAPE 3.0 Client
|
|
|
|
|
|
This is to be DONE on the client machines ONLY
|
|
|
|
DO NOT bother doing this on the LINUX server.
|
|
|
|
|
|
|
|
* Pull down the menu called "options" in Netscape.
|
|
* Choose "Network Preferences".
|
|
* You MUST see a dialog box (new window) with "TABS" (layers)...
|
|
* One of the "tabs" will be labelled "PROXIES"
|
|
* Click on that layer/tab.
|
|
* You will see a radio button labelled "manual proxy configuration"
|
|
with a button beside.
|
|
* CLick on that button to open up another dialog box.
|
|
* The second last set of entry slots in that new window will show
|
|
you...
|
|
|
|
|
|
--------- -------------------------- --------
|
|
| socks | | | | 1080 |
|
|
--------- -------------------------- --------
|
|
|
|
|
|
This shows that netscape is already aware of socks. All you have to do is to t
|
|
ell NETSCAPE where the socks daemon is running.
|
|
|
|
|
|
|
|
Type in the _eth0 port IP address_ of the linux server in the _middle box_ show
|
|
n above...
|
|
|
|
|
|
|
|
Save this setting and get going... !!
|
|
|
|
|
|
|
|
__________________________________________________________________________
|
|
|
|
|
|
|
|
__________________________________________________________________________
|
|
|
|
|
|
|
|
__________________________________________________________________________
|
|
|
|
|
|
|
|
For Networking NOVICES
|
|
|
|
|
|
If you have already used your Win95 or WinNT machines to connect to the
|
|
internet via PPP, this documents is of absolutely NO help to you. Anyways, wh
|
|
y bother using linux to connect to the internet when you can do so via the clie
|
|
nt machine's built-in PPP?
|
|
|
|
|
|
|
|
If you haven't been able to connect to the internet via the LINUX serve
|
|
r, then stop reading this document and read the other HOW-TO documents to setup
|
|
your LINUX machine to access the internet via the PPP link.
|
|
|
|
|
|
|
|
I hope you know the concept of IP addresses. In short IP addresses have "mnemo
|
|
nics" formats (like www.cnn.com) as well as numeric versions like "198.20.186.4
|
|
". If you type the former "www.cnn.com" someone must HELP your computer conver
|
|
t that name into the numerical format.
|
|
|
|
|
|
|
|
Why the numerical format? 'cos, that numerical format encodes a very e
|
|
fficient system of telling each computer HOW to send out communication capsules
|
|
to OTHER computers THAT IT WANTS TO communicate to.
|
|
|
|
|
|
|
|
So, if you type in "www.cnn.com" on your NETSCAPE browser, then a UNIX
|
|
computer called a "DNS server" will convert that name into a number for your co
|
|
mputer. Then your computer will use that numerical format of the IP address to
|
|
actually CONNECT to www.cnn.com and show you their latest news.
|
|
|
|
|
|
|
|
So, the gist being that : to use the internet you need a DNS server. This docu
|
|
ment includes instructions on setting up your computer to HOOK up to your NEIGH
|
|
BORHOOD DNS server.
|
|
|
|
|
|
|
|
Your LINUX machine MUST have ALL of the following :-
|
|
1. A modem, through which you can connect to INTERNET *** DIRECTLY
|
|
***
|
|
2. An ethernet card, to which you have the ethernet cable hooked up
|
|
(the other ends of which you have your client machines hooked up
|
|
to...)
|
|
3. A Working PPP connection.
|
|
4. A Valid DNS server information (use nslookup --- if that program
|
|
retuns invalid values, stop reading this document. You WILL NOT be
|
|
able to proceed...)
|
|
5. Netscape 2.0 or later on your client machines.)
|
|
|
|
The "modem" is technically referred to as the "ppp0 port" as far as
|
|
this document is concerned. By "port" I mean something similar to
|
|
a "Sea-Port". This modem or PPP port enables you to "explore the
|
|
world" (go on a "vacation" from daily chores) :-)
|
|
|
|
|
|
|
|
The "ethernet card" is your "eth0" port. That ethernet "port" lets you explore
|
|
the ethernet network to which its connected.
|
|
|
|
|
|
|
|
Since your client machines are connected via the ethernet cable to the LINUX ma
|
|
chine, anything that your client machine communicates to the LINUX machine will
|
|
ONLY REACH the linux machine VIA the "eth0" port. ANything that the outside
|
|
world sends to your LINUX machine will ONLY REACH via the "ppp0 port". So, its
|
|
very important that these two ports be given "DIFFERENT ADDRESSES".
|
|
|
|
|
|
|
|
To make things easier for you, if you ALREADY successfully connected to the wor
|
|
ld using PPP, then, you have UNKNOWINGLY (or knowingly) assigned an IP numerica
|
|
l address to your linux machine's PPP port.
|
|
|
|
|
|
|
|
__________________________________________________________________________
|
|
|
|
|
|
|
|
The MAKEFILE for sockd compilation
|
|
|
|
|
|
|
|
SHELL=/bin/bash
|
|
#SOCKS=-DSOCKS
|
|
# or
|
|
SOCKS=-Dconnect=Rconnect -Dgetsockname=Rgetsockname -Dlisten=Rlisten -D
|
|
accept=Raccept -Drcmd=Rrcmd -Dbind=Rbind -Dselect=Rselect
|
|
CFLAGS="$(SOCKS)"
|
|
|
|
# If your system doesn't have PWD defined, define it here:
|
|
PWD="/usr/local/ProxyServer/socks42b"
|
|
# It should be this current directory.
|
|
|
|
# If your system has getcwd() but no getwd(), uncomment the next line:
|
|
#GETCWD=-DGETCWD
|
|
|
|
# Define FASCIST if you want ftp (rftp) to log names of all files trans
|
|
ferred
|
|
#FASCIST=-DFASCIST
|
|
|
|
# Define RCMD and SUPPORT_RCMD if you want to support Rrcmd, which is r
|
|
equired
|
|
# for SOCKSified rlogin, rsh, and rcp.
|
|
RCMD=Rrcmd.o
|
|
SUPPORT_RCMD=-DSUPPORT_RCMD
|
|
|
|
# Define FOR_PS if your system is not SYSV and you want to have the
|
|
# command 'ps' show some details of sockd's activity.
|
|
FOR_PS=-DFOR_PS
|
|
|
|
# Define SHORTENED_RBIND to make Rbind() take exactly the same
|
|
# argument list as the regular bind(), i.e., without the additional
|
|
# 'remhost' argument.
|
|
SHORTENED_RBIND=-DSHORTENED_RBIND
|
|
|
|
# optimization flag for cc
|
|
#OPTIMIZE=-g
|
|
OPTIMIZE=-O6 -fomit-frame-pointer -pipe -m486
|
|
# Be careful with the OPTIMIZE flag. SunPro's SC2.0.1, for example, is
|
|
# knwon to produce incorrect code when -O is used.
|
|
|
|
# Directory into which to install the man pages
|
|
MAN_DEST_DIR = /usr/local/man
|
|
|
|
# Directory into which the SOCKS server should be installed
|
|
SERVER_BIN_DIR = /usr/local/ProxyServer
|
|
## This was defalted to /usr/local/etc
|
|
|
|
# Directory into the client programs should be installed
|
|
CLIENTS_BIN_DIR = /usr/local/ProxyServer
|
|
## This was defaulted to /usr/local/bin
|
|
|
|
# LINUX should use
|
|
CC=gcc
|
|
RANLIB=ranlib
|
|
RESOLV_LIB=
|
|
#OTHER_CFLAGS=-traditional -DLINUX $(GETCWD) $(FASCIST) $(SHORTENED_RB
|
|
IND) -DCOMPAT
|
|
OTHER_CFLAGS=-DLINUX $(GETCWD) $(FASCIST) $(SHORTENED_RBIND) -DCOMPAT
|
|
OS=linux
|
|
INSTALL=install
|
|
GETPASS=getpass.o
|
|
|
|
# Remember to include -Dindex=strchr -Drindex=strrchr in OTHER_CFLAGS i
|
|
f
|
|
# you don't have index() and rindex() (Sys-V camp)
|
|
|
|
#
|
|
|
|
|
|
|
|
__________________________________________________________________________
|
|
|
|
|
|
|
|
The ppp-on script
|
|
|
|
|
|
NOTE: This script is being provided as a sample. Having this sample is not a g
|
|
uarantee that you will have an internet connection.
|
|
|
|
|
|
#!/bin/csh
|
|
#
|
|
# ppp-on
|
|
#
|
|
# Set up a PPP link
|
|
|
|
set LOCKDIR=/var/spool/uucp
|
|
set DEVICE=cua3
|
|
|
|
set OUR_IP_ADDR=128.000.111.222
|
|
|
|
if ( -f $LOCKDIR/LCK..$DEVICE ) then
|
|
echo 'PPP device is locked'
|
|
exit 1
|
|
endif
|
|
|
|
route del default
|
|
# Just in case the Ethernetwork (In-House ethernet network) is up....
|
|
# if its NOT, then the above command is harmless...
|
|
route ## To show that the above was successful...
|
|
|
|
/usr/lib/ppp/fix-cua $DEVICE
|
|
|
|
unalias pushd
|
|
unalias popd
|
|
pushd /usr/lib/ppp
|
|
# stty 19200 -tostop
|
|
|
|
# The original code has been commented out below...
|
|
# if chat -l LCK..$DEVICE ABORT "NO CARRIER" ABORT BUSY "" ATZ OK A
|
|
Ts50=255s111=0DT$PHONE CONNECT "" ogin: $USER ssword: \\q$PASSWORD
|
|
echo $cwd
|
|
ls -l ./comserv.dip
|
|
dip ./comserv.dip ## I removed the -v (DEBUG&VERBOSE) option
|
|
to 'dip'.
|
|
set dip_status=$status
|
|
# echo the return value of dip is $dip_status
|
|
|
|
if $dip_status == '0' then
|
|
# Now please wait for 10 seconds, while the link is being auto-
|
|
verified by dip.
|
|
echo 'About to fork-off pppd (after a delay of 10 secs)...'
|
|
date
|
|
echo 'If you see any error msgs below, then we are having SERIO
|
|
US problems...'
|
|
sleep 10
|
|
pppd -detach crtscts defaultroute domain remote.princeton.edu m
|
|
ru 1005 mtu 1005 $OUR_IP_ADDR{}: /dev/$DEVICE 38400 &
|
|
###### we dont need this for the previous line... /dev/$DEV
|
|
ICE ) &
|
|
# The pppd deamon is FORKED OFF. See the "&" at the END of
|
|
above line...
|
|
# By using "locl" option, I am requesting that /var/spool/uucp
|
|
be the dir
|
|
# in which the LOCKS are created...
|
|
echo 'Now wait another 10 seconds, before I auto-verify interne
|
|
t connection.'
|
|
sleep 10
|
|
cat ~root/@utils/.line
|
|
ping -v -c 5 genius.eng.wayne.edu
|
|
cat ~root/@utils/.line
|
|
traceroute physics.iisc.ernet.in >&! /tmp/$$
|
|
cat /tmp/$$
|
|
\rm -f /tmp/$$
|
|
cat ~root/@utils/.line
|
|
exit 0
|
|
else
|
|
echo 'PPP setup failed'
|
|
exit 1
|
|
endif
|
|
popd
|
|
# [EoF]
|
|
|
|
|
|
|
|
__________________________________________________________________________
|
|
|
|
|
|
|
|
The comserv.dip script to dial up PPP.
|
|
|
|
|
|
|
|
NOTE: This script is being provided as a sample. Having this sample is not a g
|
|
uarantee that you will have an internet connection. This script is called from
|
|
the PPP-ON script given above...
|
|
|
|
|
|
#******************************** comserv.dip *************************
|
|
*******
|
|
#
|
|
# Connection script for SLIP to ........
|
|
# STATUS code for "dip" when it executes this script are:
|
|
# 0 - all ok.
|
|
# 1 - basic failures, in initializing the modem.
|
|
# 2 - Failed in the crucial "dial" command.
|
|
# 3 - Though DIAL command was successful, this script couldnt recogniz
|
|
e
|
|
# the VERY FIRST responses from the other modem. (i.e., Training o
|
|
ccured
|
|
# but, after that nothing happened that was intelligible to this s
|
|
cript.
|
|
# 4 - Modems could nicely link up. But remote server HAS CHANGED synt
|
|
ax.
|
|
# i.e., the strings output by the server, are assumed to arrive in
|
|
a
|
|
# PARTICULAR sequence. If server s/w has changed, then we have th
|
|
is
|
|
# problem. SOLUTION!!!! Manually connect and note all the strings
|
|
&
|
|
# all the sequence of interactions... Then reprogram the script b
|
|
elow.
|
|
# 10 - though dialing and connecting (modem-wise) is successful, ppp fa
|
|
iled.
|
|
#######################################################################
|
|
#####
|
|
main:
|
|
redial:
|
|
# Set the desired serial port and speed.
|
|
port cua3
|
|
speed 38400
|
|
# term
|
|
get $mtu 1005
|
|
# Reset the modem and terminal line.
|
|
reset
|
|
# Without doing the above reset, nothing below will work!
|
|
# Initialize the modem and dial comserv.
|
|
# send ATQ0V1E1X4L1S0 0 \r
|
|
# wait OK 5
|
|
send ATZ\r
|
|
wait OK 5
|
|
if $errlvl != 0 goto error
|
|
# send ATTQ0V1E1X4S0=0&C1\r
|
|
# wait OK 5
|
|
# if $errlvl != 0 goto error
|
|
## For Dial Tone use :- send AT&D2\r
|
|
send AT&DP\r
|
|
wait OK 5
|
|
if $errlvl != 0 goto error
|
|
# send ATS10=1\r
|
|
# wait OK 5
|
|
# if $errlvl != 0 goto error
|
|
print if the line is busy, the dial command will realize that after 3
|
|
0 secs ONLY.
|
|
dial 258-0000 30
|
|
print Return value of DIAL is $errlvl
|
|
if $errlvl == 1 goto Continue1
|
|
if $errlvl == 3 goto busy
|
|
print unknown error with DIAL command in "dip" script.
|
|
quit 2 # unknown error with crucial DIAL command...
|
|
busy:
|
|
print telephone number is busy... Continue (1) or terminate (2)?
|
|
get $input ask
|
|
if $input == 1 goto redial
|
|
print You have requested to cancel PPP. Quitting...
|
|
quit 10 # terminated...
|
|
Continue1:
|
|
# wait V32 30
|
|
# wait CONNECT 10
|
|
# if $errlvl != 0 print Couldn't detect a CONNECT
|
|
# if $errlvl != 0 goto connect_fail
|
|
# print CONNECT was detected...
|
|
# We are connected. Login to the system.
|
|
login:
|
|
sleep 3
|
|
# send \r\r
|
|
wait Username: 20
|
|
if $errlvl != 0 goto error2
|
|
send USERID\r
|
|
wait Password: 5
|
|
if $errlvl != 0 goto error2
|
|
send __Password+_::\r\r
|
|
wait comserv> 15
|
|
# print Reached Comserv prompt...
|
|
if $errlvl != 0 goto error2
|
|
slipon:
|
|
send ppp\r
|
|
wait PPP_STARTED 25
|
|
if $errlvl != 0 goto error2
|
|
print CONNECTION completed...
|
|
mode ppp
|
|
exit 0
|
|
error:
|
|
print Total failure to interact with MODEM!!!
|
|
quit 1 # basic failure in working with modem, etc...
|
|
connect_fail:
|
|
print Couldnt detect a "CONNECT 14400" kind of string after dial in..
|
|
.
|
|
quit 3
|
|
error2:
|
|
print Modems could nicely link up. But remote server HAS CHANGED syn
|
|
tax/ interaction sequence...
|
|
quit 4 # basic failure in working with modem, etc...
|
|
#=================================== EOF ==============================
|
|
=====
|
|
|
|
|
|
|