628 lines
9.8 KiB
HTML
628 lines
9.8 KiB
HTML
<HTML
|
|
><HEAD
|
|
><TITLE
|
|
>Running in Server Mode</TITLE
|
|
><META
|
|
NAME="GENERATOR"
|
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"><LINK
|
|
REL="HOME"
|
|
TITLE="Linux Network Administrators Guide"
|
|
HREF="index.html"><LINK
|
|
REL="UP"
|
|
TITLE="Serial Line IP"
|
|
HREF="x-087-2-slip.html"><LINK
|
|
REL="PREVIOUS"
|
|
TITLE="Using dip"
|
|
HREF="x-087-2-slip.dip.html"><LINK
|
|
REL="NEXT"
|
|
TITLE="The Point-to-Point Protocol"
|
|
HREF="x-087-2-ppp.html"></HEAD
|
|
><BODY
|
|
CLASS="SECT1"
|
|
BGCOLOR="#FFFFFF"
|
|
TEXT="#000000"
|
|
LINK="#0000FF"
|
|
VLINK="#840084"
|
|
ALINK="#0000FF"
|
|
><DIV
|
|
CLASS="NAVHEADER"
|
|
><TABLE
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TH
|
|
COLSPAN="3"
|
|
ALIGN="center"
|
|
>Linux Network Administrators Guide</TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="left"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="x-087-2-slip.dip.html"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="80%"
|
|
ALIGN="center"
|
|
VALIGN="bottom"
|
|
>Chapter 7. Serial Line IP</TD
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="right"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="x-087-2-ppp.html"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"></DIV
|
|
><DIV
|
|
CLASS="SECT1"
|
|
><H1
|
|
CLASS="SECT1"
|
|
><A
|
|
NAME="X-087-2-SLIP.SERVER"
|
|
>7.5. Running in Server Mode</A
|
|
></H1
|
|
><P
|
|
>Setting up your SLIP client was the hard part. Configuring your host
|
|
to act as a SLIP server is much easier.</P
|
|
><P
|
|
> There are two
|
|
ways of configuring a SLIP server. Both ways require that you set up
|
|
one login account per SLIP client. Assume you provide SLIP service to
|
|
Arthur Dent at <SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>dent.beta.com</SPAN
|
|
>. You might create an
|
|
account named <SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>dent</SPAN
|
|
> by adding
|
|
the following line to your <TT
|
|
CLASS="FILENAME"
|
|
>passwd</TT
|
|
> file:
|
|
|
|
<TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>dent:*:501:60:Arthur Dent's SLIP account:/tmp:/usr/sbin/diplogin</PRE
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></P
|
|
><P
|
|
>Afterwards, you would set <SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>dent</SPAN
|
|
>'s
|
|
password using the <B
|
|
CLASS="COMMAND"
|
|
>passwd</B
|
|
> utility.</P
|
|
><P
|
|
>
|
|
|
|
The <B
|
|
CLASS="COMMAND"
|
|
>dip</B
|
|
> command can be used in server mode by
|
|
invoking it as <B
|
|
CLASS="COMMAND"
|
|
>diplogin</B
|
|
>. Usually
|
|
<B
|
|
CLASS="COMMAND"
|
|
>diplogin</B
|
|
> is a link to <B
|
|
CLASS="COMMAND"
|
|
>dip</B
|
|
>. Its
|
|
main configuration file is <TT
|
|
CLASS="FILENAME"
|
|
>/etc/diphosts</TT
|
|
>, which
|
|
is where you specify what IP address a SLIP user will be assigned when
|
|
he or she dials in. Alternatively, you can also use the
|
|
<B
|
|
CLASS="COMMAND"
|
|
>sliplogin</B
|
|
> command, a BSD-derived tool featuring a
|
|
more flexible configuration scheme that lets you execute shell scripts
|
|
whenever a host connects and disconnects.</P
|
|
><P
|
|
> When our SLIP
|
|
user <SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>dent</SPAN
|
|
> logs in,
|
|
<B
|
|
CLASS="COMMAND"
|
|
>dip</B
|
|
> starts up as a server. To find out if he is
|
|
indeed permitted to use SLIP, it looks up the username in
|
|
<TT
|
|
CLASS="FILENAME"
|
|
>/etc/diphosts</TT
|
|
>. This file details the
|
|
access rights and connection parameter for each SLIP user.
|
|
The general format for an <TT
|
|
CLASS="FILENAME"
|
|
>/etc/diphosts</TT
|
|
> entry looks like:
|
|
|
|
<TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
># /etc/diphosts
|
|
<TT
|
|
CLASS="REPLACEABLE"
|
|
><I
|
|
>user</I
|
|
></TT
|
|
>:<TT
|
|
CLASS="REPLACEABLE"
|
|
><I
|
|
>password</I
|
|
></TT
|
|
>:<TT
|
|
CLASS="REPLACEABLE"
|
|
><I
|
|
>rem-addr</I
|
|
></TT
|
|
>:<TT
|
|
CLASS="REPLACEABLE"
|
|
><I
|
|
>loc-addr</I
|
|
></TT
|
|
>:<TT
|
|
CLASS="REPLACEABLE"
|
|
><I
|
|
>netmask</I
|
|
></TT
|
|
>:<TT
|
|
CLASS="REPLACEABLE"
|
|
><I
|
|
>comments</I
|
|
></TT
|
|
>:<TT
|
|
CLASS="REPLACEABLE"
|
|
><I
|
|
>protocol</I
|
|
></TT
|
|
>,<TT
|
|
CLASS="REPLACEABLE"
|
|
><I
|
|
>MTU</I
|
|
></TT
|
|
>
|
|
#</PRE
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
>
|
|
|
|
Each of the fields is described in
|
|
<A
|
|
HREF="x-087-2-slip.server.html#X-087-2-SLIP.DIPHOSTS.FIELDS"
|
|
>Table 7-2</A
|
|
>.</P
|
|
><DIV
|
|
CLASS="TABLE"
|
|
><A
|
|
NAME="X-087-2-SLIP.DIPHOSTS.FIELDS"
|
|
></A
|
|
><P
|
|
><B
|
|
>Table 7-2. /etc/diphosts Field Description</B
|
|
></P
|
|
><TABLE
|
|
BORDER="1"
|
|
CLASS="CALSTABLE"
|
|
><THEAD
|
|
><TR
|
|
><TH
|
|
WIDTH="1"
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
>Field</TH
|
|
><TH
|
|
WIDTH="4"
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
>Description</TH
|
|
></TR
|
|
></THEAD
|
|
><TBODY
|
|
><TR
|
|
><TD
|
|
WIDTH="1"
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><TT
|
|
CLASS="LITERAL"
|
|
>user</TT
|
|
></TD
|
|
><TD
|
|
WIDTH="4"
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><P
|
|
>The username of the user invoking <B
|
|
CLASS="COMMAND"
|
|
>dip</B
|
|
> that this
|
|
entry will apply to.</P
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="1"
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
>password</TD
|
|
><TD
|
|
WIDTH="4"
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><P
|
|
>Field 2 of the <TT
|
|
CLASS="FILENAME"
|
|
>/etc/diphosts</TT
|
|
> file is used to
|
|
add an extra layer of password-based security on the connection. You can place a password in encrypted form here (just as in
|
|
<TT
|
|
CLASS="FILENAME"
|
|
>/etc/passwd</TT
|
|
> ) and <B
|
|
CLASS="COMMAND"
|
|
>diplogin</B
|
|
>
|
|
will prompt for the user to enter the password before allowing SLIP
|
|
access. Note that this password is used in addition to the normal
|
|
<B
|
|
CLASS="COMMAND"
|
|
>login</B
|
|
>-based password the user will enter.</P
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="1"
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><TT
|
|
CLASS="LITERAL"
|
|
>rem-addr</TT
|
|
></TD
|
|
><TD
|
|
WIDTH="4"
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><P
|
|
> The address that will be assigned to the remote machine. This address may
|
|
be specified either as a hostname that will be resolved or an IP address
|
|
in dotted quad notation.
|
|
</P
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="1"
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><TT
|
|
CLASS="LITERAL"
|
|
>loc-addr</TT
|
|
></TD
|
|
><TD
|
|
WIDTH="4"
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><P
|
|
> The IP address that will be used for this end of the SLIP link.
|
|
This may also be specified as a resolvable hostname or in dotted quad
|
|
format.
|
|
</P
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="1"
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><TT
|
|
CLASS="LITERAL"
|
|
>netmask</TT
|
|
></TD
|
|
><TD
|
|
WIDTH="4"
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><P
|
|
> The netmask that will be used for routing purposes. Many people
|
|
are confused by this entry. The netmask doesn't apply to the
|
|
SLIP link itself, but is used in combination with the
|
|
<TT
|
|
CLASS="LITERAL"
|
|
>rem-addr</TT
|
|
> field to produce a route to the remote site.
|
|
The netmask should be that used by the network supported by that of the
|
|
remote host.
|
|
</P
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="1"
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><TT
|
|
CLASS="LITERAL"
|
|
>comments</TT
|
|
></TD
|
|
><TD
|
|
WIDTH="4"
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><P
|
|
> This field is free-form text that you may use to help document
|
|
the <TT
|
|
CLASS="FILENAME"
|
|
>/etc/diphosts</TT
|
|
> file. It serves no other purpose.
|
|
</P
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="1"
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><TT
|
|
CLASS="LITERAL"
|
|
>protocol</TT
|
|
></TD
|
|
><TD
|
|
WIDTH="4"
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><P
|
|
> This field is where you specify what protocol or line discipline
|
|
you want applied to this connection. Valid entries here are the same as
|
|
those valid for the <TT
|
|
CLASS="OPTION"
|
|
>–p</TT
|
|
> argument to the
|
|
<B
|
|
CLASS="COMMAND"
|
|
>slattach</B
|
|
> command.
|
|
</P
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="1"
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><TT
|
|
CLASS="LITERAL"
|
|
>MTU</TT
|
|
></TD
|
|
><TD
|
|
WIDTH="4"
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><P
|
|
> The maximum transmission unit that this link will carry. This field
|
|
describes the largest datagram that will be transmitted across the link.
|
|
Any datagram routed to the SLIP device that is larger than the MTU will
|
|
be fragmented into datagrams no larger than this value. Usually, the MTU is configured identically at both ends of the link.
|
|
</P
|
|
></TD
|
|
></TR
|
|
></TBODY
|
|
></TABLE
|
|
></DIV
|
|
><P
|
|
>A sample entry for
|
|
<SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>dent</SPAN
|
|
> could look like this:
|
|
|
|
<TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>dent::dent.beta.com:vbrew.com:255.255.255.0:Arthur Dent:CSLIP,296</PRE
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></P
|
|
><P
|
|
> Our example gives our user <SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>dent</SPAN
|
|
> access to SLIP with no additional
|
|
password required. He will be assigned the IP address associated with
|
|
<SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>dent.beta.com</SPAN
|
|
> with a netmask
|
|
of <TT
|
|
CLASS="LITERAL"
|
|
>255.255.255.0</TT
|
|
>. His default route should be
|
|
directed to the IP address of <SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>vbrew.com</SPAN
|
|
>, and he will use the CSLIP
|
|
protocol with an MTU of 296 bytes.</P
|
|
><P
|
|
>When <SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>dent</SPAN
|
|
> logs in,
|
|
<B
|
|
CLASS="COMMAND"
|
|
>diplogin</B
|
|
> extracts the information on him from the
|
|
<TT
|
|
CLASS="FILENAME"
|
|
>diphosts</TT
|
|
> file. If the second field contains a
|
|
value, <B
|
|
CLASS="COMMAND"
|
|
>diplogin</B
|
|
> will prompt for an “external
|
|
security password.” The string entered by the user is encrypted
|
|
and compared to the password from <TT
|
|
CLASS="FILENAME"
|
|
>diphosts</TT
|
|
>. If
|
|
they do not match, the login attempt is rejected. If the password
|
|
field contains the string <SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>s/key</SPAN
|
|
>, and <B
|
|
CLASS="COMMAND"
|
|
>dip</B
|
|
>
|
|
was compiled with S/Key support, S/Key authentication
|
|
will take place. S/Key authentication is described in the
|
|
documentation that comes in the <B
|
|
CLASS="COMMAND"
|
|
>dip</B
|
|
> source package.</P
|
|
><P
|
|
>After a successful login, <B
|
|
CLASS="COMMAND"
|
|
>diplogin</B
|
|
> proceeds by
|
|
flipping the serial line to CSLIP or SLIP mode, and sets up the
|
|
interface and route. This connection remains established until the
|
|
user disconnects and the modem drops the
|
|
line. <B
|
|
CLASS="COMMAND"
|
|
>diplogin</B
|
|
> then returns the line to normal
|
|
line discipline and exits.</P
|
|
><P
|
|
>
|
|
<B
|
|
CLASS="COMMAND"
|
|
>diplogin</B
|
|
> requires superuser privilege. If you don't have
|
|
<B
|
|
CLASS="COMMAND"
|
|
>dip</B
|
|
> running setuid
|
|
<SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>root</SPAN
|
|
>, you should make
|
|
<B
|
|
CLASS="COMMAND"
|
|
>diplogin</B
|
|
> a separate copy of <B
|
|
CLASS="COMMAND"
|
|
>dip</B
|
|
>
|
|
instead of a simple link. <B
|
|
CLASS="COMMAND"
|
|
>diplogin</B
|
|
> can then safely
|
|
be made setuid without affecting the status of
|
|
<B
|
|
CLASS="COMMAND"
|
|
>dip</B
|
|
> itself.
|
|
|
|
|
|
</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="NAVFOOTER"
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"><TABLE
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="x-087-2-slip.dip.html"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="index.html"
|
|
>Home</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="x-087-2-ppp.html"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
>Using dip</TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="x-087-2-slip.html"
|
|
>Up</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
>The Point-to-Point Protocol</TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></BODY
|
|
></HTML
|
|
> |