old-www/LDP/nag2/x-087-2-slip.server.html

<HTML
><HEAD
><TITLE
>Running in Server Mode</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"><LINK
REL="HOME"
TITLE="Linux Network Administrators Guide"
HREF="index.html"><LINK
REL="UP"
TITLE="Serial Line IP"
HREF="x-087-2-slip.html"><LINK
REL="PREVIOUS"
TITLE="Using dip"
HREF="x-087-2-slip.dip.html"><LINK
REL="NEXT"
TITLE="The Point-to-Point Protocol"
HREF="x-087-2-ppp.html"></HEAD
><BODY
CLASS="SECT1"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>Linux Network Administrators Guide</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="x-087-2-slip.dip.html"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
>Chapter 7. Serial Line IP</TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="x-087-2-ppp.html"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="X-087-2-SLIP.SERVER"
>7.5. Running in Server Mode</A
></H1
><P
>Setting up your SLIP client was the hard part. Configuring your host
to act as a SLIP server is much easier.</P
><P
> There are two
ways of configuring a SLIP server. Both ways require that you set up
one login account per SLIP client. Assume you provide SLIP service to
Arthur Dent at <SPAN
CLASS="SYSTEMITEM"
>dent.beta.com</SPAN
>. You might create an
account named <SPAN
CLASS="SYSTEMITEM"
>dent</SPAN
> by adding
the following line to your <TT
CLASS="FILENAME"
>passwd</TT
> file:

<TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><PRE
CLASS="SCREEN"
>dent:*:501:60:Arthur Dent's SLIP account:/tmp:/usr/sbin/diplogin</PRE
></TD
></TR
></TABLE
></P
><P
>Afterwards, you would set <SPAN
CLASS="SYSTEMITEM"
>dent</SPAN
>'s
password using the <B
CLASS="COMMAND"
>passwd</B
> utility.</P
><P
> 
 
The <B
CLASS="COMMAND"
>dip</B
> command can be used in server mode by
invoking it as <B
CLASS="COMMAND"
>diplogin</B
>. Usually
<B
CLASS="COMMAND"
>diplogin</B
> is a link to <B
CLASS="COMMAND"
>dip</B
>. Its
main configuration file is <TT
CLASS="FILENAME"
>/etc/diphosts</TT
>, which
is where you specify what IP address a SLIP user will be assigned when
he or she dials in.  Alternatively, you can also use the
<B
CLASS="COMMAND"
>sliplogin</B
> command, a BSD-derived tool featuring a
more flexible configuration scheme that lets you execute shell scripts
whenever a host connects and disconnects.</P
><P
> When our SLIP
user <SPAN
CLASS="SYSTEMITEM"
>dent</SPAN
> logs in,
<B
CLASS="COMMAND"
>dip</B
> starts up as a server. To find out if he is
indeed permitted to use SLIP, it looks up the username in
<TT
CLASS="FILENAME"
>/etc/diphosts</TT
>. This file details the 
access rights and connection parameter for each SLIP user.
The general format for an <TT
CLASS="FILENAME"
>/etc/diphosts</TT
> entry looks like:

<TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><PRE
CLASS="SCREEN"
># /etc/diphosts
<TT
CLASS="REPLACEABLE"
><I
>user</I
></TT
>:<TT
CLASS="REPLACEABLE"
><I
>password</I
></TT
>:<TT
CLASS="REPLACEABLE"
><I
>rem-addr</I
></TT
>:<TT
CLASS="REPLACEABLE"
><I
>loc-addr</I
></TT
>:<TT
CLASS="REPLACEABLE"
><I
>netmask</I
></TT
>:<TT
CLASS="REPLACEABLE"
><I
>comments</I
></TT
>:<TT
CLASS="REPLACEABLE"
><I
>protocol</I
></TT
>,<TT
CLASS="REPLACEABLE"
><I
>MTU</I
></TT
>
#</PRE
></TD
></TR
></TABLE
>

Each of the fields is described in
<A
HREF="x-087-2-slip.server.html#X-087-2-SLIP.DIPHOSTS.FIELDS"
>Table 7-2</A
>.</P
><DIV
CLASS="TABLE"
><A
NAME="X-087-2-SLIP.DIPHOSTS.FIELDS"
></A
><P
><B
>Table 7-2. /etc/diphosts Field Description</B
></P
><TABLE
BORDER="1"
CLASS="CALSTABLE"
><THEAD
><TR
><TH
WIDTH="1"
ALIGN="LEFT"
VALIGN="TOP"
>Field</TH
><TH
WIDTH="4"
ALIGN="LEFT"
VALIGN="TOP"
>Description</TH
></TR
></THEAD
><TBODY
><TR
><TD
WIDTH="1"
ALIGN="LEFT"
VALIGN="TOP"
><TT
CLASS="LITERAL"
>user</TT
></TD
><TD
WIDTH="4"
ALIGN="LEFT"
VALIGN="TOP"
><P
>The username of the user invoking <B
CLASS="COMMAND"
>dip</B
> that this
	entry will apply to.</P
></TD
></TR
><TR
><TD
WIDTH="1"
ALIGN="LEFT"
VALIGN="TOP"
>password</TD
><TD
WIDTH="4"
ALIGN="LEFT"
VALIGN="TOP"
><P
>Field 2 of the <TT
CLASS="FILENAME"
>/etc/diphosts</TT
> file is used to
	add an extra layer of password-based security on the connection. You can place a password in encrypted form here (just as in
	<TT
CLASS="FILENAME"
>/etc/passwd</TT
>&#8201;) and <B
CLASS="COMMAND"
>diplogin</B
>
	will prompt for the user to enter the password before allowing SLIP
	access. Note that this password is used in addition to the normal
	<B
CLASS="COMMAND"
>login</B
>-based password the user will enter.</P
></TD
></TR
><TR
><TD
WIDTH="1"
ALIGN="LEFT"
VALIGN="TOP"
><TT
CLASS="LITERAL"
>rem-addr</TT
></TD
><TD
WIDTH="4"
ALIGN="LEFT"
VALIGN="TOP"
><P
>    The address that will be assigned to the remote machine. This address may
	be specified either as a hostname that will be resolved or an IP address
	in dotted quad notation.
    </P
></TD
></TR
><TR
><TD
WIDTH="1"
ALIGN="LEFT"
VALIGN="TOP"
><TT
CLASS="LITERAL"
>loc-addr</TT
></TD
><TD
WIDTH="4"
ALIGN="LEFT"
VALIGN="TOP"
><P
>    The IP address that will be used for this end of the SLIP link.
	This may also be specified as a resolvable hostname or in dotted quad
	format.
    </P
></TD
></TR
><TR
><TD
WIDTH="1"
ALIGN="LEFT"
VALIGN="TOP"
><TT
CLASS="LITERAL"
>netmask</TT
></TD
><TD
WIDTH="4"
ALIGN="LEFT"
VALIGN="TOP"
><P
>    The netmask that will be used for routing purposes. Many people
	are confused by this entry. The netmask doesn't apply to the
	SLIP link itself, but is used in combination with the
	<TT
CLASS="LITERAL"
>rem-addr</TT
> field to produce a route to the remote site.
	The netmask should be that used by the network supported by that of the
	remote host.
    </P
></TD
></TR
><TR
><TD
WIDTH="1"
ALIGN="LEFT"
VALIGN="TOP"
><TT
CLASS="LITERAL"
>comments</TT
></TD
><TD
WIDTH="4"
ALIGN="LEFT"
VALIGN="TOP"
><P
>    This field is free-form text that you may use to help document
	the <TT
CLASS="FILENAME"
>/etc/diphosts</TT
> file. It serves no other purpose.
    </P
></TD
></TR
><TR
><TD
WIDTH="1"
ALIGN="LEFT"
VALIGN="TOP"
><TT
CLASS="LITERAL"
>protocol</TT
></TD
><TD
WIDTH="4"
ALIGN="LEFT"
VALIGN="TOP"
><P
>    This field is where you specify what protocol or line discipline
	you want applied to this connection. Valid entries here are the same as
	those valid for the <TT
CLASS="OPTION"
>&#8211;p</TT
> argument to the
	<B
CLASS="COMMAND"
>slattach</B
> command.
    </P
></TD
></TR
><TR
><TD
WIDTH="1"
ALIGN="LEFT"
VALIGN="TOP"
><TT
CLASS="LITERAL"
>MTU</TT
></TD
><TD
WIDTH="4"
ALIGN="LEFT"
VALIGN="TOP"
><P
>    The maximum transmission unit that this link will carry. This field
	describes the largest datagram that will be transmitted across the link.
	Any datagram routed to the SLIP device that is larger than the MTU will
	be fragmented into datagrams no larger than this value. Usually, the MTU is configured identically at both ends of the link.
    </P
></TD
></TR
></TBODY
></TABLE
></DIV
><P
>A sample entry for
<SPAN
CLASS="SYSTEMITEM"
>dent</SPAN
> could look like this:

<TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><PRE
CLASS="SCREEN"
>dent::dent.beta.com:vbrew.com:255.255.255.0:Arthur Dent:CSLIP,296</PRE
></TD
></TR
></TABLE
></P
><P
> Our example gives our user <SPAN
CLASS="SYSTEMITEM"
>dent</SPAN
> access to SLIP with no additional
password required. He will be assigned the IP address associated with
<SPAN
CLASS="SYSTEMITEM"
>dent.beta.com</SPAN
> with a netmask
of <TT
CLASS="LITERAL"
>255.255.255.0</TT
>. His default route should be
directed to the IP address of <SPAN
CLASS="SYSTEMITEM"
>vbrew.com</SPAN
>, and he will use the CSLIP
protocol with an MTU of 296 bytes.</P
><P
>When <SPAN
CLASS="SYSTEMITEM"
>dent</SPAN
> logs in,
<B
CLASS="COMMAND"
>diplogin</B
> extracts the information on him from the
<TT
CLASS="FILENAME"
>diphosts</TT
> file. If the second field contains a
value, <B
CLASS="COMMAND"
>diplogin</B
> will prompt for an &#8220;external
security password.&#8221; The string entered by the user is encrypted
and compared to the password from <TT
CLASS="FILENAME"
>diphosts</TT
>. If
they do not match, the login attempt is rejected. If the password
field contains the string <SPAN
CLASS="SYSTEMITEM"
>s/key</SPAN
>, and <B
CLASS="COMMAND"
>dip</B
>
was compiled with S/Key support, S/Key authentication
will take place. S/Key authentication is described in the
documentation that comes in the <B
CLASS="COMMAND"
>dip</B
> source package.</P
><P
>After a successful login, <B
CLASS="COMMAND"
>diplogin</B
> proceeds by
flipping the serial line to CSLIP or SLIP mode, and sets up the
interface and route. This connection remains established until the
user disconnects and the modem drops the
line. <B
CLASS="COMMAND"
>diplogin</B
> then returns the line to normal
line discipline and exits.</P
><P
>&#13;
<B
CLASS="COMMAND"
>diplogin</B
> requires superuser privilege. If you don't have
<B
CLASS="COMMAND"
>dip</B
> running setuid
<SPAN
CLASS="SYSTEMITEM"
>root</SPAN
>, you should make
<B
CLASS="COMMAND"
>diplogin</B
> a separate copy of <B
CLASS="COMMAND"
>dip</B
>
instead of a simple link. <B
CLASS="COMMAND"
>diplogin</B
> can then safely
be made setuid without affecting the status of
<B
CLASS="COMMAND"
>dip</B
> itself.


&#13;</P
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="x-087-2-slip.dip.html"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="x-087-2-ppp.html"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Using dip</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="x-087-2-slip.html"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>The Point-to-Point Protocol</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>