Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!spool.mu.edu!newspump.sol.net!news-peer.gsl.net!news.gsl.net!news.mathworks.com!EU.net!usenet2.news.uk.psi.net!uknet!usenet1.news.uk.psi.net!uknet!dispatch.news.demon.net!demon!awfulhak.demon.co.uk!awfulhak.demon.co.uk!usenet From: brian@anorak.coverform.lan (Brian Somers) Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: PPP Setup Date: 14 Oct 1996 14:52:56 GMT Organization: Coverform Ltd. Lines: 69 Message-ID: <53tk48$jm@anorak.coverform.lan> References: <01bbb95e$bc4937c0$df6d04c7@zellion.cyberwind.com> Reply-To: brian@awfulhak.demon.co.uk NNTP-Posting-Host: anorak.coverform.lan X-NNTP-Posting-Host: awfulhak.demon.co.uk Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Newsreader: knews 0.9.8 In article <01bbb95e$bc4937c0$df6d04c7@zellion.cyberwind.com>, "Jeffery T. White" <zellion@cyberwind.com> writes: > I'm not real keen on the way user ppp uses a > login script to start itself, basically it seems if one can get past the > login prompt without starting ppp they have a console login going on my > server. My login script says: #! /bin/sh exec /usr/sbin/ppp -direct incoming I don't consider that to be dangerous. > However the packet filtering in user ppp seems easy to setup and > use so once running it insures that only Notes traffic can get through. I > guess I could set that up another way however I'm not sure where. So which > is best User PPP or PPPD? What are people with secure networks out there > using? Which works best for Win95 clients. Well, I'm not the person to talk to about "security", but I've set up a ISP-like connection with W95 => FreeBSD. *You* can figure out what needs you have w/ security. Check out "ipfw". > User PPP Problems: > With User PPP the only way my Win95 stations can login seems to be a clear > text login by turning on the option to bring up a terminal window after > dialing. The PAP/CHAP login always fails. It seems Windows 95 wants to do > the LCP negotiation before authentication and I don't think(??) the getty > will do that. Anyway the Win95 systems always get the "cannot negotiate a > compatible set of protocols" before the login program gets spawned by > getty. User ppp never gets loaded. That's just because Win95 has a somewhat "smeg"gy way of doing this. There are plenty of dial-script packages around for win95. In the Unix world, it *really* is best if you make people log in, but if you want to allow people to talk directly to ppp and rely on ppp to do the authentication, just put a ppp entry in /etc/ttys. man "ttys". > Another thing I am totally clueless on is where I go to setup modem > strings.. Does getty or user ppp read the modem file or is there some way I > can put them in rc.serial? rc.serial is for conditioning the FreeBSD end of the serial line. If you want to do AT type commands, the only way I know of is to AT&W your preferred settings and set you modem to ATZ on hangup. > PPPD Questions: > When I look at the pppd man pages it seems the way to go, however when I > read that docs page that talks about kermit I don't see the reasoning > there. The man pages lead me to believe that pppd can work on it's own it > all I want is incoming TCP/IP traffic routed, no shell/terminal sessions. > Anyway I can't see how I should load it, I would like to put it in > inetd.conf so it always runs. Is this possible? No. inetd.conf is for telling inetd which programs to spawn when accepting incoming network connections. /etc/ttys will say how to deal with incoming serial connections. > Any opinions, bits of info, pointers to docs/faqs would be greatly > appreciated. I havn't used pppd for some time - ppp is to friendly. There are good examples in /etc/ppp/. - the man page is pretty good too. -- Brian <brian@awfulhak.demon.co.uk> <http://www.awfulhak.demon.co.uk/> Don't _EVER_ lose your sense of humour....