*BSD News Article 80733


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!spool.mu.edu!newspump.sol.net!news-peer.gsl.net!news.gsl.net!news.mathworks.com!EU.net!usenet2.news.uk.psi.net!uknet!usenet1.news.uk.psi.net!uknet!dispatch.news.demon.net!demon!awfulhak.demon.co.uk!awfulhak.demon.co.uk!usenet
From: brian@anorak.coverform.lan (Brian Somers)
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: PPP Setup
Date: 14 Oct 1996 14:52:56 GMT
Organization: Coverform Ltd.
Lines: 69
Message-ID: <53tk48$jm@anorak.coverform.lan>
References: <01bbb95e$bc4937c0$df6d04c7@zellion.cyberwind.com>
Reply-To: brian@awfulhak.demon.co.uk
NNTP-Posting-Host: anorak.coverform.lan
X-NNTP-Posting-Host: awfulhak.demon.co.uk
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Newsreader: knews 0.9.8

In article <01bbb95e$bc4937c0$df6d04c7@zellion.cyberwind.com>,
	"Jeffery T. White" <zellion@cyberwind.com> writes:
>                              I'm not real keen on the way user ppp uses a
> login script to start itself, basically it seems if one can get past the
> login prompt without starting ppp they have a console login going on my
> server.

My login script says:

#! /bin/sh
exec /usr/sbin/ppp -direct incoming

I don't consider that to be dangerous.

>         However the packet filtering in user ppp seems easy to setup and
> use so once running it insures that only Notes traffic can get through. I
> guess I could set that up another way however I'm not sure where. So which
> is best User PPP or PPPD? What are people with secure networks out there
> using? Which works best for Win95 clients.

Well, I'm not the person to talk to about "security", but I've set
up a ISP-like connection with W95 => FreeBSD.  *You* can figure out what
needs you have w/ security.  Check out "ipfw".

> User PPP Problems:
> With User PPP the only way my Win95 stations can login seems to be a clear
> text login by turning on the option to bring up a terminal window after
> dialing. The PAP/CHAP login always fails. It seems Windows 95 wants to do
> the LCP negotiation before authentication and I don't think(??) the getty
> will do that. Anyway the Win95 systems always get the "cannot negotiate a
> compatible set of protocols" before the login program gets spawned by
> getty. User ppp never gets loaded.

That's just because Win95 has a somewhat "smeg"gy way of doing this.  There
are plenty of dial-script packages around for win95.  In the Unix world,
it *really* is best if you make people log in, but if you want to allow
people to talk directly to ppp and rely on ppp to do the authentication,
just put a ppp entry in /etc/ttys.  man "ttys".

> Another thing I am totally clueless on is where I go to setup modem
> strings.. Does getty or user ppp read the modem file or is there some way I
> can put them in rc.serial?

rc.serial is for conditioning the FreeBSD end of the serial line.  If you
want to do AT type commands, the only way I know of is to AT&W your
preferred settings and set you modem to ATZ on hangup.

> PPPD Questions:
> When I look at the pppd man pages it seems the way to go, however when I
> read that docs page that talks about kermit I don't see the reasoning
> there. The man pages lead me to believe that pppd can work on it's own it
> all I want is incoming TCP/IP traffic routed, no shell/terminal sessions.
> Anyway I can't see how I should load it, I would like to put it in
> inetd.conf so it always runs. Is this possible?

No.  inetd.conf is for telling inetd which programs to spawn when accepting
incoming network connections.  /etc/ttys will say how to deal with incoming
serial connections.

> Any opinions, bits of info, pointers to docs/faqs would be greatly
> appreciated.

I havn't used pppd for some time - ppp is to friendly.  There are good
examples in /etc/ppp/. - the man page is pretty good too.

-- 
Brian <brian@awfulhak.demon.co.uk>
      <http://www.awfulhak.demon.co.uk/>
Don't _EVER_ lose your sense of humour....