Message-ID: <XFMail.970611192834.etchemai@concept-micro.insat.com>
Sender: Pierre.Etchemaite@inlandsys.com
Date: Wed, 11 Jun 1997 19:13:05 +0200 (MET DST)

Voici (j'espère) tous les fichiers que j'ai dû modifier pour me
connecter à mon fournisseur d'accès INSAT (ex ICARE), à Mérignac
(Bordeaux).

La configuration complète est en fait beaucoup plus complexe, car
cette machine sert à connecter un petit réseau local à l'Internet; La
machine fait donc aussi office de :
- serveur de noms
- serveur de mail (sendmail grâce au kit de Jussieu, plus fetchmail)
- serveur de news (leafnode)
- routeur-masqueur (IP-masquerading)
- filtreur de paquets
- proxy-cache web, ftp et gopher (squid)
- ...

C'est dur de me mettre que le strict nécessaire, car les scripts sont
tellement imbriqués les uns dans les autres :(
Par exemple, dans un script "chat", on trouve aussi bien des chaînes
d'initialisation du modem, le numéro de téléphone du fournisseur et le
mot de passe de l'accompte pour icelui...

Certains fichiers de configuration sont donc sans doute plus
compliqués que ce qui serait réellement scrictement nécessaire pour
une machine seule.

J'ai intentionnellement laissé quasiment intacts certains fichiers de
configuration (notamment /etc/ppp/ip-up) comme exemple de ce que l'on
peut faire (ou de ce qu'il faut éviter) :)

Je suis bien entendu ouvert à toute requête s'il manque des
fichiers, ou si des explications sont nécessaires sur certains
détails.


Configuration matérielle: 
- Modem US Robotics Sportster 33,6Kb sur /dev/ttyS1 ("COM2:"),
  contrôleur série compatible 16550A

Configuration logicielle: 
- Slackware, mise à jour "à la main"
- Linux 2.0.31p2 (kerneld)
- ppp 2.3b3
- mgetty 1.1.1 (sans AutoPPP, un jour peut-être...)
- irqtune 0.3

-------- /usr/src/linux/.config (partiel) ---------------------------------
CONFIG_EXPERIMENTAL=y
CONFIG_MODULES=y
# CONFIG_MODVERSIONS is not set
CONFIG_KERNELD=y
CONFIG_NET=y
CONFIG_FIREWALL=y
CONFIG_NET_ALIAS=y
CONFIG_INET=y
CONFIG_IP_FORWARD=y
# CONFIG_IP_MULTICAST is not set
CONFIG_SYN_COOKIES=y
CONFIG_RST_COOKIES=y
CONFIG_IP_FIREWALL=y
CONFIG_IP_FIREWALL_VERBOSE=y
CONFIG_IP_MASQUERADE=y
CONFIG_IP_MASQUERADE_IPAUTOFW=y
CONFIG_IP_MASQUERADE_ICMP=y
# CONFIG_IP_TRANSPARENT_PROXY is not set
CONFIG_IP_ALWAYS_DEFRAG=y
CONFIG_IP_ACCT=y
# CONFIG_IP_ROUTER is not set
CONFIG_NET_IPIP=m
CONFIG_IP_ALIAS=m
# CONFIG_INET_PCTCP is not set
# CONFIG_INET_RARP is not set
# CONFIG_NO_PATH_MTU_DISCOVERY is not set
CONFIG_IP_NOSR=y
CONFIG_SKB_LARGE=y
CONFIG_NETDEVICES=y
CONFIG_DUMMY=m
# CONFIG_EQUALIZER is not set
# CONFIG_DLCI is not set
# CONFIG_PLIP is not set
CONFIG_PPP=m
# CONFIG_SLIP is not set
# CONFIG_ISDN is not set
CONFIG_SERIAL=m

-------- /etc/rc.d/rc.serial -----------------------------------------------
..
${SETSERIAL} /dev/cua1 uart 16550A port 0x2F8 irq 3
..
/bin/stty crtscts </dev/cua1
${SETSERIAL} /dev/cua1 spd_vhi
..

-------- /etc/rc.d/rc.inet1 -----------------------------------------------
..
# Removed for ppp
# /sbin/route add default gw ${GATEWAY} metric 1
..
# Added for masquerading
. /etc/rc.d/rc.ipmasq

-------- /etc/rc.d/rc.ipmasq ----------------------------------------------
#!/bin/sh
IPFWADM=/sbin/ipfwadm
IPAUTOFW=/sbin/ipautofw
ANYWHERE=0.0.0.0/0
LOCALNET=192.168.1.0/24
LOOPNET=127.0.0.0/8
LOCALIP=192.168.1.2
# Incoming packets to system (ie to local addresses)
$IPFWADM -I -f
$IPFWADM -I -p deny
# Protection against LOCALNET spoofing
$IPFWADM -I -a accept -S $LOCALNET -W eth0
$IPFWADM -I -a accept -S $LOCALNET -W lo
$IPFWADM -I -a deny -S $LOCALNET -o
# Protection against LOOPNET spoofing
$IPFWADM -I -a accept -S $LOOPNET -W lo
$IPFWADM -I -a deny -S $LOOPNET -o
$IPFWADM -I -a accept
# Logging
$IPFWADM -I -a deny -o
#
# Outgoing packets (ie from local system to remote)
$IPFWADM -O -f
$IPFWADM -O -p deny
# Protection against LOCALNET spoofing
$IPFWADM -O -a accept -D $LOCALNET -W eth0
$IPFWADM -O -a accept -D $LOCALNET -W lo
$IPFWADM -O -a deny -D $LOCALNET -o
# Protection against LOOPNET spoofing
$IPFWADM -O -a accept -D $LOOPNET -W lo
$IPFWADM -O -a deny -D $LOOPNET -o
$IPFWADM -O -a accept
# Logging
$IPFWADM -O -a deny -o
#
# Forwarded packets.
# No packets should be forwarded through, masquerading
# is done from i/f on LOCALNET to the world
$IPFWADM -F -f
$IPFWADM -F -p deny
$IPFWADM -F -a deny -P tcp -S $LOCALNET www
$IPFWADM -F -a accept -S $LOCALNET -D $LOCALNET -W eth0
# I'd like to add -W eth0 but it doesn't work:
# masqueraded packet looks like they come from ppp0 !
$IPFWADM -F -a accept -m -S $LOCALNET
# Logging
$IPFWADM -F -a deny -o
#
# Accounting all outgoing packets (from firewall point of vue)
$IPFWADM -A -f
$IPFWADM -A -a -P all -S $LOCALIP 
$IPFWADM -A -a -P all -D $LOCALIP

$IPAUTOFW -F
# Diablo firewalling
$IPAUTOFW -A -r udp 6112 6112 -c tcp 118

-------- /etc/resolv.conf -------------------------------------------------
domain inlandsys.com
nameserver 194.51.149.1 

-------- /etc/rc.local ----------------------------------------------------
..
echo "Setting IRQ priorities..."
/sbin/irqtune -q 3 10
..

-------- /etc/inittab ----------------------------------------------------
..
d2:12345:respawn:/usr/local/sbin/mgetty ttyS1
..

-------- /usr/src/mgetty-1.1.1/policy.h -----------------------------------
..
#define DEVICE_GROUP    "uucp"
..
#define LOG_PATH "/var/log/log_mg.%s"
..
#define MGETTY_PID_FILE "/var/run/mg-pid.%s"
..
#define MODEM_INIT_STRING      "AT&F&A3&B1&H1&R2&D2&C1X7S0=0S9=3S7=90"
..
#define DO_CHAT_SEND_DELAY 100
..
#define FAX_LOG         "/var/log/sendfax.log"
..
#define FAX_STATION_ID  "## # ## ## ## ##"
..
#define FAX_MODEM_TTYS  "ttyS1"
..
# define MAILER         "/usr/sbin/sendmail"
..

-------- /usr/local/etc/mgetty+sendfax/mgetty.config ----------------------
#
# mgetty configuration file
#
# this is a sample configuration file, see mgetty.info for details
#
# comment lines start with a "#", empty lines are ignored


# ----- global section -----
#
# In this section, you put the global defaults, per-port stuff is below


# set the global debug level to "5" (which is quite verbose)
debug 4

# set the local fax station id
fax-id ##########

# access the modem(s) with 115200 bps
speed 115200

rings 4

# the /dev/tty-device is owned by uucp.uucp and mode "rw-rw-r--" (664)
port-owner uucp
port-group uucp
port-mode 0664

# incoming faxes are owned by "root.uucp" and mode "rw-r-----" (640)
fax-owner root
fax-group uucp
fax-mode 0640


# ----- port specific section -----
# 
# Here you can put things that are valid only for one line, not the others
#

port ttyS1
# Sportster 28,8
  init-chat "" \d\d\d+++\d\d\dAT&F&A3&B1&H1&R2&D2&C1X7S0=0S9=3S7=90 OK
  statistics-chat "" AT OK ATI4 OK ATI6 OK
  statistics-file /tmp/statistics.robotics

-------- /etc/ppp/options -------------------------------------------------
lock 
115200
crtscts modem 
: defaultroute
#asyncmap 0
asyncmap 10000000
mtu 552 mru 552

-------- /etc/ppp/ip-up ---------------------------------------------------
#!/bin/bash
# set -x
NETDEVICE=$1
TTYDEVICE=`basename $2`
SPEED=$3
LOCAL_IP=$4
REMOTE_IP=$5
POPUSERS='me friend1 friend2'
echo "PPP is now up!" | wall
(echo "`date +%T` : PPP is up NETDEVICE=$NETDEVICE TTYDEVICE=$TTYDEVICE
SPEED=$SPEED LOCAL_IP=$LOCAL_IP REMOTE_IP=$REMOTE_IP"

if [ -e /tmp/.internet ]; then
    # http://www.ml.org
    (sleep 5; /usr/local/bin/mlddc </etc/ppp/mymldata) &

    if [ -e /tmp/.automatic ]; then
        echo "`date +%T` : Getting date and time..."
        /usr/sbin/netdate -v -l 120 ntp.univ-lyon1.fr && /sbin/clock -u -w
    fi

    echo "`date +%T` : Sending mail..."
    (/usr/sbin/sendmail -q
     echo "`date +%T` : ...Mail sent") &

    for i in $POPUSERS; do
        echo "`date +%T` : Receiving mail for $i..."
        (su $i -c "/usr/local/bin/fetchmail --fetchlimit 500 --timeout 1200"
         echo "`date +%T` : ...Mail for $i received") &
    done

    if [ -e /tmp/.automatic ]; then
        echo "`date +%T` : Receiving news..."
        (cd /var/spool/news/interesting.groups
         # Avoid some newsgroups !
         /bin/rm -f `cut -f1 ../uninteresting.groups`
         # Try resending all articles
         /bin/mv -f ../failed.postings/* ../out.going
         /usr/local/sbin/fetch -v
         echo "`date +%T` : ...News received") &
    fi

    echo "`date +%T` : Waiting for tasks..."
    wait

    if [ -e /tmp/.automatic ]; then
        echo "`date +%T` : ...All tasks done, shutting PPP down"
        rm /tmp/.automatic
        /usr/bin/pppdeconnect
    else
        echo "`date +%T` : ...All tasks done"
        echo "All tasks done, enjoy your PPP connection!" | wall
    fi
fi) 2>&1 | mail -s "PPP session debriefing" root &

-------- /etc/ppp/ip-down -------------------------------------------------
#!/bin/sh
echo PPP is shutting down! | wall
date
rm -f /tmp/.internet
killall fetchmail

-------- /etc/ppp/dial-insat ----------------------------------------------
ABORT 'ERROR'
ABORT 'NO DIALTONE'
ABORT 'NO ANSWER'
ABORT 'BUSY'
ABORT 'NO CARRIER'
TIMEOUT 5
'' AT
OK 'AT &F1 E0 V1 &C1 &D2 Q0 S0=0 &B1 &A3'
OK 'ATS7=60S19=0L0M1&M4&K1&H1&R2&I0B0X4'
OK ATDT0556479478
TIMEOUT 45
'CONNECT 28800/ARQ/V34/LAPM/V42BIS' '\d\d'
TIMEOUT 10
'' ''
'' ''
Userid:--Userid:-BREAK-Userid: myuserid
ssword? '\qmypasswd'
'' ppp

-------- /usr/bin/pppconnect ---------------------------------------------
#!/bin/sh
# Appel Standard
#DEBUG=yes
DEVICE=/dev/ttyS1
DIAL_SCRIPT=/etc/ppp/dial-insat

stty -tostop -echo < $DEVICE > $DEVICE

exec /usr/sbin/pppd $DEVICE connect "/usr/sbin/chat ${DEBUG:+-v} -f
$DIAL_SCRIPT" ${DEBUG:+debug}

-------- /usr/bin/pppdeconnect -------------------------------------------
#!/bin/sh

DEVICE=ppp0

killall chat

#
# If the ppp0 pid file is present then the program is running. Stop it.
if [ -r /var/run/$DEVICE.pid ]; then
        kill -INT `cat /var/run/$DEVICE.pid`
#
# If unsuccessful, ensure that the pid file is removed.
#
        if [ ! "$?" = "0" ]; then
                echo "removing stale $DEVICE pid file."
                rm -f /var/run/$DEVICE.pid
                exit 1
        fi
#
# Success. Terminate with proper status.
#
        echo "$DEVICE link terminated"
        exit 0
fi
#
# The link is not active
#
echo "$DEVICE link is not active"
exit 1




Et pour ceux qui voudraient recevoir les appels entrants:
-------- /etc/passwd -----------------------------------------------------
..
ppp::410:14:Public PPP Account:/home/ppp:/etc/ppp/ppplogin
..

-------- /etc/ppp/ppplogin -----------------------------------------------
#!/bin/sh
# ppplogin - script to fire up pppd on login
mesg n
stty -echo
exec /usr/sbin/pppd -detach :192.168.1.100 proxyarp