Subject: Re: PPP NAT (revision)
To: T&B <list.mac68k@tandb.com.au>
From: Bruce Anderson <brucea@spacestar.net>
List: port-mac68k
Date: 07/31/2000 21:45:51
On Fri, Jul 21, 2000 5:02 AM, T&B <mailto:list.mac68k@tandb.com.au> wrote:
>My modem dials, but I get this in the message log:
>
>Jul 21 19:04:10 macbsd pppd[344]: Serial connection established.
>Jul 21 19:04:11 macbsd pppd[344]: Using interface ppp0
>Jul 21 19:04:11 macbsd pppd[344]: Connect: ppp0 <--> /dev/tty00
>Jul 21 19:04:19 macbsd pppd[344]: Serial line is looped back.
>Jul 21 19:04:19 macbsd pppd[344]: Connection terminated.
>Jul 21 19:04:22 macbsd pppd[344]: Exit.
>
>How do I fix the "Serial line is looped back" error? I tried commenting
out
>tty00 in /etc/ttys, but that didn't help.
just use tty00 none network off secure
Add E0 (E Zero) to your AT modem INIT string in /etc/ppp/chat-script
>
>and it destroys my default route through my local router. So I have to
add:
>route add default 192.168.1.254
>after the failure. Once the PPP NAT is working, I won't need to make the
other
>router the default.
comment out the welcome & ipparam & disconnect script in the peer/file like
so:
# welcome '/sbin/route delete default' # delete any current default routes
first
# pppd changes the routing table for us.
# ipparam "MYISP.net 206.191.193.1,192.168.1.31 MYISP.net,home.org"
# disconnect /etc/ppp/?? # eg. You could reset the default route here when
# pppd is done.
>
>I have named running, so I don't want to change any resolv setups etc. I
plan
>to dial an ISP that issues a known static IP address, but am using another
>dynamically assigned IP account until I cen get it to work.
Remove all the "goo" from /etc/ppp/ip-up and /etc/ppp/ip-down
Examples
cougar$ cat ip-up
#!/bin/sh
# keep track of time on line in /etc/ppp/ppp.log
cat /etc/ppp/time-ppp >>/etc/ppp/ppp.log
# clearout the connection state file.
echo ${CALLED} >/etc/ppp/time-ppp
# Flush the queue and pickup mail
echo $(date) " ip-up " >>/etc/ppp/time-ppp
#/usr/sbin/sendmail -q &
wait
/usr/sbin/ntpdate time.apple.com
echo $(date) " done with mail " >>/etc/ppp/time-ppp
/usr/pkg/bin/fetchmail --invisible --daemon 900 -f /etc/.fetchmailrc &
#EOF
cougar$ cat ip-down
#!/bin/sh
/usr/pkg/bin/fetchmail --quit
echo $(date) " ip-down " >>/etc/ppp/time-ppp
echo "" >>/etc/ppp/time-ppp
echo "" >>/etc/ppp/time-ppp
#EOF
/etc/ipnat.conf
# Net one
map ppp0 192.168.1.0/24 -> 0.0.0.0/32 portmap tcp/udp 10000:60000
map ppp0 192.168.1.0/24 -> 0.0.0.0/32
# Net two
map ppp0 192.168.2.0/24 -> 0.0.0.0/32 portmap tcp/udp 10000:60000
map ppp0 192.168.2.0/24 -> 0.0.0.0/32
# To my 7200/90
rdr ppp0 0/0 port 6970 -> 192.168.2.21 port 6970 udp
rdr ppp0 0/0 port 6971 -> 192.168.2.21 port 6971 udp
rdr ppp0 0/0 port 6972 -> 192.168.2.21 port 6972 udp
rdr ppp0 0/0 port 6973 -> 192.168.2.21 port 6973 udp
rdr ppp0 0/0 port 6974 -> 192.168.2.21 port 6974 udp
rdr ppp0 0/0 port 6975 -> 192.168.2.21 port 6975 udp
rdr ppp0 0/0 port 6976 -> 192.168.2.21 port 6976 udp
rdr ppp0 0/0 port 6977 -> 192.168.2.21 port 6977 udp
rdr ppp0 0/0 port 6978 -> 192.168.2.21 port 6978 udp
rdr ppp0 0/0 port 6979 -> 192.168.2.21 port 6979 udp
rdr ppp0 0/0 port 6980 -> 192.168.2.21 port 6980 udp
rdr ppp0 0/0 port 6981 -> 192.168.2.21 port 6981 udp
rdr ppp0 0/0 port 6982 -> 192.168.2.21 port 6982 udp
rdr ppp0 0/0 port 6983 -> 192.168.2.21 port 6983 udp
rdr ppp0 0/0 port 6984 -> 192.168.2.21 port 6984 udp
rdr ppp0 0/0 port 6985 -> 192.168.2.21 port 6985 udp
rdr ppp0 0/0 port 6986 -> 192.168.2.21 port 6986 udp
rdr ppp0 0/0 port 6987 -> 192.168.2.21 port 6987 udp
rdr ppp0 0/0 port 6988 -> 192.168.2.21 port 6988 udp
rdr ppp0 0/0 port 6989 -> 192.168.2.21 port 6989 udp
rdr ppp0 0/0 port 6990 -> 192.168.2.21 port 6990 udp
rdr ppp0 0/0 port 6991 -> 192.168.2.21 port 6991 udp
rdr ppp0 0/0 port 6992 -> 192.168.2.21 port 6992 udp
rdr ppp0 0/0 port 6993 -> 192.168.2.21 port 6993 udp
rdr ppp0 0/0 port 6994 -> 192.168.2.21 port 6994 udp
rdr ppp0 0/0 port 6995 -> 192.168.2.21 port 6995 udp
rdr ppp0 0/0 port 6996 -> 192.168.2.21 port 6996 udp
rdr ppp0 0/0 port 6997 -> 192.168.2.21 port 6997 udp
rdr ppp0 0/0 port 6998 -> 192.168.2.21 port 6998 udp
rdr ppp0 0/0 port 6999 -> 192.168.2.21 port 6999 udp
# Revised Jul 31, 2000 BA-
/etc/ipf.conf
block in log quick all with ipopts
block in log quick all with short
block in log quick on ppp0 from 127.0.0.0/8 to any
block in log quick on ppp0 from 10.0.0.0/8 to any
block in log quick on ppp0 from 192.168.0.0/16 to any
block in log quick on ppp0 from 172.16.0.0/12 to any
block in log on ppp0 from any to any
pass in quick on lo0 all
pass out quick on lo0 all
pass out on ppp0 proto tcp/udp from any to any keep state
pass out on ppp0 proto icmp from any to any keep state
and
/etc/netstart.local or rc.local
if [ -f /etc/ipnat.conf ]; then
sysctl -w net.inet.ip.forwarding=1;
echo 'starting IP network address translation (ipnat)...';
/usr/sbin/ipnat -f /etc/ipnat.conf ;
fi
sample chat
#!/bin/sh
# This script is invoked with one argument, the phone number to call
# and optionally the account username. If the username in included
# the chat script used is one that logs into a Terminal Server using
# a Login protocol. In the absence of the username argument the
# connection is made to a Server using PAP, CHAP or MS-CHAP
authentication.
#
# If the modem requires any special initialization specify the INIT
# string here. If uncertain leave this blank.
# Or use the value used with the modem when running MacOS (or Windows).
# BA-
MODEM_INIT='"AT &F H0 M0 E0 X4 W1Y0 &S1 &D3 S2=14 S26=0"'
# Y1 &D0 are essential to get the modem to hangup while using
# cdtrcts hardware flow control with external modems.
# Change + char 43 to Ctrl-N (S2=14)
# no more modem hangups while uploading AT commands, I hope.
# BA-
# Crack the argument string and get the phone number and optionally
# the account username.
NUMBER=`echo $1 | /usr/bin/awk '{print $1}'`
LOGIN=`echo $1 | /usr/bin/awk '{print $2}'`
ISP=`echo $1 | /usr/bin/awk '{print $3}'`
# If LOGIN name is not blank it means we're going to attempt to
# connect to a Terminal Server using a Login protocol. In that
# case we need to extract the account password from the pap-secrets
# file.
TMP="/tmp/${$}"
rm -f ${TMP}
umask 077
echo '# $1=' $1 >>${TMP}
echo 'REPORT ERROR'>>${TMP}
echo 'REPORT BUSY'>>${TMP}
echo 'REPORT CONNECT'>>${TMP}
echo 'ABORT ERROR'>>${TMP}
echo 'ABORT BUSY' >> ${TMP}
echo 'ABORT "NO CARRIER"' >>${TMP}
echo 'ABORT "NO DIAL"' >>${TMP}
echo 'TIMEOUT 10' >>${TMP}
echo '"" ^N^N^NATZ!!' >>${TMP}
echo '"OK" +++ATZH0!!' >>${TMP}
if [ -n "${MODEM_INIT}" ]; then
echo 'TIMEOUT 10' >>${TMP}
echo "OK ${MODEM_INIT}" >>${TMP}
fi
echo 'TIMEOUT 10' >>${TMP}
echo "OK ATH0DTW${NUMBER}" >>${TMP}
echo 'TIMEOUT 55' >>${TMP}
echo 'CONNECT ""' >>${TMP}
echo 'TIMEOUT 15' >>${TMP}
# This section might require some hand tweeking to deal with the
# prompt strings received from the Terminal Server during Login
# and what needs to be sent to bring up the PPP link. The default
# here assumes the Server will prompt for Username with "Username:"
# and Password with "Password:". Following validation the PPP link
# is started with the "ppp" command to the Server.
# Getting the password from chap-secrets only works for the root
# user because the connect script alwase runs with the real UID
# of the user even when pppd runs set UID root. BA- 1999
if [ -n "${LOGIN}" ]; then
PASSWD=`/usr/bin/awk --assign=isp=${ISP} --assign=login=${LOGIN} \
'$1 == login && $2 == isp {print $3}' </etc/ppp/chap-secrets`
# echo "rname:-\r-rname: ${LOGIN}" >>${TMP}
echo "ogin:--ogin: \d${LOGIN}" >>${TMP}
echo "word: \q${PASSWD}" >>${TMP}
# echo "word: \q<SECRET>" >>${TMP}
PASSWD="********************"
echo 'TIMEOUT 25' >>${TMP}
echo '} ""' >>${TMP}
# echo ' n-\r-n \d\c "" "ppp 0.0.0.0"' >>${TMP}
fi
# Now invoke the script we just built
/usr/sbin/chat -v -f ${TMP}
#/usr/sbin/chat -f ${TMP}
rm -f ${TMP}
#EOF
" Stamp out root login's . . . . su " --Bruce Anderson
This message was created and sent using Cyberdog 2.0, MacOS 8.6,
awk, find, sed, sendmail, sh, and NetBSD a free Multi-Platform OS.