On Sat, 28 Feb 1998, SamMaEl wrote:

> 
> 	Ok, I think I know what is wrong with the ppp connection I have
> been trying to get. I was visiting a friend today and we tried dialing up
> my machine like 6 or 7 times and got the connection as before, were able
> to ping, got the ip address and were still able to get our name from the
> name server. BUT, I got home and turned on my monitor and it hit me...
> well, first off I was using proxyarp for 192.168.2.1, which there is no
> device associated with the 192.168.2 network so that is a justifiable
> error, but I also got the IPFilter initialization, with pass all (like it
> should) and logging disabled (I haven't gotten to compile another kernel
> yet with logging enabled.), and IPFilter complains about already being
> initialized. pppd is executing the ip-up script! Is there any way I can
> KEEP it from doing this??
> 
> 	Or, just as good... I guess I could think of a way to make it not
> execute the ipfilter stuff if it is going to be run as a server. Here is
> the ipfilter related part of the script. It is the one Bob Nestor gave me
> to help get ipnat going ;-) So, maybe I should blame him ;-)

Ok I can solve both problems for you I hope. :) Here is my /etc/ppp/ip-up.

#!/bin/sh
#

#I have a ppp server on /dev/tty01 so I don't want this script.
if [ "$2" = "/dev/tty01" ]
then exit 0
fi

#I don't want this section to run at system boot so I make it wait for
#  multi-user (securelevel = 0 is single user or during boot)
if [ "`sysctl kern.securelevel`" = "kern.securelevel = 0" ]
then exit 0
else
#Kill my xntpd (it's too out of sync by now)
	if [ -f /var/run/xntpd.pid ]
	then
	  kill -TERM `cat /var/run/xntpd.pid`
	  rm -f /var/run/xntpd.pid
	fi
#Update the time from a nice ntp server
#Restart my xntpd daemon
	ntpdate ntp2.usno.navy.mil
	xntpd -p /var/run/xntpd.pid
fi
#Sync my ip-nat rules (this is paired with ... -> 0/32 in /etc/ipnat.conf)
ipf -y
#Flush any outgoing mail now that the ppp connection is up
sendmail -q
exit 0

Here is a nice section I added to my /etc/netstart right after the
ipfilter section:

# Enable, flush and install nat rules before configuring interfaces.
if checkyesno ipnat; then
        if [ -f /etc/ipnat.conf ]; then
                echo 'installing nat rules ... '
                if ! checkyesno ipfilter; then
		ipf -E
		fi
                ipnat -F -C -f /etc/ipnat.conf
        else
                logger -s "WARNING: /etc/ipnat.conf not readable " \
                    "ipnat not started."
                # abort the boot rather than risk a security problem
                # bah this isn't important enough to stop the boot
                #exit 1;
        fi
fi

Now just add a line to /etc/rc.conf containing "ipnat=YES"

[ipfilter chaos]
> 
> 	Basically, it is extracting the IP address of the host, to
> determine the 'sz' variable, then it is mapping the packets recieved from
> ppp0 ( $1 which is the ppp client) at the IP address/netmask bits to
> another IP address and sending it to /tmp/ppp0, where ipnat then uses
> /tmp/ppp0 to startup from.
> 
See the ipfilter web page faq #6 (dealing with dynamic ips and ip-nat)

> 	Is there a way to get around starting ipnat from the ip-up script?
> Because it is ip-up that is causing the funky pppd behavior. I will try it
> later tonight when I can use the other phone line with my laptop and see
> if it works (for now I will just do a gross hack, like renaming the ip-up
> script in the script which I use to startup the pppd server, then rename
> it to ip-up after the pppd server is started up. It should work, but is
> there any better way to do this? Any help appreciated, thanks!

Ack, why pick the hard way just make your ip-up script exit prematurely
for your server see the ipparam section of pppd(1).

Or you can use the port specific exit as I did in my example above.

> 
> 	Now, if I could just figure out what's wrong with my dialup
> shell... I'm going to try using dtrcts on the modem line. I figured out
> how to reset the settings on my modem and save the configuration at least!
> ;-) at&w... then atz will reset it to the default setting (which I just
> have it as at&f1)
> 
> 	Thanks in advance, especially to Bill for being so patient ;-)
> 	
> 	Ryan
> 
> -----
> HELO... my name is rewt... you have SIGKILLed my father... prepare to vi!
> 

                                 \||||/
                                  o  o
=============================oOOo==()==oOOo==============================
|| "Please explain to me the scientific          |  tcjam@voicenet.com ||
||   nature of the whammy." -Scully              ______________________||
||                                                                     ||
|| "Foolproof systems don't take into account,                         ||
||  the ingenuity of fools" -Unknown 			               ||
||                                                                     ||
||   PGP key can be obtained from:                                     ||
||      http://www.voicenet.com/~tcjam/home/keys.html                  ||
=========================================================================