Configuring a Dial-In PPP Server

If you want to access your high-speed Internet connection when you are away from home, a simple dial-up PPP service can be quickly configured on your Fedora system by configuring Linux to answer a call from a remote modem and start PPP. This is handy if you have high-speed access at home and need to use it while you are on the road. For example, our DSL connection is made through the telephone lines to our home. While at our winter vacation home, that DSL connection is not available. With a dial-in server, we use the modem in our laptop to dial home and the dial-up server connects us to the Internet (as well as our home LAN); it is like a private ISP. Not everyone will want to configure a dial-in PPP server to do this, but it does illustrate the kind of power that Linux offers a user.

You will need a second phone line (for convenience, it is not really necessary), a serial port, and an attached modem. The modem must be set to answer incoming calls using the AT commands specific to the modem you are using (consult its manual), and with the configuration saved using the AT&W modem command. A line-monitoring application such as agetty, getty, or mgetty is then used to watch the serial port by editing an entry in the system's initialization table, /etc/inittab. You then create a special user account and script to configure Fedora Core Linux to automatically start the pppd daemon and PPP service after a user logs in.

Many modems can use a modem string such as ATE1Q0V1&C1&S0S0=1&W to auto answer calls, but this varies by modem manufacturer. Some terminal monitors, such as uugetty, have configuration files that automatically set up the modem for a particular serial port and use an entry in /etc/inittab that looks like this:

3:2345:respawn:/sbin/uugetty ttyS1 38400 vt100

This entry assumes that a modem is attached to /dev/ttyS1.

Other commands, such as agetty, can directly configure a modem port and might use an /etc/inittab entry like this:

3:2345:respawn:/usr/local/bin/agetty -w -I 'ATE0Q1&D2&C1S0=1\015' \ 115200 ttyS1 vt100

If you would prefer to use the mgetty command, which is included with Fedora Core, use an entry like this:

3:2345:respawn:/sbin/mgetty -a -n 1 -D ttyS1

You will also need to edit the file /etc/mgetty+sendfax/mgetty.config to set connection speeds and whether data, fax, or data-only or fax-only connections are to be allowed.

S0:345:respawn:/sbin/vgetty ttyS2

# wavtopvf mymessage.wav mymessage.pvf # pvfspeed -s 7200 mymessage.pvf | pvftormd Elsa 4 > mymessage.rmd

# rmdtopvf mymessage.rmd | pvfspeed -s 8000 | pvftobasic >/dev/audio

The next step is to create a user named ppp and then to assign a password to it. Although it is possible to allow remote users to log in and start pppd from the command line (assuming that you have set pppd to SUID root), the pppd daemon can be started automatically by creating a short shell script and then assigning the shell script to the user for the default shell in the user's /etc/passwd entry, like this:

ppp:x:500:500::/home/ppp:/usr/local/bin/dopppdoppp

Made executable with chmod +x it would contain the following:

exec /usr/sbin/pppd -detach

Using this approach, pppd will start automatically after the ppp dial-in user connects and logs in (perhaps using the ppp-on scripts or other clients on the remote computer). The file options under the /etc/ppp directory should include general dial-in options for PPP service on your system, and specific options files (such as options.ttyS1 for this example) should be created for each enabled dial-in port. For example, /etc/ppp/options could contain

asyncmap 0 netmask 255.255.255.0 proxyarp lock crtscts modem

There are many approaches to providing your own PPP service. IP addresses can be assigned dynamically, or a static IP address can be doled out for a user. For example, /etc/ppp/options.ttyS1 could contain

IPofPPPserver:assignedIPofdialinuser

In this example, the first IP address is for the host computer, whereas the second IP address is assigned to the remote user. For details about configuring PPP for Linux, read the pppd man page or documentation under the /usr/share/doc/pppd* directory. If you're a Linux developer, browse the source code files ppp_async.c, ppp_deflate.c, ppp_generic.c, and ppp_synctty.c under the /usr/src/linux-2.6/drivers/net directory.

Using Patches/Upgrades to Keep Your Network Secure

One of the keys to security not mentioned previously is to keep up-to-date with at least the latest stable versions of your software. Each time a new version of a software package comes out, it corrects any known security holes found in the previous release. Also be sure to keep your operating systems patched to the latest patch level. Your network security is only as strong as the weakest host.

Refer to Chapter 7 for details on how to use RPM to update Fedora with newer software packages. See Chapter 39, "Kernel and Module Management," to learn how to update your Linux kernel (even if you use RPM).

With effort, your system can be secure enough to keep most intruders out. Just keep your software up-to-date and keep yourself informed of potential security threats to your software, and you should be fine.