Tải bản đầy đủ - 0 (trang)
22 Using AsteriskNOW, “Asterisk in 30 Minutes”

22 Using AsteriskNOW, “Asterisk in 30 Minutes”

Tải bản đầy đủ - 0trang

18.4 Creating WvDial Accounts for Nonroot Users

Problem

You want your users to have their own private dial-up accounts, with the configuration file stored in their own home directories.



Solution

First, make sure all the necessary permissions and group ownerships are configured

as in Recipe 18.3. Then, WvDial configuration for individual users is done just like in

the first two recipes in this chapter, except the WvDial configuration file is stored in

their home directories. Create the new configuration file as the user, with the --config

option to specify the location of the user’s personal configuration file:

$ wvdialconf --config ~/.wvdialrc



The file can have any name you like; using .wvdialrc creates a default that is called by

using the wvdial command with no options. Multiple accounts are created by using

Dialer sections, and called just like in the other recipes:

$ wvdial ISP2



If the file has a different name, it must be called with the --config option:

$ wvdial --config ~/dialup



If there are multiple Dialer sections in it, call them this way:

$ wvdialconf --config ~/dialup ISP1



Discussion

Some users like having a desktop icon to click on, instead of running a shell command. It is easy to make one; check the documentation for whatever desktop they

are running, as each one is a little different.

For simple individual dial-up accounts, graphical utilities like KPPP and GnomePPP

are nice for your users. But, you often still have to make manual edits to /etc/ppp/

options or other ppp files. A common one is replacing the auth option in /etc/ppp/

options with noauth. It shouldn’t even be there, as virtually no commercial ISPs

require two-way authentication. Most Linux distributions make noauth the default

these days, thankfully.



See Also

• man 1 wvdial

• man 5 wvdial.conf

• man 8 pppd

• WvDial: http://open.nit.ca/wiki/?page=WvDial



18.4



Creating WvDial Accounts for Nonroot Users |



507



18.5 Sharing a Dial-Up Internet Account

Problem

You have a small number of users who need to share a single dial-up Internet

account. Maybe it’s all you can afford, or it’s all that’s available, or maybe your

needs are so minimal you don’t need broadband. It could even be a fiendishly clever

method for discouraging users from web surfing. You might have a mix of platforms

on the client side—Linux, Mac, Windows. Your LAN is already set up and functioning. You want to use an old PC as your Internet gateway.



Solution

Use an old PC to act as your Internet gateway. Configure a dial-up account on this

machine, then configure IP masquerading to direct all those Internet packets to all

the hosts on your LAN.

You’ll need the following:

• A modem on the dial-up server

• A program like WvDial, KPPP, or Gnome-PPP to configure dial-up networking

on the server

First, connect the modem to the phone line, and set up your dial-up account. Do not

connect the gateway box to the LAN yet. Get your dial-up account or accounts set

up and working.

Then, run these iptables rules from the command line:

# modprobe iptable_nat

# iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

# echo "1" > /proc/sys/net/ipv4/ip_forward



Now, when the gateway machine is connected to the LAN, all users can share the

connection. This provides no security whatsoever, and no persistence between

reboots, so you need to add these rules to a proper iptables firewall script. Please see

Chapter 3 to learn how to build a firewall.



Discussion

This is a great time to dig out that old AMD 586 box that lies under a layer of dust in

your closet and put it to work. Don’t use one of your user’s PCs because this leads to

frustration and woes. You can’t control what the user does with it, and it must be on

all the time. And, one of the reasons servers are more reliable than desktop PCs is

they are not asked to do nearly as much, so you’ll get better performance.



508



|



Chapter 18: Running a Linux Dial-Up Server



There are a lot of excellent specialized mini-Linux distributions made expressly to

serve as firewalls and Internet gateways. Here is a list of some excellent ones to try

that support dial-up networking:

• IPCop (http://www.ipcop.org/)

• FreeSCO (http://www.freesco.org/)

• Shorewall (http://www.shorewall.net/)



See Also

• man 8 iptables

• Building Secure Servers with Linux, by Michael D. Bauer (O’Reilly)



18.6 Setting Up Dial-on-Demand

Problem

You don’t want to babysit a shared dial-up connection, or leave it on all the time;

you want it to connect itself on demand, like when a user clicks on a web browser or

checks email, and disconnect after a period of inactivity.



Solution

First, get WvDial and ppp working reliably, as we covered in the previous recipes.

Next, create a file called /etc/ppp/peers/demand so that it looks like this, naming your

own Dialer section, modem port, and user login:

noauth

name wvdial

usepeerdns

connect "/usr/bin/wvdial --chat ISP1"

/dev/ttyS2

115200

modem

crtscts

defaultroute

noipdefault

user alrac@isp.net

idle 300

persist

demand

logfd 6



Now, you can start up your new demand-dial server with the pon command, naming

the configuration file you just created:

# pon demand



18.6



Setting Up Dial-on-Demand |



509



It will not dial up right away, but will wait for a user to initiate a link by trying to

connect to the Internet. Test this by pinging some web sites, opening a web browser,

or checking email. You can verify that the pppd daemon has started with ps:

$ ps ax | grep pppd

6506 ?

Ss



0:00 /usr/sbin/pppd call demand



Shut down the link with poff:

# poff



Discussion

The /etc/ppp/peers/demand file can be named anything you like.

pon means “pppd on” and poff means “pppd off.”

The demand option prepares the pppd link; it configures the interface (ppp0), then

stops short of connecting. Then, when packets start moving, such as checking email,

pppd dials in and establishes the connection.

The persist option keeps the link open even when packets are no longer flowing

over the link.

idle 300 means that the connection will close after 300 seconds of inactivity. You can



set this to any value, or not use it at all if you want maximum availability.

You may do all of this with ppp alone, and not use WvDial. I like WvDial because it

is easy to use. WvDial assumes that most modems understand the Hayes AT command set. ppp was created in the days when modem commands were not standard,

so its structure and configuration are more complex.



See Also

• man 1 wvdial

• man 5 wvdial.conf

• man 8 pppd

• WvDial: http://open.nit.ca/wiki/?page=WvDial



18.7 Scheduling Dial-Up Availability with cron

Problem

You want to shut down dial-up activity completely during nights and weekends, as

no one will be using it. Your modem bandwidth costs you money, or you don’t want

it accidentally running when no one is around just because someone left an IRC session or email client open.



510



|



Chapter 18: Running a Linux Dial-Up Server



Solution

A simple cron job will do the trick. If you are using demand dialing create a crontab,

as root, using the name of your own /etc/ppp/peers/[foo] file:

# crontab -e

00 6 * * 1-5 /usr/bin/pon demand

00 20 * * 1-5 /usr/bin/poff



Save the file without renaming it, and then exit the editor. This example starts dialon-demand every morning at 6 a.m., and shuts it down every evening at 8 p.m.

Verify your new rules with the -l (list) switch:

# crontab -l

00 6 * * 1-5 /usr/bin/pon filename

00 20 * * 1-5 /usr/bin/poff



Discussion

crontabs are user-specific, so when you want to create a system-wide cron job, you

must do so as root. crontab opens the default editor as specified in your ~/.bashrc. You

may use any editor you like. In the example in the Solution, crontab opened the Vim

editor. This is what the ~/.bashrc entry that defines your default editor looks like:

EDITOR=vim

VISUAL=$EDITOR

export EDITOR VISUAL



crontab -e means “edit the current user’s crontab.”



This is what the fields in crontab mean:

field

----minute

hour

day of month

month

day of week



allowed values

-------------0-59

0-23

1-31

1-12 (or names, see below)

0-7 (0 or 7 is Sun, or use names)



You may also use WvDial commands if your setup is like the first two recipes in this

chapter, and you are not using demand dialing:

# crontab -e

00 6 * * 1-5 /usr/bin/wvdial filename

00 20 * * 1-5 kill `pidof wvdial`



This starts up WvDial at 6 a.m. and shuts it down at 8 p.m.



See Also

• man 5 crontab

• Recipe 6.15, “Setting Your Default Editor,” in Linux Cookbook, by Carla Schroder

(O’Reilly) to learn more about customizing the editor that crontab uses



18.7



Scheduling Dial-Up Availability with cron |



511



18.8 Dialing over Voicemail Stutter Tones

Problem

When you have a message on your voicemail, the dial tone changes to a stutter tone.

Your modem interprets this as no dial tone, and will not dial out.



Solution

Add or change this line in /etc/wvdial.conf:

Abort on No Dialtone = no



This tells WvDial to dial no matter what, without checking for a dial tone.



Discussion

Hopefully, you are not in the sort of environment where phone cables are continually coming unplugged, which would make using this option a bit of a problem. You

might want to turn up the modem speaker so you can hear it dialing out, just to keep

an eye (OK, ear) on it, with these options added to the Init2 line in /etc/wvdial.conf:

M1 L3



M1 turns on the speaker for dialing and the handshake only. L1 is the lowest volume.

L2, L3, and L4 are progressively louder.



See Also

• man 1 wvdial

• man 5 wvdial.conf

• man 8 pppd

• WvDial: http://open.nit.ca/wiki/?page=WvDial



18.9 Overriding Call Waiting

Problem

Your phone line has call waiting, so whenever you get a call when you are online it

messes up your connection—you get disconnected, or your downloads get corrupted or interrupted.



Solution

Disable call waiting in /etc/wvdial.conf. This option disables call waiting globally:

Dial Prefix = *70,



This disables it per phone number:

Phone = *70,1234567



512



|



Chapter 18: Running a Linux Dial-Up Server



You can add another comma or two to give it more time to take effect before dialing

the number, if necessary.



Discussion

The V.92 modem standard allows for more options than merely disabling call waiting: ignore, disconnect, or place the Internet connection on hold and take the call.

The last option requires using an ISP that supports this. You’ll need a modem that

supports these features to make them work.



See Also

• man 1 wvdial

• man 5 wvdial.conf

• man 8 pppd

• WvDial: http://open.nit.ca/wiki/?page=WvDial



18.10 Leaving the Password Out of the Configuration

File

Problem

You don’t want to leave your dial-up account password in the WvDial configuration

file because it is stored in plaintext.



Solution

Add the Ask Password = yes option to your WvDial configuration file, like this:

[Dialer Defaults]

Modem = /dev/ttyS3

Baud = 115200

Init1 = ATZ

Init2 = ATQ0 V1 E1 &C1 &D2 +FCLASS=0

ISDN = 0

Modem Type = Analog Modem

Dial Attempts = 10

[Dialer ISP1]

Stupid Mode = on

Phone = 1234567

Username = alrac

Ask Password = yes

Idle Seconds = 600



Then, you’ll be prompted for your password during login.



18.10 Leaving the Password Out of the Configuration File |



513



Discussion

This is not suitable for a dial-up server, unless you enjoy scampering to the server

and entering a password every time someone needs to go online. It adds a bit of protection for users who do not have control over who uses their computers.



See Also

• man 1 wvdial

• man 5 wvdial.conf

• man 8 pppd

• WvDial: http://open.nit.ca/wiki/?page=WvDial



18.11 Creating a Separate pppd Logfile

Problem

All of your pppd messages are getting dumped into /var/log/messages, and making a

big mess, and you would rather have them going to a separate file.



Solution

Create your logfile:

# touch /var/log/ppp



Then, add the logfile option to /etc/ppp/options:

logfile /var/log/ppp



Delete any references to logfd, as the two options are mutually exclusive.



Discussion

There is no downside to having separate logfiles for your services; it makes it a lot

easier to find out what is happening on your system.

Customizing the standard Linux syslog is bit more difficult than it needs to be; see

Chapter 19 to learn how to build a robust, easily customizable logging server with

syslog-ng.



See Also

• man 8 pppd



514



|



Chapter 18: Running a Linux Dial-Up Server



Chapter 19



CHAPTER 19



Troubleshooting Networks



19.0 Introduction

Linux provides a host of software utilities for troubleshooting network problems.

This chapter covers a number of excellent Linux utilities for pinpointing problems

and seeing what’s happening on your network. These are all intended to be quick

and easy to use, rather than for ongoing monitoring. Check out Chapters 13 and 14

on Nagios and MRTG to learn how to set up monitoring and alerting.

Your workhorses are going to be ping, tcpdump, Wireshark, and ngrep. While ping is

still the number one tool for checking connectivity, tcpdump, Wireshark, and ngrep

all provide different and excellent ways to capture and read what’s going over your

wires. You can’t count on applications to generate useful error messages when commands fail (or sometimes to generate any messages at all), but nothing is hidden

from a packet sniffer. When you don’t know if it’s a hardware or software problem,

run these first to narrow down the possibilities. Software problems are more common than hardware problems, so don’t break out the hardware testers until you have

eliminated software glitches. Of course, it never hurts to rule out the immediately

obvious, such as a disconnected cable or a powered-down machine.

Practice running the various utilities in this chapter as often as you can on healthy

systems. Then, you’ll know what a healthy network looks like, and you’ll develop

elite skills that will come in handy when there are troubles.

Don’t forget your logfiles. Most applications come with an option to crank up the

logging levels to debug. Do this to collect as much data as possible, and then don’t

forget to turn the level back down to something sane so you don’t fill your logfiles in

record time.



515



Testing and Tracing Cabling

If you’re into testing your own cabling, there are all kinds of interesting tools to help

you. A basic multimeter should be your first purchase, along with an electrical outlet

tester. These are inexpensive little yellow three-pronged gadgets with colored LEDs.

Just plug one into an electrical outlet, and the LEDs will tell you if it is healthy or not.

Multimeters are useful for a lot of jobs, such as finding shorts and opens, testing for

continuity and attenuation, and determining whether a wire is terminated correctly.

They’re also great for other jobs, such as testing power supplies and motherboards.

For installed cable, you’ll need a special continuity tester that comes in two pieces—

one for each end of the cable. Some of these also come with tone generators for

tracing cables. If you crimp your own cables, you ought to invest in a good cable

tester.

Tracking down cable problems inside walls—and tracing and identifying them—

calls for a “fox and hound pair,” which is a delightful name for a tone generator and

amplifier pair. The fox connects to a cable and generates a tone, and then the hound

sniffs out the tone to identify and trace the cable. The fox reads the tone through the

wire’s insulation, and even through drywall.

If you’re not interested in being your own cable guru, find yourself a professional

who understands analog wiring, digital wiring, and computer cabling, because these

days, you’re going to find all three jumbled together. Even when you are your own

cabling guru, you’ll still need an electrician and a telecom technician from time to

time. Never try to be your own homegrown electrician—any wire that carries current should be touched only by a professional.



Spares for Testing

Don’t forget hubs and switches in your bug hunts. Ordinary dumb hubs and

switches are dirt cheap—keep a couple on hand for swapping with a suspect switch

or hub. Keep extra patch cables, too. Using your handy network administrator laptop for portable testing is a fast way to figure out which side of a switch a problem is

on, or even whether it’s on the switch itself.



19.1 Building a Network Diagnostic and Repair

Laptop

Problem

You want to set up an old laptop as a portable network diagnostic station. What

should you have on it?



516



|



Chapter 19: Troubleshooting Networks



Solution

This is a fine and endlessly useful thing to have. It doesn’t have to be a super-duper

brand-new laptop; any one of reasonably recent vintage that supports USB 2.0 and

Linux will do. It should have:

• Two wired Ethernet interfaces and one wireless

• Modem

• USB 2.0 ports

• Serial port

• Serial terminal

Most laptops don’t have a serial port, so you can use a USB-to-serial adapter instead.

Another great thing to have is a PATA/SATA-to-USB 2.0 adapter for rescuing failing

hard drives. This lets you plug in either 2.5" or 3.5" PATA or SATA hard drives, and

then do a direct copy to save your data. Use the excellent GNU ddrescue utility for

this. If your primary hard drive isn’t big enough to hold the data, hook up a second

one with another PATA/SATA-to-USB 2.0 adapter, or copy it over your network.

Why not just copy it over the network in the first place? Because a failing drive is

going to take the networking stack down along with everything else.

Install whatever Linux distribution you want, and these applications:

OpenSSH

Secure remote administration.

sshfs

Securely mount remote filesystems.

telnet

Insecurely login to servers; useful for several kinds of tests.

Nmap

Port scanner and network exploration.

tcptraceroute; traceroute

Show routes taken to other hosts.

tcpdump; Wireshark

Packet sniffers.

Netstat

Show listening and connected ports.

netstat-nat

Display NAT connections.

ping

Send ICMP ECHO_REQUEST to network hosts.



19.1



Building a Network Diagnostic and Repair Laptop |



517



Tài liệu bạn tìm kiếm đã sẵn sàng tải về

22 Using AsteriskNOW, “Asterisk in 30 Minutes”

Tải bản đầy đủ ngay(0 tr)

×