svn commit: r44922 - head/en_US.ISO8859-1/books/handbook/ppp-and-slip
Dru Lavigne
dru at FreeBSD.org
Fri May 23 17:28:33 UTC 2014
Author: dru
Date: Fri May 23 17:28:33 2014
New Revision: 44922
URL: http://svnweb.freebsd.org/changeset/doc/44922
Log:
Some shuffling in Configuring PPP to improve the flow of this section.
More commits to come.
Sponsored by: iXsystems
Modified:
head/en_US.ISO8859-1/books/handbook/ppp-and-slip/chapter.xml
Modified: head/en_US.ISO8859-1/books/handbook/ppp-and-slip/chapter.xml
==============================================================================
--- head/en_US.ISO8859-1/books/handbook/ppp-and-slip/chapter.xml Fri May 23 17:12:05 2014 (r44921)
+++ head/en_US.ISO8859-1/books/handbook/ppp-and-slip/chapter.xml Fri May 23 17:28:33 2014 (r44922)
@@ -459,7 +459,29 @@
create <filename>/etc/ppp/ppp.linkup</filename> with the
above two lines. More examples for this file can be found
in <filename>/usr/share/examples/ppp/</filename>.</para>
- </sect2>
+
+ <para>By default, the <command>ppp</command> command must be
+ run as the <systemitem class="username">root</systemitem>
+ user. To change this default, add the account of the user
+ who should run <command>ppp</command> to the
+ <systemitem class="groupname">network</systemitem> group in
+ <filename>/etc/group</filename>.</para>
+
+ <para>Then, give the user access to one or more entries in
+ <filename>/etc/ppp/ppp.conf</filename> using the
+ <command>allow</command> command. For example, to give
+ <systemitem class="username">fred</systemitem> and
+ <systemitem class="username">mary</systemitem>
+ permission to only the <literal>provider:</literal> entry,
+ add this line to the <literal>provider:</literal>
+ section:</para>
+
+ <programlisting>allow users <replaceable>fred mary</replaceable></programlisting>
+
+ <para>To give the specified users access to all entries, put
+ that line in the <literal>default</literal> section
+ instead.</para>
+ </sect2>
<?ignore <sect2>
<title>Receiving Incoming Calls</title>
@@ -513,30 +535,7 @@
</step>
</procedure>
</sect2>
- ?>
- <sect2>
- <title><application>PPP</application> Permissions</title>
-
- <para>The <command>ppp</command> command must normally be
- run as the <systemitem class="username">root</systemitem> user. To instead
- allow <command>ppp</command> to run in server mode as a
- normal user, that user must be given permission to run
- <command>ppp</command> by adding them to the
- <systemitem class="groupname">network</systemitem> group in
- <filename>/etc/group</filename>.</para>
-
- <para>The user also needs access to one or more sections of
- the configuration file using the
- <command>allow</command> command:</para>
-
- <programlisting>allow users fred mary</programlisting>
-
- <para>If this command is used in the
- <literal>default</literal> section, it gives the specified
- users access to everything.</para>
- </sect2>
- <?ignore <sect2>
<title><acronym>PPP</acronym> Shells for Dynamic
<acronym>IP</acronym> Users</title>
@@ -681,101 +680,9 @@ mary:
add 203.14.103.0 netmask 255.255.255.0 HISADDR</programlisting>
</sect2>
?>
- <sect2 xml:id="userppp-mgetty">
- <title><command>mgetty</command> and AutoPPP</title>
-
- <indexterm>
- <primary><command>mgetty</command></primary>
- </indexterm>
-
- <indexterm>
- <primary>AutoPPP</primary>
- </indexterm>
-
- <indexterm>
- <primary>LCP</primary>
- </indexterm>
- <para><xref linkend="dialup"/> provides a good description
- on enabling dial-up services using &man.getty.8;.</para>
-
- <para>An alternative to <command>getty</command> is <link xlink:href="http://mgetty.greenie.net/">mgetty</link> (from
- <package>comms/mgetty+sendfax</package>
- port), a smarter version of <command>getty</command>
- designed with dial-up lines in mind.</para>
-
- <para>The advantages of using <command>mgetty</command> is
- that it actively <emphasis>talks</emphasis> to modems,
- meaning if port is turned off in
- <filename>/etc/ttys</filename> then the modem will not
- answer the phone.</para>
-
- <para>Later versions of <command>mgetty</command> (from
- 0.99beta onwards) also support the automatic detection of
- <acronym>PPP</acronym> streams, allowing clients
- scriptless access to the server.</para>
-
- <para>Refer to <xref linkend="userppp-mgetty"/> for more
- information on <command>mgetty</command>.</para>
-
- <para>By default the <package>comms/mgetty+sendfax</package> port
- comes with the <literal>AUTO_PPP</literal> option enabled
- allowing <command>mgetty</command> to detect the LCP
- phase of <acronym>PPP</acronym> connections and
- automatically spawn off a ppp shell. However, since the
- default login/password sequence does not occur it is
- necessary to authenticate users using either PAP or
- CHAP.</para>
-
- <para>This section assumes the user has successfully
- compiled, and installed the <package>comms/mgetty+sendfax</package> port on
- his system.</para>
-
- <para>Ensure that
- <filename>/usr/local/etc/mgetty+sendfax/login.config</filename>
- has the following:</para>
-
- <programlisting>/AutoPPP/ - - /etc/ppp/ppp-pap-dialup</programlisting>
-
- <para>This tells <command>mgetty</command> to run
- <filename>ppp-pap-dialup</filename> for detected
- <acronym>PPP</acronym> connections.</para>
-
- <para>Create an executable file called
- <filename>/etc/ppp/ppp-pap-dialup</filename> containing
- the following:</para>
-
- <programlisting>#!/bin/sh
-exec /usr/sbin/ppp -direct pap$IDENT</programlisting>
-
- <para>For each dial-up line enabled in
- <filename>/etc/ttys</filename>, create a corresponding
- entry in <filename>/etc/ppp/ppp.conf</filename>. This
- will happily co-exist with the definitions we created
- above.</para>
-
- <programlisting>pap:
- enable pap
- set ifaddr 203.14.100.1 203.14.100.20-203.14.100.40
- enable proxy</programlisting>
-
- <para>Each user logging in with this method will need to
- have a username/password in
- <filename>/etc/ppp/ppp.secret</filename> file, or
- alternatively add the following option to authenticate
- users via PAP from the <filename>/etc/passwd</filename>
- file.</para>
-
- <programlisting>enable passwdauth</programlisting>
-
- <para>To assign some users a static <acronym>IP</acronym>
- number, specify the number as the third argument in
- <filename>/etc/ppp/ppp.secret</filename>. See
- <filename>/usr/share/examples/ppp/ppp.secret.sample</filename>
- for examples.</para>
- </sect2>
<sect2>
- <title>MS Extensions</title>
+ <title>Advanced Configuration</title>
<indexterm>
<primary>DNS</primary>
@@ -817,9 +724,8 @@ set nbns 203.14.100.5</programlisting>
dns</literal> line is omitted,
<acronym>PPP</acronym> will use the values found in
<filename>/etc/resolv.conf</filename>.</para>
- </sect2>
- <sect2 xml:id="userppp-PAPnCHAP">
+ <sect3 xml:id="userppp-PAPnCHAP">
<title>PAP and CHAP Authentication</title>
<indexterm><primary>PAP</primary></indexterm>
@@ -888,32 +794,9 @@ set nbns 203.14.100.5</programlisting>
</listitem>
</varlistentry>
</variablelist>
- </sect2>
-
- <sect2>
- <title>Changing the <command>ppp</command> Configuration
- on the Fly</title>
-
- <para>It is possible to talk to the <command>ppp</command>
- program while it is running in the background, but only
- if a suitable diagnostic port has been set up. To do
- this, add the following line to the configuration:</para>
-
- <programlisting>set server /var/run/ppp-tun<replaceable>%d</replaceable> DiagnosticPassword 0177</programlisting>
-
- <para>This will tell PPP to listen to the specified
- &unix; domain socket, asking clients for the specified
- password before allowing access. The
- <literal>%d</literal> in the name is replaced with the
- <filename>tun</filename> device number that is in
- use.</para>
-
- <para>Once a socket has been set up, the &man.pppctl.8;
- program may be used in scripts that wish to manipulate
- the running program.</para>
- </sect2>
+ </sect3>
- <sect2 xml:id="userppp-nat">
+ <sect3 xml:id="userppp-nat">
<title>Using <acronym>PPP</acronym> Network Address
Translation Capability</title>
@@ -944,6 +827,7 @@ nat port tcp 10.0.0.2:http http</program
<para>or do not trust the outside at all</para>
<programlisting>nat deny_incoming yes</programlisting>
+ </sect3>
</sect2>
<sect2 xml:id="userppp-final">
@@ -1034,6 +918,10 @@ ifconfig_tun0=</programlisting>
<para>An alternative is to set up a
<quote>dfilter</quote> to block SMTP traffic. Refer to the
sample files for further details.</para>
+ </sect2>
+
+ <sect2>
+ <title>Using <command>ppp</command></title>
<para>All that is left is to reboot the machine. After
rebooting, either type:</para>
@@ -1048,7 +936,119 @@ ifconfig_tun0=</programlisting>
type:</para>
<screen>&prompt.root; <userinput>ppp -auto provider</userinput></screen>
- </sect2>
+
+ <para>It is possible to talk to the <command>ppp</command>
+ program while it is running in the background, but only
+ if a suitable diagnostic port has been set up. To do
+ this, add the following line to the configuration:</para>
+
+ <programlisting>set server /var/run/ppp-tun<replaceable>%d</replaceable> DiagnosticPassword 0177</programlisting>
+
+ <para>This will tell PPP to listen to the specified
+ &unix; domain socket, asking clients for the specified
+ password before allowing access. The
+ <literal>%d</literal> in the name is replaced with the
+ <filename>tun</filename> device number that is in
+ use.</para>
+
+ <para>Once a socket has been set up, the &man.pppctl.8;
+ program may be used in scripts that wish to manipulate
+ the running program.</para>
+ </sect2>
+
+ <sect2 xml:id="userppp-mgetty">
+ <title>Configuring Dial-in Services</title>
+
+ <indexterm>
+ <primary><command>mgetty</command></primary>
+ </indexterm>
+
+ <indexterm>
+ <primary>AutoPPP</primary>
+ </indexterm>
+
+ <indexterm>
+ <primary>LCP</primary>
+ </indexterm>
+ <para><xref linkend="dialup"/> provides a good description
+ on enabling dial-up services using &man.getty.8;.</para>
+
+ <para>An alternative to <command>getty</command> is
+ <package>comms/mgetty+sendfax</package>
+ port), a smarter version of <command>getty</command>
+ designed with dial-up lines in mind.</para>
+
+ <para>The advantages of using <command>mgetty</command> is
+ that it actively <emphasis>talks</emphasis> to modems,
+ meaning if port is turned off in
+ <filename>/etc/ttys</filename> then the modem will not
+ answer the phone.</para>
+
+ <para>Later versions of <command>mgetty</command> (from
+ 0.99beta onwards) also support the automatic detection of
+ <acronym>PPP</acronym> streams, allowing clients
+ scriptless access to the server.</para>
+
+ <para>Refer to <link xlink:href="http://mgetty.greenie.net/doc/mgetty_toc.html">http://mgetty.greenie.net/doc/mgetty_toc.html</link>
+ for more
+ information on <command>mgetty</command>.</para>
+
+ <para>By default the <package>comms/mgetty+sendfax</package> port
+ comes with the <literal>AUTO_PPP</literal> option enabled
+ allowing <command>mgetty</command> to detect the LCP
+ phase of <acronym>PPP</acronym> connections and
+ automatically spawn off a ppp shell. However, since the
+ default login/password sequence does not occur it is
+ necessary to authenticate users using either PAP or
+ CHAP.</para>
+
+ <para>This section assumes the user has successfully
+ compiled, and installed the <package>comms/mgetty+sendfax</package> port on
+ his system.</para>
+
+ <para>Ensure that
+ <filename>/usr/local/etc/mgetty+sendfax/login.config</filename>
+ has the following:</para>
+
+ <programlisting>/AutoPPP/ - - /etc/ppp/ppp-pap-dialup</programlisting>
+
+ <para>This tells <command>mgetty</command> to run
+ <filename>ppp-pap-dialup</filename> for detected
+ <acronym>PPP</acronym> connections.</para>
+
+ <para>Create an executable file called
+ <filename>/etc/ppp/ppp-pap-dialup</filename> containing
+ the following:</para>
+
+ <programlisting>#!/bin/sh
+exec /usr/sbin/ppp -direct pap$IDENT</programlisting>
+
+ <para>For each dial-up line enabled in
+ <filename>/etc/ttys</filename>, create a corresponding
+ entry in <filename>/etc/ppp/ppp.conf</filename>. This
+ will happily co-exist with the definitions we created
+ above.</para>
+
+ <programlisting>pap:
+ enable pap
+ set ifaddr 203.14.100.1 203.14.100.20-203.14.100.40
+ enable proxy</programlisting>
+
+ <para>Each user logging in with this method will need to
+ have a username/password in
+ <filename>/etc/ppp/ppp.secret</filename> file, or
+ alternatively add the following option to authenticate
+ users via PAP from the <filename>/etc/passwd</filename>
+ file.</para>
+
+ <programlisting>enable passwdauth</programlisting>
+
+ <para>To assign some users a static <acronym>IP</acronym>
+ number, specify the number as the third argument in
+ <filename>/etc/ppp/ppp.secret</filename>. See
+ <filename>/usr/share/examples/ppp/ppp.secret.sample</filename>
+ for examples.</para>
+ </sect2>
</sect1>
<sect1 xml:id="ppp-troubleshoot">
More information about the svn-doc-head
mailing list