SETTING UP DIALD FOR LINUX - AN EXAMPLE GNU Copyright by Harish Pillay h.pillay@ieee.org 1996 The following is an example of a setup I have running on many machines that allow automatic installation of diald upon boot-up. When a connection request comes along, it automatically dials up my preferred ISP, Pacific Internet here in Singapore. Many thanks to Eric Schenk for the super tool diald. /etc/rc.d/rc.local #! /bin/sh # Put any local setup commands in here # Running gpm echo "Running gpm..." gpm -t ms & # starting innd /etc/rc.d/rc.news # starting CERN httpd echo "Starting CERN httpd with proxy and caching." /usr/local/bin/httpd # loading modules that are needed /etc/rc.d/rc.modules # starting diald echo "Starting diald daemon to Pacific Internet ..." cd /usr/lib/ppp /usr/lib/ppp/diald.pacific.internet /usr/lib/ppp/diald.pacific.internet /usr/sbin/diald /dev/ttyS1 /dev/ttyS1 lock debug 20 -m ppp local 127.0.0.2 \ remote 127.0.0.3 defaultroute modem crtscts \ connect "chat -v -f /usr/lib/ppp/pppchat.pi" \ dynamic -- debug noipdefault /usr/lib/ppp/pppchat.pi ABORT "NO CARRIER" ABORT BUSY "" ATZ OK ATm1s50=255s111=0DT1-800-555-1212 CONNECT "" login MYLOCINNAME ssword MYPASSWORD Blind PPP script * Fire up minicom. * Connect up to your provider. * invoke PPP on the other end. * Suspend minicom (alt-A-J). * invoke the following script #!/bin/sh # Set up a PPP link blindly - script called blind.ppp DEVICE=ttyS1 ( stty 38400 -tostop pppd -detach debug noipdefault defaultroute mru 1500 /dev/$DEVICE & exit 0 ) /dev/$DEVICE My /etc/diald.conf file (unchanged from stock distribution): # This is a pretty complicated set of filter rules. # (These are the rules I use myself.) # # I've divided the rules up into four sections. # TCP packets, UDP packets, ICMP packets and a general catch all rule # at the end. #------------------------------------------------------------------------------ # Rules for TCP packets. #------------------------------------------------------------------------------ # General comments on the rule set: # # In general we would like to treat only data on a TCP link as signficant # for timeouts. Therefore, we try to ignore packets with no data. # Since the shortest possible set of headers in a TCP/IP packet is 40 bytes. # Any packet with length 40 must have no data riding in it. # We may miss some empty packets this way (optional routing information # and other extras may be present in the IP header), but we should get # most of them. Note that we don't want to filter out packets with # tcp.live clear, since we use them later to speedup disconnects # on some TCP links. # # We also want to make sure WWW packets live even if the TCP socket # is shut down. We do this because WWW doesn't keep connections open # once the data has been transfered, and it would be annoying to have the link # keep bouncing up and down every time you get a document. # # Outside of WWW the most common use of TCP is for long lived connections, # that once they are gone mean we no longer need the network connection. # We don't neccessarily want to wait 10 minutes for the connection # to go down when we don't have any telnet's or rlogin's running, # so we want to speed up the timeout on TCP connections that have # shutdown. We do this by catching packets that do not have the live flag set. # --- start of rule set proper --- # When initiating a connection we only give the link 15 seconds initially. # The idea here is to deal with possibility that the network on the opposite # end of the connection is unreachable. In this case you don't really # want to give the link 10 minutes up time. With the rule below # we only give the link 15 seconds initially. If the network is reachable # then we will normally get a response that actually contains some # data within 15 seconds. If this causes problems because you have a slow # response time at some site you want to regularly access, you can either # increase the timeout or remove this rule. accept tcp 15 tcp.syn # Keep named xfers from holding the link up ignore tcp tcp.dest=tcp.domain ignore tcp tcp.source=tcp.domain # (Ack! SCO telnet starts by sending empty SYNs and only opens the # connection if it gets a response. Sheesh..) accept tcp 5 ip.tot_len=40,tcp.syn # keep empty packets from holding the link up (other than empty SYN packets) ignore tcp ip.tot_len=40,tcp.live # make sure http transfers hold the link for 2 minutes, even after they end. # NOTE: Your /etc/services may not define the tcp service www, in which # case you should comment out the following two lines or get a more # up to date /etc/services file. See the FAQ for information on obtaining # a new /etc/services file. accept tcp 120 tcp.dest=tcp.www accept tcp 120 tcp.source=tcp.www # Once the link is no longer live, we try to shut down the connection # quickly. Note that if the link is already down, a state change # will not bring it back up. keepup tcp 5 !tcp.live ignore tcp !tcp.live # an ftp-data or ftp connection can be expected to show reasonably frequent # traffic. accept tcp 120 tcp.dest=tcp.ftp accept tcp 120 tcp.source=tcp.ftp #NOTE: ftp-data is not defined in the /etc/services file provided with # the latest versions of NETKIT, so I've got this commented out here. # If you want to define it add the following line to your /etc/services: # ftp-data 20/tcp # and uncomment the following two rules. #accept tcp 120 tcp.dest=tcp.ftp-data #accept tcp 120 tcp.source=tcp.ftp-data # If we don't catch it above, give the link 10 minutes up time. accept tcp 600 any # Rules for UDP packets # # We time out domain requests right away, we just want them to bring # the link up, not keep it around for very long. # This is because the network will usually come up on a call # from the resolver library (unless you have all your commonly # used addresses in /etc/hosts, in which case you will discover # other problems.) # Note that you should not make the timeout shorter than the time you # might expect your DNS server to take to respond. Otherwise # when the initial link gets established there might be a delay # greater than this between the initial series of packets before # any packets that keep the link up longer pass over the link. # Don't bring the link up for rwho. ignore udp udp.dest=udp.who ignore udp udp.source=udp.who # Don't bring the link up for RIP. ignore udp udp.dest=udp.route ignore udp udp.source=udp.route # Don't bring the link up for NTP or timed. ignore udp udp.dest=udp.ntp ignore udp udp.source=udp.ntp ignore udp udp.dest=udp.timed ignore udp udp.source=udp.timed # Don't bring up on domain name requests between two running nameds. ignore udp udp.dest=udp.domain,udp.source=udp.domain # Bring up the network whenever we make a domain request from someplace # other than named. accept udp 30 udp.dest=udp.domain accept udp 30 udp.source=udp.domain # Do the same for netbios-ns broadcasts # NOTE: your /etc/services file may not define the netbios-ns service # in which case you should comment out the next three lines. ignore udp udp.source=udp.netbios-ns,udp.dest=udp.netbios-ns accept udp 30 udp.dest=udp.netbios-ns accept udp 30 udp.source=udp.netbios-ns # keep routed and gated transfers from holding the link up ignore udp tcp.dest=udp.route ignore udp tcp.source=udp.route # Anything else gest 2 minutes. accept udp 120 any # Catch any packets that we didn't catch above and give the connection # 30 seconds of live time. accept any 30 any My diald.defs file (unchanged from stock distribution): # Define default protocol rules prule tcp tcp 9:12:13:14:15:16:17:18:19:+0:+1:+2:+3:9:9:9 prule udp udp 9:12:13:14:15:16:17:18:19:+0:+1:+2:+3:9:9:9 prule icmp icmp 9:12:13:14:15:16:17:18:19:9:9:9:9:9:9:9 prule any any 9:12:13:14:15:16:17:18:19:9:9:9:9:9:9:9 # Define the internet packet header fields. var ip.ihl 0(24)&0xf var ip.version 0(28)&0xf var ip.tos 1(24)&0xff var ip.tot_len 2(16)&0xffff var ip.id 4(16)&0xffff var ip.frag_off 6(16)&0x3fff var ip.ttl 8(24)&0xff var ip.protocol 9(24)&0xff var ip.check 10(16)&0xffff var ip.saddr 12 var ip.daddr 16 # Define the TCP packet header fields. var tcp.source +0(16)&0xffff var tcp.dest +2(16)&0xffff var tcp.seq +4 var tcp.ack_seq +8 var tcp.doff +12(28)&0xf var tcp.fin +13(24)&0x1 var tcp.syn +13(25)&0x1 var tcp.rst +13(26)&0x1 var tcp.psh +13(27)&0x1 var tcp.ack +13(28)&0x1 var tcp.urg +13(29)&0x1 var tcp.live +127 # Define the UDP packet header fields. var udp.source +0(16)&0xffff var udp.dest +2(16)&0xffff var udp.len +4(16)&0xffff var udp.check +6(16)&0xffff # Define the ICMP packet header fields. var icmp.type +0(24)&0xff var icmp.code +1(24)&0xff var icmp.checksum +2(16)&0xffff var icmp.echo.id +4(16)&0xffff var icmp.echo.sequence +6(16)&0xffff var icmp.gateway +4 My setup * 486/66 with 20 MB ram and plenty of disk space :-) * 16550 UARTs a plenty * diald 0.11, pppd 2.2.0d, kernel 1.3.95 modularized. Notes * Make sure you change the /dev/ttyS1 above to match your requirements. * Ensure that you can actually connect up with PPP by using the blind.ppp script. Questions? Email Harish Pillay -> h.pillay@ieee.org _________________________________________________________________ Go back to the Harish's Home Page _Last updated June 3rd 1996_ _________________________________________________________________