Using PPP with Linux

    man <command name>

The most important thing to do when setting up a Linux system to use PPP, or any kind of connection that links the machine to the Internet, is to take your time and be very careful.  Linux, like other kinds of Unix, gives a lot of potential power to users.  You'll want to reign in some of that power if you're connecting your system to a network.
 
 

Things to Do Before using PPP

http://metalab.unc.edu/LDP/HOWTO/Security-HOWTO.html

there is a lot of material in that HOWTO, but in particular, you should read the sections on:

• Local Security
• File Permissions
• Shadow Passwords
• Network Security

• Using a Modem with Linux
• Getting Ready to use PPP with Linux

Secure Your Password File

    ls -l /etc/shadow

If you don't see a shadow file listing similar to this:

    -r-------- 1 root root 639 Nov 16 23:15 /etc/shadow

(note: the file size, 639, and timestamp "Nov 16 23:15,  may be different for your shadow file)

Then type:

    /usr/sbin/pwconv

To convert your password file so that it uses the more secure /etc/shadow file. What this does is remove all the passwords from /etc/passwd, and store them in a file that only the root user can access.  This isn't foolproof, but it's much more secure than storing password information in /etc/passwd, which is a file that anyone can read.  Note: DO NOT try to change the permissions on either the passwd or shadow files, they should be left alone with their default settings.
 
 

Restricting Services

    ps ax | grep http

If you see httpd processes listed, then your system is running web service.  Consult the documentation that came with your copy of Linux, or the web site of the software publisher, for information on controlling the web service on your machine.  In general, you'll need to edit and/or remove files from /etc/rc.d/, but the details of the changes may vary from one type of Linux to another.

For telnet and ftp services, you have two options for stopping them:

• Completely stop the services by commenting the appropriate lines in /etc/inetd.conf
• Block the services, using tcp_wrappers

    pico -w /etc/inetd.conf

And check the entries for ftp, telnet, gopher, shell, login, talk, ntalk, pop-2, pop-3, imap, and finger (some of these entries may be missing or commented out, if they are, then ignore them).

For option #1, just edit /etc/inetd.conf with the editor of your choice (vi, emacs, or pico, it doesn't matter as long as the editor does not use word wrapping) and place a # (pound sign) at the beginning of the lines for telnet, ftp, and gopher.

For option #2, make sure that in the sixth column of /etc/inetd.conf  each of the services listed above has:

    /usr/sbin/tcpd

as its entry.

After you make your changes (for either option 1 or 2), type:

    ps ax | grep inetd

To find out the process number of inetd. In this example:

    667 ? S 0:00 /usr/sbin/inetd

"667" is the process number of inetd. Now you must kill the process and restart it:

    kill -9 667
    /usr/sbin/inetd

Do another 'ps ax | grep inetd' to make sure that inetd has started up again.

If you chose option #2, now you must create two plaintext files:

    /etc/hosts.deny
    /etc/hosts.allow

to block certain services using the tcp_wrapper (which is what /usr/sbin/tcpd is).

In /etc/hosts.deny, you should have at least these entries:

    ftpd: ALL
    telnetd: ALL
    rshd: ALL
    rlogind: ALL
    rexecd: ALL
    fingerd: ALL

In /etc/hosts.allow, you want at least:

    ftpd: LOCAL
    telnetd: LOCAL
    rshd: LOCAL
    rexecd: LOCAL
    rlogind: LOCAL
    fingerd: LOCAL

This will allow you to ftp, telnet, rsh, rexec, rlogin, and finger from your machine to other machines, and from your machine to your machine...but no one will be able to do any of those things to your machine from outside of it.   (ie: a user on clam, would not be able to telnet, ftp, rlogin, or finger your machine).

There are other things discussed in the Security-HOWTO that you should read about (as mentioned above) before you link your Linux machine up to the network using PPP (or any other method).
 
 

Starting PPP

While logged in as yourself in Xwindows, type:

    seyon &

to start up the Seyon communications program.   In Seyon, click the Set button and make sure that CTS-RTS
is highlighted, then click the Baud button and make sure that the Baud is set to 115,200. (The Seyon documentation
explains in more detail how to permanently set these options using a Seyon startup file).
 

Seyon Pointers In your home directory, after you've run seyon once, there will be a .seyon directory. You should make sure that you are not currently running seyon before following these steps: cd  cd .seyon pico -w startup This will load seyon's startup file into the pico editor (-w turns off word wrap). You want to make sure that these two settings appear somewhere in the file:     set baud 115200     set rtscts on There should be no "#" in front of those two settings. Now hold down CTRL and press the X key to exit pico and save your seyon startup file. The next time you start seyon, you won't have to set the baud rate or the flow control.

In the Seyon terminal window, manually dial (856)225-6900 by typing:

    ATDT 225-6900

If you need to include the area code, or any other digits, place them like this:

    ATDT 1-856-225-6900

or

    ATDT *70-225-6900

After you connect to the Rutgers-Camden dialup (also referred to as barry), you'll be prompted to login.  Follow the instructions on the screen to login and when you see the barry> prompt, type:

    ppp default

to initiate a ppp connection from the Rutgers end, then click Exit in Seyon and choose to Exit without hanging up.

In a shell window, type this exactly:

    pppd -d -detach crtscts modem defaultroute /dev/modem 115200 &

Note:
You can put that line in a text file, name it something like startppp and then make it executable:

    chmod u+x startppp

So that as soon as you exit Seyon without hanging up, you can type:

./startppp

from your home directory.

Once you've either entered the full command line, or run your executable text file, the PPP daemon (pppd) should start up.  Type:

    ifconfig

In a shell window, and you should see an entry marked for "ppp" if the daemon started successfully.  You can also try to ping some other computers on the Rutgers network, like clam.

    ping 165.230.99.70

...if you get a response from clam when you ping it, then you are connected.  You can also telnet to clam by typing:

    telnet 165.230.99.70

from a shell window.   You may wonder why you have to type the IP address for clam in, instead of the system name.  The reason this example uses the IP numbers is that your system may not be configured yet to use Domain Name Service (DNS).  Without DNS, your Linux system will not understand that "clam.rutgers.edu" equals "165.230.99.70".  In order to use  DNS, you'll need to read the Networking HOWTO, so that you can type in commands like:

    ping clam
    telnet clam

Instead of having to use:

    ping 165.230.99.70
    telnet 165.230.99.70
 

DNS Setup Tips

    search rutgers.edu
    nameserver 165.230.99.71
    nameserver 165.230.99.70

The /etc/hosts file should at least contain these entries:

    # this entry is the 'loopback' entry for your linux machine
    127.0.0.1 localhost localhost.localdomain
    #
    # if you have a network card in your linux machine
    # and it's hooked up to other computers, then you should
    # put an entry in like this:
    192.168.0.2 linuxpc
    # 192.168.0.2 - 192.168.0.200 : is the recommended range
    # of IP numbers to use if you've got tcp/ip setup between
    # multiple computers at home
    #
    # important camden systems
    165.230.99.71      clamserv.rutgers.edu     clamserv
    165.230.99.70        clam.rutgers.edu              clam

There are other things that may need to be checked, but the settings in resolv.conf and hosts should match the examples above.