Version: 1.21 from 2005-03-03
Copyright 1997-2005 by Peter Bieringer <pb@bieringer.de>,
original site of publishing: http://www.bieringer.de/linux/ISDN/
Unlimited non-commercial distribution of this document in its entirety
is encouraged - please contact the author prior to commercial
publication.
Suggestions, comments and improvements are welcome!
1.21: Remove hint about tar-balls of this pages (no longer active)
1.20: Reviewed reject-masq for RH6.2
1.17: Add a link to a new page: GSM & X.75 dial-in
1.15: Reviewed scripts for RedHat 6.1, update of own configuration
information
1.13: Getting MS-DNS IP addresses and use it locally
1.12: Two new scripts for stopping unintentional dial-on-demand and
hangup
1.11: Updates for DLD 6.0
1.08: Updates for DLD 5.4, DNS offline/online configuration change is
now
done by ip-up & ip-down, triggered from ppp daemon
1.05: isdn.dial now changes the DNS configuration from local to remote,
publishing of my DNS offline/online configuration files
1.03: Updates for DLD 5.3
My Configuration
RedHat 6.2 Linux Distribution
Kernel version: 2.2.17 (writing the document version 1.17)
For ISDN: isdn4k-utils-3.1-22
3 computers (one as ISDN-gateway) + Nokia 9110, connected together in a
private intranet, IP masquerading via firewall (transparent proxy) for
packet routing through the ISDN connected computer into the Internet
(see
here
a detailed picture)
Dynamic allocated IPv4 PPP Internet access, now with automatic DNS
forwarder
switching
Connection to the 6bone (IPv6) during a controlled tunnel server, see here
for more details
Script files for RedHat 6.0 - 6.2
The masquerading startup script (Reviewed for RedHat 6.1 + 6.2)
Features: loads all (or only selected) masquerading modules, setup some
firewall rules to prevent undesirable dial-on-demand
A script to prevent unintentional dial-on-demand at connections after a
timeout-hangup, which are still in the masquerading table and waiting
for
the TCP/FIN packet
Updated: automatic local network interface and IPv4 network detection
and
calculation, fix minor bugs
Idea taken from Jochen Roedenbeck's reject-masq.c [only usable with
ipfwadm]
(new implementation for ipchains in Bash was faster and easier than
hacking
the old code...)
Should be called from /etc/ppp/ip-down and also sometimes
from
cron (read description in the file!)
Script files for DLD 6.0 (old
- no longer maintained)
The masquerading startup script (it's a improved one, based on the DLD
6.0 original)
Features: loads all (or only selected) masquerading modules, detect
kernel
automatically to use the correct firewall binary and setup some
primitive
firewall rules to prevent undesirable dial-on-demand
A script to prevent unintentional hangups during interactive sessions
like
SSH or TELNET during long thinking about typing or reading
Some stuff to to get the MS-DNS server IP addresses from a PPP daemon
and
using it locally, i.e. as forwarder addresses for a locally running
BIND
named.
Script files for DLD 5.4 (old
- no longer maintained)
ISDN configuration under Linux is splitted into several steps and
completly
done by the distribution which will work in most cases.
But for some reasons, following script files can be very helpful.
Online/offline depended hostname resolving and nameserver
configuration
This is useful, if you want to switch between 2 configuration, one for
online and one for offline state. I.e. you're running a local
nameserver
and want to switch on forwarding to a outsided nameserver. Also you
want
to change your name resolving (this prevent your system from long
timeouts
during actual impossible name resolving).
Now I moved this mechanism to scripts which are triggered by the ppp
daemon. So no other dial-up script is neccessary (this is the big
change
to my older files). It runs automatically at the background.
Script can be called with option online or offline
Depending on the given option it creates (with previous making a backup
of the older real file) softlinks to the related configuration files.
Also,
if the local nameserver is running and its configuration file is
changed,
it gets the signal HUP to notify the changes (nameserver reloading).
Which is triggered by the ppp-daemon at succcessful dial-up during
calling
/etc/ppp/ip-up
(example, this
file is executed by ppp daemon after a successful dial-up, if the
IP-link
is ready to use)
Here you can see also a trigger for the automatic tunnel setup for IPv6
(see here for details)
And also triggered by the ppp-daemon if the connection is coming down
calling
/etc/ppp/ip-down
(example,
this file is executed by ppp daemon after getting a hangup signal
before
the IP-link is going down)
Here you can see also a trigger for a script which deletes all routes
through
the dial-up interface. This prevents you from some strange behavior, if
you trigger the next dial-up and get another IP address (I get such
problems,
because some routes are still there after hangup and wrong after next
dial-up).
Startup script for IP masquerading with kernel-level firewalling
(working
as a transparent proxy):
DLD 5.4-init compatible!
You can't use this script without
adaptation in other
System V startup enviroments! In this case take the older
one.
Loads and removes all available IP-masquerading kernel modules
Autodectection of the firewall setup program (for 2.0.x and 2.1.101-
needs
ipfwadm,
2.1.102+ needs ipchains)
Sets up firewall rule for IP masquerading
Enable/disable switch controlled by dldadmin|Services
I know, masquerading isn't a daemon, but I found no other easy way to
control
enable/disable by the user. Perhaps sometimes all services (not only
daemons)
can be controlled at this menu point.
An additional entry in runservices (required - in other cases
you
have to change the startup script), now you can enable/disable
IP-masquerading
by using dldadmin