Re: PPP interface

Stephen Davies (scldad@sdc.com.au)
Mon, 26 Oct 1998 19:06:10 +1030

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Maddog Abel: "Re: How to get response from cracking network"
Previous message: Stephen Davies: "How to get response from cracking network"
Maybe in reply to: Stephen Davies: "PPP interface"

G'day and thanks again.

kaz@cafe.net said:
>
>
> On Sun, 25 Oct 1998, Stephen Davies wrote:
>
> > G'day Kaz and thanks for your reply.
> >
> > The diald doco specifically says to not use the -detach option and I am pretty
> > sure I had the same situation before I started using diald.
>
> How did you manage your pppd's before you switched to diald? Did you just kill
> them and restart them from a shell script? That can give rise to the same race
> condition.
>

Yes, I believe that is what I did but it is quite a while ago.

> One easy way to get pppd to restart itself is simply to write an endless
> loop in the bash shell:
>
> while true ; do
> pppd < options > -detach
> done
>
> By using -detach, the shell will wait for pppd to terminate before launching it
> again, ensuring that the device is released.
>

Interesting idea. I used to rely on diald to drop the connection for brief
periods but now that I do not, this looks like a simple and effective
alternative to diald.

Shouldn't affect any dialin user either.

> > Yes, my permanent connection is permanent (except for the aforementioned
> > failures) and I do own a /24 network.
>
> Have you tried using the interface IP addresses in your firewall rules, rather
> than the interface names (-V rather an -W)?

For the first few years of connecting to the net via Linux PPP, I followed the
advice of my then ISP and configured both eth0 and ppp0 to 203.2.199.1. At
that stage I relied only on TCP wrappers for "firewalling".

When I added a web server and dialin services, I decided to use ipfwadm as
well as wrappers and split the two interfaces to two IP addresses to simplify
the rules as you suggest.

However, I could not find a way to make this work completely. If I made both
IPs resolve to mustang.sdc.com.au, every second access from ftp etc (from
security conscious sites) would fail because the reverse resolution would give
a different IP from the initial value due to named cycling between alternative
addresses.

If I assigned different names to each interface, it was confusing to regular
users: www.sdc.com.au would only work for either internal or external users
but not both.

If you have a solution to this dilemma, I would very much like to hear it.

Cheers and thanks,
Stephen.

========================================================================
Stephen Davies Consulting scldad@sdc.com.au
Adelaide, South Australia. Voice: 61-8-82728863
Computing & Network solutions. Fax: 61-8-82741015

-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.rutgers.edu

Next message: Maddog Abel: "Re: How to get response from cracking network"
Previous message: Stephen Davies: "How to get response from cracking network"
Maybe in reply to: Stephen Davies: "PPP interface"