From 4ffc7924900b2d63759b24d8a50cba8b89eea659 Mon Sep 17 00:00:00 2001 From: Atsushi Murai Date: Tue, 31 Jan 1995 06:24:33 +0000 Subject: [PATCH] Reviewed by: --- etc/ppp/ppp.conf.filter.sample | 49 +++++++++++++ etc/ppp/ppp.conf.iij | 72 +++++++++++++++++++ etc/ppp/ppp.conf.sample | 125 +++++++++++++++++++++++++++++++++ etc/ppp/ppp.linkup.sample | 37 ++++++++++ etc/ppp/ppp.secret.sample | 8 +++ 5 files changed, 291 insertions(+) create mode 100644 etc/ppp/ppp.conf.filter.sample create mode 100644 etc/ppp/ppp.conf.iij create mode 100644 etc/ppp/ppp.conf.sample create mode 100644 etc/ppp/ppp.linkup.sample create mode 100644 etc/ppp/ppp.secret.sample diff --git a/etc/ppp/ppp.conf.filter.sample b/etc/ppp/ppp.conf.filter.sample new file mode 100644 index 000000000000..1d90f1562245 --- /dev/null +++ b/etc/ppp/ppp.conf.filter.sample @@ -0,0 +1,49 @@ +# +# $Id:$ +# +# An example of packet filter definition. +# +# +filterd: +# +# Don't dial with ICMP packet +# + set dfilter 0 deny icmp + set dfilter 1 permit 0/0 0/0 +# +# Allow ident packet pass through +# + set ifilter 0 permit tcp dst eq 113 + set ofilter 0 permit tcp src eq 113 +# +# Allow telnet connection to the Internet +# + set ifilter 1 permit tcp src eq 23 estab + set ofilter 1 permit tcp dst eq 23 +# +# Allow ftp access to the Internet +# + set ifilter 2 permit tcp src eq 21 estab + set ofilter 2 permit tcp dst eq 21 + set ifilter 3 permit tcp src eq 20 dst gt 1023 + set ofilter 3 permit tcp dst eq 20 +# +# Allow access to DNS +# + set ifilter 4 permit udp src eq 53 + set ofilter 4 permit udp dst eq 53 +# +# Allow access from/to my company network +# + set ifilter 5 permit 192.244.191.0/24 0/0 + set ofilter 5 permit 0/0 192.244.191.0/24 +# +# Allow ping and traceroute response +# + set ifilter 6 permit icmp + set ofilter 6 permit icmp + set ifilter 7 permit udp dst gt 33433 + set ofilter 7 permit udp dst gt 33433 +# +# If none of above rules matches, then packet is blockd. +# diff --git a/etc/ppp/ppp.conf.iij b/etc/ppp/ppp.conf.iij new file mode 100644 index 000000000000..940898cb9ede --- /dev/null +++ b/etc/ppp/ppp.conf.iij @@ -0,0 +1,72 @@ +############################################################################# +# +# Examples to connect to IIJ Dialup PPP service +# +# 1) On IIJ servive, both user side and server side address can +# not be predicted by a customer. In this circumstance, you need +# some trick to use on-demand dialup. See iij-demand for example. +# +# 2) IIJ has 3 kinds of authentication method; getty, PAP and CHAP. +# In all cases, you can use same username and password assigned +# from IIJ. +# +# $Id:$ +# +############################################################################# +# +# Very simple case. Note that this example automatically dials into IIJ. +# Please be sure to check phone number to access nearest location. +# +# % ppp iij +# +iij: + set phone 0332425701 + set authname MyUserName + set authkey MyPassword + set login "TIMEOUT 5 login:-\\r-login: \\U word: \\P PPP" + set timeout 0 + dial +# +# If you prefer to use PAP authentification, use this one. +# +# % ppp iij-pap +# +iij-pap: + set phone 0332425701 + accept pap + set authname MyUserName + set authkey MyPassword + set login "TIMEOUT 5 login:-\\r-login:" + set timeout 0 + set openmode active + dial +# +# Use "% ppp iij-chap" for CHAP authentification +# +iij-chap: + set phone 0332425701 + accept chap + deny pap + set authname MyUserName + set authkey MyPassword + set login "TIMEOUT 5 login:-\\r-login:" + set timeout 0 + set openmode active + dial +# +# Here, we assume that IIJ server has 192.244.177.2 as their address. +# This assumption may not be correct, but we'll fix it later. +# Also, take a look at ppp.linkup. +# +# % ppp -auto iij-demand +# +# Use dummy ping to generate a call to IIJ. +# +# % ping 192.244.177.2 +# +iij-demand: + set debug lcp + set phone 0355118852 + set login "TIMEOUT 5 login:-\\r-login: MyUserName word: MyPassword PPP" + set ifaddr 0 192.244.177.2/20 + add 0 0 192.244.177.2 diff --git a/etc/ppp/ppp.conf.sample b/etc/ppp/ppp.conf.sample new file mode 100644 index 000000000000..4512c6629e3c --- /dev/null +++ b/etc/ppp/ppp.conf.sample @@ -0,0 +1,125 @@ +################################################################# +# +# PPP Sample Configuration File +# +# Written by Toshiharu OHNO +# +# $Id:$ +# +################################################################# +# +# Default setup. Executed always when PPP is invoked. +# +default: + set device /dev/tty01 + set speed 38400 + disable lqr + deny lqr + set dial "ABORT BUSY ABORT NO\\sCARRIR TIMEOUT 5 \"\" AT OK-AT-OK \\dATDT\\T TIMEOUT 40 CONNECT" +# +# Example with login script +# o From PPP prompt, +# ppp> dial simplesite +# will automatically dials and perform login procedure. +# +# ppp> load simplesite +# will also load and execute commands, but don't dial. +# +# o From shell, invoke as +# % ppp simplesite +# will load commands associated with the label. Use, +# ppp> dial +# to establish the connection. +# +simplesite: + set phone 12345678 + set login "TIMEOUT 5 login:-\\r-login: ppp word: ppp" + set timeout 120 +# +# If peer reqires to use CHAP, don't forget to supply authname and authkey. +# +# If you'd like to use CHAP to authentificate peer, comment out the line +# ``enable chap'' below. You also need to prepare /etc/ppp.secret. +# +# If remote system sends its system name within CHAP packet and it is +# found in /etc/ppp.secret, then secret key is taken from the file and +# value of authkey is ignored. +# +chapsite: + set phone 12345678 + set login "TIMEOUT 5 login:-\\r-login: ppp word: ppp" + deny pap + accept chap +# enable chap + set authname MySystemName + set authkey OurSecretKey +# +# To speak PAP is just smilar to CHAP +# +papsite: + set phone 12345678 + set login "TIMEOUT 5 login:-\\r-login: ppp word: ppp" + deny chap + accept pap +# enable pap + set authname MyUserName + set authkey MyPassword +# +# On demand dialup example +# Here, we assume that local side use 192.244.185.226 and +# remote side use 192.244.176.44 as their IP address. +# You must supply -auto option to invoke PPP. +# +# ex. % ppp -auto ondemand +# +ondemand: + set phone 1234567 + set login "TIMEOUT 5 login:-\\r-login: ppp word: ppp" + set timeout 120 + set ifaddr 192.244.185.226 192.244.176.44 + add 0 255.255.255.0 192.244.176.44 +# +# Another on demand example +# If peer assign some IP address for us, and we can't predict it +# until we make a connection, use 0 as local side address. +# +pmdemend: + set phone 1234567 + set login "TIMEOUT 5 login:-\\r-login: ppp word: ppp" + set timeout 120 + set ifaddr 0 192.244.176.44 + add 0 255.255.255.0 192.244.176.44 +# +# Example to validate incoming user with CHAP +# Invod as ``ppp -direct users'' from login script. User's system name +# and secret-key must be registered into /etc/ppp.secret. +# IP address assigned to peer is registered in ppp.secret, then that +# value is used and value in ``ifaddr'' command has no effect. +# +users: + disable pap + enable chap + set authname ppp-server + set ifaddr 192.244.176.44 292.244.184.31 +# +# Example of Callback Request +# +# Here, we assume that peer will hangup the line and initiates a callback +# after successful authentification. We simply use chat script capabiluty +# and wait for a "NO CARRIRER" response from our modem. +# +# % ppp callback +# +callback: + set phone 0312345678 + set login "ABORT NO\\sCARRIER TIMEOUT 5 login:-\\r-login: MyName word: MySecret TIMEOUT 20 DUMMY" + set debug phase chat + dial + quit +# +# Example for PPP/TELNET and PPP/TCP. Read doc for further details +# +ppptelnet: + set escape 0xff +ppptcp: + set device 192.244.191.33:2400 diff --git a/etc/ppp/ppp.linkup.sample b/etc/ppp/ppp.linkup.sample new file mode 100644 index 000000000000..afe58a79ed17 --- /dev/null +++ b/etc/ppp/ppp.linkup.sample @@ -0,0 +1,37 @@ +######################################################################### +# +# Example of ppp.linkup file +# +# +# This file is checked when PPP establishes network level connection. +# PPP command seaches label in this file in following way and order. +# +# 1) At first, IP address assigned into our side is serched and execute +# associated command. +# +# 2) If it didn't found, then label name specified at startup time is +# searched. +# +# 3) If given label name is not found, then label MYADDR is serched. +# +# $Id:$ +# +######################################################################### +# +# If we've got 192.244.176.32 as our address, then regard peer as a gateway +# to 192.244.176.0 network. +# +#192.244.176.32: +# add 192.244.176.0 255.255.255.0 HISADDR +# +# If we are invked with an argument ``iij-demand'', then +# delete existing route entry and add peer as default gateway. +# +iij-demand: + delete ALL + add 0 0 HISADDR +# +# Otherwide, simply add peer as default gateway. +# +MYADDR: + add 0 0 HISADDR diff --git a/etc/ppp/ppp.secret.sample b/etc/ppp/ppp.secret.sample new file mode 100644 index 000000000000..4b2e1dce2eab --- /dev/null +++ b/etc/ppp/ppp.secret.sample @@ -0,0 +1,8 @@ +################################################## +# Sysname Secret Key Peer's IP address +# +# $Id:$ +# +################################################## +oscar OurSecretKey 192.244.184.34/24 +BigBird X4dWg9327 192.244.184.33/32