mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-12-28 14:24:09 +01:00
663abed6d2
Submitted by: Guy Helmer
434 lines
18 KiB
Plaintext
434 lines
18 KiB
Plaintext
Slip Server
|
|
FAQ
|
|
For
|
|
FreeBSD
|
|
|
|
$Id$
|
|
|
|
Help for setting up SLIP Server services on a FreeBSD system
|
|
------------------------------------------------------------
|
|
|
|
Written by Guy Helmer (ghelmer@alpha.dsu.edu)
|
|
Last Updated December 13, 1994
|
|
|
|
This document provides suggestions for setting up SLIP Server services
|
|
on a FreeBSD system, which typically means configuring your system to
|
|
automatically startup connections upon login for remote SLIP clients.
|
|
I've written this document based on my own experience; however, as
|
|
your system and needs may be different, this document may not answer
|
|
all of your questions, and I cannot be responsible if you damage your
|
|
system or lose data due to attempting to follow the suggestions here.
|
|
|
|
I have only setup SLIP Server services on a FreeBSD 1.1 system, so if
|
|
you are running a different version (such as FreeBSD 2.0), your system
|
|
may be different. I've decided to write this document since I've
|
|
recently been asked for the umpteenth time how to setup a FreeBSD
|
|
machine as a SLIP server :-)
|
|
|
|
|
|
1. Prerequisites
|
|
----------------
|
|
|
|
This document is very technical in nature, so background knowledge is
|
|
required. I must assume that you are familiar with the TCP/IP network
|
|
protocol, and in particular, network and node addressing, network
|
|
address masks, subnetting, routing, and routing protocols, such as
|
|
RIP. Configuring SLIP services on a dial-up server requires a
|
|
knowledge of these concepts, and if you are not familiar with them,
|
|
please read a copy of either Craig Hunt's "TCP/IP Network
|
|
Administration" published by O'Reilly & Associates, Inc. (ISBN Number
|
|
0-937175-82-X), or Douglas Comer's book on the TCP/IP protocol.
|
|
|
|
I will assume that you have already setup your modem(s) and configured
|
|
the appropriate system files to allow logins through your modems (see
|
|
the manual pages for sio(4) for information on the serial port device
|
|
driver and ttys(5), gettytab(5), getty(8), & init(8) for information
|
|
relevant to configuring the system to accept logins on modems, and
|
|
perhaps stty(1) for information on setting serial port parameters
|
|
[such as "clocal" for directly-connected serial interfaces]).
|
|
|
|
2. Quick Overview
|
|
-----------------
|
|
|
|
In its typical configuration, using FreeBSD as a SLIP server works as
|
|
follows: a SLIP user dials up your FreeBSD SLIP Server system and logs
|
|
in with a special SLIP login ID that uses "/usr/sbin/sliplogin" as the
|
|
special user's shell. The "sliplogin" program browses the file
|
|
"/etc/slip.hosts" to find a matching line for the special user, and if
|
|
it finds a match, connects the serial line to an available SLIP
|
|
interface and then runs /etc/slip.login to configure the SLIP
|
|
interface.
|
|
|
|
2.1 An Example of a SLIP Server Login
|
|
-------------------------------------
|
|
|
|
For example, if my SLIP user ID were "Shelmerg", that user's entry in
|
|
/etc/master.passwd would look something like this (except it would be
|
|
all on one line):
|
|
|
|
Shelmerg:password:1964:89::0:0:Guy Helmer - SLIP:
|
|
/usr/users/Shelmerg:/usr/sbin/sliplogin
|
|
|
|
and, when I log in with that user ID, "sliplogin" will search
|
|
/etc/slip.hosts for a line that had a matching user ID; on my system,
|
|
I may have a line in /etc/slip.hosts that reads:
|
|
|
|
Shelmerg dc-slip sl-helmer 0xfffffc00 autocomp
|
|
|
|
sliplogin will find that matching line, hook the serial line I'm on
|
|
into the next available SLIP interface, and then execute
|
|
/etc/slip.login like this:
|
|
|
|
/etc/slip.login 0 19200 Shelmerg dc-slip sl-helmer 0xfffffc00 autocomp
|
|
|
|
If all goes well, /etc/slip.login will issue an "ifconfig" for the
|
|
SLIP interface to which sliplogin attached itself (slip interface 0,
|
|
in the above example, which was the first parameter in the list given
|
|
to slip.login) to set the local IP address (dc-slip), remote IP
|
|
address (sl-helmer), network mask for the SLIP interface (0xfffffc00),
|
|
and any additional flags (autocomp). If something goes wrong,
|
|
sliplogin usually logs good informational messages via the daemon
|
|
syslog facility, which usually goes into /var/log/messages (see the
|
|
manual pages for syslogd(8) and syslog.conf(5), and perhaps check
|
|
/etc/syslog.conf to see to which files syslogd is logging).
|
|
|
|
OK, enough of the examples -- let's dive into setting up the system.
|
|
|
|
3. Kernel Configuration
|
|
-----------------------
|
|
|
|
FreeBSD's default kernels usually come with two SLIP interfaces
|
|
defined (sl0 and sl1); you can use "netstat -i" to see whether these
|
|
interfaces are defined in your kernel.
|
|
|
|
Sample output from "netstat -i":
|
|
Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll
|
|
ed0 1500 <Link>0.0.c0.2c.5f.4a 291311 0 174209 0 133
|
|
ed0 1500 138.247.224 ivory 291311 0 174209 0 133
|
|
lo0 65535 <Link> 79 0 79 0 0
|
|
lo0 65535 loop localhost 79 0 79 0 0
|
|
sl0* 296 <Link> 0 0 0 0 0
|
|
sl1* 296 <Link> 0 0 0 0 0
|
|
|
|
The sl0 and sl1 interfaces shown in "netstat -i"'s output indicate
|
|
that there are two SLIP interfaces built into the kernel. (The
|
|
asterisks after the "sl0" and "sl1" indicate that the interfaces are
|
|
"down".)
|
|
|
|
However, FreeBSD's default kernels do not come configured to forward
|
|
packets (ie, your FreeBSD machine will not act as a router) due to
|
|
Internet RFC requirements for Internet hosts (see RFC's 1009
|
|
[Requirements for Internet Gateways], 1122 [Requirements for Internet
|
|
Hosts -- Communication Layers], and perhaps 1127 [A Perspective on the
|
|
Host Requirements RFCs]), so if you want your FreeBSD SLIP Server to
|
|
act as a router, you'll have to add the line "options GATEWAY" to your
|
|
machine's kernel configuration file and re-compile the kernel anyway.
|
|
(Trivia: "Gateways" are the Internet's old name for what are now
|
|
usually called "routers".)
|
|
|
|
Please see the BSD System Manager's Manual chapter on "Building
|
|
Berkeley Kernels with Config" [the source for which is in
|
|
/usr/src/share/doc/smm] and the "FreeBSD Configuration Options" [in
|
|
/sys/doc/options.doc] for more information on configuring and building
|
|
kernels. You may have to unpack the kernel source distribution if
|
|
haven't installed the system sources already (srcdist/srcsys.?? in
|
|
FreeBSD 1.1, srcdist/sys.?? in FreeBSD 1.1.5.1, or the entire source
|
|
distribution in FreeBSD 2.0-RELEASE) to be able to configure and build
|
|
kernels.
|
|
|
|
You'll notice that near the end of the default kernel configuration
|
|
file (/sys/i386/conf/GENERICAH) is a line that reads:
|
|
|
|
pseudo-device sl 2
|
|
|
|
which is the line that defines the number of SLIP devices available in
|
|
the kernel; the number at the end of the line is the maximum number of
|
|
SLIP connections that may be operating simultaneously.
|
|
|
|
See the "Building Berkeley Kernels with Config" and the manual page
|
|
for config(8) to see how to configure and build kernels.
|
|
|
|
4. Sliplogin Configuration
|
|
--------------------------
|
|
|
|
As mentioned earlier, there are three files in the /etc directory that
|
|
are part of the configuration for /usr/sbin/sliplogin (see
|
|
sliplogin(8) for the actual manual page for sliplogin): slip.hosts,
|
|
which lists the SLIP users & their associated IP addresses;
|
|
slip.login, which usually just configures the SLIP interface; and
|
|
slip.logout, which undoes slip.login's effects when the serial
|
|
connection is terminated.
|
|
|
|
4.1 slip.hosts Configuration & Local and Remote Address Selection
|
|
-----------------------------------------------------------------
|
|
|
|
/etc/slip.hosts contains lines which have at least four items listed:
|
|
a SLIP user's login ID, the local address (local to the SLIP server)
|
|
of the SLIP link, the remote address of the SLIP link, and the network
|
|
mask. The local and remote addresses may be host names (given in
|
|
/etc/hosts or by the domain name service, depending on your
|
|
specifications in /etc/host.conf), and I believe the network mask may
|
|
be a name that can be resolved by a lookup into /etc/networks. On one
|
|
of my systems, /etc/slip.hosts looks like this:
|
|
|
|
----- begin /etc/slip.hosts -----
|
|
#
|
|
# login local-addr remote-addr mask opt1 opt2
|
|
# (normal,compress,noicmp)
|
|
#
|
|
Shelmerg dc-slip sl-helmerg 0xfffffc00 autocomp
|
|
----- end /etc/slip.hosts ------
|
|
|
|
At the end of the line is one or more of the options:
|
|
|
|
"normal" - no header compression
|
|
"compress" - compress headers
|
|
"autocomp" - compress headers if the remote end allows it
|
|
"noicmp" - disable ICMP packets (so any "ping" packets won't use up
|
|
any of your bandwidth)
|
|
|
|
Your choice of local and remote addresses for your SLIP links depends
|
|
on whether you are going to dedicate a TCP/IP subnet or if you are
|
|
going to use "proxy ARP" on your SLIP server (it's not "true" proxy
|
|
ARP, but that is the terminology that I will use in this document to
|
|
describe it). If you're not sure which method to select or how to
|
|
assign IP addresses, please refer to the TCP/IP books referenced in
|
|
the "Prerequisites" section and/or consult your IP network manager.
|
|
|
|
If you are going to use a separate subnet for your SLIP clients, you
|
|
will need to allocate the subnet number out of your assigned IP
|
|
network number and assign each of your SLIP client's IP numbers out of
|
|
that subnet; then you will probably either need to configure a static
|
|
route to the SLIP subnet via your SLIP server on your nearest IP
|
|
router, or install "gated" on your FreeBSD SLIP server and configure
|
|
it to talk the appropriate routing protocols to your other routers to
|
|
inform them about your SLIP server's route to the SLIP subnet.
|
|
|
|
Otherwise, if you will use the "proxy ARP" method, you will need to
|
|
assign your SLIP client's IP addresses out of your SLIP server's
|
|
Ethernet subnet, and you'll also need to adjust your /etc/slip.login
|
|
and /etc/slip.logout scripts to use arp(8) to manage the proxy-ARP
|
|
entries in the SLIP server's ARP table.
|
|
|
|
4.2 slip.login Configuration
|
|
----------------------------
|
|
|
|
The typical /etc/slip.login file looks like this:
|
|
|
|
----- begin /etc/slip.login -----
|
|
#!/bin/sh -
|
|
#
|
|
# @(#)slip.login 5.1 (Berkeley) 7/1/90
|
|
|
|
#
|
|
# generic login file for a slip line. sliplogin invokes this with
|
|
# the parameters:
|
|
# 1 2 3 4 5 6 7-n
|
|
# slipunit ttyspeed loginname local-addr remote-addr mask opt-args
|
|
#
|
|
/sbin/ifconfig sl$1 inet $4 $5 netmask $6
|
|
----- end /etc/slip.login -----
|
|
|
|
This slip.login file merely ifconfig's the appropriate SLIP interface
|
|
with the local and remote addresses and network mask of the SLIP
|
|
interface.
|
|
|
|
If you have decided to use the "proxy ARP" method (instead of using a
|
|
separate subnet for your SLIP clients), your /etc/slip.login file will
|
|
need to look something like this:
|
|
|
|
----- begin /etc/slip.login for "proxy ARP" -----
|
|
#!/bin/sh -
|
|
#
|
|
# @(#)slip.login 5.1 (Berkeley) 7/1/90
|
|
|
|
#
|
|
# generic login file for a slip line. sliplogin invokes this with
|
|
# the parameters:
|
|
# 1 2 3 4 5 6 7-n
|
|
# slipunit ttyspeed loginname local-addr remote-addr mask opt-args
|
|
#
|
|
/sbin/ifconfig sl$1 inet $4 $5 netmask $6
|
|
# Answer ARP requests for the SLIP client with our Ethernet addr
|
|
/usr/sbin/arp -s $5 00:11:22:33:44:55 pub
|
|
----- end /etc/slip.login for "proxy ARP" -----
|
|
|
|
The additional line in this slip.login, "arp -s...", creates an ARP
|
|
entry in the SLIP server's ARP table which asks the system to give out
|
|
the SLIP server's Ethernet MAC address whenever a another system or
|
|
router on the Ethernet asks to speak to the SLIP client's IP address.
|
|
|
|
When using the example above, be sure to replace the Ethernet MAC
|
|
address (00:11:22:33:44:55) with the MAC address of your system's
|
|
Ethernet card, or your "proxy ARP" will definitely not work! You can
|
|
discover your SLIP server's Ethernet MAC address by looking at the
|
|
results of running "netstat -i"; the second line of the output should
|
|
look something like:
|
|
|
|
ed0 1500 <Link>0.2.c1.28.5f.4a 191923 0 129457 0 116
|
|
^^^^^^^^^^^^^^^
|
|
|
|
which indicates that this particular system's Ethernet MAC address is
|
|
"00:02:c1:28:5f:4a" -- the periods in the Ethernet MAC address given
|
|
by "netstat -i" must be changed to colons and leading zeros should be
|
|
added to each single-digit hexadecimal number to convert the address
|
|
into the form that arp(8) desires; see the manual page on arp(8) for
|
|
complete information on usage.
|
|
|
|
Note that when you create /etc/slip.login and /etc/slip.logout, the
|
|
"execute" bit ("chmod 755 /etc/slip.login /etc/slip.logout") must be
|
|
set, or sliplogin will be unable to execute it.
|
|
|
|
4.3 slip.logout Configuration
|
|
-----------------------------
|
|
|
|
"/etc/slip.logout" isn't strictly needed, but if you decide to create
|
|
it, this is an example of a basic slip.logout script:
|
|
|
|
----- begin /etc/slip.logout -----
|
|
#!/bin/sh -
|
|
#
|
|
# slip.logout
|
|
|
|
#
|
|
# logout file for a slip line. sliplogin invokes this with
|
|
# the parameters:
|
|
# 1 2 3 4 5 6 7-n
|
|
# slipunit ttyspeed loginname local-addr remote-addr mask opt-args
|
|
#
|
|
/sbin/ifconfig sl$1 down
|
|
----- end /etc/slip.logout -----
|
|
|
|
If you are using "proxy ARP", you'll want to have /etc/slip.logout
|
|
remove the ARP entry for the SLIP client:
|
|
|
|
----- begin /etc/slip.logout for "proxy ARP" -----
|
|
#!/bin/sh -
|
|
#
|
|
# @(#)slip.logout
|
|
|
|
#
|
|
# logout file for a slip line. sliplogin invokes this with
|
|
# the parameters:
|
|
# 1 2 3 4 5 6 7-n
|
|
# slipunit ttyspeed loginname local-addr remote-addr mask opt-args
|
|
#
|
|
/sbin/ifconfig sl$1 down
|
|
# Quit answering ARP requests for the SLIP client
|
|
/usr/sbin/arp -d $5
|
|
----- end /etc/slip.logout for "proxy ARP" -----
|
|
|
|
The "arp -d $5" removes the ARP entry that the "proxy ARP" slip.login
|
|
added when the SLIP client logged in.
|
|
|
|
It bears repeating: make sure /etc/slip.logout has the execute bit set
|
|
for after you create it (e.g., "chmod 755 /etc/slip.logout").
|
|
|
|
5. Routing Considerations
|
|
-------------------------
|
|
|
|
If you are not using the "proxy ARP" method for routing packets
|
|
between your SLIP clients and the rest of your network (and perhaps
|
|
the Internet), you will probably either have to add static routes to
|
|
your closest default router(s) to route your SLIP client subnet via
|
|
your SLIP server, or you will probably need to install and configure
|
|
gated on your FreeBSD SLIP server so that it will tell your routers
|
|
via appropriate routing protocols about your SLIP subnet.
|
|
|
|
5.1 Static Routes
|
|
-----------------
|
|
|
|
Adding static routes to your nearest default routers can be
|
|
troublesome (or impossible, if you don't have authority to do so...).
|
|
If you have a multiple-router network in your organization, some
|
|
routers, such as Cisco and Proteon, may not only need to be configured
|
|
with the static route to the SLIP subnet, but also need to be told
|
|
which static routes to tell other routers about, so some expertise and
|
|
troubleshooting/tweaking may be necessary to get static-route-based
|
|
routing to work...
|
|
|
|
5.2 Running gated
|
|
-----------------
|
|
|
|
An alternative to the headaches of static routes is to install gated
|
|
on your FreeBSD SLIP server and configure it to use the appropriate
|
|
routing protocols (RIP/OSPF/BGP/EGP) to tell other routers about your
|
|
SLIP subnet. gated is available from ftp.gated.cornell.edu in
|
|
/pub/gated; I believe the current version as of this writing is
|
|
"gated-R3_5Alpha_8.tar.Z", which should include support for FreeBSD
|
|
"out-of-the-box". Compile and install it, and then write a
|
|
/etc/gated.conf file to configure your gated; here's a sample, similar
|
|
to what I use on my FreeBSD SLIP server:
|
|
|
|
----- begin sample /etc/gated.conf for gated version 3.5Alpha5 -----
|
|
#
|
|
# gated configuration file for dc.dsu.edu; for gated version 3.5alpha5
|
|
# Only broadcast RIP information for xxx.xxx.yy out the ed Ethernet interface
|
|
#
|
|
#
|
|
# tracing options
|
|
#
|
|
traceoptions "/var/tmp/gated.output" replace size 100k files 2 general ;
|
|
|
|
rip yes {
|
|
interface sl noripout noripin ;
|
|
interface ed ripin ripout version 1 ;
|
|
traceoptions route ;
|
|
} ;
|
|
|
|
#
|
|
# Turn on a bunch of tracing info for the interface to the kernel:
|
|
kernel {
|
|
traceoptions remnants request routes info interface ;
|
|
} ;
|
|
|
|
#
|
|
# Propagate the route to xxx.xxx.yy out the Ethernet interface via RIP
|
|
#
|
|
|
|
export proto rip interface ed {
|
|
proto direct {
|
|
xxx.xxx.yy mask 255.255.252.0 metric 1; # SLIP connections
|
|
} ;
|
|
} ;
|
|
|
|
#
|
|
# Accept routes from RIP via ed Ethernet interfaces
|
|
|
|
import proto rip interface ed {
|
|
all ;
|
|
} ;
|
|
|
|
----- end sample /etc/gated.conf -----
|
|
|
|
The above sample gated.conf file broadcasts routing information
|
|
regarding the SLIP subnet "xxx.xxx.yy" via RIP onto the Ethernet; if
|
|
you are using a different Ethernet driver than the "ed" driver, you'll
|
|
need to change the references to the "ed" interface appropriately.
|
|
This sample file also sets up tracing to /var/tmp/gated.output for
|
|
debugging gated; you can certainly turn off the tracing options if
|
|
gated works OK for you. I've changed my SLIP subnet's address to
|
|
"xxx.xxx.yy" throughout the above file; you'll need to change the
|
|
"xxx.xxx.yy"'s into the network address of your own SLIP subnet (be
|
|
sure to change the net mask in the "proto direct" clause as well).
|
|
Complete gated configuration information may be read through the Web
|
|
at "http://www.gated.cornell.edu/".
|
|
|
|
When you get gated built and installed, and create a configuration
|
|
file for it, you'll need to run gated in place of routed on your
|
|
FreeBSD system; change the routed/gated startup parameters in
|
|
/etc/netstart as appropriate for your system. Please see the manual
|
|
page for gated for information on gated's command-line parameters.
|
|
|
|
6. Acknowledgements
|
|
-------------------
|
|
|
|
Thanks to these people for comments and advice regarding this FAQ:
|
|
|
|
Wilko Bulte <wilko@yedi.iaf.nl>
|
|
Piero Serini <Piero@Strider.Inet.IT>
|
|
|
|
<<< END OF SLIP SERVER FAQ >>>
|
|
|
|
|