撥入伺服器: ISDN
本文會解釋在 Linux 上撥入伺服器的設定,讓您可以透過 ISDN 專線的 b-channel 撥入存取 Linux 電腦。
內容:
1. 簡介
我們不會透過終端機登入,只有 (本地) 網頁伺服器的存取權。
所用的協定是 PPP (點對點協定Point-to-Point-Protocol),認證方法為 PAP (密碼認證協定 Password
Authentication Protocol) 或 CHAP (密碼握手認證協定 Cryptographic Handshake Authentification
Protocol)。
基於保安理由,撥接者無需在電腦上有個人帳戶,但在示範的設定中,不論撥接者在 Linux 電腦上是否有使用者帳戶也不是問題。
以下所述的設定基於 SuSE 6.3 發行本,在其他系統上的設定也應該相類似,可能只需要更改幾個路徑而已。
2. 所需硬件和軟件
您必須有支援 Linux 的 ISDN port 和 ISDN 卡 /ISDN 數據機。
假設 Linux 電腦對 PPP 的支援已編譯至核心或編譯為模組,如果還沒有 PPP,就要切換至 shell,打man pppd
指令看看 PPP-HOWTO。
我們亦假設 ISDN 硬件已正確安裝,即是您可以透過 isdnctrl dial ippp0 與 ISP
建立連線。否則就要看一看ISDN-HOWTO。
看完了嗎?好﹐我們這就開始。
3. 設定
建立net-Device
首先要在 /etc/rc.config 建立 NETDEV,並分配一個IP 位址,已建立的裝置在該行結尾會被標示出來。由於我們使用
"ippp0" 和 "ippp1"連結至互聯網供應商,因此就將 "ippp2" 設定為新的
NETDEV,如果"ippp0" 和"ippp1"還沒使用,您是可以使用的。
SuSE 的 YAST 亦支援建立 NETDEV,但如果您手動建立,就要清楚知道自己在做甚麼。
設定檔可如下所示:
| Part of the /etc/rc.config |
# Comments are started with a # and are ignored
# Blank space is ignored
# Network configuration:
# Number of network devices; here the devices 0 to 3 are defined
#
NETCONFIG="_0 _1 _2 _3"
#
# IP addresses of the corresponding devices
#
IPADDR_0="192.168.0.1" # this is our network card
IPADDR_1="192.168.0.99" # IP for NETDEV 1
IPADDR_2="192.168.0.98" # IP for NETDEV 2
IPADDR_3="192.168.0.97" # The new NETDEV IP
#
# Names of the NETDEVs:
#
NETDEV_0="eth0" # eth0 = network card
NETDEV_1="ippp0" # not interesting, call to our ISP
NETDEV_2="ippp1" # not interesting, call to our ISP
NETDEV_3="ippp2" # The new NETDEV has to be named ippp2
#
# Parameters for ifconfig (more information with "man ifconfig")
#
IFCONFIG_0="192.168.0.1 broadcast 192.168.0.255 netmask 255.255.255.0 up"# not interesting
IFCONFIG_1="192.168.0.99 dynamic pointopoint 192.168.0.1 up" # not interesting
IFCONFIG_2="192.168.0.98 dynamic pointopoint 192.168.0.1 up" # not interesting
IFCONFIG_3="192.168.0.97 pointopoint 192.168.0.1 metric 1" # the new NETDEV
|
更改這檔案後,需要執行 "SuSEconfig" 讓改變生效。
現在我們在 i4l 引入新的設定,ISDN4Linux 的設定檔在 (SuSE):
/etc/rc.config.d/i4l_default.rc.config
/etc/rc.config.d/i4l_option.rc.config
其他發行本也將這檔案放在 /etc/rc.config,在「預設」的檔案中,所有一般的東西已設定好,而"option" 檔案為每個裝置作詳細的設定。
/etc/rc.config.d/i4l_default.rc.config檔案應如下所示:
| Part of the /etc/rc.config.d/i4l_default.rc.config |
# Comments start with a #
# start ISDN4LINUX? (yes/no)
I4L_START="yes"
# In Germany 1TR6 is still in use somewhere but Euro-ISDN is
# used in general.
# D-channel protocol 1=1TR6, 2=EDSS1(Euro-ISDN) for HiSax
I4L_PROTOCOL="2"
#
# Options are: "auto", "off" or "manual".
# off: does not make any connections neither in nor out
# manual: User establishes connection, e.g. via "isdnctrl dial ippp0"
# auto: connects automatically if required
# More information in the documentation of i4l ;-)
I4L_DIALMODE_0="auto" # for other devices
I4L_DIALMODE_1="auto" # for other devices
I4L_DIALMODE_2="auto" # for other devices
I4L_DIALMODE_3="auto" # THE NEW NETDEV
|
現在i4l_option.rc.config 檔案應如下:
| Part of the /etc/rc.config.d/i4l_default.rc.config |
# IDLE-time before it hang up, in seconds:
#
I4L_IDLETIME_0="60"
I4L_IDLETIME_1="120"
I4L_IDLETIME_2="120"
I4L_IDLETIME_3="60"
#
# Max number of dials before give up. Not important for NETDEV 3!
I4L_DIALMAX_0="5"
I4L_DIALMAX_1="5"
I4L_DIALMAX_2="5"
I4L_DIALMAX_3="5"
#
# The MSN or EAZ. For i4l these are the same (in principle).
# It would be important if you owned a "telephone center" or not.
# I have on. It assigns to an external calling number an internal
# number. If you do not have on: just enter the number the NETDEV
# has to react on.
# You have to change this!
I4L_LOCALMSN_0=""
I4L_LOCALMSN_1="123456"
I4L_LOCALMSN_2="123456"
I4L_LOCALMSN_3="18"
#
# Which number has to be called by dial-out connections?
# Out NETDEV has to be a dial-in device, so do not enter anything.
I4L_REMOTE_OUT_0=""
I4L_REMOTE_OUT_1="myProvider 1"
I4L_REMOTE_OUT_2="myProvider 2"
I4L_REMOTE_OUT_3=""
#
# Which numbers are allowed to dial-in?
# Due checking the access with PAP/CHAP we leave this free. There will
# be enough security problems at other places. ;-)))
I4L_REMOTE_IN_0=""
I4L_REMOTE_IN_1=""
I4L_REMOTE_IN_2=""
I4L_REMOTE_IN_3=""
#
# Protocol ? Synchronous PPP or ... ? -> i4l Documentation !
I4L_ENCAP_0="syncppp"
I4L_ENCAP_1="syncppp"
I4L_ENCAP_2="syncppp"
I4L_ENCAP_3="syncppp"
#
# Options:
# "on" : just the specified numbers are allowed to call in
# "off" : all numbers can call in
I4L_SECURE_0="off"
I4L_SECURE_1="off"
I4L_SECURE_2="off"
I4L_SECURE_3="off"
|
現在我們要為NETDEV ippp2 寫一個設定檔。由 Klaus Franken (kfr@suse.de) 編寫的檔案已包含在 SuSE 發行本內,是以下設定的基礎:
這些檔案在 YAST 的 i4l 安裝中,因此請不要向他發放垃圾電郵。在本地支援資料庫中有詳細解釋設定,這些都是 YAST有的﹗
ISDN 裝置的檔案在 /etc/ppp/,您可找到:
/etc/ppp/options - PPPD 的整體設定 (man ppp)
/etc/ppp/ioptions - PPPD 的整體設定 (man pppd)
/etc/ppp/options.ippp2 - 所選 NETDEV 的設定
在認證上我們需要 PAP 和 CHAP 檔案:
/etc/ppp/pap-secrets - 我們只會使用 PAP 認證
/etc/ppp/chap-secrets - 可以同時使用或單獨使用
在 PPPD和 IPPPD的 manpage 有詳細說明認證的資料,建議您先看一看。
視乎 ISDN 和類比裝置的數目,還有更多檔案需作設定。就讓我們逐步看看這些檔案:
| Part of /etc/ppp/ioptions |
# for more information look at tail -f /var/log/messages
# Perfect to find errors
debug
# If you wanted to log the password in this file, too, you
# could de-comment the following line - I hope that I do not have to
# mention that this option does not improve the security !
# +pwlog
|
不需要更多了。
現在可以按 NETDEV 設定 ippp 裝置。
| Part of /etc/ppp/ioptions |
# /etc/ppp/options.ippp2
# based on the original script by
# Klaus Franken, kfr@suse.de
#
# The used device:
# OK, its the last time that I will mention this.
/dev/ippp2
#
# debug ?
debug
# Info about proxyarp you find in man ipppd
# Short: do you want to grant access to other computers via LAN?
# Not in my LAN!
# proxyarp
#
# IP Addresses:
# "0.0.0.0:" for dynamic IP addresses
# In the /etc/rc.config we assigned the IP 192.168.0.97 to this device
# This should stay.
# The computer which dials in gets the IP 192.168.0.240.
# Of course you can use other IPs but this fits into my personal LAN
# configuration. You could change this after it worked.
192.168.0.97:192.168.0.240
#
# Set default route? Read man ipppd !
# defaultroute
#
# user name of the one who dials in?
user me
#
# Force an authentification via PAP
+pap
#
# If you need this? Read man ipppd. I do not.
# ipcp-accept-local
# ipcp-accept-remote
# noipdefault
# useifip
#
# disable header-compression
#-vj
#-vjccomp
#-ac
#-pc
#-bsdcomp
#
# max receive unit
mru 1524
# max transmit unit
mtu 1500
|
認證透過 PAP 完成,因此您只需要
/etc/ppp/pap-secrets :
testuser * test End of /etc/ppp/pap-secrets.
結構是:使用者名稱,遠端電腦限制,純文字密碼,全都由 tab 隔開。
現在以一台 M$Win98 電腦,就可以無需額外的 scripts 就可以撥入來了。
您需要重新啟動 i4l,一般來說,設定不會全無錯誤的,因此在 /usr/bin/ 下放入以下的 script 也是聰明的做法:
| restart-isdn |
/sbin/init.d/i4l stop
/sbin/init.d/i4l_hardware stop
/sbin/init.d/i4l_hardware start
/sbin/init.d/i4l start
|
(下載)
存取及執行權限需要正確設定,Root 以及可能是dial-out群組的成員都可以存取,當然您亦可手動將這些指令放在 shell。
現在可以測試撥入了,利用tail -f /var/log/messages 指令以可以查看一切運作良好。
如果一切正常,輸出結果會像這樣:
(注意:我們在內部作測試,因此會出現 **18 (MSN) 的數字﹗但如果內部測試正常的話,撥出也應該無礙的。)
| Output of tail -f /var/log/messages |
isdnlog: Dec 30 18:03:08 * Call to tei 127 from TN **11 on +49 1234/18, myHomeRING (Data)
isdnlog: Dec 30 18:03:08 Call to tei 67 from TN **11 on +49 1234/18, myHome CONNECT (Data)
isdnlog: Dec 30 18:03:08 tei 65 calling TN **18 with ? COLP TN **18
isdnlog: Dec 30 18:03:08 tei 65 calling TN **18 with ? CONNECT
isdnlog: Dec 30 18:03:08 tei 65 calling TN **18 with ? CHARGE: free of charge -
internal call
kernel: isdn_net: ippp2 connected
kernel: isdn_net: chargetime of ippp2 now 2805504
ipppd[188]: Local number: 18, Remote number: , Type: incoming
ipppd[188]: PHASE_WAIT -> PHASE_ESTABLISHED, ifunit: 2, linkunit: 0, fd: 7
ipppd[188]: sent [0][LCP ConfReq id=0x1 <mru 1524> <auth pap> <magic
0xb45a62> <pcomp> <accomp>]
ipppd[188]: rcvd [0][LCP ConfReq id=0x1 <magic 0x58468> <pcomp>
<accomp> <callback 6>]
ipppd[188]: sent [0][LCP ConfRej id=0x1 <callback 6>]
ipppd[188]: rcvd [0][LCP ConfAck id=0x1 <mru 1524> <auth pap>
<magic 0xb45a62> <pcomp> <accomp>]
ipppd[188]: rcvd [0][LCP ConfReq id=0x2 <magic 0x58468> <pcomp> <accomp>]
ipppd[188]: sent [0][LCP ConfAck id=0x2 <magic 0x58468> <pcomp> <accomp>]
ipppd[188]: lcp layer is UP
ipppd[188]: rcvd [0][PAP AuthReq id=0x1 user="testuser" password not logged for security
reasons! Use '+pwlog' option to enable full logging.]
ipppd[188]: Check_passwd called with user=testuser
ipppd[188]: sent [0][PAP AuthAck id=0x1msg="Login ok"]
ipppd[188]: MPPP negotiation, He: No We: No
ipppd[188]: sent [0][IPCP ConfReq id=0x1 <addr 192.168.0.97> <compress VJ 0f 01>]
ipppd[188]: CCP enabled! Trying CCP.
ipppd[188]: CCP: got ccp-unit 0 for link 0 (protocol: 0x80fd)
ipppd[188]: ccp_resetci!
ipppd[188]: rcvd [0][IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr
192.168.0.240> <ms-dns1 0.0.0.0> <ms-wins1 0.0.0.0> <ms-dns2 0.0.0.0>
<ms-wins2 0.0.0.0>]
ipppd[188]: sent [0][IPCP ConfRej id=0x1 <ms-dns1 0.0.0.0> <ms-wins1 0.0.0.0>
<ms-dns2 0.0.0.0> <ms-wins2 0.0.0.0>]
ipppd[188]: rcvd [0][IPCP ConfAck id=0x1 <addr 192.168.0.97> <compress VJ 0f 01>]
ipppd[188]: rcvd [0][IPCP ConfReq id=0x2 <compress VJ 0f 01> <addr 192.168.0.240>]
ipppd[188]: sent [0][IPCP ConfAck id=0x2 <compress VJ 0f 01> <addr 192.168.0.240>]
ipppd[188]: local IP address 192.168.0.97
ipppd[188]: remote IP address 192.168.0.240
|
如果連線由 (M$Win-) 遠端電腦關閉,就會像以下一樣:
| Output of tail -f /var/log/messages |
ipppd[188]: rcvd [0][LCP TermReq id=0x3]
ipppd[188]: LCP terminated by peer
ipppd[188]: sent [0][LCP TermAck id=0x3]
isdnlog: Dec 30 18:03:43 Call to tei 67 from TN **11 on +49 1234/18, myHome
Normal call clearing (User)
kernel: isdn_net: local hangup ippp2
kernel: ippp2: Chargesum is 0
ipppd[188]: Modem hangup
ipppd[188]: Connection terminated.
ipppd[188]: taking down PHASE_DEAD link 0, linkunit: 0
ipppd[188]: LCP is down
ipppd[188]: closing fd 7 from unit 0
ipppd[188]: link 0 closed , linkunit: 0
ipppd[188]: reinit_unit: 0
kernel: ippp, open, slot: 2, minor: 2, state: 0000
kernel: ippp_ccp: allocating reset data structure
ipppd[188]: Connect[0]: /dev/ippp2, fd: 7
isdnlog: Dec 30 18:03:45 Call to tei 67 from TN **11 on +49 1234/18, myHome
HANGUP ( 0:00:35 I=250.0 b O=144.0 b)
isdnlog: Dec 30 18:03:45 tei 65 calling TN **18 with ? Normal call clearing (User)
isdnlog: Dec 30 18:03:45 tei 65 calling TN **18 with ? HANGUP ( 0:00:37)
|
一些技巧
問題:
如果連線在幾秒後自動關閉,又如果您使用的是 Hybrid 數據機(ELSA Microlink ISDN/TL V.34) ,
tail -f /var/log/messages 會如下:
| Output of tail -f /var/log/messages |
ipppd[188]: rcvd [0][proto=0x801] 7f
ipppd[188]: rcvd [0][proto=0x801] af 82 00 03 01 01 03
ipppd[188]: rcvd [0][proto=0x801] 7f
ipppd[188]: sent [0][LCP ConfReq id=0x1 <mru 1524> <auth pap> <ma
gic 0x93b35c1e> <pcomp> <accomp>]
ipppd[188]: rcvd [0][proto=0x801] af 82 00 03 01 01 03
ipppd[188]: rcvd [0][proto=0x801] 7f
ipppd[188]: rcvd [0][proto=0x801] af 82 00 03 01 01 03
ipppd[188]: rcvd [0][proto=0x801] 7f
ipppd[188]: rcvd [0][proto=0x801] af 82 00 03 01 01 03
ipppd[188]: rcvd [0][proto=0x801] 7f
ipppd[188]: sent [0][LCP ConfReq id=0x1 <mru 1524> <auth pap> <ma
gic 0x93b35c1e> <pcomp> <accomp>]
ipppd[188]: rcvd [0][proto=0x801] af 82 00 03 01 01 03
ipppd[188]: rcvd [0][proto=0x801] 7f
ipppd[188]: rcvd [0][proto=0x801] af 82 00 03 01 01 03
ipppd[188]: rcvd [0][proto=0x801] 7f
ipppd[188]: sent [0][LCP ConfReq id=0x1 <mru 1524> <auth pap> <ma
gic 0x93b35c1e> <pcomp> <accomp>]
isdnlog: Dec 30 18:11:52 Call to tei 67 from TN **11 on +49 1234/18, myHome
Normal call clearing (User)
isdnlog: Dec 30 18:11:52 tei 65 calling TN **18 with ? HANGUP ( 0:00:10)
kernel: ippp2: remote hangup
kernel: ippp2: Chargesum is 0
ipppd[188]: Modem hangup
ipppd[188]: Connection terminated.
ipppd[188]: taking down PHASE_DEAD link 0, linkunit: 0
ipppd[188]: sent [0][LCP TermReq id=0x2 6c 69 6e 6b 20 63 6c 6f 73 65 64]
ipppd[188]: LCP is down
ipppd[188]: closing fd 7 from unit 0
ipppd[188]: link 0 closed , linkunit: 0
ipppd[188]: reinit_unit: 0
ipppd[188]: Connect[0]: /dev/ippp2, fd: 7
kernel: ippp, open, slot: 2, minor: 2, state: 0000
kernel: ippp_ccp: allocating reset data structure
isdnlog: Dec 30 18:11:52 Call to tei 67 from TN **11 on +49 1234/18, myHome
HANGUP ( 0:00:11 I=108.0 b O=104.0 b)
|
源程式碼:
Hybrid 數據機使用錯誤的 init scripts,因此在傳送時就使用了一個「錯誤」的協定。
將 init 字串改變為 Hybrid 數據機被迫建立 ISDN 連線的方式 (AT \N10 does it),否則您不能傳送任何 /Nxx
參數。
如果您發現別的問題 (或解決方法),請讓我們知道﹗
如果它不能運作怎麼辦?那就檢查所有記錄和/或查看 tail 的輸出結果,再看看文件,您應該已看了,是嗎?
如果它不想運作怎麼辦? 假如有空,我們會幫助您。此外,您可以在新聞組如 alt.de.comm.isdn4linux
(德國) 或comp.dcom.isdn (還有其他) 中發問,別忘了附上訊息日誌和設定檔案的有關部分 (即是要先修改檔案)。
4. 文件:
留言列表