In this example I'm going to do one external modem connected via the serial port. So when someone dials the phone number the modem is listening to, a application will pick up the line, get the computer dialing in to authorize itself, and then route IP network traffic over a PPP connection.
Things you need.
-Computer to be the server.
-RS232 Serial Cable (most likely 25->9 pin)
-mgetty or mgetty+sendfax
-pppd or smpppd
What you get at the end.
A single modem that can be the start of your modem pool, that will allow another computer to dial in, and then route Internet traffic.
I suggest doing this from a minimal install, don't really need a graphical front end on your server box, but meh. That is your choice. So once you have your flavor of choice up and running, move on to the next step. I could figure out how to get this setup on FreeBSD but wouldn't be able to test the setup (don't have any land lines at my house :D )
Logon to your box and either SU to root, or login as root.
Check and Install mgetty and pppd. To do this on OpenSUSE, type yast.
Goto the section to install software, and search for pppd and mgetty.
This will bring up the options smppd and mgetty+sendfax respectively.
Select those packages to install, and finish up.
Ok now to find the modem. Hopefully your using a external modem. Modem support under Linux is sketchy, and most winmodems will not work. Most USB Modems will also NOT WORK. (There is a standard for USB Modem Devices, but most USB Modem MFG's do not adhere to it, and instead write custom drivers.) You can get information about what is attached to your serial ports by using this command setserial -b /dev/ttyS0. You want to replace the purple text (/dev/ttyS0) with various ports you wish to probe. Once you figure out where you plugged in your modem, move on to the next step.
Using your favorite text editor, open up the file /etc/inittab. This file is run at startup and indicates what programs are going to listen in on what channels for logins. You need to add a line that looks like this to that file.
S0:12345:respawn:/sbin/mgetty ttyS0 -D /dev/ttyS0
Ok, change S0, ttyS0 and /dev/ttyS0 to match the device location that your dial in modem will be sitting on. So now this program mgetty will sit around and watch that port, in this case ttyS0. We will now configure the options for mgetty, so that it tells the modem its proper settings and tell it what programs to launch when it detects a incoming PPP connection.
Ok, navigate over to /etc/mgetty+sendfax/. In here is the config files for mgetty, we'll be working with /etc/mgetty+sendfax/mgetty.config and /etc/mgetty+sendfax/login.config. Again using your favorite text editor, open up the mgetty.config file. This file tells mgetty how to handle each device port, and allows you to specify global settings that are not default.
#Any global configs go up here.
#These first few lines set any port that mgetty is watching to be owned by the user/group uucp
#The permission/mode lines means that only people in that group can write to the port, which
#basically limits who can dial out with it.
#Thus, someone can't connect to the machine, log in with an account (either directly or
#looping back through Ethernet) then dial out on another modem.
#Configs for port /dev/ttyS0
init-chat "" ATZ0 OK "AT S0=0 X4" OK
You can see more information about available options for mgetty here.
You will need to change the init-chat line. When Mgetty starts listening to a modem, it first locks the modem, and runs the inital chat script. In this case, it will pickup the serial line, (not the phone line), expect nothing, send the command ATZ0, which will reset the modem to it's factory defaults, waits for the OK to come back, then sends the command AT S0=0 X4. S0=0 access a memory bank 0 and sets it to 0, which on my modem means to disable the auto-answer feature. You may be scratching your head as to why we don't want the modem to automatically pick up the line. Because of line "rings 1", in the config file, mgetty will pick up the line itself, this prevents confusion as to the state of the modem. The next command X4 tells the modem to enable other features like dial tone detection and busy signal detection. Refer to your modems documentation for what Hayes Command Set it supports, and any other extended commands. On my setup at work, I have it locked down to 2400 baud, so the init chat line also has the commands &N3 and &U3 set.
Ok, now moving on to /etc/mgetty+sendfax/login.config. This controls how logins are processed. In this setup, we don't want people logging as users on the system, we just want PPP connections to run TCP/IP traffic over. To do this we need two lines, one to tell mgetty what program to launch when it detects the client requesting PPP traffic, and another to tell it to drop anyone that isn't attempting PPP.
#<- These lines are comments :D
#User Host Password Program to runnnnn
/AutoPPP/ - - pppd file /etc/ppp/options.server
* - - false
Funny thing is that "false" is not something known by mgetty, but an actual program in Linux. This will return the right exit code to make mgetty think that who ever called it failed to authorize themselves. The "*" indicates that anything that isn't /AutoPPP/ should get routed to the program false. /AutoPPP/ is a special value, and if your not using OpenSUSE, it MAY NOT WORK!! Your installed copy of mgetty or mgetty+sendfax may not support AutoPPP detection out of the box. You may need to compile it yourself. Since I haven't had to do this, not really sure how. At the end of this little post, I have some reference links, dig around on the Linux DialIn server link, and the Mgetty link for more information on how to enable it.Ok, so we should be done with this file. Now we need to go create the file, /etc/ppp/options.server.
Back into your editor, create the file /etc/ppp/options.server. Add in the following information.
Replace the value "xxx.xxx.xxx.xxx" with the IP address of the DNS server you wish them to use. Now to explain the options going on here. More info here.
modem - indicates that pppd should set some defaults in how it handles and terminates a session
crtscts - use the hardware flow control on the rs232 interface.
require-pap - use PAP to login the client
refuse-chap - do not allow login on CHAP, note, chap is a more secure method and doesn't send logins as plain text.
ms-dsn - this gives the incoming client a DNS server IP, so it can resolve domain names. www.google.com -> 220.127.116.11
Ok, you may be wondering why the hell we haven't given the person dialing in a IP address. Don't worry cause that will be in the very next step. In this setup we are going to give out IP addresses based on which modem someone dials into. This way we don't have to worry about a DHCP server, or having more users then modems. We have exactly the right number of IP addresses for max possible people to dial in. Also, in this setup, we are going to use RFC 1918 which sets aside certain IP spaces for use in internal networks so they don't clash when routing Internet traffic. I'm assuming you haven't gone and bought your own IP space, mainly because I haven't. ;)
Ok, now create the file /etc/ppp/options.ttyS0. This file will be read automatically by pppd, if it exists. This allows us to specify options ONLY for port ttyS0. Here we will define the IP address for this modem/serial port, and setup a log file.
Ok, so we define that the server side of the PPP connection will be 172.16.1.1, and the person dialing the server will be 172.16.1.2. We also tell pppd to use the log file /var/log/pppd.ttyS0. This will allow use to check up on it for diagnostic purposes. When you start attaching more modems, you create a file for each modem/serial port, and specify it's IP address. You'll want to use unique IPs for both sides, for the next pair would be 172.16.1.3:172.16.1.4, etc.
Ok, next file to configure for pppd is the pap username/password list. Edit /etc/ppp/pap-secrets.
#username host password ipaddress
test * testpass *
You can get more elaborate with with this file, and in reality really want to use something like RADIUS to manage passwords and track logins. More info on this file can be found here.
Step 10 <- Damn this is getting long.
Ok, now here's what should be happening. Using another computer you should be able to dial in to the server, start a PPP session, login using the login/password test:testpass, gain an IP and DNS IP. Congrats, your mostly there. Heres the "hard" part. Now you've gotta route the incoming traffic using your firewall. Unfortunately, this beyond my abilities, and I won't be able to post instructions about how exactly to do this until I get to work and ask a boss some more information and look at the files we worked on. Basically what needs to happen is you need forward traffic back and forth across your machine from the IP range 172.16.0.0/12, to the devices that connects to the Internet, or maybe just something inside the network, or possibly just to that network connection.
What you you do with this dial in connection is really up to you, and there are a great many of possibilities. Ok, SECURITY TIME. You want VERY VERY VERY restrictive firewall rules in place. PAP is horribly insecure. Assume that anyone dialing into your machine can be malicious. Lock down the firewall very carefully to only allow what is needed to be done. One option is to only allow a connection to connect locally on port 22, forcing a person to log in via SSH then use an SSH Tunnel for all of their traffic. Etc etc. If you have little or no network experience, or locking down a computer, setting up your own dialin system can be dangerous. Not many people war dial anymore in this day and age, but it never hurts to take security seriously.
After work tomorrows, (which is a) -8 GMT, b) usually working late) I'll post up information on how to route the network traffic through your firewall.
Paul's PPP Package
Linux Dialin Server Setup Guide
Using and Managing PPP O'Reilly Paperback