[NCLUG] ppp troubles with RH 8.0 (KRUD 2003-01)

Kevin Fenzi kevin at scrye.com
Wed Feb 12 11:08:24 MST 2003 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>>>>> "LUKE" == LUKE JONES <luke_jones at hp.com> writes:

LUKE> I recently moved my dialup stuff from one computer to another
LUKE> and I can't get it to work. (The old computer was RH 7.2 or
LUKE> earlier; the new one was 7.2 and has been upgraded to 8.0.)

LUKE> First, let me say that 8.0 is so much better than 7.2 that I'm
LUKE> tempted even to move from WindowMaker to the default (metacity? 
LUKE> something like that) environment. And konqueror is so pretty I'm
LUKE> tempted to abandon galeon.

LUKE> Ahem.

yeah, 8.0 is one of the best .0 releases I can remember. ;) 

LUKE> The redhat-config-network tool is very nice and much improved
LUKE> over previous versions. The documentation for it is nice too.

LUKE> Sadly, it didn't work. It couldn't find my modem. No problem.  I
LUKE> used wvdialconf from the command line and set up a Modem0
LUKE> configuration as quick as a flash.

LUKE> So then I re-ran rh-cfg-net and completed the setup. Everything
LUKE> looked good, so I "activated" it. It appeared to activate all
LUKE> right. I listened to my modem whine and watched
LUKE> /var/log/messages scroll by in another window:

LUKE>     ... pppd[...]: Serial connection established.
LUKE> ... pppd[...]: Using interface ppp0 ... pppd[...]: Connect: ppp0
LUKE> <--> /dev/ttyS0 ... /etc/hotplug/net.agent: assuming ppp0 is
LUKE> already up ... modprobe: modprobe: Can't locate module
LUKE> ppp-compress-21 ... modprobe: modprobe: Can't locate module
LUKE> ppp-compress-21 ... pppd[...]: local IP address 204.32.xxx.xxx
LUKE> ... pppd[...]: remote IP address 170.147.xxx.xxx ... pppd[...]:
LUKE> primary DNS address 216.17.xxx.xxx ... pppd[...]: secondary DNS
LUKE> address 216.17.xxx.xxx

LUKE> That looks reasonably successful to me, so I attempted to ssh
LUKE> over to my provider. No joy. How about ping? Uh-uh. Nslookup?
LUKE> (Use "dig". Right.) What we have here is failure to communicate.

LUKE> 1. so what do smart networking people use for ping? Back when I
LUKE> had a working network, seemed like ping gets filtered by
LUKE> everyone.  

ping should work. 

Try: 

ping -n 

on each of the addresses you got above. Can you ping the remote IP
address on the other side of the ppp link? Can you ping your DNS
server? 

LUKE> 2. Rephase: how do you tell if you have bare TCP
LUKE> connectivity?  How do you tell if you're resolving names
LUKE> properly?

ping should be usefull still. Many places are blocking ping on border
routers, but over the ppp link it should still work fine. 
I use "host" for dns testing... 

host nclug.org

should resove nclug.org. 
See 'man host'

LUKE> 3. The hotplug net.agent thing was new to me. Should I care?

probibly not. Thats the thing that tries to setup a device as soon as
it's plugged in. It doesn't really seem fully integrated with anything
except usb for now. The "assuming ppp is already up" means that it
made the connection and instead of trying to do any logging in or
anything it will just assume the other side is going to start talking
ppp to it right away. 

LUKE> 4. What's up with ppp-compress-21? I looked at /usr/src/linux
LUKE> /Documentation/modules.txt and couldn't make heads or tails of
LUKE> that gibberish. There's nothing in /etc/modules.conf to give me
LUKE> a clue. I assume I'm using the ppp-generic module.

Those are compression modules. 
try: 

modprobe -c

to list all the module and what they resolve to. In this case: 

alias ppp-compress-18 ppp_mppe
alias ppp-compress-21 bsd_comp
alias ppp-compress-24 ppp_deflate
alias ppp-compress-26 ppp_deflate

Thats the bsd-comp module. Do you have that module? 
I don't think its included due to liscencing issues... 

LUKE>    The redhat-config-network tool offered me the choice of ppp
LUKE> compression (which was the default) but it wasn't clear what it
LUKE> was doing.

I think deflate is the default one. 

LUKE>    There are a bunch of obscure entries in my /etc/sysconfig/
LUKE> network-scripts/ifcfg-ppp0 file: CCP=off PC=off AC=off
LUKE> BSDCOMP=off VJ=off VJCCOMP=off that may have something to do
LUKE> with it, but it isn't clear what they do. Redhat now puts a
LUKE> comment in the ifcfg-ppp0 file pointing at the
LUKE> /usr/share/doc/initscripts-*/sysconfig.txt file where many of
LUKE> these variables are documented, but in this case these are all
LUKE> essentially-undocumented. (That is, they are mentioned, without
LUKE> explanation, as being IPPP-specific settings used for ISDN
LUKE> connections.)

Those are various ppp options. 
Look in the 'man pppd' man page. 
CCP = (Compression  Control Protocol) negotiation.
PC= ICPC negotiation. 
AC=?
BSDCOMP= bsd compression from bsd_comp module. 
VJ= van jacobson 
VJ=van jacobson compression. 

LUKE> In general, the ifcfg-ppp0 settings looked good, from what I can
LUKE> tell of good, but I couldn't get any meaningful type of
LUKE> connection using the redhat-config-network tool. I killed it (it
LUKE> didn't want to die when I clicked in the box on its window but I
LUKE> went back to the xterm and did a control-C and that settled its
LUKE> hash).

It looks like it connected from the log above...

LUKE> I ran kppp instead for a separate reference point, and it pretty
LUKE> much acted the same way. The big difference is that when the
LUKE> redhat tool shut down ppp0 the only tip-off is

LUKE>     ... modprobe: modprobe: Can't locate module ppp0

LUKE> while kppp says

LUKE>     ... pppd[...]: Terminating on signal 15.  ... pppd[...]:
LUKE> Connection terminated.  ... pppd[...]: Connect time 2.9 minutes.
LUKE> ... pppd[...]: Sent 94 bytes, received 64 bytes.  ... pppd[...]:
LUKE> Exit.  ... /etc/hotplug/net.agent: NET unregister event not
LUKE> supported

LUKE> So at this point, in addition to the four questions I listed
LUKE> earlier, I'm also wondering whether in fact I was properly
LUKE> connected but my ip(chains,tables)/hosts.(deny,allow)/...
LUKE> settings were preventing access. So I'll add

Possible. You can test this by connecting and doing: 

service ipchains stop

LUKE> 5. When configuring the firewall for the ppp0 device, what is
LUKE> the minimal configuration?  a. DHCP, I would suppose, since it's
LUKE> a dynamic IP account.  b. SSH? not on my ppp0 interface since
LUKE> it's outbound only.  c. HTTP? ditto for ppp0 d. DNS? I would
LUKE> expect so, but the ipchains and iptables files in /etc/sysconfig
LUKE> say that, ifup-post will punch the current nameservers through
LUKE> the firewall. I guess.

yeah, should just need DHCP. 

LUKE> 6. The redhat docs refer both to gnome-lokkit and to another
LUKE> tool called redhat-config-security. Note that the latter is not
LUKE> installed by default, at least on my KRUD 2003-01 version.

Perhaps thats a typo and should be: 

/usr/bin/redhat-config-securitylevel

LUKE> 7. It isn't obvious to me how you say that you don't trust your
LUKE> local eth0 very much (i.e. you allow SSH and HTTP) but you
LUKE> distrust your ppp0 interface even more. How does one specify
LUKE> different policies for different interfaces?  Ideally, using one
LUKE> of the GUI-tools-for-dummies-like-me.

The redhat tool can specify a "trusted" interface, and non trusted
ones. You can make eth0 trusted, then restruct everything else to just
DHCP. 

Hope that helps. 

kevin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8 <http://mailcrypt.sourceforge.net/>

iD8DBQE+So2b3imCezTjY0ERAhfkAJ0dZ9/wVQOOp5uYGZwSSo5XwzeMiwCcCcwZ
vafD62ZnhzdVSrjitBMXD1k=
=Tkh1
-----END PGP SIGNATURE-----

More information about the NCLUG mailing list