[NCLUG] ppp troubles with RH 8.0 (KRUD 2003-01)

JONES,LUKE (HP-Greeley,ex1) luke_jones at hp.com
Wed Feb 12 09:51:41 MST 2003 

I recently moved my dialup stuff from one computer to another
and I can't get it to work. (The old computer was RH 7.2 or
earlier; the new one was 7.2 and has been upgraded to 8.0.)

First, let me say that 8.0 is so much better than 7.2 that
I'm tempted even to move from WindowMaker to the default
(metacity? something like that) environment. And konqueror
is so pretty I'm tempted to abandon galeon.

Ahem.

The redhat-config-network tool is very nice and much improved
over previous versions. The documentation for it is nice too.

Sadly, it didn't work. It couldn't find my modem. No problem.
I used wvdialconf from the command line and set up a Modem0
configuration as quick as a flash.

So then I re-ran rh-cfg-net and completed the setup. Everything
looked good, so I "activated" it. It appeared to activate all
right. I listened to my modem whine and watched /var/log/messages
scroll by in another window:

    ... pppd[...]: Serial connection established.
    ... pppd[...]: Using interface ppp0
    ... pppd[...]: Connect: ppp0 <--> /dev/ttyS0
    ... /etc/hotplug/net.agent: assuming ppp0 is already up
    ... modprobe: modprobe: Can't locate module ppp-compress-21
    ... modprobe: modprobe: Can't locate module ppp-compress-21
    ... pppd[...]: local  IP address 204.32.xxx.xxx
    ... pppd[...]: remote IP address 170.147.xxx.xxx
    ... pppd[...]: primary   DNS address 216.17.xxx.xxx
    ... pppd[...]: secondary DNS address 216.17.xxx.xxx

That looks reasonably successful to me, so I attempted to ssh
over to my provider. No joy. How about ping? Uh-uh. Nslookup?
(Use "dig". Right.) What we have here is failure to communicate.

1. so what do smart networking people use for ping? Back when
   I had a working network, seemed like ping gets filtered by
   everyone.
2. Rephase: how do you tell if you have bare TCP connectivity?
   How do you tell if you're resolving names properly?

3. The hotplug net.agent thing was new to me. Should I care?

4. What's up with ppp-compress-21? I looked at /usr/src/linux
   /Documentation/modules.txt and couldn't make heads or tails
   of that gibberish. There's nothing in /etc/modules.conf to
   give me a clue. I assume I'm using the ppp-generic module.

   The redhat-config-network tool offered me the choice of
   ppp compression (which was the default) but it wasn't clear
   what it was doing.

   There are a bunch of obscure entries in my /etc/sysconfig/
   network-scripts/ifcfg-ppp0 file: CCP=off PC=off AC=off
   BSDCOMP=off VJ=off VJCCOMP=off that may have something to
   do with it, but it isn't clear what they do. Redhat now
   puts a comment in the ifcfg-ppp0 file pointing at the
   /usr/share/doc/initscripts-*/sysconfig.txt file where
   many of these variables are documented, but in this case
   these are all essentially-undocumented. (That is, they
   are mentioned, without explanation, as being IPPP-specific
   settings used for ISDN connections.)

In general, the ifcfg-ppp0 settings looked good, from what I
can tell of good, but I couldn't get any meaningful type of
connection using the redhat-config-network tool. I killed it
(it didn't want to die when I clicked in the box on its window
but I went back to the xterm and did a control-C and that
settled its hash).

I ran kppp instead for a separate reference point, and it
pretty much acted the same way. The big difference is that
when the redhat tool shut down ppp0 the only tip-off is

    ... modprobe: modprobe: Can't locate module ppp0

while kppp says

    ... pppd[...]: Terminating on signal 15.
    ... pppd[...]: Connection terminated.
    ... pppd[...]: Connect time 2.9 minutes.
    ... pppd[...]: Sent 94 bytes, received 64 bytes.
    ... pppd[...]: Exit.
    ... /etc/hotplug/net.agent: NET unregister event not supported

So at this point, in addition to the four questions I listed
earlier, I'm also wondering whether in fact I was properly
connected but my ip(chains,tables)/hosts.(deny,allow)/...
settings were preventing access. So I'll add

5. When configuring the firewall for the ppp0 device, what
   is the minimal configuration?
   a. DHCP, I would suppose, since it's a dynamic IP account.
   b. SSH? not on my ppp0 interface since it's outbound only.
   c. HTTP? ditto for ppp0
   d. DNS? I would expect so, but the ipchains and iptables
      files in /etc/sysconfig say that, ifup-post will punch
      the current nameservers through the firewall. I guess.

6. The redhat docs refer both to gnome-lokkit and to another
   tool called redhat-config-security. Note that the latter
   is not installed by default, at least on my KRUD 2003-01
   version.

7. It isn't obvious to me how you say that you don't trust
   your local eth0 very much (i.e. you allow SSH and HTTP)
   but you distrust your ppp0 interface even more. How does
   one specify different policies for different interfaces?
   Ideally, using one of the GUI-tools-for-dummies-like-me.


Luke Jones
Network Storage Solutions
Nearline Storage Sustaining Engineering
phone: 970-898-3180
luke.jones at hp.com

More information about the NCLUG mailing list