[NCLUG] ppp troubles with RH 8.0 (KRUD 2003-01)

S. Luke Jones luke at frii.com
Thu Feb 20 22:02:19 MST 2003 

Kevin Fenzi wrote:
> ping should work. 
> 
> Try: 
> 
> ping -n 
[...]
> I use "host" for dns testing... 
> 
> host nclug.org
> 
> should resove nclug.org. 
> See 'man host'

> alias ppp-compress-21 bsd_comp
> alias ppp-compress-24 ppp_deflate
> alias ppp-compress-26 ppp_deflate
> 
> Thats the bsd-comp module. Do you have that module? 

There's a /usr/src/linux-2.4/./drivers/net/bsd_comp.c, so
I think maybe I might, unless I don't. Beats me.

> Possible. You can test this by connecting and doing: 
> 
> service ipchains stop

So I did that (and something else I mention below)
and together they work. But it means I don't have
a firewall, so someone has probably figured out that
I'm online and has sendmail working (more than I
ever accomplished :-) and is using it to spam you.

> The redhat tool can specify a "trusted" interface, and non trusted
> ones. You can make eth0 trusted, then restruct everything else to just
> DHCP. 

What's the simplest (one click would be fine) way
to say (with ip(chains|tables)) that I trust the
ppp0 interface with DHCP and with replies to my SSH,
HTTP, and POP traffic, and nothing else, *and* that
I trust my local LAN to originate SSH and HTTP and
SMB/NMB traffic, and nothing else. In other words, I
don't want to say that eth0 is a trusted device, and
I certainly don't want to say that ppp0 is trusted.

> Hope that helps

It did, thanks, although it wasn't sufficient. The ifup-ppp0
script has a bunch of impenetrable logic related to setting
my default route, and I didn't understand a lick of it, much
less the description of same in man pppd, but what I was able
to figure out is that if I set "defaultroute" in my 
/etc/ppp/options file, then, with my firewall off, I can
connect up and indeed, I'm using it to type this mail.

I wonder (but don't much care, now that it "works") why the
default route wasn't getting set properly on ppp establishment.
It's setting up the /etc/resolv.conf stuff correctly. You'd
think that defaultroute would be about that obvious. But maybe
the man pppd page explains this, if only I'd read it.

More information about the NCLUG mailing list