[lug] Newbie tries to make laptop modem work

D. Stimits stimits at idcomm.com
Fri Dec 7 11:42:32 MST 2001 

Glenn Murray wrote:
> 
> Success!  I was able to make a ppp connection last night.  But beware
> of what you wish for, the connection enabled me to spend a couple of
> extra hours working instead of watching DS9 reruns.
> 
> Especially in light of D. Stimits's generous analysis of my log files
> it seems obvious.  He noticed strange things about eth0 and ppp, I had
> just noticed that they seemed to be tangled up together.
> 
> So I popped the ethernet card out, and it worked.
> 
> Well, I also had to take down my firewall, which leads to my next
> question.  How do you maintain an ipchains firewall with a ppp
> connection via a modem?  Isn't the IP address you use in the ipchains
> script usually assigned dynamically?  Do people actually write scripts
> to read the logs, find out what ip they've been assigned and sed that
> into their ipchains scripts?  I originally configured the laptop's
> network stuff for the ethernet card and a static ip address.

If you use redhat 7.x, there is a file /etc/sysconfig/ipchains. That
file takes abbreviated ipchains rules, here is a sample of the
abbreviated format for blocking gnutella music port (6346). It logs
everything but tcp incoming, since it'd fill my logs up from just one or
two particularly annoying sources:
-A input   -p tcp -s 0/0  -d 0/0 6346 -i ppp0     -j DENY
-A input   -p udp -s 0/0  -d 0/0 6346 -i ppp0 -l  -j DENY
-A output  -p tcp -s 0/0  -d 0/0 6346 -i ppp0 -l  -j DENY
-A output  -p udp -s 0/0  -d 0/0 6346 -i ppp0 -l  -j DENY

Basically it like a regular ipchain rule, but no need to mention the
actual ipchains command, only the specification. The file that reads
this is /etc/rc.d/init.d/ipchains. It can be autostarted at various
runlevels, try "chkconfig --list" (assumes redhat). Relevant commands:
cd /etc/rc.d/init.d/
./ipchains status
./ipchains stop
./ipchains start
./ipchains restart

BEWARE! If your kernel does not support ipchains, which is the case if
you have iptables module loaded (iptables and ipchains are mutually
exclusive), the script will NOT correctly report starting or status. Use
the regular "/sbin/ipchains -L -n" to list rules and see if it is really
running.

Using that script the other setup options for networking should spill
over to the start script and properly deal with ppp0 coming up or going
down, automatically "punching through" the ppp point and DNS. So if you
have working ipchains rules, go to /etc/sysconfig/ and open ipchains
file, put the abbreviated format there, and run the ipchains script in
/etc/rc.d/init.d/, and you should find that the modem properly addresses
firewalling the same way as it would routing. DO be sure to see if
ipchains is *really* running, the script will lie in some cases.

> 
> My /cdrom still won't mount, I have
> ll /dev/cdrom
> lrwxrwxrwx    1 root     root            3 Sep 18  2000 /dev/cdrom -> hdc
> which worked before I installed the new kernel image, but I haven't
> yet tried out D. Stimits's other suggestions.  Thanks again, D.!  I
> suspect though, the problem is as simple as the permissions on
> /dev/hdc aren't set the way I expect.  If not, the list will probably
> hear from me.

Also be sure hdc is the cdrom device.

D. Stimits, stimits at idcomm.com

> 
> Thanks again,
> Glenn Murray
> www.mines.edu/~gmurray/public_html/Welcome.html
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug

More information about the LUG mailing list