Moe Trin wrote:
> On Mon, 28 Jan 2008, in the Usenet newsgroup alt.os.linux.ubuntu, in article
> , Jonathan N. Little wrote:
>
>> Moe Trin wrote:
>
> [MAXNS in /etc/resolv.conf]
>
>> Well my ISP only has 2 nameservers, so that is not a problem. I think
>> that I did edited some script. Normally I document what I do, but mind
>> you it was mdk8.1, long time and this Debian a bit different that the
>> Mandrake/Red Hat way. I have had that server up and running for a very
>> long time...
>
> You are using some wrapper or helper tool (kppp, wvdial, or any of the
> hundreds of similar bloated tools that replace a three line shell
> script), and it has the option to get DNS addresses (which sets the
> "usepeerdns" option to pppd(. The helper then takes the data that pppd
> would put into /etc/ppp/resolv.conf (note the different file name - pppd
> doesn't mess with system files) and transfers that information to the
> /etc/resolv.conf file. Without knowing what the helper or wrapper tool
> is that you are using, I can't tell you what to kick, but it is part of
> the helper or wrapper tool setup.


The wrapper is wvdial used as a chat script, referenced David Pashley's page

http://www.davidpashley.com/articles...-pppd-dod.html
Dial On Demand with wvdial and pppd

This is my first fist time using wvdial. I does seem to be a bit flaky,
sometimes it doesn't get the modem to dial on startup but other times
works just fine...haven't figured it out yet but I have no love for it.
I would readily dump it. You I just use a standard chat script with pppd
directly? Problem is my knowledge is wide but not deep. Picked up many
languages over the years, but my experience in batch files is on M$
platform. Not too familiar with shell script and many times use Perl. I
guess what I want to do is define a static nameserver, my lan's, and
then when the ppp0 goes up receive nameservers from ISP and append then
to resolv.conf

As you say ISPs rarely change IPs on their nameservers and I already
have them hardcoded as forwarders in bind, i guess hardcoded will do the
pppd script.

For background I am DNS server for my LAN manages hosts and
development/local mirrors of websites that I manage. Also caches for my
hosts. I also have dhcp server for the LAN.

>
>> Well that is what I am doing, my dns authoritative for my lan, but
>> forwards and caches external address. All is fine form any of the
>> clients on the lan, it's just this computer, the gateway. Once the
>> ppp0 is up the resolv.conf get changed I lose my nameserver from that
>> machine. I guess it not really important because I don't really use it
>> as a workstation. I just is that the old MDK8.1 I did some hack and I
>> haven't located my notes yet...
>
> The correct solution is to kick the helper/wrapper tool between the
> ears,

Well I am open to suggestions. Can you give mt a template or a URL to
where I might see an example? Most appreciative!

--
Take care,

Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com

On Wed, 30 Jan 2008, in the Usenet newsgroup alt.os.linux.ubuntu, in article
, Walter Mautner wrote:

>Moe Trin wrote:

>> The correct solution is to kick the helper/wrapper tool between the
>> ears, but another (less desirable) solution is to set the 'immutable'
>> bit on /etc/resolv.conf ('chattr +i /etc/resolv.conf), but it will
>> drive you nuts some day when you WANT to change something in that
>> file, and get told "permission denied".
>
>The chattr trick is one I have employed as well, until I found it is
>just enough to install the sysvconfig tools and then disable the
>resolvconf "service".

I _hate_ these "let me help you - I know what you really want" type of
programs. I have no idea how some application author thought I'd be
setting up my systems, but they're really not changing network parameters
every ten seconds. For me, these so-called helper programs are wrong
more than two-thirds of the time.

For a dialup user, having /etc/resolv.conf point to the ISP's nameservers
even when the telephone line has been removed from the house makes no
difference in the way an application responds. With /etc/resolv.conf
empty, you get "ping: unknown host mumble.com" as fast as when
/etc/resolv.conf lists three name servers that are unreachable because
there is no network route to reach them. Another "non-problem" turned
into one because the application author didn't bother to think his
magnificent idea through.

Old guy

On Wed, 30 Jan 2008, in the Usenet newsgroup alt.os.linux.ubuntu, in article
<48ee9$47a0aa23$40cba7b2$6951@NAXS.COM>, Jonathan N. Little wrote:

> Moe Trin wrote:

>> You are using some wrapper or helper tool (kppp, wvdial, or any of the
>> hundreds of similar bloated tools that replace a three line shell
>> script), and it has the option to get DNS addresses (which sets the
>> "usepeerdns" option to pppd(.

>The wrapper is wvdial used as a chat script, referenced David Pashley's
>page
>http://www.davidpashley.com/articles...-pppd-dod.html
>Dial On Demand with wvdial and pppd

Oh, Ghod!!!

If you asked most people how to get Linux to do dial on demand, they
would tell you to use diald. However there is a simpler way of getting
it working. This tutorial will show you how to get dial-on-demand
working using wvdial and pppd.

First - diald went out of favor back in ~1998 when ppp-2.3.6 came out.
Dial-on-demand mode was included in the base pppd package back in 2.3.0
in late 1997. Running pppd _by itself_ takes a simple dial script.
I've been posting this one for about 9 years:

[compton ~]$ cat /usr/local/bin/dialin
#!/bin/bash
exec /usr/sbin/pppd connect "/usr/sbin/chat -f /etc/ppp/dialscript" lock \
defaultroute noipdefault /dev/modem 115200 crtscts user ibuprofin \
nodetach
[compton ~]$

There must not be anything after the \ in those two lines.

[compton ~]$ cat /etc/ppp/dialscript
ABORT BUSY ABORT 'NO CARRIER' "" AT&F1 OK ATDT2662902 CONNECT \d\c
[compton ~]$

Obviously, you change your username, and the device where your modem is
hiding. The AT&F1 is a US Robotics init-string, most other brands use
AT&F0 - oh, and obviously you need to correct the phone number. You also
need to have your username and password in /etc/ppp/pap-secrets. Get
this running from the command line as root. When you do, you make it
do demand mode by changing the last line of 'dialin' from "nodetach"
to "demand idle 300 holdoff 15" (that is to say, remove the word
"nodetach", and add the words "demand idle 300 holdoff 15"), and add
two lines to one of your boot scripts - /etc/rc.d/rc.local (or where
ever that file is hiding) is the usual candidate:

echo -n 1 > /proc/sys/net/ipv4/ip_dynaddr
/usr/local/bin/dialin

The first line is used to tell a 2.2.x or later kernel that the system
will have dynamic IP addresses, while the second line runs the dialin
script. As this file (rc.local) is run by root, the daemon will be
running as root. Now, pppd will start, but stay in the background and
respond to requests for IP services after that. The idle 300 will cause
the system to disconnect when the ppp link has been idle for 5 minutes
(300 seconds). The holdoff 15 means the system will not try to redial
for 15 seconds after an idle timeout, to allow everything to recover.
If you want to _manually_ disconnect, as root run the command

killall -HUP pppd

which will bring down the link even if it's active (but leave pppd in
the demand mode). ("killall -SIGINT pppd" will kill the link AND kill
the pppd daemon.)

That's the whole thing. You might compare the size of
/usr/local/bin/dialin, /etc/ppp/dialscript, the two lines in rc.local,
and the whole d4mn /usr/sbin/chat binary with the wvdial stuff.

>This is my first fist time using wvdial. I does seem to be a bit flaky,
>sometimes it doesn't get the modem to dial on startup but other times
>works just fine...haven't figured it out yet but I have no love for it.
>I would readily dump it.

I never understood why WvDial was even created in the first place. It's
an "intelligent dialer" program, designed to look for a login prompt at
the other end of the phone connection. It was created in 1999, FOUR YEARS
after the windoze method of DUN killed off the login prompt because users
couldn't click on a login prompt and would complain that the Internet was
b0rken.

>You I just use a standard chat script with pppd directly?

Above.

>Problem is my knowledge is wide but not deep. Picked up many languages
>over the years, but my experience in batch files is on M$ platform. Not
>too familiar with shell script and many times use Perl.

The format used by /usr/sbin/chat is a variation of the 'Expect'
language. If you look at /etc/ppp/dialscript above, it sets two abort
conditions (line is busy and something other than a modem answers the
phone), and then expects nothing (""), and sends the modem init-string.
When the modem responds with "OK", it then sends the dial string that
will dial the modem. The script then waits for the modem to announce
that it's connected to another modem, waits one second (\d) and bails
without sending a carriage return (\c) that may upset some terminal
servers. The ppp applications on both ends of the wire then start,
negotiate an IP connection, and you're on the air. This method of
connecting without a login prompt actually goes back to ~1992, before
microsoft invented the telephone.

The stuff that is in "dialin" (above) is really just invoking the pppd
program - and everything after '/usr/sbin/pppd' is an option to that
program. Not even relatively minor magic - just "secret words". ;-)
All of this is in the pppd and chat man pages, but man pages have never
been known as "user friendly" documentation.

>I guess what I want to do is define a static nameserver, my lan's,

Yes

>and then when the ppp0 goes up receive nameservers from ISP and
>append then to resolv.conf

Why? Re-read section 6 of the DNS-HOWTO. Your name server can answer
all queries. If it doesn't have the answer, it can forward the question
to the ISP's name server (or whoever you designated as forwarder) if
the link is up, or wait while pppd brings up the link automagically.
The system asking your name server will get a rapid answer if the link
is up (or if the name server has the answer cached), or get a slow
(tens of seconds) answer if the link is down and has to be brought up.

>As you say ISPs rarely change IPs on their nameservers and I already
>have them hardcoded as forwarders in bind, i guess hardcoded will do
>the pppd script.

I answered to fast ;-) No, the /etc/resolv.conf file doesn't have to
change. All of your hosts (including the dialin box) will look to your
name server for the answers. Your name server is either going to answer
or try to send a packet to the forwarder (which should bring the link
up) so that it can answer. No need for your hosts to _care_ about any
other name server.

>For background I am DNS server for my LAN manages hosts and
>development/local mirrors of websites that I manage. Also caches for
>my hosts. I also have dhcp server for the LAN.

I don't bother with DHCP, because the hosts on my LAN (at work as well
as at home) don't go walking about. Lot less of a security problem.

>> The correct solution is to kick the helper/wrapper tool between the
>> ears,
>
>Well I am open to suggestions.

Stand squarely in front of the computer, making sure your non-kicking
foot is firmly on a stable surface. Be sure you are wearing ANSI
approved steel-tip safety shoes. Draw the kicking leg back about 40
degrees, and.... er... or do you mean about replacing wvdial?

>Can you give mt a template or a URL to where I might see an example?
>Most appreciative!

I'm assuming you know how to use an editor of some kind, know how to
'chmod' a file to make it executable. With the appropriate corrections
noted above, that script should work. As for a URL, I normally send
people to http://www.theory.physics.ubc.ca/ppp-linux.html which tells
how the script above was derived.

Old guy

Moe Trin wrote:
> On Wed, 30 Jan 2008, in the Usenet newsgroup alt.os.linux.ubuntu, in article
> <48ee9$47a0aa23$40cba7b2$6951@NAXS.COM>, Jonathan N. Little wrote:
>
>> Moe Trin wrote:
>
>>> You are using some wrapper or helper tool (kppp, wvdial, or any of the
>>> hundreds of similar bloated tools that replace a three line shell
>>> script), and it has the option to get DNS addresses (which sets the
>>> "usepeerdns" option to pppd(.
>
>> The wrapper is wvdial used as a chat script, referenced David Pashley's
>> page
>> http://www.davidpashley.com/articles...-pppd-dod.html
>> Dial On Demand with wvdial and pppd
>
> Oh, Ghod!!!
>



>
> [compton ~]$ cat /etc/ppp/dialscript
> ABORT BUSY ABORT 'NO CARRIER' "" AT&F1 OK ATDT2662902 CONNECT \d\c
> [compton ~]$
>
> Obviously, you change your username, and the device where your modem is
> hiding. The AT&F1 is a US Robotics init-string, most other brands use
> AT&F0 - oh, and obviously you need to correct the phone number.

A *BIG* thank you! This is far superior! This is a USR Courier
V.everything so the above chat works just fine.

> You also
> need to have your username and password in /etc/ppp/pap-secrets. Get
> this running from the command line as root. When you do, you make it
> do demand mode by changing the last line of 'dialin' from "nodetach"
> to "demand idle 300 holdoff 15" (that is to say, remove the word
> "nodetach", and add the words "demand idle 300 holdoff 15"), and add
> two lines to one of your boot scripts - /etc/rc.d/rc.local (or where
> ever that file is hiding) is the usual candidate:
>
> echo -n 1 > /proc/sys/net/ipv4/ip_dynaddr

One thing that I have noticed with Ubuntu is that I am unable to echo to
create or change files in /etc, /proc, or /usr even with sudo. I find I
have to echo to a temp file and cp or mv into place for this to work.
Not used to this with Mandrake. Is there a trick?



>> and then when the ppp0 goes up receive nameservers from ISP and
>> append then to resolv.conf
>
> Why? Re-read section 6 of the DNS-HOWTO.

You're right! No resolv.conf change, my nameserver does it all. Works
great! Thank again.

>
> Stand squarely in front of the computer, making sure your non-kicking
> foot is firmly on a stable surface. Be sure you are wearing ANSI
> approved steel-tip safety shoes. Draw the kicking leg back about 40
> degrees, and.... er... or do you mean about replacing wvdial?

Been *squarely kicked!* The problem is there is so much obsoleted info
out there on dialup. Hopefully this is just a temp situation. They had
been promising me BPL broadband here but after 5 years and still no
deployment schedule I think is it just vaporware. But they just put up a
pilot WiMAX tower online, and if my custom cantenna/parabolic dish
hybrid antenna is successful I will be dumping this dialup! We will
see...

--
Take care,

Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com

Jonathan N. Little wrote:
> Moe Trin wrote:
>> On Wed, 30 Jan 2008, in the Usenet newsgroup alt.os.linux.ubuntu, in
>> article
>> <48ee9$47a0aa23$40cba7b2$6951@NAXS.COM>, Jonathan N. Little wrote:
>>
>>> Moe Trin wrote:



> A *BIG* thank you! This is far superior! This is a USR Courier
> V.everything so the above chat works just fine.
>
>> You also
>> need to have your username and password in /etc/ppp/pap-secrets. Get
>> this running from the command line as root. When you do, you make it
>> do demand mode by changing the last line of 'dialin' from "nodetach"
>> to "demand idle 300 holdoff 15" (that is to say, remove the word
>> "nodetach", and add the words "demand idle 300 holdoff 15"), and add
>> two lines to one of your boot scripts - /etc/rc.d/rc.local (or where
>> ever that file is hiding) is the usual candidate:

Haven't been successful getting the "demand" part to work. Just times
out. Added 'debug' but don't see anything in the log...need to keep futzing.


--
Take care,

Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com

On Sun, 03 Feb 2008, in the Usenet newsgroup alt.os.linux.ubuntu, in article
, Jonathan N. Little wrote:

>Moe Trin wrote:

>> Obviously, you change your username, and the device where your modem
>> is hiding. The AT&F1 is a US Robotics init-string, most other brands
>> use AT&F0 - oh, and obviously you need to correct the phone number.
>
>A *BIG* thank you! This is far superior! This is a USR Courier
>V.everything so the above chat works just fine.

Back in the 1990s, when standard modems were the most common means of
connecting to an ISP, I used to be amazed at the bloated BS that was
being provided to get a simple dialup connection to run.

>> When you do, you make it do demand mode by changing the last line of
>> 'dialin' from "nodetach" to "demand idle 300 holdoff 15" (that is to
>> say, remove the word "nodetach", and add the words "demand idle 300
>> holdoff 15"), and add two lines to one of your boot scripts -
>> /etc/rc.d/rc.local (or where ever that file is hiding) is the usual
>> candidate:
>>
>> echo -n 1 > /proc/sys/net/ipv4/ip_dynaddr
>
>One thing that I have noticed with Ubuntu is that I am unable to echo
>to create or change files in /etc, /proc, or /usr even with sudo.

This makes no sense. What happens when you try?

>I find I have to echo to a temp file and cp or mv into place for this
>to work. Not used to this with Mandrake. Is there a trick?

I can't imagine why this would work, and using echo does not. More
details please. Error messages? Smoke/flames?

>> Why? Re-read section 6 of the DNS-HOWTO.
>
>You're right! No resolv.conf change, my nameserver does it all. Works
>great! Thank again.

Glad to help!

>> Stand squarely in front of the computer, making sure your non-kicking

[...]

>Been *squarely kicked!*

Hopefully, no injury to the kicking foot ;-)

>The problem is there is so much obsoleted info out there on dialup.

I think this won't change. Dialup access is becoming much less common
than before. While most of the ISPs in this town offer it, most of
them are utilizing the services of one of a few point-of-presence
providers (who actually have the hardware, and are providing the
actual access). The provider I'm using to post this is (a regional
ISP) is actually giving dialup access through a Pittsburgh company
that operates dialin facilities for hire around the country.

Consequently, dialup configuration information is no longer very
interesting. Using /usr/sbin/chat to set up the connection is one of
the solutions that has been available for years, but it's using a
script, and a lot of windoze trained users can't handle that. Some
of the blame should go to the pppd package provider, as this
application has a bewildering number of options to look through.

>Hopefully this is just a temp situation. They had been promising me
>BPL broadband here but after 5 years and still no deployment schedule
>I think is it just vaporware. But they just put up a pilot WiMAX tower
>online, and if my custom cantenna/parabolic dish hybrid antenna is
>successful I will be dumping this dialup! We will see... >crossed>

As long as you have line-of-sight (including at least 0.7 Fresnel
clearance zone - see news://alt.internet.wireless for help there),
and the antenna cable lengths are minimal (cable such as used for
television antennas is horrible at 2.4 GHz - losses are so bad that
a ten foot length of even professionally assembled cable will cut
the range in half), that may well be the way to go. We had a local
wireless ISP here, though they were twice the cost of cable/DSL. As
soon as cable/DSL reached out this far, the wireless ISP lost a lot
of his customers.

Old guy

On Mon, 04 Feb 2008, in the Usenet newsgroup alt.os.linux.ubuntu, in article
<7633f$47a69e46$40cba7b9$27312@NAXS.COM>, Jonathan N. Little wrote:

>> Moe Trin wrote:

>>> add two lines to one of your boot scripts - /etc/rc.d/rc.local (or
>>> where ever that file is hiding) is the usual candidate:
>
>Haven't been successful getting the "demand" part to work. Just times
>out.

OK - 'ps auwx' and see what's running. Can you telnet/ssh into the
box running the phone and access the Internet from there (routing or
recognizing the need to bring up the link)? Does the routing tables
on client and dialout box show something reasonable?

>Added 'debug' but don't see anything in the log...need to keep futzing.

'pppd' 'debug' uses the 'daemon:debug' facility of syslogd. I normally
suggest adding a line

daemon.=debug;local2.=info /var/log/ppp

(note: that whitespace is a tab, not a bunch of spaces) to your syslog
configuration file (probably /etc/syslogd.conf) and then restarting the
logging daemon (killall -HUP syslogd) to cause it to read the new
configuration. The 'local2.=info' section gets the -v output from
/usr/sbin/chat if you've set that flag.

In your other response, you mention having problems echoing stuff into
files - does '/bin/cat/ /proc/sys/net/ipv4/ip_dynaddr' on the box with
the modem show the desired '1' ?

Old guy

Moe Trin wrote:
> On Sun, 03 Feb 2008, in the Usenet newsgroup alt.os.linux.ubuntu, in article
> , Jonathan N. Little wrote:
>
>> Moe Trin wrote:

>>> echo -n 1 > /proc/sys/net/ipv4/ip_dynaddr
>> One thing that I have noticed with Ubuntu is that I am unable to echo
>> to create or change files in /etc, /proc, or /usr even with sudo.
>
> This makes no sense. What happens when you try?
>
>> I find I have to echo to a temp file and cp or mv into place for this
>> to work. Not used to this with Mandrake. Is there a trick?
>
> I can't imagine why this would work, and using echo does not. More
> details please. Error messages? Smoke/flames?


jonathan@zuko:~$ sudo echo -n 1 > /proc/sys/net/ipv4/ip_dynaddr
-bash: /proc/sys/net/ipv4/ip_dynaddr: Permission denied

but I can:

jonathan@zuko:~$ echo -n 1 > enable
jonathan@zuko:~$ sudo mv enable /proc/sys/net/ipv4/ip_dynaddr

Bizarre or what? I have 3 Ubuntu boxes now, (Ubuntu desktop, Ubuntu
server and Kubuntu as a server). Noticed same behavior, but I am used to
Mandrake where you can just log in as root and fix whatever you need...

Now I am not sure what will happen when it loads in the rc.local where
it will be running as root.

same problem when I tried to add my zone files, I could not create them
in /etc/bind/pz/

I had to create them in my own profile then move them!

>
>>> Why? Re-read section 6 of the DNS-HOWTO.
>> You're right! No resolv.conf change, my nameserver does it all. Works
>> great! Thank again.
>
> Glad to help!
>
>>> Stand squarely in front of the computer, making sure your non-kicking
>
> [...]
>
>> Been *squarely kicked!*
>
> Hopefully, no injury to the kicking foot ;-)
>
>> The problem is there is so much obsoleted info out there on dialup.
>
> I think this won't change. Dialup access is becoming much less common
> than before. While most of the ISPs in this town offer it, most of
> them are utilizing the services of one of a few point-of-presence
> providers (who actually have the hardware, and are providing the
> actual access). The provider I'm using to post this is (a regional
> ISP) is actually giving dialup access through a Pittsburgh company
> that operates dialin facilities for hire around the country.
>
> Consequently, dialup configuration information is no longer very
> interesting. Using /usr/sbin/chat to set up the connection is one of
> the solutions that has been available for years, but it's using a
> script, and a lot of windoze trained users can't handle that. Some
> of the blame should go to the pppd package provider, as this
> application has a bewildering number of options to look through.

I took your scripts and created a sort of server script with parameters

dialup {up|down|kill} where it checks for pppd is running if before 'up'
tries to start the daemon; down just disconnects; and kill, well kills
the pppd daemon.

>
>> Hopefully this is just a temp situation. They had been promising me
>> BPL broadband here but after 5 years and still no deployment schedule
>> I think is it just vaporware. But they just put up a pilot WiMAX tower
>> online, and if my custom cantenna/parabolic dish hybrid antenna is
>> successful I will be dumping this dialup! We will see... >> crossed>
>
> As long as you have line-of-sight (including at least 0.7 Fresnel
> clearance zone - see news://alt.internet.wireless for help there),
> and the antenna cable lengths are minimal (cable such as used for
> television antennas is horrible at 2.4 GHz - losses are so bad that
> a ten foot length of even professionally assembled cable will cut
> the range in half), that may well be the way to go. We had a local
> wireless ISP here, though they were twice the cost of cable/DSL. As
> soon as cable/DSL reached out this far, the wireless ISP lost a lot
> of his customers.

Well this WiMAX is at 2.3GHz so I am assuming it is similar. Going with
low loss cable. Try and keep it as short as possible, just make the
Ethernet cable longer!

--
Take care,

Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com

* Jonathan N. Little :
[ ... ]
> jonathan@zuko:~$ sudo echo -n 1 > /proc/sys/net/ipv4/ip_dynaddr
> -bash: /proc/sys/net/ipv4/ip_dynaddr: Permission denied

sudo is bestowing root privileges upon the echo command, but the file
redirection (>) is still performed by your shell which doesn't have the
permission to write to the file. Either of the follow solutions should
work:

$ sudo bash -c "echo -n 1 > /proc/sys/net/ipv4/ip_dynaddr"

or

$ echo -n 1 | sudo tee /proc/sys/net/ipv4/ip_dynaddr

> but I can:
>
> jonathan@zuko:~$ echo -n 1 > enable
> jonathan@zuko:~$ sudo mv enable /proc/sys/net/ipv4/ip_dynaddr
>
> Bizarre or what? I have 3 Ubuntu boxes now, (Ubuntu desktop, Ubuntu
> server and Kubuntu as a server). Noticed same behavior, but I am used to
> Mandrake where you can just log in as root and fix whatever you need...

Logging in as root is what makes the difference. Then your shell has
root privileges and can redirect to files that are not normally writable
by you. Here you could use "sudo -i" to accomplish the same thing.

--
James Michael Fultz
Remove this part when replying ^^^^^^^^

Moe Trin wrote:
> On Mon, 04 Feb 2008, in the Usenet newsgroup alt.os.linux.ubuntu, in article
> <7633f$47a69e46$40cba7b9$27312@NAXS.COM>, Jonathan N. Little wrote:
>
>>> Moe Trin wrote:
>
>>>> add two lines to one of your boot scripts - /etc/rc.d/rc.local (or
>>>> where ever that file is hiding) is the usual candidate:
>> Haven't been successful getting the "demand" part to work. Just times
>> out.
>
> OK - 'ps auwx' and see what's running. Can you telnet/ssh into the
> box running the phone and access the Internet from there (routing or
> recognizing the need to bring up the link)? Does the routing tables
> on client and dialout box show something reasonable?

Yes, almost all my work on the servers I do from my XP desktop via
TeraTerm SSH. pppd is up, just sometimes, usually the first time takes
forever (5-10 mins) for the initial attempt to dialup. After it gets
going it seems to respond better after the connection goes when the idle
time expires.

I did notice the something strange with the routing table, when the pppd
starts but before the modem connects to my ISP the ppp0 strange IP for
what will be ppp0's gateway

### Unconnected
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.112.112.112 * 255.255.255.255 UH 0 0 0 ppp0
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
link-local * 255.255.0.0 U 1000 0 0 eth0
default * 0.0.0.0 U 0 0 0 ppp0

I have no idea where that 10.112.112.112 came from. But once modem
finally dials and ppp0 is connected to my ISP is get my IP from them...

### Connected
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
64.203.136.35 * 255.255.255.255 UH 0 0 0 ppp0
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
link-local * 255.255.0.0 U 1000 0 0 eth0
default * 0.0.0.0 U 0 0 0 ppp0


Now before I'm connected should the ppp0 be "0.0.0.0" not
"10.112.112.112"? I even added "0.0.0.0:0.0.0.0 netmask 255.255.255.0"
to the dialup script.


>
>> Added 'debug' but don't see anything in the log...need to keep futzing.
>
> 'pppd' 'debug' uses the 'daemon:debug' facility of syslogd. I normally
> suggest adding a line
>
> daemon.=debug;local2.=info /var/log/ppp
>
> (note: that whitespace is a tab, not a bunch of spaces) to your syslog
> configuration file (probably /etc/syslogd.conf) and then restarting the
> logging daemon (killall -HUP syslogd) to cause it to read the new
> configuration. The 'local2.=info' section gets the -v output from
> /usr/sbin/chat if you've set that flag.

I'll do this.

>
> In your other response, you mention having problems echoing stuff into
> files - does '/bin/cat/ /proc/sys/net/ipv4/ip_dynaddr' on the box with
> the modem show the desired '1' ?

Yes it does now. I used the my "cat to file then move into place" method
to set it, else it always read '0'.

It just seems to take forever for the first time for the modem to
recognize that it needs to dial out for an external address. Afterwards
it seems okay so I think it is an initial routing problem. My ignorance
is showing...

--
Take care,

Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com

On Mon, 04 Feb 2008, in the Usenet newsgroup alt.os.linux.ubuntu, in article
<739e0$47a79156$40cba7c7$31747@NAXS.COM>, Jonathan N. Little wrote:

>Moe Trin wrote:

>> I can't imagine why this would work, and using echo does not. More
>> details please. Error messages? Smoke/flames?
>
>jonathan@zuko:~$ sudo echo -n 1 > /proc/sys/net/ipv4/ip_dynaddr
>-bash: /proc/sys/net/ipv4/ip_dynaddr: Permission denied

OK - I think you are being caught by the redirection. Try

sudo echo -n 1 > /tmp/no-quote
sudo "echo -n 1 > /tmp/quoted-file"

and see who owns those two files.

>Bizarre or what? I have 3 Ubuntu boxes now, (Ubuntu desktop, Ubuntu
>server and Kubuntu as a server). Noticed same behavior, but I am used
>to Mandrake where you can just log in as root and fix whatever you
>need...

Yeah, I know what you mean. I've been using *nix for a bit over 30
years, and while I understand _why_ Ubuntu is doing things this way,
it doesn't mean I agree with it.

>Now I am not sure what will happen when it loads in the rc.local
>where it will be running as root.

Because it's running that script as root, every thing should run as
you would expect. Look to see what else is in rc.local now, but you
may be able to run it manually from a sudo command. You normally
wouldn't run into this problem, as a user wouldn't be messing with
the scripts (it's done by the boot scripts which run as root).

>same problem when I tried to add my zone files, I could not create
>them in /etc/bind/pz/
>
>I had to create them in my own profile then move them!

That's one of the disadvantage of an overly protective distribution.
Yes, it makes it difficult for you to trash the system, but it also
gets in the way of doing jobs that some icon-designer didn't think
you'd need to do.

>I took your scripts and created a sort of server script with
>parameters
>
>dialup {up|down|kill} where it checks for pppd is running if before
>'up' tries to start the daemon; down just disconnects; and kill, well
>kills the pppd daemon.

Sounds as if you know what you are doing. That's good.

>Well this WiMAX is at 2.3GHz so I am assuming it is similar. Going
>with low loss cable. Try and keep it as short as possible, just make
>the Ethernet cable longer!

You could use some of the higher quality (and larger) coax, such as
the Low Density Foams (semi-rigid) but even RG214/U (formerly RG-9)
would cost you half the range with ~65 feet of coax. That's why the
preference is to have the RF stuff in a weatherproof box at the
antenna (within a foot or so). Waveguide is better, but 2.3 GHz needs
WR-340 guide (a.k.a RG-112/U) which is about 3.6 x 1.9 inches in cross
section, weighs a ton, and is an absolute cast-iron BEAR to work with.
And of course, it's expensive as he!!.

Old guy

On Mon, 04 Feb 2008, in the Usenet newsgroup alt.os.linux.ubuntu, in article
, Jonathan N. Little wrote:

>Yes, almost all my work on the servers I do from my XP desktop via
>TeraTerm SSH. pppd is up, just sometimes, usually the first time
>takes forever (5-10 mins) for the initial attempt to dialup. After
>it gets going it seems to respond better after the connection goes
>when the idle time expires.

That smells of firewall, I think.

>I did notice the something strange with the routing table, when the
>pppd starts but before the modem connects to my ISP the ppp0 strange
>IP for what will be ppp0's gateway
>
>### Unconnected
>Kernel IP routing table
>Destination Gateway Genmask Flags Metric Ref Use Iface
>10.112.112.112 * 255.255.255.255 UH 0 0 0 ppp0

Oh, where the heck is that documented.... OK, if you have the file
'Changes-2.3' which is part of the ppp tarball, you'll find way back
under "What was new in ppp-2.3.10."

* Pppd no longer requires a remote address to be specified for demand
dialling. If none is specified, it will use a default value of
10.112.112.112+unit_number. (It will not propose this default to
the peer.)

so that should not be a problem.

>I have no idea where that 10.112.112.112 came from.

I think it was Paul Mackerras, back when he was at ANU.

>But once modem finally dials and ppp0 is connected to my ISP is get
>my IP from them...
>
>### Connected
>Kernel IP routing table
>Destination Gateway Genmask Flags Metric Ref Use Iface
>64.203.136.35 * 255.255.255.255 UH 0 0 0 ppp0
>192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
>link-local * 255.255.0.0 U 1000 0 0 eth0
>default * 0.0.0.0 U 0 0 0 ppp0

Technically, that's wrong, as the last line is saying that the entire
world is directly connected to your ppp0 interface. The last line
"should" read

default 64.203.136.35 0.0.0.0 U 0 0 0 ppp0

but in reality, it doesn't matter as far as networking is concerned
because the only host at the other end of the wire is the gateway
that will be forwarding the packets for you. /sbin/arp isn't used on
a ppp link, so it's a moot point.

>Now before I'm connected should the ppp0 be "0.0.0.0" not
>"10.112.112.112"? I even added "0.0.0.0:0.0.0.0 netmask 255.255.255.0"
>to the dialup script.

Ah, the '0.0.0.0:0.0.0.0' should be interpreted by pppd as "I don't
know:I don't know" (reference RFC1122 section 3.2.1.3(a) via RFC0951
section 7.1), and really isn't meant to be used that way. As for the
network mask, that option was dropped from the 2.4.2 man page, because
it's really not relevant to a ppp link (which technically only has a
single host at each end - 255.255.255.255). I'm pretty sure the code
is still included in the source, but you really don't want to specify
a mask either.

>It just seems to take forever for the first time for the modem to
>recognize that it needs to dial out for an external address. Afterwards
>it seems okay so I think it is an initial routing problem. My ignorance
>is showing...

If you ssh in, and try to 'ping -c1 173.2.3.4' from the dialout box,
does that bring the link up right away? Or does it make no difference.
(Theory: on the dialout box - routing should be a function of the
routing table, and PROBABLY, the firewall isn't needed. Using an IP
address should not require a DNS lookup - and that address doesn't
exist on the Internet anyway, so you _should_ get a quick "host
unreachable" as soon as the link comes up. Also, it would help if you
were able to do a 'ps' as soon as you issue the ping command [in a
different shell] and see if /usr/sbin/chat has been called.) If that
brings up the link immediately, kill and restart the daemon, and then
repeat this trick from one of your regular hosts. The difference here
would be your firewall is going to have to masquerade your packet, and
you may have some firewall rules involved otherwise (/sbin/iptables -L).
For what it's worth, I'm a network admin, and I'd be using a packet
sniffer (tcpdump) to see what the traffic on the wire would be looking
like, in addition to the 'ps' command to see what's running when.

Old guy

Moe Trin wrote:
> On Mon, 04 Feb 2008, in the Usenet newsgroup alt.os.linux.ubuntu, in article
> <739e0$47a79156$40cba7c7$31747@NAXS.COM>, Jonathan N. Little wrote:
>
>> Moe Trin wrote:
>
>>> I can't imagine why this would work, and using echo does not. More
>>> details please. Error messages? Smoke/flames?
>> jonathan@zuko:~$ sudo echo -n 1 > /proc/sys/net/ipv4/ip_dynaddr
>> -bash: /proc/sys/net/ipv4/ip_dynaddr: Permission denied
>
> OK - I think you are being caught by the redirection. Try
>
> sudo echo -n 1 > /tmp/no-quote
> sudo "echo -n 1 > /tmp/quoted-file"
>
> and see who owns those two files.
>

Damn, I'll either get use to this sudo thing or we be settn'a password
for root! May anyways. I don't like the idea when the possible
unforeseen happens that I would have the password to really fix it. Call
it "too many year with Microsoft". I have patched more system
setups...good at resurrecting the dead.



> Yeah, I know what you mean. I've been using *nix for a bit over 30
> years, and while I understand _why_ Ubuntu is doing things this way,
> it doesn't mean I agree with it.

Been over 10, with my first server RH7. But I have to say once you set
them up other than a little maintenance I don't have to fuss with them.
I need to learn bash. Damn another language!




>
>> Well this WiMAX is at 2.3GHz so I am assuming it is similar. Going
>> with low loss cable. Try and keep it as short as possible, just make
>> the Ethernet cable longer!
>
> You could use some of the higher quality (and larger) coax, such as
> the Low Density Foams (semi-rigid) but even RG214/U (formerly RG-9)
> would cost you half the range with ~65 feet of coax. That's why the
> preference is to have the RF stuff in a weatherproof box at the
> antenna (within a foot or so). Waveguide is better, but 2.3 GHz needs
> WR-340 guide (a.k.a RG-112/U) which is about 3.6 x 1.9 inches in cross
> section, weighs a ton, and is an absolute cast-iron BEAR to work with.
> And of course, it's expensive as he!!.

Well the antenna is due south so the whole arrangement may work out to
be in the attic over the garage the gable end faces south. Get some
elevation and under cover or mount just outside the wall. Keep the wire
short and run cat-5 to my router system.

--
Take care,

Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com

On Mon, 04 Feb 2008, in the Usenet newsgroup alt.os.linux.ubuntu, in article
, Jonathan N. Little wrote:

> Moe Trin wrote:

>> sudo echo -n 1 > /tmp/no-quote
>> sudo "echo -n 1 > /tmp/quoted-file"
>>
>> and see who owns those two files.
>
>Damn, I'll either get use to this sudo thing or we be settn'a password
>for root!

Yeah, it's REALLY frustrating when you know what you are doing, but it's
there because most people don't know, and can be counted on the use the
root account for everything.

>May anyways.

About 15 months ago, this lack of a working root account and the hoops
you needed to jump through to do admin tasks was one of the complaints
our evaluators made very loudly. But we are a *nix shop, and are used
to working the traditional way.

>I don't like the idea when the possible unforeseen happens that I
>would have the password to really fix it. Call it "too many year with
>Microsoft". I have patched more system setups...good at resurrecting
>the dead.

That's straying close to the comp.os.linux.advocacy topics, but this
is the result of a different philosophy and expectation and most
importantlty a "different" skill level of the users.

>Been over 10, with my first server RH7.

7.3 was the last of that tree that we used. Neither 8.0 or 9 were
considered acceptable. We replaced the last 7.x install in early 2006
because updates were getting to be a problem. Pity, because having used
RH since 2.0 back in late 1995, I was quite used to their weirdness.

>I need to learn bash. Damn another language!

Start with the Bash-Prog-Intro-HOWTO

-rw-rw-r-- 1 gferg ldp 31540 Jul 27 2000 Bash-Prog-Intro-HOWTO

and if you need more than that, hit http://tldp.org/guides.html and get
a copy of The Grendel's fabulous "Advanced Bash-Scripting Guide". Well
worth the time.

[WiMAX]

>Well the antenna is due south so the whole arrangement may work out to
>be in the attic over the garage the gable end faces south. Get some
>elevation and under cover or mount just outside the wall. Keep the wire
>short and run cat-5 to my router system.

Sounds like a winner. The original wireless ISP here used to supply a
panel antenna ~24 inchs on a side, and the RF was literally bolted to
the back side of the panel. The antenna assembly could be wall mounted,
but was more commonly stuck on a 1 1/2 inch mast that raised it about
4 feet above the roof-line.

Old guy

Moe Trin wrote:
> On Mon, 04 Feb 2008, in the Usenet newsgroup alt.os.linux.ubuntu, in article
> , Jonathan N. Little wrote:



>> I don't like the idea when the possible unforeseen happens that I
>> would have the password to really fix it. Call it "too many year with
>> Microsoft". I have patched more system setups...good at resurrecting
>> the dead.
>
> That's straying close to the comp.os.linux.advocacy topics, but this
> is the result of a different philosophy and expectation and most
> importantlty a "different" skill level of the users.

Oops! Don't want to get into red meat. Enough of that around.

>
>> Been over 10, with my first server RH7.
>
> 7.3 was the last of that tree that we used. Neither 8.0 or 9 were
> considered acceptable. We replaced the last 7.x install in early 2006
> because updates were getting to be a problem. Pity, because having used
> RH since 2.0 back in late 1995, I was quite used to their weirdness.

I switch to Mandrake. I never liked Gnome. Prefer KDE. It is why I tried
one box with Kubuntu. Even though I am an artist, when I what to work on
a computer I just want to get the job done. For file management I just
want trees and detailed lists. Except for images thumbnails and icons
are useless. Putting an Aero-glass glow just does not get the "Job"
done, which has infected desktops across platforms. Yeah I blame S.
Jobs... I have 700GBs of disk space on my desktop with about 30% filled
and I don't find things via thumbnails!

>
>> I need to learn bash. Damn another language!
>
> Start with the Bash-Prog-Intro-HOWTO
>
> -rw-rw-r-- 1 gferg ldp 31540 Jul 27 2000 Bash-Prog-Intro-HOWTO
>
> and if you need more than that, hit http://tldp.org/guides.html and get
> a copy of The Grendel's fabulous "Advanced Bash-Scripting Guide". Well
> worth the time.

Downloaded and I shall read. Thanks. Appreciate it.

>
> [WiMAX]
>
>> Well the antenna is due south so the whole arrangement may work out to
>> be in the attic over the garage the gable end faces south. Get some
>> elevation and under cover or mount just outside the wall. Keep the wire
>> short and run cat-5 to my router system.
>
> Sounds like a winner. The original wireless ISP here used to supply a
> panel antenna ~24 inchs on a side, and the RF was literally bolted to
> the back side of the panel. The antenna assembly could be wall mounted,
> but was more commonly stuck on a 1 1/2 inch mast that raised it about
> 4 feet above the roof-line.


Well I just acquired a DirectTV disk to use as parabolic reflector and I
expect my cable adapters to arrive in the mail tomorrow so I shall be
testing with in the next couple of days. Unfortunately
they are using a sector antenna and I am sure that I am not on the beam
side!


--
Take care,

Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com

Moe Trin wrote:
> On Mon, 04 Feb 2008, in the Usenet newsgroup alt.os.linux.ubuntu, in article
> , Jonathan N. Little wrote:
>
>> Yes, almost all my work on the servers I do from my XP desktop via
>> TeraTerm SSH. pppd is up, just sometimes, usually the first time
>> takes forever (5-10 mins) for the initial attempt to dialup. After
>> it gets going it seems to respond better after the connection goes
>> when the idle time expires.
>
> That smells of firewall, I think.

Oh I am going to have to study up on on IPTables... My old router used
IPChains... I downloaded firestarter, might be a way for me to ease in.
Because I sshd running on that box I have notice a couple of folks
trying to ssh in, on from Mexico hammered unsuccessfully away for a
couple of days. I want to close the port on the ppp0.

>
>> I did notice the something strange with the routing table, when the
>> pppd starts but before the modem connects to my ISP the ppp0 strange
>> IP for what will be ppp0's gateway
>>
>> ### Unconnected
>> Kernel IP routing table
>> Destination Gateway Genmask Flags Metric Ref Use Iface
>> 10.112.112.112 * 255.255.255.255 UH 0 0 0 ppp0
>
> Oh, where the heck is that documented.... OK, if you have the file
> 'Changes-2.3' which is part of the ppp tarball, you'll find way back
> under "What was new in ppp-2.3.10."
>
> * Pppd no longer requires a remote address to be specified for demand
> dialling. If none is specified, it will use a default value of
> 10.112.112.112+unit_number. (It will not propose this default to
> the peer.)
>
> so that should not be a problem.
>
>> I have no idea where that 10.112.112.112 came from.
>
> I think it was Paul Mackerras, back when he was at ANU.
>
>> But once modem finally dials and ppp0 is connected to my ISP is get
>> my IP from them...
>>
>> ### Connected
>> Kernel IP routing table
>> Destination Gateway Genmask Flags Metric Ref Use Iface
>> 64.203.136.35 * 255.255.255.255 UH 0 0 0 ppp0
>> 192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
>> link-local * 255.255.0.0 U 1000 0 0 eth0
>> default * 0.0.0.0 U 0 0 0 ppp0
>
> Technically, that's wrong, as the last line is saying that the entire
> world is directly connected to your ppp0 interface. The last line
> "should" read
>
> default 64.203.136.35 0.0.0.0 U 0 0 0 ppp0


Okay, yes it should. Back with my old MDK8 box that was the router the
table was

Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
255.255.255.255 * 255.255.255.255 UH 0 0 0 eth0
64-203-136-35.c * 255.255.255.255 UH 0 0 0 ppp0
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 64-203-136-35.c 0.0.0.0 UG 0 0 0 ppp0


>
> but in reality, it doesn't matter as far as networking is concerned
> because the only host at the other end of the wire is the gateway
> that will be forwarding the packets for you. /sbin/arp isn't used on
> a ppp link, so it's a moot point.
>
>> Now before I'm connected should the ppp0 be "0.0.0.0" not
>> "10.112.112.112"? I even added "0.0.0.0:0.0.0.0 netmask 255.255.255.0"
>> to the dialup script.
>
> Ah, the '0.0.0.0:0.0.0.0' should be interpreted by pppd as "I don't
> know:I don't know" (reference RFC1122 section 3.2.1.3(a) via RFC0951
> section 7.1), and really isn't meant to be used that way. As for the
> network mask, that option was dropped from the 2.4.2 man page, because
> it's really not relevant to a ppp link (which technically only has a
> single host at each end - 255.255.255.255). I'm pretty sure the code
> is still included in the source, but you really don't want to specify
> a mask either.
>
>> It just seems to take forever for the first time for the modem to
>> recognize that it needs to dial out for an external address. Afterwards
>> it seems okay so I think it is an initial routing problem. My ignorance
>> is showing...
>
> If you ssh in, and try to 'ping -c1 173.2.3.4' from the dialout box,
> does that bring the link up right away? Or does it make no difference.
> (Theory: on the dialout box - routing should be a function of the
> routing table, and PROBABLY, the firewall isn't needed. Using an IP
> address should not require a DNS lookup - and that address doesn't
> exist on the Internet anyway, so you _should_ get a quick "host
> unreachable" as soon as the link comes up. Also, it would help if you
> were able to do a 'ps' as soon as you issue the ping command [in a
> different shell] and see if /usr/sbin/chat has been called.) If that
> brings up the link immediately, kill and restart the daemon, and then
> repeat this trick from one of your regular hosts. The difference here
> would be your firewall is going to have to masquerade your packet, and
> you may have some firewall rules involved otherwise (/sbin/iptables -L).
> For what it's worth, I'm a network admin, and I'd be using a packet
> sniffer (tcpdump) to see what the traffic on the wire would be looking
> like, in addition to the 'ps' command to see what's running when.

I'll take some time to digest this. Again thanks for your help.

--
Take care,

Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com

On Tue, 05 Feb 2008, in the Usenet newsgroup alt.os.linux.ubuntu, in article
, Jonathan N. Little wrote:

>I switch to Mandrake. I never liked Gnome. Prefer KDE. It is why I
>tried one box with Kubuntu. Even though I am an artist, when I what
>to work on a computer I just want to get the job done.

We're a research facility, and have been using *nix for over 25 years.
Most of our users are command line oriented.

>For file management I just want trees and detailed lists. Except for
>images thumbnails and icons are useless.

You won't get an argument from me about that.

>I have 700GBs of disk space on my desktop with about 30% filled
>and I don't find things via thumbnails!

Most of the work I do is in plain text, and if I can't figure out the
file name I'm looking for, I'll grep for keywords.

>Well I just acquired a DirectTV disk to use as parabolic reflector
>and I expect my cable adapters to arrive in the mail tomorrow so I
>shall be testing with in the next couple of days.

A DirectTV dish is rather on the small side, although I know a lot
of people have been converting them for wireless. Depending on the
feed efficiency, you're probably talking 20 dBi max.

> Unfortunately they are using a sector antenna and I
>am sure that I am not on the beam side!

Have you discussed this with the ISP? Obviously it depends on how far
down on the side of the main lobe you are, but to some extent you can
make up for this by using a larger (higher gain) antenna on your end.
I had a 2 GHz link where we not only did not have Fresnel clearance,
we had a line of sight path that needed a hole in a hillside that was
40 feet below the peak (47 mile link - and we should have had ~130 foot
of clearance). We knew we had a problem, as the lack of clearance would
cost about 20 to 25 dB in extra loss. Our solution was simple brute
force - 15 foot dishes on both ends of the link. It worked over 90%
of the time, and we didn't get around to finding a repeater site that
had clear line of sight to both ends for about 5 years. Needless to
say, those dishes were NOT cheap. Also, it was out in the boonies,
and the FCC never mentioned our little transgression of the rules.

Old guy

On Tue, 05 Feb 2008, in the Usenet newsgroup alt.os.linux.ubuntu, in article
<2abd$47a92263$40cba7c5$9555@NAXS.COM>, Jonathan N. Little wrote:

>Moe Trin wrote:

>> That smells of firewall, I think.
>
>Oh I am going to have to study up on on IPTables... My old router used
>IPChains... I downloaded firestarter, might be a way for me to ease in.

The definitive site is http://www.netfilter.org/documentation/HOWTO/
but you can probably get by by reading the Security-Quickstart-HOWTO
from the LDP (which should be on your system):

-rw-rw-r-- 1 gferg ldp 278012 Jul 23 2002 Security-Quickstart-HOWTO

>Because I sshd running on that box I have notice a couple of folks
>trying to ssh in, on from Mexico hammered unsuccessfully away for a
>couple of days. I want to close the port on the ppp0.

Depending on what else you have going on, the usual solution is to
just drop everything by default, and allow only the specific IPs or IP
ranges that you want. I don't offer any services to the world at large,
and only allow new incoming connections from a three ranges (a /22 and
two /24s outside at the moment).

>> Technically, that's wrong, as the last line is saying that the entire
>> world is directly connected to your ppp0 interface. The last line
>> "should" read
>>
>> default 64.203.136.35 0.0.0.0 U 0 0 0 ppp0

>Okay, yes it should. Back with my old MDK8 box that was the router the
>table was
>
>Kernel IP routing table
>Destination Gateway Genmask Flags MSS Window irtt Iface
>255.255.255.255 * 255.255.255.255 UH 0 0 0 eth0

Are you using DHCP? That's the only reason that address would be needed.

[troubleshooting "won't start link"]

>I'll take some time to digest this. Again thanks for your help.

Other than your old setup screwing with the /etc/resolv.conf file,
was it working properly? The change from the wvdial setup to the
simple script shouldn't have made that much of a difference.

Old guy

Moe Trin wrote:
> On Tue, 05 Feb 2008, in the Usenet newsgroup alt.os.linux.ubuntu, in article
> <2abd$47a92263$40cba7c5$9555@NAXS.COM>, Jonathan N. Little wrote:
>
>> Moe Trin wrote:
>
>>> That smells of firewall, I think.
>> Oh I am going to have to study up on on IPTables... My old router used
>> IPChains... I downloaded firestarter, might be a way for me to ease in.
>
> The definitive site is http://www.netfilter.org/documentation/HOWTO/
> but you can probably get by by reading the Security-Quickstart-HOWTO
> from the LDP (which should be on your system):
>
> -rw-rw-r-- 1 gferg ldp 278012 Jul 23 2002 Security-Quickstart-HOWTO
>
>> Because I sshd running on that box I have notice a couple of folks
>> trying to ssh in, on from Mexico hammered unsuccessfully away for a
>> couple of days. I want to close the port on the ppp0.
>
> Depending on what else you have going on, the usual solution is to
> just drop everything by default, and allow only the specific IPs or IP
> ranges that you want. I don't offer any services to the world at large,
> and only allow new incoming connections from a three ranges (a /22 and
> two /24s outside at the moment).
>
>>> Technically, that's wrong, as the last line is saying that the entire
>>> world is directly connected to your ppp0 interface. The last line
>>> "should" read
>>>
>>> default 64.203.136.35 0.0.0.0 U 0 0 0 ppp0
>
>> Okay, yes it should. Back with my old MDK8 box that was the router the
>> table was
>>
>> Kernel IP routing table
>> Destination Gateway Genmask Flags MSS Window irtt Iface
>> 255.255.255.255 * 255.255.255.255 UH 0 0 0 eth0
>
> Are you using DHCP? That's the only reason that address would be needed.
>
> [troubleshooting "won't start link"]
>
>> I'll take some time to digest this. Again thanks for your help.
>
> Other than your old setup screwing with the /etc/resolv.conf file,
> was it working properly? The change from the wvdial setup to the
> simple script shouldn't have made that much of a difference.
>
> Old guy


--
Take care,

Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com