The network we are talking about,
All of the following assumes that there is an IP address assigned (using "ifconfig") to the eth0 port of your LINUX server.
Also, matter, this document does not restrict you to PPP only (it could be SLIP, PPTP, etc...) The IP address of the "ppp0" port is absolutely irrelevant. This document assumes you have one such port, and that its UP.
And $90 worth of memory (it went all the way to $60 for 16megs) and I had a fully functional linux system for $270. Don't intend to burden that system with NT or any other memory-disk-cpu hogging OSes. Ofcourse, my client machine is a 32-meg P100 machine with two hard disks (one of which was transplanted as a linux machine's HD) and runs 95.
The linux system is sitting on top of a clean PizzaHut pizza box. I couldn't affort another $50 for a tower, since I was getting a power supply module from one of my friends.
Lastly, we will never have a "Microsoft Explorer Browser" for linux, and hence I never even considered using Explorer. Also something tells me that its NOT going to be this easy to configure the Explorer as it was to configure the NETSCAPE on the CLIENT machines (i.e., the other machines).
I am not giving directions to installing a PROXY server. This is about installing a "socks" facility on the LINUX machine, which NETSCAPE on the client machines can use to access the internet. NETSCAPE (as far as I know) is the ONLY application that runs on NON-UNIX machines and is aware of the SOCKS facility.
If you have a TCP/IP network, then you MUST have ATLEAST two IP addresses for the machines (one for the LINUX machine and another for the one of the Client Machines, and more IP addresses if you have more than one client machine).
Read the other HOW-TOs on how to assign IP addresses to ALL your machines on the TCP/IP network. (ESPECIALLY IF YOU DO NOT have a REGISTERED internet domain).
I created a network 10.0.1.x out of the single LINUX machine and the single Win95 machine. They were assigned 10.0.1.1 and 10.0.1.2 respectively. The 10.0.1.1 is the IP address of the ETHERNET port (eth0) of the LINUX machine. The ppp0 port has another IP (which [lucky me] has a fixed IP address). That IP address is irrelevant to us, and also, being withheld for security reasons.
I also have a fixed domain name server on the other end of the PPP link. (University machine).
The linux machine has a modem and CRONTAB entries, that automatically dial up to the internet at fixed times daily. I also manually connect to the internet, when I want to go surfing.
If you connect to the internet via ON-LINE services, see below...
If you connect to the world using ON-LINE services like AOL, Compuserve, Sprynet, Netcom etc... then you may NOT have a fixed IP address. That is of little relevance in getting your intrAnet hooked up to the world. If you do not believe that, I request you to read on... and become a believer...
(For those who are like me and want to know what the hell is happening...). Others may skip this section....
One problem with this "re-routing" desired from the linux machine, is that the clients MUST actually SEND ALL packets to the linux machine, no matter what the destination address. To that end, Win95 and WinNT will ONLY allow "proxy servers" (Which I intend to figure out, and write another document on).
Read the NET-HOW-TO in /usr/doc/faq/howto on your linux machine (if its slakware), or go to the www.linux.org and read the same NET-HOW-TO there...
In that you will find how to down load the socks package and compile it. You NEED TO READ the instructions there to setup the in-house network. But you are welcome to read this :-) .
That document spends a lot of time, explaining how to configure UNIX clients. Especially for "rlogin" "telnet" "ftp" etc... If you do not have UNIX clients, then after compiling the SOCKS package, start reading this document again, for using the socks package rather than the readme file in that package.
I placed the tar file in /usr/local/ProxyServer and untarred it, creating a "sockd4.2b" subdirectory within which there is a "Makefile". As mentioned in the howto document, I had to struggle to successfully do a make on the MAKEFILE.
Hopefully, you will have change line # 9 of my copy of the Makefile, only.
You will find an executable called "sockd" in the sockd subdirectory.
Once you are done compiling, COPY the following files to /usr/local/etc (They SHOULD be in the same dir as the sockd directory) sockd (The executable a.k.a daemon) sockd.conf (configuration file) sockd.route (configuration file) socks.conf (configuration file) # ### make a link called "socks" which points to "sockd" within the same dir. # cd /usr/local/etc # ln -s sockd socksThen edit those three configuration files so that they are similar to the ones given below (these are my settings for a two computer network, made up of a LINUX "server" and a Win95/WinNT client machine).
NOTE: 10.0.1.2 is my Win95/WinNT client machine's IP address. This sockd.conf file MUST be on your LINUX server (in my case that the ethernet port of the LINUX server has an IP address = 10.0.1.1)permit 10.0.1.2 0.0.0.0 deny 0.0.0.0 0.0.0.0 : /usr/ucb/finger @%A | /usr/ucb/mail -s 'SOCKD: rejected -- from %u@%A to host %Z (service %S)' root #BAD_ID: /usr/ucb/finger @%A | /usr/ucb/mail -s '%U pretends to be %u on host %A' root@%A root #NO_IDENTD: /usr/ucb/mail -s 'Please run identd on %A' %u@%A root@%A #[EOF]
NOTE: This sockd program is for CLIENT machines ONLY. All applications on the LINUX machine DO NOT need the sockd or any other package to access the internet, since this LINUX machine connects to internet directly using PPP.
#! NoShell 10.0.1.1 10.0.1.0 255.255.255.0 #[EOF]NOTE: The first IP address is the address of the LINUX machine's eth0 PORT. The second IP number is NOT an IP address -- Its the NETWORK address (basically, convert the last of the FOUR numbers of the IP address into a ZERO).
direct 127.0.0.1 255.255.255.255 direct 10.0.1.1 255.255.255.255 direct 10.0.1.2 255.255.255.255 sockd @=199.99.99.99 10.0.1.1 0.0.0.0
You must make sure that NONE of these programs ever access the "named" daemon on THAT VERY linux machine. To do that we shall specify to the resolver routines (i.e., routines which convert www.cnn.com into the numerical ip address) that those resolver routines MUST either check the /etc/hosts file and then check the DNS servers mentioned in /etc/resolv.conf
How do we do that? Simply, make sure the /etc/host.conf file is :-
order hosts, bind multi onIf there is anything else, remove it, unless you know a lot about DNS and "named".
The reason I insist on preventing the LINUX machine's applications from accessing its own "named" server, is because it makes no sense. And from my experience, such a "unnecessaries" may look technically safe and harmless but will cause enough grief sooner or later...
The linux machine is obviously doing just great accessing the internet via the PPP (or whatever link) link. We are installing "sockd" package and the "named" daemon for the client machines. Let's not disturb the LINUX system.
Do not change any file unless someone suggests a change to that file...
I will also assume that you have setup "resolv.conf" properly, to enable your LINUX server to access the internet and the DNS (on the "other end" of the PPP connection). My sample resolv.conf file is available as a sample at the very end.
*********************************************** WARNING *********************************************** For your own good, I suggest that you setup your machine through the linux installation programs (i.e., while installing linux on your computer.) ************************************************
; boot file for name server forwarders 128.112.129.111 directory /etc cache . root.cache primary 1.0.10.in-addr.arpa named_DNS_for_inTi_xwk ^^^^^^^^^^^^^^^^^^^^^^NOTE: line # 2, contains the IP address of the DNS server in the network to which your LINUX machine connects to using PPP(or whatever).
NOTE: The LAST line contains the name of a file called "named_DNS_for_inTi_xwk' which MUST be in the "/etc" directory. The contents of this file, is given below (you are free to give it a better name :-) )
@ IN SOA 10.0.1.0 hostmaster.10.0.1.0 ( 1 ; Serial 28800 ; Refresh 7200 ; Retry 604800 ; Expire 86400) ; Minimum TTL NS 10.0.1.1 1 PTR MyLinuxMachineNOTE: The last line (starts with a 1) contains the name "MyLinuxMachine". replace it with the name in /etc/HOSTNAME. NOTE: Again , as you have been doing so far, replace "10.0.1.1" with that of your LINUX machine eth0 port's address, and replace "10.0.1.0" with that of the network address of that port. NOTE: I really do not understand every character of the above file. You will be better off statisfying your curiousity by studying the documentation for the NAMED daemon.
To get this file read the NET-HOW-TO documentation and the documentation that comes with the socks package.
Those instructions are VERY simple...
All I did was to run a command mentioned there, and redirected it into a file and called it "/etc/root.cache"
; <<>> DiG 2.1 <<>> ns ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6 ;; flags: qr rd ra; Ques: 1, Ans: 9, Auth: 0, Addit: 9 ;; QUESTIONS: ;; ., type = NS, class = IN ;; ANSWERS: . 137030 NS C.ROOT-SERVERS.NET. . 137030 NS D.ROOT-SERVERS.NET. . 137030 NS E.ROOT-SERVERS.NET. . 137030 NS I.ROOT-SERVERS.NET. . 137030 NS F.ROOT-SERVERS.NET. . 137030 NS G.ROOT-SERVERS.NET. . 137030 NS A.ROOT-SERVERS.NET. . 137030 NS H.ROOT-SERVERS.NET. . 137030 NS B.ROOT-SERVERS.NET. ;; ADDITIONAL RECORDS: C.ROOT-SERVERS.NET. 410161 A 192.33.4.12 D.ROOT-SERVERS.NET. 410161 A 128.8.10.90 E.ROOT-SERVERS.NET. 410161 A 192.203.230.10 I.ROOT-SERVERS.NET. 167767 A 192.36.148.17 F.ROOT-SERVERS.NET. 410161 A 192.5.5.241 G.ROOT-SERVERS.NET. 410161 A 192.112.36.4 A.ROOT-SERVERS.NET. 410161 A 198.41.0.4 B.ROOT-SERVERS.NET. 410161 A 128.9.0.107 H.ROOT-SERVERS.NET. 410161 A 128.63.2.53 ;; Total query time: 334 msec ;; FROM: svathyam to SERVER: default -- 128.112.129.111 ;; WHEN: Sat Sep 28 21:38:04 1996 ;; MSG SIZE sent: 17 rcvd: 312
(add the single line starting with "socks"...)
# services This file describes the various services that are # available from the TCP/IP subsystem. It should be # consulted instead of using the numbers in the ARPA # include files, or, worse, just guessing them. # Version: @(#)/etc/services 3.02 02/21/93 # Author: Fred N. van Kempen, ... <lines delete> socks 1080/tcp # sarma: Sep.15.96: Got this from the ~sockd/include/socks.h file. ... <lines delete> # End of services.NOTE: This line is read ONLY by inetd daemon I think. This tells the inetd to invoke the "socks" program for all tcp connections to the port # 1080.
# I am just following instructions from ~sockd/doc/sockd.1 man pages... socks stream tcp nowait root /usr/local/etc/socks
do a "tail -f /var/adm/messages" and a "tail -f /var/adm/syslog" simultaneously and attempt to connect using NETSCAPE from your CLIENT machines.
Now let's configure the client machine's Netscape...
--------- -------------------------- -------- | socks | | | | 1080 | --------- -------------------------- --------This shows that netscape is already aware of socks. All you have to do is to tell NETSCAPE where the socks daemon is running.
Type in the eth0 port IP address of the linux server in the middle box shown above...
Save this setting and get going... !!
If you haven't been able to connect to the internet via the LINUX server, then stop reading this document and read the other HOW-TO documents to setup your LINUX machine to access the internet via the PPP link.
I hope you know the concept of IP addresses. In short IP addresses have "mnemonics" formats (like www.cnn.com) as well as numeric versions like "198.20.186.4". If you type the former "www.cnn.com" someone must HELP your computer convert that name into the numerical format.
Why the numerical format? 'cos, that numerical format encodes a very efficient system of telling each computer HOW to send out communication capsules to OTHER computers THAT IT WANTS TO communicate to.
So, if you type in "www.cnn.com" on your NETSCAPE browser, then a UNIX computer called a "DNS server" will convert that name into a number for your computer. Then your computer will use that numerical format of the IP address to actually CONNECT to www.cnn.com and show you their latest news.
So, the gist being that : to use the internet you need a DNS server. This document includes instructions on setting up your computer to HOOK up to your NEIGHBORHOOD DNS server.
Your LINUX machine MUST have ALL of the following :-
The "ethernet card" is your "eth0" port. That ethernet "port" lets you explore the ethernet network to which its connected.
Since your client machines are connected via the ethernet cable to the LINUX machine, anything that your client machine communicates to the LINUX machine will ONLY REACH the linux machine VIA the "eth0" port. ANything that the outside world sends to your LINUX machine will ONLY REACH via the "ppp0 port". So, its very important that these two ports be given "DIFFERENT ADDRESSES".
To make things easier for you, if you ALREADY successfully connected to the world using PPP, then, you have UNKNOWINGLY (or knowingly) assigned an IP numerical address to your linux machine's PPP port.
SHELL=/bin/bash #SOCKS=-DSOCKS # or SOCKS=-Dconnect=Rconnect -Dgetsockname=Rgetsockname -Dlisten=Rlisten -Daccept=Raccept -Drcmd=Rrcmd -Dbind=Rbind -Dselect=Rselect CFLAGS="$(SOCKS)" # If your system doesn't have PWD defined, define it here: PWD="/usr/local/ProxyServer/socks42b" # It should be this current directory. # If your system has getcwd() but no getwd(), uncomment the next line: #GETCWD=-DGETCWD # Define FASCIST if you want ftp (rftp) to log names of all files transferred #FASCIST=-DFASCIST # Define RCMD and SUPPORT_RCMD if you want to support Rrcmd, which is required # for SOCKSified rlogin, rsh, and rcp. RCMD=Rrcmd.o SUPPORT_RCMD=-DSUPPORT_RCMD # Define FOR_PS if your system is not SYSV and you want to have the # command 'ps' show some details of sockd's activity. FOR_PS=-DFOR_PS # Define SHORTENED_RBIND to make Rbind() take exactly the same # argument list as the regular bind(), i.e., without the additional # 'remhost' argument. SHORTENED_RBIND=-DSHORTENED_RBIND # optimization flag for cc #OPTIMIZE=-g OPTIMIZE=-O6 -fomit-frame-pointer -pipe -m486 # Be careful with the OPTIMIZE flag. SunPro's SC2.0.1, for example, is # knwon to produce incorrect code when -O is used. # Directory into which to install the man pages MAN_DEST_DIR = /usr/local/man # Directory into which the SOCKS server should be installed SERVER_BIN_DIR = /usr/local/ProxyServer ## This was defalted to /usr/local/etc # Directory into the client programs should be installed CLIENTS_BIN_DIR = /usr/local/ProxyServer ## This was defaulted to /usr/local/bin # LINUX should use CC=gcc RANLIB=ranlib RESOLV_LIB= #OTHER_CFLAGS=-traditional -DLINUX $(GETCWD) $(FASCIST) $(SHORTENED_RBIND) -DCOMPAT OTHER_CFLAGS=-DLINUX $(GETCWD) $(FASCIST) $(SHORTENED_RBIND) -DCOMPAT OS=linux INSTALL=install GETPASS=getpass.o # Remember to include -Dindex=strchr -Drindex=strrchr in OTHER_CFLAGS if # you don't have index() and rindex() (Sys-V camp) # <<<---------------- # The Internet Whois server; used to be nic.ddn.mil. WHOIS_SERVER= WHOIS_SERVER=-DWHOIS_SERVER\'=\"rs.internic.net\"\' SOCKS_LIB=$(PWD)/lib/libsocks.a IDENT_LIB=$(PWD)/libident/libident.a all: LIB LIBIDENT server clients server: LIB LIBIDENT (cd sockd; $(MAKE) CC="$(CC)" RESOLV_LIB="$(RESOLV_LIB)" \ OPTIMIZE="$(OPTIMIZE)" \ SOCKS_LIB="$(SOCKS_LIB)" SUPPORT_RCMD="$(SUPPORT_RCMD)" \ IDENT_LIB="$(IDENT_LIB)" \ OTHER_CFLAGS="$(OTHER_CFLAGS) $(FOR_PS)") clients: RFINGER RFTP RTELNET LIB: (cd lib; $(MAKE) CC="$(CC)" GETPASS="$(GETPASS)" \ OPTIMIZE="$(OPTIMIZE)" \ RCMD="$(RCMD)" SUPPORT_RCMD="$(SUPPORT_RCMD)" \ OTHER_CFLAGS="$(OTHER_CFLAGS) " RANLIB="$(RANLIB)") LIBIDENT: (cd libident; $(MAKE) CC="$(CC)" OTHER_CFLAGS="$(OTHER_CFLAGS)" \ OPTIMIZE="$(OPTIMIZE)" RANLIB="$(RANLIB)") RFINGER: LIB # This also build rwhois (cd rfinger; $(MAKE) CC="$(CC)" $(WHOIS_SERVER) \ OPTIMIZE="$(OPTIMIZE)" SOCKS="$(SOCKS)" \ RESOLV_LIB="$(RESOLV_LIB)" SOCKS_LIB="$(SOCKS_LIB)" \ OTHER_CFLAGS="$(OTHER_CFLAGS) ") RTELNET: LIB (cd rtelnet; $(MAKE) CC="$(CC)" OS="$(OS)" SOCKS_LIB="$(SOCKS_LIB)" \ OPTIMIZE="$(OPTIMIZE)" SOCKS="$(SOCKS)" \ RESOLV_LIB="$(RESOLV_LIB)" OTHER_CFLAGS="$(OTHER_CFLAGS)") RFTP: LIB (cd rftp; $(MAKE) CC="$(CC)" SOCKS_LIB="$(SOCKS_LIB)" \ OPTIMIZE="$(OPTIMIZE)" SOCKS="$(SOCKS)" \ RESOLV_LIB="$(RESOLV_LIB)" OTHER_CFLAGS="$(OTHER_CFLAGS)") install.server: (cd sockd; $(MAKE) INSTALL="$(INSTALL)" MAN_DEST_DIR="$(MAN_DEST_DIR)" \ SERVER_BIN_DIR="$(SERVER_BIN_DIR)" install install.man) install.clients: install.man for i in rfinger rftp rtelnet; do \ (cd $$i ; $(MAKE) INSTALL="$(INSTALL)" \ CLIENTS_BIN_DIR="$(CLIENTS_BIN_DIR)" \ install) done install.man: (cd doc; $(MAKE) INSTALL="$(INSTALL)" MAN_DEST_DIR="$(MAN_DEST_DIR)" \ install) clean: for i in lib libident sockd rfinger rftp rtelnet ; do \ ( cd $$i ; $(MAKE) clean) done
#!/bin/csh # # ppp-on # # Set up a PPP link set LOCKDIR=/var/spool/uucp set DEVICE=cua3 set OUR_IP_ADDR=128.000.111.222 if ( -f $LOCKDIR/LCK..$DEVICE ) then echo 'PPP device is locked' exit 1 endif route del default # Just in case the Ethernetwork (In-House ethernet network) is up.... # if its NOT, then the above command is harmless... route ## To show that the above was successful... /usr/lib/ppp/fix-cua $DEVICE unalias pushd unalias popd pushd /usr/lib/ppp # stty 19200 -tostop # The original code has been commented out below... # if chat -l LCK..$DEVICE ABORT "NO CARRIER" ABORT BUSY "" ATZ OK ATs50=255s111=0DT$PHONE CONNECT "" ogin: $USER ssword: \\q$PASSWORD echo $cwd ls -l ./comserv.dip dip ./comserv.dip ## I removed the -v (DEBUG&VERBOSE) option to 'dip'. set dip_status=$status # echo the return value of dip is $dip_status if $dip_status == '0' then # Now please wait for 10 seconds, while the link is being auto-verified by dip. echo 'About to fork-off pppd (after a delay of 10 secs)...' date echo 'If you see any error msgs below, then we are having SERIOUS problems...' sleep 10 pppd -detach crtscts defaultroute domain remote.princeton.edu mru 1005 mtu 1005 $OUR_IP_ADDR{}: /dev/$DEVICE 38400 & ###### we dont need this for the previous line... < /dev/$DEVICE > /dev/$DEVICE ) & # The pppd deamon is FORKED OFF. See the "&" at the END of above line... # By using "locl" option, I am requesting that /var/spool/uucp be the dir # in which the LOCKS are created... echo 'Now wait another 10 seconds, before I auto-verify internet connection.' sleep 10 cat ~root/@utils/.line ping -v -c 5 genius.eng.wayne.edu cat ~root/@utils/.line traceroute physics.iisc.ernet.in >&! /tmp/$$ cat /tmp/$$ \rm -f /tmp/$$ cat ~root/@utils/.line exit 0 else echo 'PPP setup failed' exit 1 endif popd # [EoF]
NOTE: This script is being provided as a sample. Having this sample is not a guarantee that you will have an internet connection. This script is called from the PPP-ON script given above...
#******************************** comserv.dip ******************************** # # Connection script for SLIP to ........ # STATUS code for "dip" when it executes this script are: # 0 - all ok. # 1 - basic failures, in initializing the modem. # 2 - Failed in the crucial "dial" command. # 3 - Though DIAL command was successful, this script couldnt recognize # the VERY FIRST responses from the other modem. (i.e., Training occured # but, after that nothing happened that was intelligible to this script. # 4 - Modems could nicely link up. But remote server HAS CHANGED syntax. # i.e., the strings output by the server, are assumed to arrive in a # PARTICULAR sequence. If server s/w has changed, then we have this # problem. SOLUTION!!!! Manually connect and note all the strings & # all the sequence of interactions... Then reprogram the script below. # 10 - though dialing and connecting (modem-wise) is successful, ppp failed. ############################################################################ main: redial: # Set the desired serial port and speed. port cua3 speed 38400 # term get $mtu 1005 # Reset the modem and terminal line. reset # Without doing the above reset, nothing below will work! # Initialize the modem and dial comserv. # send ATQ0V1E1X4L1S0 0 \r # wait OK 5 send ATZ\r wait OK 5 if $errlvl != 0 goto error # send ATTQ0V1E1X4S0=0&C1\r # wait OK 5 # if $errlvl != 0 goto error ## For Dial Tone use :- send AT&D2\r send AT&DP\r wait OK 5 if $errlvl != 0 goto error # send ATS10=1\r # wait OK 5 # if $errlvl != 0 goto error print if the line is busy, the dial command will realize that after 30 secs ONLY. dial 258-0000 30 print Return value of DIAL is $errlvl if $errlvl == 1 goto Continue1 if $errlvl == 3 goto busy print unknown error with DIAL command in "dip" script. quit 2 # unknown error with crucial DIAL command... busy: print telephone number is busy... Continue (1) or terminate (2)? get $input ask if $input == 1 goto redial print You have requested to cancel PPP. Quitting... quit 10 # terminated... Continue1: # wait V32 30 # wait CONNECT 10 # if $errlvl != 0 print Couldn't detect a CONNECT # if $errlvl != 0 goto connect_fail # print CONNECT was detected... # We are connected. Login to the system. login: sleep 3 # send \r\r wait Username: 20 if $errlvl != 0 goto error2 send USERID\r wait Password: 5 if $errlvl != 0 goto error2 send __Password+_::\r\r wait comserv> 15 # print Reached Comserv prompt... if $errlvl != 0 goto error2 slipon: send ppp\r wait PPP_STARTED 25 if $errlvl != 0 goto error2 print CONNECTION completed... mode ppp exit 0 error: print Total failure to interact with MODEM!!! quit 1 # basic failure in working with modem, etc... connect_fail: print Couldnt detect a "CONNECT 14400" kind of string after dial in... quit 3 error2: print Modems could nicely link up. But remote server HAS CHANGED syntax/ interaction sequence... quit 4 # basic failure in working with modem, etc... #=================================== EOF ===================================