|This document is available in: English Castellano Deutsch Francais Nederlands Russian Turkce|
by Guido Socher
About the author:
Guido is a long time Linux fan. He likes Linux not only because of it's good technical quality but also because of the people and the community behind Linux.
This article explains how you can configure a number of
different Internet Service Providers (ISPs) under Linux and how to
easily change between them.
The concept that we use is not only valid for a configuration with one PC and one Internet connection but you can use it to give the whole family Internet access at the same time. To achieve this we configure a DNS proxy (DNS forwarding) and IP masquerading under Linux.
Internet access has recently become very easy. Most ISPs do not ask anymore for monthly fees and long term contracts. If an ISP has technical problems or provides bad service, then you just take the next one. In Germany we call this "Internet by Call" and it goes even one step further. You don't register or sign any paper. You just pay via your normal phone bill. Note, this is different from free Internet. Free Internet is usually the state of the ISP before going bankrupt and often linked to bad data throughput. In case of "Internet by Call" you do pay, sometimes quite high fees but can get good bandwidth. No matter how the details are in your country, this article will explain how to quickly change the ISP and use different dialup Internet connections at different times.
The type of Internet access we cover in this article is a dialup point-to-point (PPP) connection from your PC to your ISP. Under Linux a program called pppd is used to setup this connection. pppd is a very good software and very flexible but unfortunately the documentation that comes with pppd has only examples with rather ancient and very special cases for authentication and login to your ISP. Using those examples to set up a connection to most modern ISPs will generally fail. Most ISPs use these days
With Linux and IP
masquerading it is very easy to connect not just one computer but
a whole pool, a whole network of computers, via one PPP link to your
ISP. To do this you need at least one Linux machine and any number of
other computers. This looks then as follows:
If you use such an IP masquerading Linux gateway and you use different ISPs then you have generally 2 problems:
All of pppd's configuration files are normally in /etc/ppp and generally you need to start pppd as root. During the installation and first tests you should be logged in as user root. Later on I will show you how anybody can start and stop the pppd. It is not good if you are always logged in as root. The user root has very little restrictions and can easily destroy your configuration by mistake.
The important files for pppd are:
cd /etc mv ppp ppp_old tar zxvf ppp.tar.gzAfter unpacking you will see that there are more files included in ppp.tar.gz. Those are additional wrapper scripts to make the setup and configuration easier. Their purpose is explained further down. (Note: there are some prices mentioned in the configuration files for the example providers. They may be wrong. Check the home page of that ISP to get accurate information.)
Let's have a look at the configuration file for one ISP called arcor:
# This is /etc/ppp/peers/arcor
# Home page of the ISP arcor: http://www.arcor-online.de/
# serial device and modem speed (normally 38400 or 57600):
# modem dial-out script with phone number:
connect '/etc/ppp/scripts/ppp-on-dialer-pap 0192070'
# specific options, common options are
# read from /etc/ppp/options
# tell pppd to use this users name for PAP authentication:
# try dynamic dns:
cd /dev ln -s ttyS0 modem57600 is the modem speed and depends on your modem hardware. The line that starts with "connect" specifies a script (/etc/ppp/scripts/ppp-on-dialer-pap) to handle the communication with your modem via AT commands. Those AT commands are a ASCII based command language for modems. The parameter given to the script (0192070) is the phone number to dial.
So far we have defined the phone number (0192070, in this example) the
modem speed, the serial line to use and a few configuration options of
pppd. I will not discuss the common configuration options from
/etc/ppp/options here. You can take a look a the example file and
look them up in the man page of pppd.
Instead we will now dial into our ISP (arcor). To do this we need 2 more
things (this a working example for readers in Germany) :
login name: arcor
This information needs to be entered into the file /etc/ppp/pap-secrets and the login name goes as well into the /etc/ppp/peers/arcor file (see above). Add a line that looks as follows to /etc/ppp/pap-secrets:
# This is /etc/ppp/pap-secrets
# client server secret IP-addr
arcor * internet 0.0.0.0
That's it. Now we can test this. To dial out type:
pppd call arcorarcor is in this case the name of the configuration file in /etc/ppp/peers/
killall pppdI hope this example worked for you. It should definitely work as shown here for readers in Germany. People from other countries should of course adapt phone number, login and password to their ISP. If it did not work then have a look at the trouble shooting section at the end of this article.
Now you have 1 working ISP. To add others you need to do the following:
At this point you know roughly how the underlying mechanisms work. Next we will use a few scripts to make it easier to use. In particular we will introduce two Set-UID perl scripts which will make it possible to start and stop your Internet connection when you are logged in as any normal user (not user root).
Set-UID is a mechanism that allows a normal user to execute a specific
command and that command will act as if the owner of that command would
have executed it. Obviously this needs to be designed with care in order
to not create a security problem. The Set-UID perl scripts are already
included in the ppp.tar.gz that you have unpacked above. They should have
"s" in the file permissions and belong to user root:
> cd /etc/ppp/scripts
> ls -al ppp-on ppp-off
-rwsr-sr-x 1 root root 1258 Jan 7 13:24 ppp-off
-rwsr-sr-x 1 root root 2619 Jan 9 20:30 ppp-on
If they do not have those permissions then you can change them with the command
chmod 6755 ppp-off ppp-on.
The ppp-off ppp-on scripts are just wrapper scripts. All they do is run pppd call some-config-file or killall pppd. The advantage is that any user can now use them. The ppp-on script has as well some special handling for ISPs that do not use automatic DNS configuration. If you happen to have such an ISP then edit the file and search for "static". There are examples in there which you can modify. You use those ppp-on/ppp-off scripts as follows:
To go online: /etc/ppp/scripts/ppp-on arcor To terminate the Internet connection: /etc/ppp/scripts/ppp-offThis should now work for any user on your computer. arcor is again the name of a file in /etc/ppp/peers/. You may have given it a different name.
Finally we will use a graphical user interface to start and stop
our Internet connection. A cgi-program is a program that
generates interactive web-pages. A well designed cgi-program
works with any browser and any operating system. That's why we use
a cgi-program. It will look like this:
The pppcontrol cgi-script reads a configuration file called /etc/ppp/gpppwrap.conf this has the following syntax:
|ppponarg: <agument_to_pass_to_ppp_on> - some additional comment string|
# This is /etc/ppp/gpppwrap.conf ppponarg: arcor -- arcor.net 3pf/min ppponarg: talknet -- internet by call 3.5pf/minNote: the prices 3pf/min and 3.5pf/min may have changed and may be wrong by the time you read this.
This was perhaps a lot of new information to you but once you have it
up and running you will only need to add/delete from time to time an ISP
and that is really easy as you have seen above.
You can now conveniently select an ISP form the list on the web-page and dial out by just clicking on a button on that web-page.
To install dnrd from the sources you need to:
unapck it: tar zxvf dnrd-2.10.tar.gz cd dnrd-2.10/src/ compile it: make strip dnrd install it: cp dnrd /usr/local/sbin/ create the empty directory /etc/dnrd/ : mkdir /etc/dnrd/The DNS proxy dnrd is used as follows (184.108.40.206 and 220.127.116.11 are e.g the DNS servers of your ISP):
when the ppp-link becomes active: dnrd -s 18.104.22.168 -s 22.214.171.124 when you terminate the connection you run: dnrddnrd is started in our case from the /etc/ppp/ip-up and /etc/ppp/ip-down scripts and it is all automatic. The scripts you have downloaded above are already prepared for that and expect dnrd in the directory /usr/local/sbin/.
dnrd can do much more than that. It can even be a small DNS server
of it's own. Under Unix you can always write in the /etc/host.conf file
order hosts, bind
and then give all your machines in your small local network symbolic names in the file /etc/hosts . Unfortunately the stupid Windows machines in your network do not have that possibility. If dnrd finds a /etc/hosts file on your Linux PC then it will automatically act as a DNS server for the entries mentioned in that file. This solves the problem!
The syntax of the /etc/hosts file is as shown here:
# ip-addr hostname alias1 alias2 ...
192.168.0.1 linuxpc.mynet linuxpc
192.168.0.2 peppermint.mynet pepper mint
To use dnrd not only as a DNS proxy but also as a DNS server for the entries in /etc/hosts you should start it already at boot time. To do this you need to add the line
daemon /usr/local/sbin/dnrdat the end of the start section in the /etc/rc.d/init.d/network boot script (This syntax is for redhat, mandrake etc... your distribution may differ).
# This is /etc/resolv.conf when dnrd is running nameserver 127.0.0.1The advantage is that you are now using the internal cache of dnrd on all the hosts and not only on the ones inside your network.
>nslookup Default Server: localhost Address: 127.0.0.1 >pepper Server: localhost Address: 127.0.0.1 Non-authoritative answer: Name: peppermint.mynet Address: 192.168.0.2Terminate nslookup by typing crtl-d.
In this section I will explain how to activate debuging output for pppd. It will help you to figure out what is wrong if it does not work. Unfortunately I found out that it was not always a configuration fault on my side when it did not work.
The first thing that pppd does in our case is to open the serial port (/dev/modem, a link to e.g /dev/ttyS0) in order to run the script /etc/ppp/scripts/ppp-on-dialer-pap. This script will send AT commands to the modem. Those commands make the modem dial to your ISP. If anything goes wrong there then you can find errors in the file /etc/ppp/connect-errors. Most of the time the connect-errors file will give you enough hints to figure out what is wrong. Should this not be the case then you can type the AT commands manually. To do that you need a serial line communication program like minicom (part of most Linux distributions), or cu (usually part of a package called uucp) or kermit (get it from http://www.columbia.edu/kermit/ck70.html). Use this serial line communication program to "talk" to your modem. When you type AT, then the modem should say "OK". If not, check the speed settings, the power cable etc... In case it said OK, then try the command ATDT1234 The modem should dial now 1234. If not, check the manual of your modem. The command could as well be ATD1234 (with out T) or some other setting is wrong.
After the modem has dialed to your ISP the next step is the ppp-negotiation phase. To watch what is going on there you must enable to syslog facility daemon.debug in /etc/syslog.conf. Edit the file /etc/syslog.conf and add ";daemon.debug" to the line that ends in /var/log/messages . E.g like this:
*.info;mail.none;authpriv.none;daemon.debug /var/log/messagesNext restart syslog with the command
tail -f /var/log/messagesand watch pppd debug output while connecting to your ISP.
A successful ppp connection setup would look like this:
Jan 14 17:18:11 bearix pppd: pppd 2.3.10 started by root, uid 0
Jan 14 17:18:34 bearix pppd: Serial connection established.
Jan 14 17:18:34 bearix pppd: Using interface ppp0
Jan 14 17:18:34 bearix pppd: Connect: ppp0 <--> /dev/modem
Jan 14 17:18:35 bearix pppd: sent [LCP ConfReq id=0x1
Jan 14 17:18:37 bearix pppd: rcvd [LCP ConfReq id=0x46
Jan 14 17:18:37 bearix pppd: sent [LCP ConfNak id=0x46
Jan 14 17:18:38 bearix pppd: rcvd [LCP ConfReq id=0x47
Jan 14 17:18:38 bearix pppd: sent [LCP ConfAck id=0x47
Jan 14 17:18:38 bearix pppd: sent [LCP ConfReq id=0x1
Jan 14 17:18:38 bearix pppd: rcvd [LCP ConfAck id=0x1
Jan 14 17:18:38 bearix pppd: sent [PAP AuthReq id=0x1 user="arcor" password="internet"]
Jan 14 17:18:40 bearix pppd: rcvd [LCP ConfReq id=0x49
Jan 14 17:18:40 bearix pppd: sent [LCP ConfReq id=0x2
Jan 14 17:18:40 bearix pppd: sent [LCP ConfAck id=0x49
Jan 14 17:18:41 bearix pppd: rcvd [LCP ConfAck id=0x2
Jan 14 17:18:41 bearix pppd: rcvd [CHAP Challenge id=0x5 <0c7672840494152025f937ac4f5e135e>, name = "klndiinternet"]
Jan 14 17:18:41 bearix pppd: sent [CHAP Response id=0x5
Jan 14 17:18:41 bearix pppd: rcvd [CHAP Success id=0x5 ""]
Jan 14 17:18:41 bearix pppd: sent [IPCP ConfReq id=0x1
Jan 14 17:18:41 bearix pppd: sent [CCP ConfReq id=0x1
Jan 14 17:18:41 bearix pppd: rcvd [IPCP ConfReq id=0x8e
Jan 14 17:18:41 bearix pppd: sent [IPCP ConfAck id=0x8e
Jan 14 17:18:41 bearix pppd: rcvd [IPCP ConfRej id=0x1
Jan 14 17:18:41 bearix pppd: sent [IPCP ConfReq id=0x2
Jan 14 17:18:41 bearix pppd: rcvd [LCP ProtRej id=0xfb 80 fd 01 01 00 0f 1a 04 78 00 18 04 78 00 15 03 2f]
Jan 14 17:18:41 bearix pppd: rcvd [IPCP ConfNak id=0x2
Jan 14 17:18:41 bearix pppd: sent [IPCP ConfReq id=0x3
Jan 14 17:18:41 bearix pppd: rcvd [IPCP ConfAck id=0x3
Jan 14 17:18:41 bearix pppd: local IP address 126.96.36.199
Jan 14 17:18:41 bearix pppd: remote IP address 188.8.131.52
Jan 14 17:18:41 bearix pppd: primary DNS address 184.108.40.206
Jan 14 17:18:41 bearix pppd: secondary DNS address 220.127.116.11
Jan 14 17:18:41 bearix pppd: Script /etc/ppp/ip-up started (pid 723)
Jan 14 17:18:42 bearix pppd: Script /etc/ppp/ip-up finished (pid 723), status = 0x0
It is impossible to describe every error case here first of all because I don't know your setup and second because there are simply too many things that could go wrong. With a little bit of creativity and the things in mind that you have learned in this article you should be able find most faults. If you really can not get it to work and it does not look like a fault on your side then just try a different ISP. It could very well be a problem at the ISP.
Webpages maintained by the LinuxFocus Editor team
© Guido Socher, FDL
Click here to report a fault or send a comment to LinuxFocus
2001-04-27, generated by lfparser version 2.13