Howto Setup A Dial In Server in Redhat

Overview

This document describes how to attach modems to a Linux box and allow it to receive calls to connect users to the
network. Its like being your own ISP (Internet Service Provider). If your Linux box is connected to the Internet, then
the users will also be connected to the Internet. Your Linux box becomes a router. This is also known as RAS (Remote Access Services) in the Microsoft world. In the Linux world its called PPP (Point to Point Protocol).
Contents

• Attach A Modem
• Run kudzu: Hardware Auto Detection
• Configure Modem For mgetty
• Turn on PPP dial-in service
• Setup PPP options
• Add users to pap-secrets
• Create Linux users
• Turn on routing
• Start mgetty
• Test Dial In and View Logs

Attach A Modem

Attach a modem to COM 1 or COM 2. If you have an internal modem, you need to know what COM port it is. You could just activate all the COM ports and see later which one works by viewing the /var/log/messages file. Then turn off the other 3.

Run kudzu

Kudzu is the Linux hardware auto detection that usually runs at boot time. You may reboot the computer or else just type: kudzu

Hopefully, kudzu will detect your modem and configure it automatically.

Configure Modem For mgetty

Mgetty is the program that allows you to login after the modems connect. It is activated in the /etc/inittab file. Use vi to add a line after the mingetty lines (halfway into the file).

Physical Port Linux Port /etc/inittab line for turning on mgetty

COM 1 ttyS0 S0:2345:respawn:/sbin/mgetty -D ttyS0
COM 2 ttyS1 S1:2345:respawn:/sbin/mgetty -D ttyS1
COM 3 ttyS2 S2:2345:respawn:/sbin/mgetty -D ttyS2
COM 4 ttyS3 S3:2345:respawn:/sbin/mgetty -D ttyS3

The -D means data only, no fax machines are allowed to connect. The baud rate is automatic. I hope your modem can handle that.

Turn On PPP Dial In Service

Mgetty by default will not invoke PPP, it is commented out in the /etc/mgetty+sendfax/login.config file. We need this service so IP packets can flow across the dial-in connection.
Look for a line like:

#/AutoPPP/ - a_ppp /usr/sbin/pppd auth -chap +pap login debug

and remove the first character, the # and save the file. Notice the "debug" option on that line. This logs useful information in /var/log/messages that we will look at later. Also, the "login" option means to authenticate with the
/etc/passwd file after "pap" authentication (described below).

Setup PPP Options

When PPP starts up, it reads options from the command line from /etc/mgetty+sendfax/login.config. Then it read more options from the /etc/ppp directory. We will create a new file called options.server where we will put generic options for all modems that dial in. Then we will have an options file for each modem where we can put the IP address we will assign anyone on that modem. That file will be named options.ttyS0 or options.ttyS1.
/etc/ppp/options.server Explanation

-detach
asyncmap 0
modem
crtscts
lock

proxyarp =Allow this machine to receive LAN packets on behalf of the PPP connected machine and be its router.

ms-dns 1.2.3.4 =The first DNS server IP address for this network. Don't use the example IP of 1.2.3.4, replace it with the real numbers.

ms-dns 3.4.5.6 =The second DNS server IP address for this network. Don't use the example IP of 3.4.5.6, replace it with the real numbers

/etc/ppp/options.ttyS0 Explanation

192.168.0.12:192.168.0.100 =The first IP address is the servers IP address, the second IP address is the free static IP address that can be assigned to the computer dialing in on the modem. This number cannot be in use.
netmask 255.255.255.0 The net mask of the LAN the server is connected to.

/etc/ppp/options.ttyS1 Explanation

192.168.0.12:192.168.0.101 =The first IP address is the servers IP address, the second IP address is the free static IP address that can be assigned to the computer dialing in on the modem. This number cannot be in use.
netmask 255.255.255.0 The net mask of the LAN the server is connected to.

Add Users To pap-secrets

In order to allow dial in, you will have to define users and passwords to authenticate them with. PPP will authenticate them. First, we must add users and passwords to the /etc/ppp/pap-secrets file.

/etc/ppp/pap-secrets

Client (User) Server Secret (password) IP
jones * fred123 *
smith * bob123 *
foo * bar *

Create Linux Users

Now, create some regular linux users that correspond to the /etc/ppp/pap-secrets file. Use the same password that has been entered in that file. If you do not want to do this step then you must remove the "login" option from the command line of ppp kept in /etc/mgetty+sendfax/login.config.

Turn On Routing

We now want Linux to be a router and allow packets to flow through it. This is called packet forwarding. To turn it on type:

echo '1' > /proc/sys/net/ipv4/ip_forward

Place this line at the end of /etc/rc.d/rc.local to have it activate forwarding at boot time.

Start Mgetty

Tell the inet daemon (xinetd) to reread its config file (/etc/inittab) and start up mgetty on the modems.
/sbin/telinit q

Test Dial In and View Logs

Have someone try dialing in and you can watch the logs live by typing this:

tail -f /var/log/messages

You will see the connection attempts and some useful debugging info.

One More Final Gotcha: SELinux
If you have SELinux turned on you might get a bogus password authentication error. Please see the /etc/sysconfig/selinux file.