[ LUGOS ] IP logging, ipppd
Nejc Skoberne
nejc.skoberne na guest.arnes.si
Tor Jan 23 18:46:16 CET 2001
Zdravo.
Spet dve vprasanji:
1. Linux streznik je dial-on-demand server za notranjo mrezo, kamor so
prikljuceni sami Windows boxi. Zanima me, kako bi lahko izvedel, kdaj
kateri izmed racunalnikov poskusi dostopati do interneta. Namrec v
/var/log/messages pise source kot IP od Linux masine in target pac IP
kamor poskusi dostopat (nato se takoj vzpostavi ISDN povezava):
Jan 22 10:37:28 Linux kernel: OPEN: local.ip.address -> 198.17.208.67
UDP, port: 1025 -> 53
Zanima me, ce bi se dalo na kak nacin logirat, katera Windows masina
(torej kater IP), kdaj in kam (do katerega IPja) poskusa dostopati.
2. Imam tezave z ipppd-jem. Masina je nastavljena dial-on-demand in
navadno dela vse kot je treba. Vendar vsake toliko casa iz neznanega
razloga odpove (noce se vec konektati na internet) in jo je treba
resetirati.
Izsek iz /var/log/messages:
Jan 22 11:10:01 Soulfly kernel: ippp0: dialing 1 088032320...
Jan 22 11:10:02 Soulfly kernel: isdn_net: ippp0 connected
Jan 22 11:10:02 Soulfly ipppd[109]: Local number: 663, Remote number:
088032320, Type: outgoing
Jan 22 11:10:02 Soulfly ipppd[109]: PHASE_WAIT -> PHASE_ESTABLISHED,
ifunit: 0, linkunit: 0, fd: 7
Jan 22 11:11:55 Soulfly ipppd[109]: LCP terminated by peer
Jan 22 11:11:55 Soulfly kernel: ippp0: remote hangup
Jan 22 11:11:55 Soulfly kernel: ippp0: Chargesum is 0
Jan 22 11:11:55 Soulfly ipppd[109]: Modem hangup
Jan 22 11:11:55 Soulfly ipppd[109]: Connection terminated.
Jan 22 11:11:55 Soulfly ipppd[109]: taking down PHASE_DEAD link 0,
linkunit: 0
Jan 22 11:11:55 Soulfly ipppd[109]: closing fd 7 from unit 0
Jan 22 11:11:55 Soulfly ipppd[109]: link 0 closed , linkunit: 0
Jan 22 11:11:55 Soulfly ipppd[109]: reinit_unit: 0
Jan 22 11:11:55 Soulfly ipppd[109]: Connect[0]: /dev/ippp0, fd: 7
To se kar na enkrat zgodi, potem pa se zacne isto ponavljati vedno, ko
kaksen racunalnik hoce iti na internet. Ima kdo kako idejo?
Prilagam konfiguracijske datoteke od ipppd-ja.
Hvala za odgovore.
--
Nejc Skoberne
Grajska 5
5220 Tolmin
e-mail: nejko na varnost.org
#!/bin/sh
/sbin/route del default >/dev/null 2>&1
/sbin/route add default netmask 0 ippp0
isdnctrl hangup ippp0
#!/bin/sh
/sbin/route del default >/dev/null 2>&1
/sbin/route add default netmask 0 ippp0
isdnctrl dial ippp0
MYUSER=username # my username at the ISP
#MYUSER=ppp
REMNAME=siol # name of ISP's system
#REMNAME=linux
#MYIP=10.1.1.1 # my fixed IP number (use 10.0.0.2 if no fixed)
#REMIP=192.168.0.3 # IP nummer van ISP (this is almost alwaysfixed)
MYIP=0.0.0.0
REMIP=0.0.0.0
MYMSN=999 # my number, without 0, with areacode
REMMSN=088032320 # number of ISP
#REMMSN=
/sbin/isdnctrl verbose 9 # probably already done
/sbin/isdnctrl system on # ditto, but to be sure...
/sbin/isdnctrl addif ippp0 # first interface should be ippp0
/sbin/isdnctrl eaz ippp0 $MYMSN # last one added is
/sbin/isdnctrl addphone ippp0 out $REMMSN # called first!
/sbin/isdnctrl huptimeout ippp0 90 # after 90s of no traffic: hangup
/sbin/isdnctrl l2_prot ippp0 hdlc # default, may be left out
/sbin/isdnctrl l3_prot ippp0 trans # also default
/sbin/isdnctrl encap ippp0 syncppp # we want syncPPP, dammit!
#/sbin/isdnctrl status ippp0 on # if using HiSax 3.0
/sbin/isdnctrl dialmode ippp0 auto # if using 2.0.36 or current CVS version
/sbin/ifconfig ippp0 $MYIP pointopoint $REMIP
/sbin/route add $REMIP ippp0 # $REMIP can be reached via ippp0
/sbin/route add default netmask 0 ippp0 # all non-local traffic goes to ippp0
/sbin/ifconfig ippp0 -arp -broadcast # don't allow arps and broadcasts
/sbin/ipppd user $MYUSER remotename $REMNAME \
$MYIP:$REMIP \
name $MYUSER \
-detach \
noipdefault \
mru 1500 \
mtu 1500 \
lcp-restart 1 \
/dev/ippp0 &
Dodatne informacije o seznamu Starilist