Linux Networking/SLIP server

SLIP server.
If you have a machine that is perhaps network connected, that you'd like other people be able to dial into and provide network services, then you will need to configure your machine as a server. If you want to use SLIP as the serial line protocol, then currently you have three options as to how to configure your Linux machine as a SLIP server. My preference would be to use the first presented, sliplogin, as it seems the easiest to configure and understand, but I will present a summary of each, so you can make your own decision.

Slip Server using sliplogin.
sliplogin is a program that you can use in place of the normal login shell for SLIP users that converts the terminal line into a SLIP line. It allows you to configure your Linux machine as either a static address server, users get the same address everytime they call in, or a dynamic address server, where users get an address allocated for them which will not necessarily be the same as the last time they called.

The caller will login as per the standard login process, entering their username and password, but instead of being presented with a shell after their login, sliplogin is executed which searches its configuration file (/etc/slip.hosts) for an entry with a login name that matches that of the caller. If it locates one, it configures the line as an 8bit clean line, and uses an ioctl call to convert the line discipline to SLIP. When this process is complete, the last stage of configuration takes place, where sliplogin invokes a shell script which configures the SLIP interface with the relevant ip address, netmask and sets appropriate routing in place. This script is usually called /etc/slip.login, but in a similar manner to getty, if you have certain callers that require special initialization, then you can create configuration scripts called /etc/slip.login.loginname that will be run instead of the default specifically for them.

There are either three or four files that you need to configure to get sliplogin working for you. I will detail how and where to get the software and how each is configured in detail. The files are:

· /etc/passwd, for the dialin user accounts.

· /etc/slip.hosts, to contain the information unique to each dial-in user.

· /etc/slip.login, which manages the configuration of the routing that needs to be performed for the user.

· /etc/slip.tty, which is required only if you are configuring your server for dynamic address allocation and contains a table of  addresses to allocate

· /etc/slip.logout, which contains commands to clean up after the user has hung up or logged out.

Where to get sliplogin
You may already have the sliplogin package installed as part of your distribution, if not then sliplogin can be obtained from: metalab.unc.edu. The tar file contains both source, precompiled binaries and a man page.

To ensure that only authorized users will be able to run sliplogin program, you should add an entry to your /etc/group file similar to the following:

slip::13:radio,fred

When you install the sliplogin package, the Makefile will change the group ownership of the sliplogin program to slip, and this will mean that only users who belong to that group will be able to execute it. The example above will allow only users radio and fred to execute sliplogin.

To install the binaries into your /sbin directory and the man page into section 8, do the following:

# cd /usr/src # gzip -dc .../sliplogin-2.1.1.tar.gz | tar xvf - # cd sliplogin-2.1.1 # <..edit the Makefile if you don't use shadow passwords..> # make install

If you want to recompile the binaries before installation, add a make clean before the make install. If you want to install the binaries somewhere else, you will need to edit the Makefile install rule.

Please read the README files that come with the package for more information.

Configuring /etc/passwd for Slip hosts.
Normally you would create some special logins for Slip callers in your /etc/passwd file. A convention commonly followed is to use the hostname of the calling host with a capital `S' prefixing it. So, for example, if the calling host is called radio then you could create a /etc/passwd entry that looked like:

Sradio:FvKurok73:1427:1:radio SLIP login:/tmp:/sbin/sliplogin

It doesn't really matter what the account is called, so long as it is meaningful to you.

Note: the caller doesn't need any special home directory, as they will not be presented with a shell from this machine, so /tmp is a good choice. Also note that sliplogin is used in place of the normal login shell.

Configuring /etc/slip.hosts
The /etc/slip.hosts file is the file that sliplogin searches for entries matching the login name to obtain configuration details for this caller. It is this file where you specify the ip address and netmask that will be assigned to the caller and configured for their use. Sample entries for two hosts, one a static configuration for host radio and another, a dynamic configuration for user host albert might look like:

Sradio  44.136.8.99   44.136.8.100  255.255.255.0  normal      -1 Salbert 44.136.8.99   DYNAMIC       255.255.255.0  compressed  60

The /etc/slip.hosts file entries are:

1. The login name of the caller.

2. IP of the server machine, ie this machine.

3. IP address that the caller will be assigned. If this field is coded DYNAMIC then an ip address will be allocated based on the information contained in your /etc/slip.tty file discussed later. Note: you must be using at least version 1.3 of sliplogin for this to work.

4. The netmask assigned to the calling machine in dotted decimal notation eg 255.255.255.0 for a Class C network mask.

5. The slip mode setting which allows you to enable/disable compression and slip other features. Allowable values here are "normal" or "compressed".

6. A timeout parameter which specifies how long the line can remain idle (no datagrams received) before the line is automatically disconnected. A negative value disables this feature.

7. Optional arguments.

Note: You can use either hostnames or IP addresses in dotted decimal notation for fields 2 and 3. If you use hostnames then those hosts must be resolvable, that is, your machine must be able to locate an ip address for those hostnames, otherwise the script will fail when it is called. You can test this by trying trying to telnet to the hostname, if you get the `Trying nnn.nnn.nnn...' message then your machine has been able to find an ip address for that name. If you get the message `Unknown host', then it has not. If not, either use ip addresses in dotted decimal notation, or fix up your name resolver configuration (See section Name Resolution).

The most common slip modes are:

normal to enable normal uncompressed SLIP.

compressed to enable van Jacobsen header compression (cSLIP)

Naturally these are mutually exclusive, you can use one or the other. For more information on the other options available, refer to the man pages.

Configuring the /etc/slip.login file.
After sliplogin has searched the /etc/slip.hosts and found a matching entry, it will attempt to execute the /etc/slip.login file to actually configure the SLIP interface with its ip address and netmask. The sample /etc/slip.login file supplied with the sliplogin package looks like this:

#!/bin/sh - #    #       @(#)slip.login  5.1 (Berkeley) 7/1/90 #    # generic login file for a SLIP line. sliplogin invokes this with # the parameters: #    $1       $2       $3    $4, $5, $6 ...     #   SLIPunit ttyspeed   pid   the arguments from the slip.host entry #    /sbin/ifconfig $1 $5 pointopoint $6 mtu 1500 -trailers up     /sbin/route add $6 arp -s $6  pub exit 0 #

You will note that this script simply uses the ifconfig and route com­ mands to configure the SLIP device with its ipaddress, remote ip address and netmask and creates a route for the remote address via the SLIP device. Just the same as you would if you were using the slattach command.

Note also the use of Proxy ARP to ensure that other hosts on the same ethernet as the server machine will know how to reach the dial-in host. The  field should be the hardware address of the ethernet card in the machine. If your server machine isn't on an ethernet network then you can leave this line out completely.

Configuring the /etc/slip.logout file.
When the call drops out, you want to ensure that the serial device is restored to its normal state so that future callers will be able to login correctly. This is achieved with the use of the /etc/slip.logout file. It is quite simple in format and is called with the same argument as the /etc/slip.login file.

#!/bin/sh - #            #               slip.logout #            /sbin/ifconfig $1 down arp -d $6 exit 0 #

All it does is `down' the interface which will delete the manual route previously created. It also uses the arp command to delete any proxy arp put in place, again, you don't need the arp command in the script if your server machine does not have an ethernet port.

Configuring the /etc/slip.tty file.
If you are using dynamic ip address allocation (have any hosts configured with the DYNAMIC keyword in the /etc/slip.hosts file, then you must configure the /etc/slip.tty file to list what addresses are assigned to what port. You only need this file if you wish your server to dynamically allocate addresses to users.

The file is a table that lists the tty devices that will support dial- in SLIP connections and the ip address that should be assigned to users who call in on that port.

Its format is as follows:

# slip.tty   tty -> IP address mappings for dynamic SLIP # format: /dev/tty?? xxx.xxx.xxx.xxx #    /dev/ttyS0      192.168.0.100 /dev/ttyS1     192.168.0.101 #

What this table says is that callers that dial in on port /dev/ttyS0 who have their remote address field in the /etc/slip.hosts file set to DYNAMIC will be assigned an address of 192.168.0.100. In this way you need only allocate one address per port for all users who do not require an dedicated address for themselves. This helps you keep the number of addresses you need down to a minimum to avoid wastage.

Slip Server using dip.
Let me start by saying that some of the information below came from the dip man pages, where how to run Linux as a SLIP server is briefly documented. Please also beware that the following has been based on the dip337o-uri.tgz package and probably will not apply to other versions of dip.

dip has an input mode of operation, where it automatically locates an entry for the user who invoked it and configures the serial line as a SLIP link according to information it finds in the /etc/diphosts file. This input mode of operation is activated by invoking dip as diplogin. This therefore is how you use dip as a SLIP server, by creating special accounts where diplogin is used as the login shell.

The first thing you will need to do is to make a symbolic link as follows:

# ln -sf /usr/sbin/dip /usr/sbin/diplogin

You then need to add entries to both your /etc/passwd and your /etc/diphosts files. The entries you need to make are formatted as follows:

To configure Linux as a SLIP server with dip, you need to create some special SLIP accounts for users, where dip (in input mode) is used as the login shell. A suggested convention is that of having all SLIP accounts begin with a capital `S', e.g. `Sfredm'.

A sample /etc/passwd entry for a SLIP user looks like:

Sfredm:ij/SMxiTlGVCo:1004:10:Fred:/tmp:/usr/sbin/diplogin ^^        ^^        ^^  ^^   ^^   ^^   ^^     |          |         |   |    |    |    \__ diplogin as login shell |         |         |   |    |    \_______ Home directory |         |         |   |    \____________ User Full Name |         |         |   \_________________ User Group ID     |          |         \_____________________ User ID     |          \_______________________________ Encrypted User Password \__________________________________________ Slip User Login Name

After the user logs in, the login program, if it finds and verifies the user ok, will execute the diplogin command. dip, when invoked as diplogin knows that it should automatically assume that it is being used a login shell. When it is started as diplogin the first thing it does is use the getuid function call to get the userid of whoever has invoked it. It then searches the /etc/diphosts file for the first entry that matches either the userid or the name of the tty device that the call has come in on and configures itself appropriately. By judicious decision as to whether to give a user an entry in the diphosts file, or whether to let the user be given the default configuration you can build your server in such a way that you can have a mix of static and dynamically assigned address users.

dip will automatically add a `Proxy-ARP' entry if invoked in input mode, so you do not need to worry about manually adding such entries.

Configuring /etc/diphosts
/etc/diphosts is used by dip to lookup preset configurations for remote hosts. These remote hosts might be users dialing into your linux machine, or they might be for machines that you dial into with your linux machine.

The general format for /etc/diphosts is as follows:

..    Suwalt::145.71.34.1:145.71.34.2:255.255.255.0:SLIP uwalt:CSLIP,1006 ttyS1::145.71.34.3:145.71.34.2:255.255.255.0:Dynamic ttyS1:CSLIP,296 ..

The fields are:

1. login name: as returned by getpwuid(getuid) or tty name.

2. unused: compat. with passwd

3. Remote Address: IP address of the calling host, either numeric or  by name 4. Local Address: IP address of this machine, again numeric or by name

5. Netmask: in dotted decimal notation

6. Comment field: put whatever you want here.

7. protocol: Slip, CSlip etc.

8. MTU: decimal number

An example /etc/net/diphosts entry for a remote SLIP user might be:

Sfredm::145.71.34.1:145.71.34.2:255.255.255.0:SLIP uwalt:SLIP,296

which specifies a SLIP link with remote address of 145.71.34.1 and MTU of 296, or:

Sfredm::145.71.34.1:145.71.34.2:255.255.255.0:SLIP uwalt:CSLIP,1006

which specifies a cSLIP-capable link with remote address 145.71.34.1 and MTU of 1006.

Therefore, all users who you wish to be allowed a statically allocated dial-up IP access should have an entry in the /etc/diphosts. If you want users who call a particular port to have their details dynamically allocated then you must have an entry for the tty device and do not configure a user based entry. You should remember to configure at least one entry for each tty device that your dialup users use to ensure that a suitable configuration is available for them regardless of which modem they call in on.

When a user logs in they will receive a normal login and password prompt at which they should enter their SLIP-login userid and password. If these verify ok then the user will see no special messages and they should just change into SLIP mode at their end. The user should then be able to connect ok and be configured with the relevant parameters from the diphosts file.

SLIP server using the dSLIP package.
Matt Dillon  has written a package that does not only dial-in but also dial-out SLIP. Matt's package is a combination of small programs and scripts that manage your connections for you. You will need to have tcsh installed as at least one of the scripts requires it. Matt supplies a binary copy of the expect utility as it too is needed by one of the scripts. You will most likely need some experience with expect to get this package working to your liking, but don't let that put you off. Matt has written a good set of installation instructions in the README file, so I won't bother repeating them.

You can get the dSLIP package from its home site at: apollo.west.oic.com /pub/linux/dillon_src/dSLIP203.tgz or from: metalab.unc.edu /pub/Linux/system/Network/serial/dSLIP203.tgz

Read the README file and create the /etc/passwd and /etc/group entries before doing a make install.