-ADDING MORE PPP CHANNELS
-
-By default, Linux PPP comes with 4 kernel channels, which means that
-at most 4 simultaneous PPP sessions are possible. If you desire more
-such sessions (for example if you are serving many dialup lines), you
-can easily reconfigure the kernel to add new channels. There are two
-steps.
-
-First you need to edit the kernel file drivers/net/Space.c . As
-distributed, it contains a section that looks like this:
-
-#if defined(CONFIG_PPP)
-extern int ppp_init(struct device *);
-static struct device ppp3_dev = {
- "ppp3", 0x0, 0x0, 0x0, 0x0, 3, 0, 0, 0, 0, NEXT_DEV, ppp_init, };
-static struct device ppp2_dev = {
- "ppp2", 0x0, 0x0, 0x0, 0x0, 2, 0, 0, 0, 0, &ppp3_dev, ppp_init, };
-static struct device ppp1_dev = {
- "ppp1", 0x0, 0x0, 0x0, 0x0, 1, 0, 0, 0, 0, &ppp2_dev, ppp_init, };
-static struct device ppp0_dev = {
- "ppp0", 0x0, 0x0, 0x0, 0x0, 0, 0, 0, 0, 0, &ppp1_dev, ppp_init, };
-#undef NEXT_DEV
-#define NEXT_DEV (&ppp0_dev)
-#endif /* PPP */
-
-The pattern should be obvious. For more channels, you need to add
-more "static struct device pppN_dev" lines, changing the first, sixth
-and eleventh structure entries as appropriate. The highest numbered
-PPP device should have NEXT_DEV in its eleventh structure field, and
-you should change the ppp3_dev structure to have &ppp4_dev there
-instead.
-
-For example, to add 2 extra channels, you would have
-
-#if defined(CONFIG_PPP)
-extern int ppp_init(struct device *);
-static struct device ppp5_dev = {
- "ppp5", 0x0, 0x0, 0x0, 0x0, 5, 0, 0, 0, 0, NEXT_DEV, ppp_init, };
-static struct device ppp4_dev = {
- "ppp4", 0x0, 0x0, 0x0, 0x0, 4, 0, 0, 0, 0, &ppp5_dev, ppp_init, };
-static struct device ppp3_dev = {
- "ppp3", 0x0, 0x0, 0x0, 0x0, 3, 0, 0, 0, 0, &ppp4_dev, ppp_init, };
-... etc.
-
-Second, you need to change the line in ppp.h (in include/linux) to
-change the line that reads
-
-#define PPP_NRUNIT 4
-
-to show the new number of channels; in our case it would become
-
-#define PPP_NRUNIT 6
-
-Finally, recompile and reboot. The bootup message and the contents of
-/proc/net/dev should show the correct number of channels.
-
-CHANGES FROM LINUX PPP 0.1.x
-
-Linux PPP 0.1.x was based on the free PPP package PPP-1.3. Linux PPP
-0.2.1 is based on PPP-2.0.4. There have been some changes to the pppd
-options along with significant enhancements. You should read
-"RELNOTES" in the pppd directory for a description of the changes.
-
-Also, some options which were added to PPP-1.3 for the Linux version
-have now changed names:
- 'defroute' is now 'defaultroute'
- 'kerndebug' is now 'kdebug'
- 'dropdtr' is now 'modem'
-In addition, it is now necessary to use the 'noipdefault' option if
-you want to get the local IP address from the remote PPP server.
+
+
+SETTING UP A MACHINE FOR INCOMING PPP CONNECTIONS WITH DYNAMIC IP
+
+The use of dynamic IP assignments is not much different from that
+using static IP addresses. Rather than putting the IP address into the
+single file ~ppp/.ppprc, you would put the IP address for each of the
+incoming terminals into the /etc/ppp/options.tty files. ('tty' is the
+name of the tty device. For example /etc/ppp/options.ttyS0 is used for
+the /dev/ttyS0 device.)
+
+To each of the serial devices, you would attach a modem. To the
+modems, attach the telephone lines. Place all of the telephone lines
+into a hunt group so that the telephone system will select the
+non-busy telephone and subsequently, the modem. By selecting the
+modem, the user will select a tty device and the tty device will
+select the IP address. Run a getty process against the tty device such
+as /dev/ttyS0.
+
+(The general consensus among the users is that you should *not* use
+the agetty process to monitor a modem. Use either getty_ps' uugetty
+process or mgetty from the mgetty+sendfax package.)
+
+
+SECURITY CONCERNS ABOUT INCOMING PPP CONNECTIONS
+
+The following security should be considered with the ppp connections.
+
+1. Never put the pppd program file into the /etc/shells file. It is not
+a legal shell for the general user. In addition, if the shell is missing
+from the shells file, the ftpd process will not allow the user to access
+the system via ftp. You would not want Joe Hacker using the ppp account
+via ftp.
+
+2. Ensure that the directory /etc/ppp is owned by 'root' and permits
+only write access to the root user.
+
+3. The files /etc/ppp/options must be owned by root and accessible only
+from that user. Never permit any other user access to this file.
+
+4. The files /etc/ppp/ip-up and /etc/ppp/ip-down will be executed by the
+pppd process while it is root. Ensure that these files are writable only
+from the root user.
+
+5. If you use an incoming PPP connection, you should do the following as
+the root user:
+
+a) Invalidate the files for rhosts and forward
+rm -f ~ppp/.rhosts ~ppp/.forward
+touch ~ppp/.rhosts ~ppp/.forward
+chmod 444 ~ppp/.rhosts ~ppp/.forward
+
+b) Prevent users from sending mail to the user 'ppp'.
+
+This is best performed by creating a system alias 'ppp' and have it
+point to the name "THIS_USER_CANNOT_RECEIVE_MAIL". It has no special
+meaning other than the obvious one.
+
+For sendmail, the sequence is fairly easy. Edit the /etc/aliases file
+and add the line:
+
+ppp:THIS_USER_CANNOT_RECEIVE_MAIL
+
+Then run the sendmail program with the option '-bi' to rebuild the
+alias database.
+
+c) Secure the ppp file properly.
+chown root ~ppp/.ppprc
+chmod 444 ~ppp/.ppprc
+
+You may wish to extend the security by creating a group 'ppp' and putting
+the ppp user into that group, along with the binaries for pppd and pppstats.
+Then you may secure the binaries so that they are executable from the owner
+(which should be root) and the group only. All other users would be denied
+all access to the files and executables.
+
+d) Prevent the motd file from being sent to the ppp user.
+touch ~ppp/.hushlogin
+chown root ~ppp/.hushlogin
+chmod 444 ~ppp/.hushlogin
+
+
+ADDITIONAL INFORMATION
+
+Besides this document, additional information may be found in:
+
+- The file README in the source package
+- The PPP-HOWTO on sunsite.unc.edu
+- The Net-2-HOWTO on sunsite.unc.edu
+- The Network Administration Guide published by O'Rielly and Associates
+
+Please consult these sources of information should you have questions
+about the program. If you still can not find your answer then ask either
+the usenet news groups or the mail list.
+
+
+
+DIP SUPPORT
+
+The dip program used by Linux is not directly supported by the PPP
+package as such. Please don't ask the PPP porting group questions
+about dip. It does work in two areas.
+
+1. If you use it as a parameter to 'connect' then you can use the scripting
+ language and establish the connection. You would use the standard set of
+ PPP options.
+
+2. dip-3.3.7m-uri and later versions support a 'mode ppp' function
+ which will invoke the pppd program. That is all that it does. It will
+ not pass any parameters to pppd other than its required '-detach' to
+ allow dip to detect the normal termination of pppd.
+
+ The following information comes from John Phillips in an article which he
+ posted to comp.os.linux.setup.
+
+Assuming that you already know how dip supports SLIP, these points
+are relative to a working SLIP set-up.
+
+1. You need dip-3.3.7m-uri, and, of course, PPP compiled into the
+kernel.
+
+2. Make sure pppd is where dip thinks it is: /usr/lib/ppp/pppd, or
+make a link from there to where pppd really is. (Or re-compile dip
+to tell it where pppd is on your system - see pathnames.h).
+
+3. The key differences between the dip script for PPP, compared to one
+for SLIP are:
+
+ a. Use "mode PPP" instead of "mode SLIP"
+
+ b. Don't set certain options such as mtu and default - these are set
+ by pppd from the file /etc/ppp/options. Mine looks like this:
+
+ crtscts
+ modem
+ defaultroute
+ asyncmap 0x00000000
+ mru 576
+ mtu 576
+
+ The actual parameters and values may depend on your IP supplier
+ and his set-up.
+
+ c. Tell your IP supplier's start-up code to use ppp, not slip: I
+ use "send nolqm,idle=240\n" instead of "send slip,idle=240,mru=576\n"
+ at the "protocol: " prompt. ("nolqm" asks for ppp without the line
+ quality monitoring protocol, which is not - I think - supported in
+ Linux PPP.) This prompt may be different (or absent) with another
+ IP supplier.
+
+ d. You don't need "get $local <name>", since the ppp protocol
+ negotiates this at start-up. You still need "get $remote <name>".
+ (This may also vary with IP supplier - you may need to set some
+ more parameters in /etc/ppp/options to work with yours - see "man
+ pppd" for details of the options supported by pppd.)
+
+4. The dip script will exit after dialling and starting up pppd. When
+ppp negotiation is completed and IP comes up, pppd runs /etc/ppp/ip-up.
+This file can contain things you want to run when the network comes up
+(e.g. running the mail queue).
+
+5. When IP goes down (e.g. after you close down the link with "dip -k"),
+pppd runs /etc/ppp/ip-down, which can contain things you want to do on
+close-down.
+
+