[ Pobierz całość w formacie PDF ]
.tpci.com roy.sailing.ca "Hoist the spinnaker"* merlin.tpci.com "Man overboard"the last entry enables any other machine connecting to the localhost and requiring authentication to use the same string.Of course, the remote must have the same string in its chap-secrets file.This is a little less secure than a dedicated string for each remote, but can be a handy time-saver when using a number of machines only rarely.The addresses field, which wasn't used in the samples above, enables you to list either symbolic names or IP addresses for the clients.This is necessary if the remote wants to use an IP address other than its normal one, which would cause the authentication to fail normally.If the address field is empty (as they all are in the samples), any IP address is allowed.A hyphen in the field disallows all IP addresses with that client.The /etc/ppp/pap-secrets file is much the same as the chap-secrets file.The fields in the pap-secrets file are the client (called a user in the pap-secrets format) and server names, a secret string, and valid address aliases.However, the look of the file is different because the client and server names are not full domain names and the secret string is a single block of text.A sample pap-secrets file looks like this:# /etc/ppp/pap-secrets# user server string addressesmerlin darkstar yG55Sj29 darkstar.big_net.comdarkstar merlin 5Srg7S merlin.tpci.commerlin chatton MeowMeow chatton.cats.comchatton merlin 73wrh6s merlin.tpci.comIn this example, the first two lines show a connection to the machine darkstar.The first line is how we authenticate a request from darkstar, and the second how we authenticate a request from us to them.The user name in the first column is the name we send to the remote, while the server field is their identification to us.This poses a problem: the pppd daemon has no way of knowing the remote host's name, because all it gets is an IP address.You can put the IP address in the addresses column of the file, or you can specify the remote host name at the end of the pppd command line like this:pppd.remotename chatton user merlinThis shows that the remote is called chatton, and our local host is merlin.The last portion giving the local host name overrides the default values, if specified.Using DNS for SLIP and PPPIf you are using SLIP or PPP to connect to the Internet for more than simple tasks (such as downloading e-mail and news), you will probably want to use DNS.The basic configuration for DNS and BIND were discussed in Chapter 30, "Configuring TCP/IP."The easiest method of using DNS for your SLIP and PPP connections is to put the IP address of a name server you can access in the /etc/resolv.conf file.For example, if you can access a name server with an IP address of 45.2.12.1, you would make the following addition to your /etc/resolv.conf file:# /etc/resolv.confdomain merlin.com # the local domainnameserver 145.2.12.1 # the Internet name serverOnce this entry has been established, SLIP or PPP will send requests for address resolution to the name server and wait for replies.The more accessible the name server is, the better the performance will be.For this reason, choose a name server that is relatively close (in network terms).Using this approach has a problem, though: all address resolution attempts must go out over the SLIP or PPP line.This can slow down applications, as well as increase the amount of network traffic over your SLIP or PPP line, sometimes to the detriment of other applications.A way around this problem is to set up a cache-only name server on your machine.As you may recall from Chapter 30, a name server uses a cache to retain the most commonly used addresses.Since most SLIP and PPP connections are to a few machines only, the cache can dramatically reduce the amount of resolution traffic on the SLIP or PPP link.To set up a cache-only name server, you need to modify the /etc/named.boot file.To set your local machine up as a cache-only name server, your named.boot file would look like this:; /etc/named.bootdirectory /var/namedcache db.cache ; cache-onlyprimary 0.147.in-addr-arpa db.cache ; loopbackThe file above uses the local network name in IN-ADDR-ARPA format to specify the loopback driver, and the cache points to the file db.cache, which contains a list of root name servers.SummaryOnce you have performed all the configuration steps and startup instructions mentioned above for SLIP and PPP, you can use the interfaces to the outside world.The applications that make use of SLIP and PPP usually expect only to be told where the interface is, and then to work without any interference from you.SLIP is much easier to configure than PPP, but PPP has faster throughput and more security features that make it attractive if you are using a modem connection a lot.Contactreference@developer.com with questions or comments.Copyright 1998EarthWeb Inc., All rights reserved.PLEASE READ THE.Copyright 1998 Macmillan Computer Publishing.All rights reserved
[ Pobierz całość w formacie PDF ]