[LinuxFocus-icon]
Home  |  Map  |  Index  |  Search

News | Archives | Links | About LF  
This article is available in: English  Castellano  Deutsch  Francais  Russian  Turkce  
convert to palmConvert to GutenPalm
or to PalmDoc

[Photo of the Author]
by

About the author:

Guido is a long time Linux fan. He likes Linux not only because of it's good technical quality but also because of the people and the community behind Linux.


Content:

 

Using different ISPs for your Internet access

[Illustration]

Abstract:

This article explains how you can configure a number of different Internet Service Providers (ISPs) under Linux and how to easily change between them.
The concept that we use is not only valid for a configuration with one PC and one Internet connection but you can use it to give the whole family Internet access at the same time. To achieve this we configure a DNS proxy (DNS forwarding) and IP masquerading under Linux.



 

Introduction

Internet access has recently become very easy. Most ISPs do not ask anymore for monthly fees and long term contracts. If an ISP has technical problems or provides bad service, then you just take the next one. In Germany we call this "Internet by Call" and it goes even one step further. You don't register or sign any paper. You just pay via your normal phone bill. Note, this is different from free Internet. Free Internet is usually the state of the ISP before going bankrupt and often linked to bad data throughput. In case of "Internet by Call" you do pay, sometimes quite high fees but can get good bandwidth. No matter how the details are in your country, this article will explain how to quickly change the ISP and use different dialup Internet connections at different times.

The type of Internet access we cover in this article is a dialup point-to-point (PPP) connection from your PC to your ISP. Under Linux a program called pppd is used to setup this connection. pppd is a very good software and very flexible but unfortunately the documentation that comes with pppd has only examples with rather ancient and very special cases for authentication and login to your ISP. Using those examples to set up a connection to most modern ISPs will generally fail. Most ISPs use these days

This article explains how to use these modern features under Linux. All you need to know about your ISP is: Telephone number, login name and password.

With Linux and IP masquerading it is very easy to connect not just one computer but a whole pool, a whole network of computers, via one PPP link to your ISP. To do this you need at least one Linux machine and any number of other computers. This looks then as follows:

[network with IP masquerading]

If you use such an IP masquerading Linux gateway and you use different ISPs then you have generally 2 problems:

  1. The DNS server changes every time your change the ISP and you do not want to re-configure all your computers every time. Specifically not if some are running Windows and Mac OS.
  2. You want a list of pre-configured ISPs from where anybody can pick one. This list should be usable for all operating systems that you have in your network.
We will solve problem 1) by using a DNS proxy called dnrd and solve 2) by using a CGI-script to generate a web page (screen shot) from where you can dial out.

   

Setting up pppd

All of pppd's configuration files are normally in /etc/ppp and generally you need to start pppd as root. During the installation and first tests you should be logged in as user root. Later on I will show you how anybody can start and stop the pppd. It is not good if you are always logged in as root. The user root has very little restrictions and can easily destroy your configuration by mistake.

The important files for pppd are:

You can download those file as ppp.tar.gz. To use them you can directly unpack them in /etc. The subdirectory ppp and all other subdirectories will be created. If you have already a /etc/ppp directory then rename it before unpacking:
cd /etc
mv ppp ppp_old
tar zxvf ppp.tar.gz
After unpacking you will see that there are more files included in ppp.tar.gz. Those are additional wrapper scripts to make the setup and configuration easier. Their purpose is explained further down. (Note: there are some prices mentioned in the configuration files for the example providers. They may be wrong. Check the home page of that ISP to get accurate information.)

Let's have a look at the configuration file for one ISP called arcor:

# This is /etc/ppp/peers/arcor
# Home page of the ISP arcor: http://www.arcor-online.de/
#----------
# serial device and modem speed (normally 38400 or 57600):
/dev/modem 57600
# modem dial-out script with phone number:
connect '/etc/ppp/scripts/ppp-on-dialer-pap 0192070'
# specific options, common options are
# read from /etc/ppp/options
noipdefault
# tell pppd to use this users name for PAP authentication:
user arcor
# try dynamic dns:
usepeerdns
#
A line with a hash mark (#) starts a comment. The first parameter (/dev/modem) in the is the serial device to use. The /dev/modem should be a softlink to device where your modem is connected (/dev/ttyS0 or /dev/ttyS1):
cd /dev
ln -s ttyS0 modem
57600 is the modem speed and depends on your modem hardware. The line that starts with "connect" specifies a script (/etc/ppp/scripts/ppp-on-dialer-pap) to handle the communication with your modem via AT commands. Those AT commands are a ASCII based command language for modems. The parameter given to the script (0192070) is the phone number to dial.
noipdefault is the option that is needed for dynamic IP address assignment and usepeerdns is needed for automatic DNS configuration. The automatic DNS configuration works such that if your ISP provides the IP addresses of 1 or 2 DNS servers during the negotiation phase then they will be available via the Environment Variables DNS1 and DNS2 in the /etc/ppp/ip-up script.

All the resolver libraries read a file called /etc/resolv.conf to find out how to resolve names. This file (/etc/resolv.conf) is used by the applications netscape, sendmail etc... to find the DNS server. We will just generate the needed entries for /etc/resolv.conf from the ip-up script.

So far we have defined the phone number (0192070, in this example) the modem speed, the serial line to use and a few configuration options of pppd. I will not discuss the common configuration options from /etc/ppp/options here. You can take a look a the example file and look them up in the man page of pppd. Instead we will now dial into our ISP (arcor). To do this we need 2 more things (this a working example for readers in Germany) :
login name: arcor
password: internet

This information needs to be entered into the file /etc/ppp/pap-secrets and the login name goes as well into the /etc/ppp/peers/arcor file (see above). Add a line that looks as follows to /etc/ppp/pap-secrets:

# This is /etc/ppp/pap-secrets
# client server secret IP-addr
arcor   *   internet   0.0.0.0

That's it. Now we can test this. To dial out type:

pppd call arcor
arcor is in this case the name of the configuration file in /etc/ppp/peers/
The modem should dial and after a few seconds you should be online. The moment you are online the command /sbin/ifconfig should show an interface called ppp0. Type a few times /sbin/ifconfig until you see it. Now you can use your web browser and surf to linuxfocus.org

To terminate the Internet connection run the command:
killall pppd
I hope this example worked for you. It should definitely work as shown here for readers in Germany. People from other countries should of course adapt phone number, login and password to their ISP. If it did not work then have a look at the trouble shooting section at the end of this article.

Now you have 1 working ISP. To add others you need to do the following:

  1. copy the file /etc/ppp/peers/arcor to a new name
  2. change the phone number and user entry in that file
  3. add a new line to /etc/ppp/pap-secrets
Just copying the file and using a text editor is much faster and easier to use than a graphical configuration tool.

At this point you know roughly how the underlying mechanisms work. Next we will use a few scripts to make it easier to use. In particular we will introduce two Set-UID perl scripts which will make it possible to start and stop your Internet connection when you are logged in as any normal user (not user root).

Set-UID is a mechanism that allows a normal user to execute a specific command and that command will act as if the owner of that command would have executed it. Obviously this needs to be designed with care in order to not create a security problem. The Set-UID perl scripts are already included in the ppp.tar.gz that you have unpacked above. They should have "s" in the file permissions and belong to user root:

> cd     /etc/ppp/scripts
> ls -al     ppp-on   ppp-off
-rwsr-sr-x 1 root root 1258 Jan 7 13:24 ppp-off
-rwsr-sr-x 1 root root 2619 Jan 9 20:30 ppp-on

If they do not have those permissions then you can change them with the command
chmod 6755 ppp-off ppp-on.
The ppp-off ppp-on scripts are just wrapper scripts. All they do is run pppd call some-config-file or killall pppd. The advantage is that any user can now use them. The ppp-on script has as well some special handling for ISPs that do not use automatic DNS configuration. If you happen to have such an ISP then edit the file and search for "static". There are examples in there which you can modify. You use those ppp-on/ppp-off scripts as follows:

To go online:
/etc/ppp/scripts/ppp-on arcor
To terminate the
Internet connection:
/etc/ppp/scripts/ppp-off
This should now work for any user on your computer. arcor is again the name of a file in /etc/ppp/peers/. You may have given it a different name.

Finally we will use a graphical user interface to start and stop our Internet connection. A cgi-program is a program that generates interactive web-pages. A well designed cgi-program works with any browser and any operating system. That's why we use a cgi-program. It will look like this:

[pppcontrol]
Almost all Linux distributions come today with an already configured apache web-server. All you need to do is to gunzip pppcontrol.gz copy it to the cgi directory of your web-server (probably /home/httpd/cgi-bin/), make it executable by typing
chmod 755 pppcontrol
and then edit it to change the variable $url in this perl script. Ofcourse you need first to unpack pppcontrol.gz to pppcontrol with the command gunzip.
$url must be the url of the script it self. E.g if your PC is just a stand alone Linux computer then you use the loop back IP address:
$url="http://127.0.0.1/cgi-bin/pppcontrol";

The pppcontrol cgi-script reads a configuration file called /etc/ppp/gpppwrap.conf this has the following syntax:

ppponarg: <agument_to_pass_to_ppp_on> - some additional comment string
The minus sign (-) in starts a comment which will be shown on the pppcontrol web-page but is not passed to the /etc/ppp/scripts/ppp-on program. Here is an example for the case where you have in /etc/ppp/peers the ISP config files "arcor" and "talknet":
# This is /etc/ppp/gpppwrap.conf
ppponarg: arcor -- arcor.net 3pf/min
ppponarg: talknet -- internet by call 3.5pf/min
Note: the prices 3pf/min and 3.5pf/min may have changed and may be wrong by the time you read this.

This was perhaps a lot of new information to you but once you have it up and running you will only need to add/delete from time to time an ISP and that is really easy as you have seen above.
You can now conveniently select an ISP form the list on the web-page and dial out by just clicking on a button on that web-page.

 

DNS proxy

In the previous chapter you have seen how to configure everything for just one Linux computer. The DNS configuration was done such that we changed the file /etc/resolv.conf every time when setting up a new ppp connection.
If you use IP masquerading to provide internet access for a whole network, then it is more difficult to change the file /etc/resolv.conf on every host inside the network. If you have Windows running on some machines then the task becomes impossible because those computers need to be re-booted every time you change the DNS server in the network configuration. The solution is a DNS proxy. This little DNS server will look like your own DNS server for the hosts inside your network but it will forward the request just to your ISP's DNS server. It is possible to use the Bind-DNS Server for that purpose and configure it as a forwarding server but Bind is not really designed for that purpose.
dnrd is a very good DNS proxy specifically designed for our purpose. See the reference section of this article for information on where to get dnrd. For a network that looks as shown here
[network with IP masquerading]
you have dnrd running on the Linux PC and you configure the internal IP address of the Linux PC (192.168.0.1) as DNS server on all the other PCs in your LAN. This is a static setting and you will never have to change it, very easy.

To install dnrd from the sources you need to:

unapck it:
tar zxvf dnrd-2.10.tar.gz
cd dnrd-2.10/src/
compile it:
make
strip dnrd
install it:
cp dnrd /usr/local/sbin/
create the empty directory /etc/dnrd/ :
mkdir /etc/dnrd/
The DNS proxy dnrd is used as follows (195.50.149.33 and 195.50.140.6 are e.g the DNS servers of your ISP):
when the ppp-link becomes active:
dnrd -s 195.50.149.33 -s 195.50.140.6
when you terminate the connection you run:
dnrd
dnrd is started in our case from the /etc/ppp/ip-up and /etc/ppp/ip-down scripts and it is all automatic. The scripts you have downloaded above are already prepared for that and expect dnrd in the directory /usr/local/sbin/.

dnrd can do much more than that. It can even be a small DNS server of it's own. Under Unix you can always write in the /etc/host.conf file the line
order hosts, bind
and then give all your machines in your small local network symbolic names in the file /etc/hosts . Unfortunately the stupid Windows machines in your network do not have that possibility. If dnrd finds a /etc/hosts file on your Linux PC then it will automatically act as a DNS server for the entries mentioned in that file. This solves the problem!

The syntax of the /etc/hosts file is as shown here:

# syntax:
# ip-addr hostname alias1 alias2 ...
# example:
192.168.0.1 linuxpc.mynet linuxpc
192.168.0.2 peppermint.mynet pepper mint
With dnrd running you can how use from anywhere in the network http://linuxpc.mynet/ or http://linuxpc/ instead of http://192.168.0.1/

To use dnrd not only as a DNS proxy but also as a DNS server for the entries in /etc/hosts you should start it already at boot time. To do this you need to add the line

daemon /usr/local/sbin/dnrd
at the end of the start section in the /etc/rc.d/init.d/network boot script (This syntax is for redhat, mandrake etc... your distribution may differ).

That's all. Now anybody inside your network can surf in parallel with everybody else an it is easy to start and stop the ppp connection or to change between different ISPs. Just bookmark the link to pppcontrol, our cgi-script.

 

Improvements

Those of you who have decided to use the DNS proxy dnrd can as well edit the /etc/ppp/ip-up and /etc/ppp/ip-down scripts to no longer modify the /etc/resolv.conf file. Just comment out all lines with
echo .....> /etc/resolv.conf
or
cat > /etc/resolv.conf << ENDOFCAT
...
ENDOFCAT

After you have done that you just use the loop back address as DNS server address (check with /sbin/ifconfig that you have a lo interface):
# This is /etc/resolv.conf when dnrd is running
nameserver 127.0.0.1
The advantage is that you are now using the internal cache of dnrd on all the hosts and not only on the ones inside your network.

To test that your DNS proxy is working you can use nslookup:
>nslookup
Default Server:  localhost
Address:  127.0.0.1

>pepper
Server:  localhost
Address:  127.0.0.1

Non-authoritative answer:
Name:    peppermint.mynet
Address:  192.168.0.2
Terminate nslookup by typing crtl-d.    

Trouble shooting

In this section I will explain how to activate debuging output for pppd. It will help you to figure out what is wrong if it does not work. Unfortunately I found out that it was not always a configuration fault on my side when it did not work.

The first thing that pppd does in our case is to open the serial port (/dev/modem, a link to e.g /dev/ttyS0) in order to run the script /etc/ppp/scripts/ppp-on-dialer-pap. This script will send AT commands to the modem. Those commands make the modem dial to your ISP. If anything goes wrong there then you can find errors in the file /etc/ppp/connect-errors. Most of the time the connect-errors file will give you enough hints to figure out what is wrong. Should this not be the case then you can type the AT commands manually. To do that you need a serial line communication program like minicom (part of most Linux distributions), or cu (usually part of a package called uucp) or kermit (get it from http://www.columbia.edu/kermit/ck70.html). Use this serial line communication program to "talk" to your modem. When you type AT, then the modem should say "OK". If not, check the speed settings, the power cable etc... In case it said OK, then try the command ATDT1234 The modem should dial now 1234. If not, check the manual of your modem. The command could as well be ATD1234 (with out T) or some other setting is wrong.

After the modem has dialed to your ISP the next step is the ppp-negotiation phase. To watch what is going on there you must enable to syslog facility daemon.debug in /etc/syslog.conf. Edit the file /etc/syslog.conf and add ";daemon.debug" to the line that ends in /var/log/messages . E.g like this:

*.info;mail.none;authpriv.none;daemon.debug   /var/log/messages
Next restart syslog with the command
/etc/rc.d/init.d/syslog restart
Now you can enable the option "debug" in /etc/ppp/options (it's already enabled in the configuration files that you have downloaded from this page in the chapter Setting up pppd). Next type
tail -f /var/log/messages
and watch pppd debug output while connecting to your ISP.

A successful ppp connection setup would look like this:

Jan 14 17:18:11 bearix pppd[721]: pppd 2.3.10 started by root, uid 0
Jan 14 17:18:34 bearix pppd[721]: Serial connection established.
Jan 14 17:18:34 bearix pppd[721]: Using interface ppp0
Jan 14 17:18:34 bearix pppd[721]: Connect: ppp0 <--> /dev/modem
Jan 14 17:18:35 bearix pppd[721]: sent [LCP ConfReq id=0x1 ]
Jan 14 17:18:37 bearix pppd[721]: rcvd [LCP ConfReq id=0x46 ]
Jan 14 17:18:37 bearix pppd[721]: sent [LCP ConfNak id=0x46 ]
Jan 14 17:18:38 bearix pppd[721]: rcvd [LCP ConfReq id=0x47 ]
Jan 14 17:18:38 bearix pppd[721]: sent [LCP ConfAck id=0x47 ]
Jan 14 17:18:38 bearix pppd[721]: sent [LCP ConfReq id=0x1 ]
Jan 14 17:18:38 bearix pppd[721]: rcvd [LCP ConfAck id=0x1 ]
Jan 14 17:18:38 bearix pppd[721]: sent [PAP AuthReq id=0x1 user="arcor" password="internet"]
Jan 14 17:18:40 bearix pppd[721]: rcvd [LCP ConfReq id=0x49 ]
Jan 14 17:18:40 bearix pppd[721]: sent [LCP ConfReq id=0x2 ]
Jan 14 17:18:40 bearix pppd[721]: sent [LCP ConfAck id=0x49 ]
Jan 14 17:18:41 bearix pppd[721]: rcvd [LCP ConfAck id=0x2 ]
Jan 14 17:18:41 bearix pppd[721]: rcvd [CHAP Challenge id=0x5 <0c7672840494152025f937ac4f5e135e>, name = "klndiinternet"]
Jan 14 17:18:41 bearix pppd[721]: sent [CHAP Response id=0x5 , name = "arcor"]
Jan 14 17:18:41 bearix pppd[721]: rcvd [CHAP Success id=0x5 ""]
Jan 14 17:18:41 bearix pppd[721]: sent [IPCP ConfReq id=0x1 ]
Jan 14 17:18:41 bearix pppd[721]: sent [CCP ConfReq id=0x1 ]
Jan 14 17:18:41 bearix pppd[721]: rcvd [IPCP ConfReq id=0x8e ]
Jan 14 17:18:41 bearix pppd[721]: sent [IPCP ConfAck id=0x8e ]
Jan 14 17:18:41 bearix pppd[721]: rcvd [IPCP ConfRej id=0x1 ]
Jan 14 17:18:41 bearix pppd[721]: sent [IPCP ConfReq id=0x2 ]
Jan 14 17:18:41 bearix pppd[721]: rcvd [LCP ProtRej id=0xfb 80 fd 01 01 00 0f 1a 04 78 00 18 04 78 00 15 03 2f]
Jan 14 17:18:41 bearix pppd[721]: rcvd [IPCP ConfNak id=0x2 ]
Jan 14 17:18:41 bearix pppd[721]: sent [IPCP ConfReq id=0x3 ]
Jan 14 17:18:41 bearix pppd[721]: rcvd [IPCP ConfAck id=0x3 ]
Jan 14 17:18:41 bearix pppd[721]: local IP address 145.253.88.6
Jan 14 17:18:41 bearix pppd[721]: remote IP address 145.253.1.150
Jan 14 17:18:41 bearix pppd[721]: primary DNS address 145.253.2.11
Jan 14 17:18:41 bearix pppd[721]: secondary DNS address 145.253.2.75
Jan 14 17:18:41 bearix pppd[721]: Script /etc/ppp/ip-up started (pid 723)
Jan 14 17:18:42 bearix pppd[721]: Script /etc/ppp/ip-up finished (pid 723), status = 0x0
To fully understand this, one should probably know the details of the ppp protocol. I have no idea how ppp protocol really works but I can guess a few things and that is usually more than enough to understand what is roughly going on. "sent ... ConfReq" means e.g that you are sending a configuration request in order to negotiate something. The answer to that comes in a "rcvd ... ConfAck" (receive configuration request acknowledge) or "rcvd ... ConfRej" (receive configuration request reject). If everything is successful then you can see your dynamically assigned IP address (local IP address) and the IP address of the gateway at your ISP (remote IP address).

It is impossible to describe every error case here first of all because I don't know your setup and second because there are simply too many things that could go wrong. With a little bit of creativity and the things in mind that you have learned in this article you should be able find most faults. If you really can not get it to work and it does not look like a fault on your side then just try a different ISP. It could very well be a problem at the ISP.

   

References

 

Talkback form for this article

Every article has its own talkback page. On this page you can submit a comment or look at comments from other readers:
 talkback page 

Webpages maintained by the LinuxFocus Editor team
© Guido Socher, FDL
LinuxFocus.org

Click here to report a fault or send a comment to LinuxFocus

2001-04-27, generated by lfparser version 2.13