The User-Mode PPP dialer in FreeBSD Version 2.2 (also known as:
This guide explains how to:
While the focus of this guide is to assist in configuring IP Aliasing,
it also includes specific examples of the configuration steps necessary
to configure and install each individual component; each section stands
alone and may be used to assist in the configuration of various aspects
of FreeBSD internetworking.
While the ppp program can, and usually is, be configured to provide
services to
This guide assumes a typical Local Area Network lashed together as
follows:
Some specific assumptions about this sample network are:
Three workstations and a Server are connected with Ethernet
cabling:
The IP Addresses on the Ethernet side of this sample LAN have been
taken from the pool of "reserved" addresses proposed in RFC-1597.
IP addresses are assigned as follows:
This guide assumes that the modem on the FreeBSD box is connected
to the first serial port ('/dev/cuaa0' or 'COM1:' in
DOS-terms).
Finally, we'll also assume that your Internet Service Provider (ISP)
automatically provides the IP addresses of both your PPP/FreeBSD side
as well as the ISP's side. (i.e.: Dynamic IP Addresses on both ends
of the link.) Specific details for configuring the Dial-Out side of
PPP will be addressed in Section 2, "Configuring the FreeBSD System".
There are three basic pieces of information that must be known to
the FreeBSD box before you can proceed with integrating the sample
Local Area Network:
If you performed the installation of FreeBSD over a network connection some of this information may already be configured into your FreeBSD system.
Even if you believe that the FreeBSD system was properly configured
when it was installed you should at least verify each of these bits of
information to prevent trouble in subsequent steps.
It's possible that the FreeBSD host name was specified and saved
when the system was initially installed. To verify that it was, enter
the following command at a prompt:
The name of the host FreeBSD system will be displayed on a single
line. If the name looks correct (this is very subjective :-) skip
ahead to Section 3.2, "Verifying the Ethernet Interface
Configuration".
For example, in our sample network, we would see 'curly.my.domain'
as a result of the `hostname` command if the name had been set
correctly during, or after, installation. (At this point, don't worry
too much about the ".my.domain" part, we'll sort this out later. The
important part is the name up to the first dot.)
If a host name wasn't specified when FreeBSD was installed you'll
probably see 'myname.my.domain` as a response. You'll need to edit
/etc/sysconfig to set the name of the machine.
The configuration file that specifies the FreeBSD system's host
name when the system boots is in /etc/sysconfig. Use the
default text editor ('Logged in as user 'root' load /etc/sysconfig into the
editor with the following command:
Using the arrow keys, scroll down until you find the line that
specifies the host name of the FreeBSD system. By default, this
section says:
To reiterate our basic assumption, this guide assumes that the
Ethernet Interface in the FreeBSD system is named 'Other models of network adapters may have different device names in
FreeBSD. Check the FAQ for specifics about your network adapter. If
you're not sure of the device name of your adapter, check the FreeBSD
FAQ to determine the device name for the card you have and substitute
that name (i.e.: 'As was the case with the host name, the configuration for the
FreeBSD system's Ethernet Interface may have been specified when the
system was installed.
To display the configuration for the interfaces in your
FreeBSD system (Ethernet and others), enter the following command:
In this example, the following devices were displayed:
In this example, the 'ed0' device is up and running. The key
indicators are:
If the line for the Ethernet card had shown something similar to:
If the configuration for the Ethernet interface is correct you can
skip forward to Section 3.4, "Creating the list of other LAN hosts".
Otherwise, proceed with the next section.
The configuration file that specifies settings for the network
interfaces when the system boots is in /etc/sysconfig. Use
the default text editor ('ee') to edit this file.
Logged in as user 'root' load /etc/sysconfig into the
editor with the following command:
# ee /etc/sysconfig
About 100 lines from the top of /etc/sysconfig is the section
that describes which network interfaces should be activated when the
system boots. In the default configuration file the specific line
that controls this is:
You'll need to amend this line to tell FreeBSD that you want to add
another device, namely the ' (Note the space between the definition for the loopback device
("lo0")
and the Ethernet device (" If you performed the installation of FreeBSD over a network
connection then the 'Specify the Interface Settings for the Ethernet device
('Beneath the line that specifies which interfaces should be
activated are the lines that specify the actual settings for each
interface. In the default /etc/sysconfig file is a single
line that says:
You'll need to add another line after that to specify the settings
for your 'If you performed the installation of FreeBSD over a network
connection then there may already be an 'ifconfig_ed0=' line
after the loopback definition. If so, verify that it has the correct
values.
For our sample configuration we'll insert a line immediately after
the loopback device definition that says:
When you've finished editing /etc/sysconfig to specify and
configure the network interfaces the section should look really close
to:
Once all of the necessary changes to /etc/sysconfig have
been made, press the 'Esc' key to invoke the control menu. Select
"leave editor" and be sure to select "save changes" when prompted.
By default the FreeBSD system will not forward IP packets between
various network interfaces. In other words, routing functions (also
known as gateway functions) are disabled.
If your intent is to use a FreeBSD system as stand-alone Internet
workstation and not as a gateway between LAN nodes and your ISP you
should skip forward to Section 3.4, "Creating the List of Other
LAN Hosts".
If you intend for the PPP program to service the local FreeBSD box
as well as LAN workstations (as a router) you'll need to enable IP
forwarding.
To enable IP Packet forwarding you'll need to edit the
/etc/sysconfig file.
Load this file into your editor with the following command:
About 250 lines down from the top of the file will be the
configuration
section which controls IP forwarding, which will look like:
Change this line to read:
The final step in configuring the LAN side of the FreeBSD system is
to create a list of the names and TCP/IP addresses of the various
systems that are connected to the Local Area Network. This list is
stored in the '/etc/hosts' file.
The default version of this file has only a single host name
listing in it: the name and address of the loopback device ('lo0').
By networking convention, this device is always named "localhost" and
always has an IP address of 127.0.0.1. (See the interface
configuration example in Section 3.2.)
To edit the /etc/hosts file enter the following command:
Scroll all the way to the bottom of the file (paying attention to
the comments along the way; there's some good information there!) and
enter (assuming our sample network) the following IP addresses and
host names:
(No changes are needed to the line for the '127.0.0.1
localhost' entry.)
Once you've entered these lines, press the 'Esc' key to invoke the
control menu. Select "leave editor" and be sure to select "save
changes" when prompted.
Congratulations! Once you've made it to this point, the FreeBSD
system is configured as a network-connected UNIX system! If you made
any changes to the /etc/sysconfig file you should probably
re-boot your FreeBSD system. This will accomplish two important
objectives:
To verify that the loopback device is configured correctly, log in as
'root' and enter:
You should see:
To verify that the Ethernet device is configured correctly, enter:
One important thing to look at in these two examples is that the
names (loopback and curly) correctly correlate to their IP addresses
(127.0.0.1 and 192.168.1.1). This verifies that the
/etc/hosts files is correct.
If the IP address for "curly" isn't 192.168.1.1 or the address for
"localhost" isn't 127.0.0.1, return to Section 3.4 and review your
entries in '/etc/hosts'.
If the names and addresses are indicated correctly in the result of
the ping command but there are errors displayed then something is
amiss with the interface configuration(s). Return to Section 3.1 and
verify everything again.
If everything here checks out, proceed with the next section.
There are two basic modes of operation of the ppp driver: "Interactive" and "Automatic". In Interactive mode you:
In Automatic mode, the PPP program silently watches what goes on inside the FreeBSD system and automagically connects and disconnects with your ISP as required to make the Internet a seamless element of your network.
In this section we'll address the configuration(s) for both modes
with emphasis on configuring your `ppp` environment to operate in
"Automatic" mode.
Before making any changes to the files which are used by PPP you
should make a copy of the default files that were created when the
FreeBSD system was installed.
Log in as the 'root' user and perform the following steps:
Change to the '/etc directory:
# cd /etc
Make a backup copy the original files in the 'ppp' directory:
# cp -R ppp ppp.ORIGINAL
You should now be able to see both a 'ppp' and a
'ppp.ORIGINAL' subdirectory
in the '/etc' directory.
By default, the FreeBSD installation process creates a number of
sample configuration files in the /etc/ppp directory. Please take
some time to review these files; they were derived from working
systems and represent the features and capabilities of the PPP
program.
I For detailed information about the `ppp` program, read the ppp
manpage:
For detailed information about the `chat` scripting language used by
the PPP dialer, read the chat manpage:
The remainder of this section describes the recommended contents of
the PPP configuration files.
The '/etc/ppp/ppp.conf' file contains the information and
settings required to set up a dial-out PPP connection. More than one
configuration may be contained in this file. The FreeBSD handbook
(XXX URL? XXX) describes the contents and syntax of this file in
detail.
This section will describe only the minimal configuration to get a
dial-out connection working.
Below is the /etc/ppp/ppp.conf file that we'll be using to provide a
dial-out Internet gateway for our example LAN:
The 'default:' section contains the values and settings
used by every other section in the file. Essentially, this section is
implicitly added to the configuration lines to each other section.
This is a good place to put "global defaults" applicable to all
dial-up sessions; especially modem settings and dialing prefixes which
typically don't change based on which destination system you're
connecting to.
Following are the descriptions of each line in the "default" section
of the sample '/etc/ppp/ppp.conf' file:
If your modem is on COM2: you should specify
'/dev/cua01; COM3: would be '/dev/cua02'.
The 'interactive:' section contains the values and
settings used to set up an "interactive" PPP session with a specific
remote system. Settings in this section will have the lines included
in the "default" section included automatically.
The example cited in this section of the guide presumes that you'll
be connecting to a remote system that understands how to authenticate
a user without any fancy scripting language. That is, this sample
uses the CHAP protocol to set up the connection.
A good rule of thumb is that if the Windows '95 dialer can set up a
connection by just clicking the "Connect" button this sample
configuration should work OK.
If, on the other hand, when you connect to your ISP using Microsoft
Windows '95 Dial-Up Networking you need to resort to using the "Dial
Up Scripting Tool" from the Microsoft Plus! pack or you have to select
"Bring up a terminal windows after dialing" in the Windows '95
connection options then you'll need to look at the sample PPP
configuration files and the ppp manpage for examples of "expect /
-response" scripting to make your ISP connection.
+response" scripting to make your ISP connection. The "set login"
+command is used for this purpose.
Or even better, find an ISP who knows how to provide PAP or CHAP
authentication!
The configuration examples shown here have been successfully used to
connect to:
The "demand" section contains the values and settings used
to set up a "Dial-on-demand" PPP session with a specific remote
system. Settings in this section will also have the lines included in
the "default" section included automatically.
Except for the last two lines in this section it is identical to
the configuration section which defines the "interactive"
configuration.
As noted in Paragraph ???, the examples cited in this section of
the guide presume that you'll be connecting to a remote system that
understands how to use the CHAP protocol to set up the connection.
Following are descriptions for each line in the "demand" section of
the sample '/etc/ppp/ppp.conf' file:
Remember, we've assumed that your ISP provides the IP addresses for
both ends of the link! If your ISP assigned you a specific IP address
that you should use on your side when configuring your system, enter
that IP address here 127.1.1.1.
Conversly, if your ISP gave you a specific IP address that he uses on
his end you should enter that IP address here 127.2.2.2.
In both cases, it's probably a good idea to leave the '/0' on
the end of each address. This gives the PPP program the opportunity
to change the address(es) of the link if it By adding this "fake" route for IP traffic, the PPP program can,
while idle:
Once the number of seconds specified by the timeout value in the
"default" section have elapsed without any TCP/IP traffic the PPP
program will automatically close the dial-up connection and the
process will begin again.
The other file needed to complete the PPP configuration is found in
'/etc/ppp/ppp.linkup'. This file contains instructions for
the PPP program on what actions to take after a dial-up link is
established.
In the case of dial-on-demand configurations the PPP program will need
to delete the default route that was created to the fake IP address of
the remote side (127.2.2.2 in our example in the previous section) and
install a new default route that points the actual IP address of the
remote end (discovered during the dial-up connection setup).
A representative '/etc/ppp/ppp.linkup' file:
It's critical that those configurations in
'/etc/ppp/ppp.conf' which include the '/etc/ppp/ppp.linkup.
All configurations not explicitly named in
/etc/ppp/ppp.linkup will use whatever commands are in the
"MYADDR:" section of the file. This is where non-Demand-Dial
configurations (such as our "interactive:" sample) will fall through
to. This section simply adds a default route to the ISP's IP address
(at the remote end).
All of the configuration steps described thus far are relevant to
any FreeBSD system which will be used to connect to an ISP via dial-up
connection.
If your sole objective in reading this guide is to connect your
FreeBSD box to the Internet using dial-out ppp you can proceed to
Section 6, "Testing the Network".
One very attractive feature of the PPP program in on-demand mode is
its ability to route IP traffic between other systems on the Local
Area Network automatically. This feature is known by various names,
"Regardless of the terminology used, this mode is not, however,
automatic. If the PPP program is started normally then the program
will not forward packets between LAN interface(s) and the dial-out
connection. In effect, only the FreeBSD system is connected to the
ISP; other workstations cannot "share" the same connection.
For example, if the program is started with either of the following
command lines:
# ppp interactive (Interactive mode) or
# ppp -auto demand (Dial-on-Demand mode)
then the system will function as an Internet-connected workstation
# ppp -alias interactive (Interactive mode) or
# ppp -auto -alias demand (Dial-on-Demand mode)
Keep this in mind if you intend to proceed with Section 5,
"Configuring Windows Systems".
As indicated in Section 1, our example network consists of a
FreeBSD system ("Curly") which acts as a gateway (or router) between a
Local Area Network consisting of two different flavors of Windows
Workstations. In order for the LAN nodes to use Curly as a router
they need to be properly configured. Note that this section does not
explain how to configure the Windows workstations for Dial-Up
networking. If you need a good explanation of that procedure, I
recommend Configuring Windows 95 to act as an attached resource on your LAN
is relatively simple. The Windows 95 network configuration must be
slightly modified to use the FreeBSD system as the default gateway to
the ISP. Perform the following steps:
In order to connect to the other TCP/IP systems on the LAN you'll
need to create an identical copy of the "hosts" file that you
installed on the FreeBSD system in Section 3.4.
The settings for all Network Elements are displayed.
(Hint: "Add | Protocol | Microsoft | TCP/IP | OK")
(In our example LAN the Windows 95 system is the one we've called "Larry".)
For our example network the FreeBSD box will be acting as our
gateway to the Internet (routing packets between the Ethernet LAN and
the PPP dial-up connection. Enter the IP address of the FreeBSD
Ethernet interface, 192.168.1.1, in the "New gateway" field and click
the "Add" button. If any other gateways are defined in the "Installed
gateways" list you may wish to consider removing them.
This guide assumes that your Internet Service Provider has given
you a list of Domain Name Servers (or "DNS Servers") that you should
use. If you wish to run a DNS server on your local FreeBSD system,
refer to Section 6, "Exercise for the Interested Student" for tips on
setting up DNS on your FreeBSD system.
(If this button is not selected only the entries that
we put in the host file(s) will be available and your Net-Surfing
will not work as you expect!)
For our purposes the settings under the "Advanced", "WINS
Configuration" and "Bindings" tabs are not necessary.
If you wish to use the Windows Internet Naming Service ("WINS")
your attention is invited to That's it!
Configuring Windows NT to act as a LAN resource is also relatively
straightforward. The procedures for configuring Windows NT are
similar to Windows 95 with minor exceptions in the user interface.
The steps shown here are appropriate for a Windows NT 4.0
Workstation, but the principles are the same for NT 3.5x. You may
wish to refer to the "Configuring Windows for Workgroups" section if
you're configuring Windows NT 3.5 In order to connect to the other TCP/IP systems on the LAN you'll
need to create an identical copy of the "hosts" file that you
installed on the FreeBSD system in Section 3.4
The installed Network Protocols will be displayed. There may be a
number of protocols listed but the one of interest to this guide is
the "TCP/IP Protocol". If "TCP/IP Protocol" is not listed, click the
"Add" button to load it.
(Hint: "Add | TCP/IP Protocol | OK") Tabs for specifying various settings for TCP/IP will be displayed.
Make sure that the Ethernet Interface is shown in the "Adapter"
box; if not, scroll through the list of adapters until the correct
interface is shown.
In our example LAN the Windows NT system is the one we've called
"Shemp"
For our example network the FreeBSD box will be acting as our gateway
to the Internet (routing packets between the Ethernet LAN and the PPP dial-up
connection.
If any other gateways are defined in the "Installed gateways" list
you may wish to consider removing them.
Again, this guide assumes that your Internet Service Provider has
given you a list of Domain Name Servers (or "DNS Servers") that you
should use.
If you wish to run a DNS server on your local FreeBSD system, refer to
Section 6, "Exercise for the Interested Student" for tips on setting
up DNS on your FreeBSD system.
For our purposes the settings under the "WINS Address" and
"Routing" tabs are not used.
If you wish to use the Windows Internet Naming Service ("WINS")
your attention is invited to That's it!
Configuring Windows for Workgroups to act as a network client
requires that the Microsoft TCP/IP-32 driver diskette has been
installed on the workstation. The TCP/IP drivers are not included
with the WfW CD or diskettes; if you need a copy they're available at
Once the TCP/IP drivers have been loaded, perform the following
steps:
In order to connect to the other TCP/IP systems on the LAN you'll
need to create an identical copy of the "hosts" file that you
installed on the FreeBSD system in Section 3.4.
Ensure
the correct Ethernet Interface is selected in the "Adapter" list. If
not, scroll down until it is displayed and select it by clicking on
it.
For our example network the FreeBSD box will be acting as our
gateway to the Internet (routing packets between the Ethernet LAN and
the PPP dial-up connection).
Again, this guide assumes that your Internet Service Provider has
given you a list of Domain Name Servers (or "DNS Servers") that you
should use. If you wish to run a DNS server on your local FreeBSD
system, refer to Section 6, "Exercise for the Interested Student" for
tips on setting up DNS on your FreeBSD system.
That's it!
Once you've completed that appropriate tasks above you should have
a functioning PPP gateway to the Internet.
The first thing to test is that the connection is being made
between your modem and the ISP.
*** TBD ***
While managing a Domain Name Service (DNS) hierarchy can be a black
art, it is possible to set up a Mini-DNS server on the FreeBSD system
that also acts as your gateway to your ISP.
Building on the files in /etc/namedb when the FreeBSD
system was installed it's possible to create a name server that is
both authoritative for the example network shown here as well as a
front-door to the Internet DNS architecture.
In this minimal DNS configuration, only three files are necessary:
The /etc/namedb/named.root file is automatically installed
as part of the FreeBSD base installation; the other two files must be
created manually.
The /etc/namedb/named.boot file controls the startup
settings of the DNS server.
Esentially, it tells the Name Server:
Using the '/etc/namedb/named.boot with the following contents:
Lines that begin with a semi-colon are comments. The significant
lines in this file are:
Tells the Name Server where to find the configuration files
referenced in the remaining sections of the
'/etc/namedb/named.boot' file.
Tells the Name Server that the list of "Top-Level" DNS servers for
the Internet can be found in a file called 'named.root'.
(This file is included in the base installation and its
contents are not described in this document.)
Tells the Name Server that it will be "authoritative" for a DNS
domain called "my.domain" and that a list of names and IP addresses
for the systems in "my.domain" (the local network)
can be found in a file named 'mydomain.db'.
Once the /etc/namedb/named.boot file has been created and
saved, proceed to the next section to create the
/etc/namedb/mydomain.db file.
The /etc/namedb/mydomain.db file lists the names and IP
addresses of For a detailed description of the statements used in this file,
refer to the
The /etc/namedb/mydomain.db file for our minimal DNS
server has the following contents:
In simple terms, this file declares that the local DNS server is:
To add workstation entries to this file you'll need to add two
lines for each system; one in the top section where the name(s) are
mapped into Internet Addresses ("IN A"), and another line that maps
the addresses back into names in the $ORIGIN
1.168.192.IN-ADDR.ARPA section.
By default the DNS server ('/usr/sbin/named') is not
started when the system boots. You can modify this behavior by
changing a single line in '/etc/sysconfig' as follows:
Using the '/etc/sysconfig. Scroll
down approximately 200 lines until you come to the section that says:
Whenever you modify any of the files in /etc/namedb you'll
need to kick-start the Name Server process to make it pick up the
modifications. This is performed with the following system command:
The PPP program has the ability to apply selected filtering rules
to the traffic it routes. While this is not nearly as secure as a
formal firewall it does provide some access control as to how the link
is used.
('man ipfw' for information on setting up a more secure
FreeBSD system.)
The complete documentation for the various filters and rules under
PPP are availabe in the PPP manpage.
There are four distinct classes of rules which may be applied to
the PPP program:
What follows is a snippet from an operating system which provides a
good foundation for "normal" Internet operations while preventing PPP
from pumping Up to 20 distinct filtering rules can be applied to each class of
filter. Rules in each class are number sequentially from 0 to 20
If you choose /etc/ppp/ppp.conf file in either the
"default:", "demand:", or "interactive:" section (or all of them - the
choice is yours).