stopping diald

stopping diald

[James Miller]

Newbie question:

I've started experimenting with diald, since I'm planning on setting up a
small network from which more than one computer will be needing to access
the 'net. Diald works fine, in terms of connecting to the provider. My
question is about stopping the process. So far, I've been able to stop
diald only by opening a console and su'ing and issuing "poff." Trying to
run poff from a console as user results in the message "/usr/bin/poff:
/bin/kill failed. None stopped". I believe that this is because the
process is owned by root, as ps axu shows. I need a more elegant and less
restrictive process for stopping the diald connection than having to open
a console, su, then issue "poff." Can someone please suggest alternative
methods? Eventually, I plan on adding a poff item to my Icewm toolbar. But
understanding various ways to stop the process is prerequisite to that (I
know how to edit the toolbar config file, and have some understanding of
how the entries should look).

Thanks for any help.

James
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: stopping diald

[whitnl73]

On Sat, 8 Mar 2003, James Miller wrote:

> Newbie question:
>
> I've started experimenting with diald, since I'm planning on setting up a
> small network from which more than one computer will be needing to access
> the 'net. Diald works fine, in terms of connecting to the provider. My
> question is about stopping the process. So far, I've been able to stop
> diald only by opening a console and su'ing and issuing "poff." Trying to
> run poff from a console as user results in the message "/usr/bin/poff:
> /bin/kill failed. None stopped". I believe that this is because the
> process is owned by root, as ps axu shows. I need a more elegant and less
> restrictive process for stopping the diald connection than having to open
> a console, su, then issue "poff." Can someone please suggest alternative
> methods? Eventually, I plan on adding a poff item to my Icewm toolbar. But
> understanding various ways to stop the process is prerequisite to that (I
> know how to edit the toolbar config file, and have some understanding of
> how the entries should look).
>
> Thanks for any help.
>
> James
> -
I don't know what diald is exactly - just a wrapper for pppd?  pppd
itself doesn't _have_ to run as root, it's just that the user that runs
it needs permission to read and write the modem device it is to use --
pppd is normally installed as suid root -- and the user that runs it may
stop it.

Lawson
---oops---



________________________________________________________________
Sign Up for Juno Platinum Internet Access Today
Only $9.95 per month!
Visit www.juno.com
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: stopping diald

[Ray Olszewski]

I didn't reply to this initially because I hoped someone who is more 
current on dial-up would.

diald is a dialing daemon that uses pppd to maintain a persistent, or an 
on-demand, connection to a dial-up ISP. I thought its functionality had 
been superseded by pppd itself being capable of supporting persistent and 
on-demand connections ... but I haven't used dialup in several years now, 
so my memory may be fooling me.

In any case, diald probably runs as root because it is started by an init 
script, such as the one that starts networking (since the original poster 
does not mention what Linux distro he is using, I won't try to guess the 
name or path of the script). It is probably set up intentionally to prevent 
ordinary users from disabling it.

Without knowing more about the poster's setup, I don't know what the best 
workaround is. I suspect it is to allow his ordinary-user account either to 
stop diald entirely, or to close its current connection (I can't tell which 
of these two things he is actually trying to do)  via sudo ... which I 
imagine can be added to his "Icewm toolbar".

A closing thought ... if I am right about diald being superseded by pppd 
itself, then the orniginal poster *may* be trying to connect to the 
Internet using a very old version of Linux. This is not a good idea, for 
security reasons, and I'd encourage him to update to the current version of 
his preferred distro.

At 10:40 AM 3/9/2003 -0500, whitnl73@juno.com wrote:
>On Sat, 8 Mar 2003, James Miller wrote:
>
> > Newbie question:
> >
> > I've started experimenting with diald, since I'm planning on setting up a
> > small network from which more than one computer will be needing to access
> > the 'net. Diald works fine, in terms of connecting to the provider. My
> > question is about stopping the process. So far, I've been able to stop
> > diald only by opening a console and su'ing and issuing "poff." Trying to
> > run poff from a console as user results in the message "/usr/bin/poff:
> > /bin/kill failed. None stopped". I believe that this is because the
> > process is owned by root, as ps axu shows. I need a more elegant and less
> > restrictive process for stopping the diald connection than having to open
> > a console, su, then issue "poff." Can someone please suggest alternative
> > methods? Eventually, I plan on adding a poff item to my Icewm toolbar. But
> > understanding various ways to stop the process is prerequisite to that (I
> > know how to edit the toolbar config file, and have some understanding of
> > how the entries should look).
> >
> > Thanks for any help.
> >
> > James
> > -
>I don't know what diald is exactly - just a wrapper for pppd?  pppd
>itself doesn't _have_ to run as root, it's just that the user that runs
>it needs permission to read and write the modem device it is to use --
>pppd is normally installed as suid root -- and the user that runs it may
>stop it.





-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

RE: stopping diald

[James Miller]

On Sun, 9 Mar 2003, Ray Olszewski wrote:
Thanks for this detailed response, Ray.
>
> diald is a dialing daemon that uses pppd to maintain a persistent, or an
> on-demand, connection to a dial-up ISP. I thought its functionality had
> been superseded by pppd itself being capable of supporting persistent and
> on-demand connections ... but I haven't used dialup in several years now,
> so my memory may be fooling me.
>
You may be right about diald having been superseded. I've done a bit of
research on pppd in the past and seemed to be recalling that it is
capable of on-demand connection to the ISP - i.e., that it can await
requests for the 'net and then dial the connection, whether these requests
originate from the localhost or somewhere on a LAN. I used diald at the
recommendation of someone else, who seemed to think it would be what I'd
need for my small home network. He proposed it as a way that would
allow the machine that will act as the gateway to watch for internet
connection requests from the network and dial the connection. Perhaps he
was a bit outdated, and should have suggested that pppd can now serve these
sorts of functions?

> In any case, diald probably runs as root because it is started by an init
> script, such as the one that starts networking (since the original poster
> does not mention what Linux distro he is using, I won't try to guess the
> name or path of the script). It is probably set up intentionally to prevent
> ordinary users from disabling it.
>
> Without knowing more about the poster's setup, I don't know what the best
> workaround is. I suspect it is to allow his ordinary-user account either to
> stop diald entirely, or to close its current connection (I can't tell which
> of these two things he is actually trying to do)  via sudo ... which I
> imagine can be added to his "Icewm toolbar".
>
This setup involves a machine that will act as a gateway that runs a new,
somewhat modified Debian version called "Libranet." There is one other,
and may be as many as 2 more machines on the LAN that will need to connect
to the 'net via this computer. Getting something like diald working - or
just pppd, if it will do the job - is a preliminary step, mainly
calculated to buy me time as I try to digest the much more difficult (and
more fundamental) problem of ipchains. I've got the howto for it, but it's
got this newbie's brains quite taxed. I'll doubtless be posting some
questions on that related topic in the not-too-distant future. I do want
the user to be able to break the connection to the 'net as you suggest,
and not necessarily stop diald. I wasn't sure there was a difference, but your
post makes it clear that there is. Thanks.

> A closing thought ... if I am right about diald being superseded by pppd
> itself, then the orniginal poster *may* be trying to connect to the
> Internet using a very old version of Linux. This is not a good idea, for
> security reasons, and I'd encourage him to update to the current version of
> his preferred distro.
>
The distro is new, and has the latest Woody security updates. Probably no
big worries there. I think I just got some rather dated advice on how to
set up demand dialing.

James
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

remote login

[Jesse Armand]

I want to login to a remote computer on my LAN, 
how do i configure my connection so the other computer
at my LAN can't see my hostname by using 
command : w
          who 
          finger


   

__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: remote login

[Ray Olszewski]

At 09:39 PM 3/9/2003 -0800, Jesse Armand wrote:
>I want to login to a remote computer on my LAN,
>how do i configure my connection so the other computer
>at my LAN can't see my hostname by using
>command : w
>           who
>           finger

You can't ... at least not in the sense you probably mean.

To make a connection, the "other computer" has to know your IP address. It 
gets the name it reports in a w or who listing  (on my systems, it is an 
FQN, not a hostname) by doing a reverse lookup of the IP address, using its 
/etc/hosts file or its dns resolver (whichever way you have it set up ... 
it doesn't really have any way to see your actual "hostname", if by that 
you mean the name you put in /etc/hostname). If it cannot resolve the 
address, it will report the address itself in this location.

So in that limited sense, if you do not provide for reverse lookups, the 
remote host will not show the *name* of the computer the connection is from 
... but it will still show the IP address, which it has to know. Whether 
this difference accomplishes what you want I do not know, since you haven't 
said *why* you want to do this.



-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: remote login

[Jesse Armand]

OK, let me explain,
i'm using FreeBSD 3.5 on my remote server.
and i realize that some client is able to hide their
ip adress and hostname from viewing by other client.

when i use the "w" command, the FROM column shows
nothing or blank, and when i use "finger", the client
username don't show up. the same results happen with
"who" command

I ask this because I want to know, nothing more

__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

RE: stopping diald

[Ray Olszewski]

Replies inline.

At 09:29 PM 3/9/2003 -0600, James Miller wrote:
>On Sun, 9 Mar 2003, Ray Olszewski wrote:
>Thanks for this detailed response, Ray.
> >
> > diald is a dialing daemon that uses pppd to maintain a persistent, or an
> > on-demand, connection to a dial-up ISP. I thought its functionality had
> > been superseded by pppd itself being capable of supporting persistent and
> > on-demand connections ... but I haven't used dialup in several years now,
> > so my memory may be fooling me.
> >
>You may be right about diald having been superseded. I've done a bit of
>research on pppd in the past and seemed to be recalling that it is
>capable of on-demand connection to the ISP - i.e., that it can await
>requests for the 'net and then dial the connection, whether these requests
>originate from the localhost or somewhere on a LAN. I used diald at the
>recommendation of someone else, who seemed to think it would be what I'd
>need for my small home network. He proposed it as a way that would
>allow the machine that will act as the gateway to watch for internet
>connection requests from the network and dial the connection. Perhaps he
>was a bit outdated, and should have suggested that pppd can now serve these
>sorts of functions?

Well ... you would do better to get advice from someone who is actually 
*using* dialup (I use DSL these days). I do know that specialized routing 
distros (like LEAF - leaf.sourceforge.net) are able to use pppd without 
diald to support on-demand connections through a Linux-based router. But I 
was also surprised to see that duald is being maintained -- the last Debian 
update to is was about a year ago, much more recent than I'd have guessed.

> > In any case, diald probably runs as root because it is started by an init
> > script, such as the one that starts networking (since the original poster
> > does not mention what Linux distro he is using, I won't try to guess the
> > name or path of the script). It is probably set up intentionally to prevent
> > ordinary users from disabling it.
> >
> > Without knowing more about the poster's setup, I don't know what the best
> > workaround is. I suspect it is to allow his ordinary-user account either to
> > stop diald entirely, or to close its current connection (I can't tell which
> > of these two things he is actually trying to do)  via sudo ... which I
> > imagine can be added to his "Icewm toolbar".
> >
>This setup involves a machine that will act as a gateway that runs a new,
>somewhat modified Debian version called "Libranet." There is one other,
>and may be as many as 2 more machines on the LAN that will need to connect
>to the 'net via this computer. Getting something like diald working - or
>just pppd, if it will do the job - is a preliminary step, mainly
>calculated to buy me time as I try to digest the much more difficult (and
>more fundamental) problem of ipchains.

I do not understand the juxtapositioning here. ipchains (or the newer 
iptables, for 2.4.x kernels) is a useful tool for firewalling. But it does 
not bring interfaces up and down, so it will in no way substitute for the 
functionality of pppd or diald in that respect.

>I've got the howto for it, but it's
>got this newbie's brains quite taxed. I'll doubtless be posting some
>questions on that related topic in the not-too-distant future. I do want
>the user to be able to break the connection to the 'net as you suggest,
>and not necessarily stop diald. I wasn't sure there was a difference, but your
>post makes it clear that there is. Thanks.

"user" is ill-defined here (because there are multiple hosts involved). It 
should be easy to write a script or program that will let a user who is 
logged into the gateway host bring doen the ppp connection to the ISP. It 
is vastly more difficult -- I was tempted to say "impossible", but that's 
an overstatement -- to create a way for a user on a different host to bring 
the pppd connection down.

> > A closing thought ... if I am right about diald being superseded by pppd
> > itself, then the orniginal poster *may* be trying to connect to the
> > Internet using a very old version of Linux. This is not a good idea, for
> > security reasons, and I'd encourage him to update to the current version of
> > his preferred distro.
> >
>The distro is new, and has the latest Woody security updates. Probably no
>big worries there. I think I just got some rather dated advice on how to
>set up demand dialing.

OK. Good.



-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

RE: stopping diald

[James Miller]

Thanks again for your response, Ray
On Mon, 10 Mar 2003, Ray Olszewski wrote:

> diald to support on-demand connections through a Linux-based router. But I
> was also surprised to see that duald is being maintained -- the last Debian
> update to is was about a year ago, much more recent than I'd have guessed.
>
Yes, I got the diald I have via apt-get.

> I do not understand the juxtapositioning here. ipchains (or the newer
> iptables, for 2.4.x kernels) is a useful tool for firewalling. But it does
> not bring interfaces up and down, so it will in no way substitute for the
> functionality of pppd or diald in that respect.
>
Well, pppd or diald make the connection to the internet on the gateway.
But once connected, the gateway needs to be able to pass packets
designated for the computer on the LAN that requested the connection, right?
For that, I understood I'd need something like ipchains or iptables - to
route packets to where they're supposed to go on my LAN. I didn't have any
notion that ipchains would be involved in shutting down the connection to
the ISP - sorry if I confused things there. I also may be butchering
basic networking conceptions and terminology. I'm very new to the whole
thing. Perhaps I'll decide eventually that it's just beyond me, or that I
won't be able to pull it off securely enough. At that point, I'll give up.
But for now, I want to understand things better and to actually implement
those things, if possible and advisable.

> "user" is ill-defined here (because there are multiple hosts involved). It
> should be easy to write a script or program that will let a user who is
> logged into the gateway host bring doen the ppp connection to the ISP. It
> is vastly more difficult -- I was tempted to say "impossible", but that's
> an overstatement -- to create a way for a user on a different host to bring
> the pppd connection down.
>
I'll have to think further on this. I can't really say I understand what
you're saying.

More questions later, undoubtedly.

James
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

RE: stopping diald

[Ray Olszewski]

At 11:52 AM 3/10/2003 -0600, James Miller wrote:
[...]
>But once connected, the gateway needs to be able to pass packets
>designated for the computer on the LAN that requested the connection, right?
>For that, I understood I'd need something like ipchains or iptables - to
>route packets to where they're supposed to go on my LAN.

Actually, it depends, but the likely answer in *your* case is YES. iptables 
(and ipchains) does firewalling, not routing as such. For *simple* routing, 
all you need to do is turn routing on in the kernel and provide a suitable 
routing table, neither of which involves iptables or ipchains. You need 
iptables (or ipchains an some related apps) if you need to --

         A. Have all LAN hosts share a single public IP address, which you 
do via Network Address Translation (NAT), also called IP Masquerading in a 
Linux setting.
         B. Run any servers on a NAT'd LAN that offer services to the 
outside (as though they were located at the public IP address), using port 
forwarding.
         C. Provide any firewall protection to your LAN (always a good 
idea, and especially so if your LAN hosts use public IP addresses).
         D. Provide various other packet-processing functionality not 
commonly used on dial-up connections from homes or small businesses.

The reason I say YES is likely is because dial-up connections almost always 
use NAT.



-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: stopping diald

[glenn]

On a slightly different note, Ive been reading an LDP book called 

Securing & Optimizing Linux - The Ultimate Solution.pdf

Its quite long and geared towards server setups, bases around the Redhat 
install, but has lots of explanations and descriptions of network setups 
including iptables

get it at http://www.tldp.org/guides.html


On Monday 10 Mar 2003 7:08 pm, Ray Olszewski keyed in:
> At 11:52 AM 3/10/2003 -0600, James Miller wrote:
> [...]
>
> >But once connected, the gateway needs to be able to pass packets
> >designated for the computer on the LAN that requested the connection,
> > right? For that, I understood I'd need something like ipchains or
> > iptables - to route packets to where they're supposed to go on my LAN.
>
> Actually, it depends, but the likely answer in *your* case is YES. iptables
> (and ipchains) does firewalling, not routing as such. For *simple* routing,
> all you need to do is turn routing on in the kernel and provide a suitable
> routing table, neither of which involves iptables or ipchains. You need
> iptables (or ipchains an some related apps) if you need to --
>
>          A. Have all LAN hosts share a single public IP address, which you
> do via Network Address Translation (NAT), also called IP Masquerading in a
> Linux setting.
>          B. Run any servers on a NAT'd LAN that offer services to the
> outside (as though they were located at the public IP address), using port
> forwarding.
>          C. Provide any firewall protection to your LAN (always a good
> idea, and especially so if your LAN hosts use public IP addresses).
>          D. Provide various other packet-processing functionality not
> commonly used on dial-up connections from homes or small businesses.
>
> The reason I say YES is likely is because dial-up connections almost always
> use NAT.
>
>
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.linux-learn.org/faqs

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

RE: stopping diald

[James Miller]

On Mon, 10 Mar 2003, Ray Olszewski wrote:
>
> Actually, it depends, but the likely answer in *your* case is YES. iptables
> (and ipchains) does firewalling, not routing as such. For *simple* routing,
> all you need to do is turn routing on in the kernel and provide a suitable
> routing table, neither of which involves iptables or ipchains. You need
> iptables (or ipchains an some related apps) if you need to --
>
>          A. Have all LAN hosts share a single public IP address, which you
> do via Network Address Translation (NAT), also called IP Masquerading in a
> Linux setting.
>          B. Run any servers on a NAT'd LAN that offer services to the
> outside (as though they were located at the public IP address), using port
> forwarding.
>          C. Provide any firewall protection to your LAN (always a good
> idea, and especially so if your LAN hosts use public IP addresses).
>          D. Provide various other packet-processing functionality not
> commonly used on dial-up connections from homes or small businesses.
>
> The reason I say YES is likely is because dial-up connections almost always
> use NAT.
>
Thanks for the clarification, Ray. I do need NAT, since I have a dialup
connection that needs to be shared, on occassion, by 2 different machines
on my planned LAN. The need to decipher ipchains/iptables stil stands, it
seems.

On Tue, 11 Mar 2003, ichi@ihug.co.nz wrote:
>
> I'll try to restate what Ray is saying in a different way.
> The ppp connection is runs on one computer (let's call it
> the gateway).  All other computers on the network route their
> external traffic to the gateway.  When the gateway receives
> such traffic it automatically routes it to the ppp connection.
> The ppp connect is started and stopped by the gateway machine.
> None of the other computers on the the network have any control
> over it (unless they telnet to the gateway and login as a user).
> The way diald (and similar) operate is to lurk in the background
> on the gateway computer and monitor traffic.  When outbound
> traffic arrives at the gateway from the internal network, it
> dials the ISP automatically (unless it is already connected).
> When there is no traffic (for a specified number of minutes)
> on the ppp connection it terminates the connection.
>
> Let me emphasize:  diald runs only on the server.  None of the
> other computers on the network knows it is there; none of them
> has any control over it.  They simply route their traffic to the
> gateway address -- what happens after that is a mystery to them.
>
I think I get it now. That makes sense. Thanks for the additional
clarification, Steven.

James
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs