Web And Email Hosting, Jsp, Tomcat, J2Ee, Hibernate Programming Blog

Default Gateway Device If you reach the Internet using a dynamic address that is assigned when you connect to a particular interface, you would enter that interface here. For example, if you had a dial-up interface to the Internet on the first PPP device, you would enter ppp0 as the default gateway device as follows: GATEWAYDEV=ppp0 When you are done, the contents of this file should look similar to the following: NETWORKING=yes HOSTNAME=maple DOMAINNAME=handsonhistory.com #GATEWAY= GATEWAYDEV=ppp0 In this case, the computer is configured to route packets over a dial-up connection to the Internet (ppp0). 2. Turn on IP packet forwarding. One way to do this is to change the value of net.ipv4.ip_forward to 1 in the /etc/sysctl.conf file. Open that file as root user with any text editor and change the line to appear as follows: net.ipv4.ip_forward = 1 3. If the computers on your LAN have valid IP addresses, skip ahead to the section on configuring Red Hat Linux routing clients. If your computers have private IP addresses, continue with this procedure. Caution The ipchains example in the next step is not terribly secure, although in most cases it will get routing up and going. I recommend that you read the IP masquerading section later in this chapter, as well as Chapter 14, for information on firewalls and other security issues. 4. To get IP masquerading going on your Red Hat Linux router, you need to define which addresses will be masqueraded and forwarded. Here is an example where all computers on the LAN with a network number of 10.0.0.0 are accepted for forwarding and masquerading: # ipchains -P forward DENY # ipchains -A forward -i ppp0 -s 10.0.0.0/255.0.0.0 -j MASQ This example shows that, by default, forwarding is denied (DENY). Forwarding is done, however, for a computer on the network 10.0.0.0 (with a netmask of 255.0.0.0); packets will be forwarded to the ppp0 interface and masqueraded (MASQ) as if they came from the local Red Hat Linux system. You could use a shorter notation for entering the netmask. For a class A, B, or C network, the value is 8, 16, or 24, respectively. Instead of allowing the whole network, you could also just allow individual hosts. For example, you could have separate forward lines for 10.0.0.10, 10.0.0.11, 10.0.0.12, and so forth. To set up your forwarding rules permanently, you can add them to the ipchains configuration file. This will run the rules each time the system reboots (or the network restarts). If you added the rules described above to the /etc/sysconfig/ipchains file, the file would appear as follows: :input ACCEPT :forward ACCEPT -P forward DENY
Note: If you are looking for cheap and reliable webhost to host and run your mysql application check Vision professional web hosting services

Configuring the Red Hat Linux router To configure your Red Hat Linux computer as a router, you need to have a few things in place. Here s what you need to do before you set up routing: Connect to your LAN. Add a network card and optionally set up the addresses (in /etc/hosts) to the computers on your LAN. (This is described in Chapter 15.) Connect to the Internet. Set up a dial-up or other type of connection from your Red Hat Linux computer to your ISP. This is described earlier in this chapter in the section on setting up outgoing PPP connections. Configure your Red Hat Linux computer as a router. This procedure is described in the rest of this section. The type of IP addresses you are using on your LAN will have an impact on a couple of steps in this procedure. Here are the differences: Private IP addresses If the computers on your LAN use private IP addresses (described in Chapter 15), you need to set up IP masquerading. Because those numbers are private, they must be hidden from the Internet when the Red Hat Linux router forwards their requests. Packets forwarded with masquerading look to the outside world as though they came from the Red Hat Linux computer forwarding the packets. Note IP addresses can be assigned statically (as described in Chapter 15) or using DHCP (as described in Chapter 23). Valid IP addresses If your LAN uses addresses that were officially assigned by your ISP or other registration authority, you don t need to do any special IP masquerading. With your Red Hat Linux computer s LAN and Internet interfaces in place, follow the procedure below to set up Red Hat Linux as a router: 1. Open the /etc/sysconfig/network file in a text editor as the root user. Then add either a default gateway or default gateway device as described below. Your default gateway is where IP addresses are sought that are not on any of your local interfaces. This is where you would identify your Internet connection. Here is how you choose which one to enter: Default Gateway If there is a static IP address you use to reach the Internet, enter that IP address here. For example, if your Internet connection went through a DSL modem on your LAN at address 192.168.0.1, you would enter that address as follows: GATEWAY=192.168.0.1
Note: In case you are looking for affordable webhost to host and run your servlet application check Vision servlet hosting services

The procedures in this section assume that you have already set up a LAN, as described in Chapter 15. It is also assumed that you have an outgoing connection from your Red Hat Linux system to the Internet that all traffic between the computers on your LAN and the Internet can pass through. That outgoing connection may be dial-up or through another LAN card connected to a DSL modem or other LAN. This section describes two ways to set up the Red Hat Linux computer so clients on the LAN can access the Internet: As a router By configuring Red Hat Linux as a router, it can route IP packets from clients on the LAN to the Internet through the dial-up connection. As a proxy server You can configure Red Hat Linux as a proxy server. In this way, client computers on your LAN can access the Internet as though the connection were coming from the Linux computer. Setting Up Red Hat Linux as a Router There are several different ways to set up routing from your LAN to the Internet. You can have a dedicated router (such as the Cisco 675 ADSL router), or you can have a computer already connected to your LAN that will act as a router. This section describes how to use your Red Hat Linux computer as a router. A computer may have several network interfaces, such as a loopback, an Ethernet LAN, a direct line to another computer, or a dial-up interface. For a client computer to use a router to reach the Internet, it may have private IP addresses assigned to computers on the LAN, while the connection to a routing computer would act as the gateway to all other addresses. Here is a fairly simple example of a Red Hat Linux computer being used as a router between a LAN and the Internet: The Red Hat Linux system has at least two network interfaces: one to the office LAN and one to the Internet. The interface to the Internet may be a dial-up PPP connection or a higher-speed DSL or cable modem connection. Packets on the LAN that are not addressed to a known computer on the LAN are forwarded to the router (that is, the Red Hat Linux system acting as a router). So, each client identifies that Red Hat Linux system as the gateway system. The Red Hat Linux “router” firewall is set up to receive packets from the local LAN, then forwards those packets to its other interface (possibly a PPP connection to the Internet). If the LAN uses private IP addresses, the firewall is also configured to use IP masquerading. Tip You can set up a Linux computer as a dedicated router. The Linux Router Project (www.psychosis.com/linux-router) is a mini-distribution of Linux that fits on one 3.5-inch floppy disk. With it, you can maintain a router and terminal server more simply than with a full Linux system. This is a good way to make use of that old 486 in the closet. The following sections describe how to set up the Red Hat Linux router, as well as the client computers from your LAN (Red Hat Linux and MS Windows clients) that will use this router. Using Red Hat Linux as a router also provides an excellent opportunity to improve the security of your Internet connection by setting up a firewall to filter traffic and hide the identity of the computers on your LAN (IP masquerading).
Note: In case you are looking for affordable webhost to host and run your web application check Vision cheap hosting services

Jun 6 20:43:52 maple chat[2079]: abort on (Login incorrect) Jun 6 20:43:52 maple chat[2079]: send (ATZ^M) Jun 6 20:43:52 maple chat[2079]: expect (OK) Jun 6 20:43:53 maple chat[2079]: ATZ^M^M Jun 6 20:43:53 maple chat[2079]: OK Jun 6 20:43:53 maple chat[2079]: — got it Jun 6 20:43:53 maple chat[2079]: send (ATDT5551212^M) Jun 6 20:43:53 maple chat[2079]: expect (CONNECT) Jun 6 20:43:53 maple chat[2079]: ^M Jun 6 20:44:10 maple chat[2079]: ATDT5551212^M^M Jun 6 20:44:10 maple chat[2079]: CONNECT Jun 6 20:44:10 maple chat[2079]: — got it Jun 6 20:44:10 maple chat[2079]: send (d) Jun 6 20:44:14 maple pppd[2077]: Serial connection established. Jun 6 20:44:14 maple pppd[2077]: Using interface ppp0 Jun 6 20:44:14 maple pppd[2077]: Connect: ppp0 <--> /dev/modem . . . Jun 6 20:44:17 maple pppd[2077]: local IP address 222.62.137.121 Jun 6 20:44:17 maple pppd[2077]: remote IP address 222.62.1.105 This output shows starting the PPP connection on /dev/modem. After verifying that the modem is working, the chat script sends the telephone number. The connection is made, and the PPP interface is started. After some parameter negotiations, the server assigns IP addresses to both sides of the communication, and the connection is ready to use. If you do get connected, but none of your applications (Web browser, FTP, and so on) seem to work, check that your PPP interface is noted as the default route (/sbin/route -n). If it is, check that you have the DNS servers specified correctly in your /etc/resolv.conf file. Use the ping command on those DNS server IP addresses to make sure you can get through. Connecting Your LAN to the Internet The users on your LAN are happy that you made it so that they can share files and printers with each other. However, if they want to get out to the Internet they may need to use their own modem, telephone line, and Internet account to get there. With your users already connected on a LAN, you can set up a connection to the Internet that everyone can share. The advantages of doing this are as follows: Save on modems Instead of each computer having its own modem, you can have one high-speed modem (such as a DSL modem) that routes all messages to the Internet. Save on telephone lines Instead of using a telephone line for each person who wants to get to the Internet, you can use one line to your ISP. (In the case of DSL, the telephone company will even let you use the same telephone line for both analog voice and high-speed digital data.) Central maintenance If information related to your Internet connection changes (such as your dial-out number or name server addresses), you can administrate those changes in one location instead of having to change it on every computer. Central security You can better control the Internet traffic that comes in to and goes out of your network.
Note: If you are looking for cheap and reliable webhost to host and run your web application check Vision coldfusion web hosting services

the options file: 192.168.0.1:192.168.0.2 ipcp-accept-local ipcp-accept-remote demand This gives temporary local and remote addresses and tells the remote server that it can replace those values. Instead of using private IP addresses (as shown here), you could use 0.0.0.0 instead. bsdcomp, deflate Certain kinds of compression are not supported with Windows NT PPP servers. So, you should not request BSD compression (bsdcomp) or Deflate compression (deflate). In some cases, you may want to specifically prohibit those types of compression: nobsdcomp, nodeflate, and noccp (for no compression control protocol). As noted earlier, the best place for descriptions of pppd options is the pppd man page. For a sample options file, look in /usr/share/doc/ppp*/sample. Run debugging If you are not getting connected at all, the first thing to do is to turn on logging for PPP. This will help you track down the problem. If you are still stumped after looking at the logging output, take the log file and have an expert review it. Make sure that debugging is turned on by setting DEBUG=yes in the ifcfg-ppp0 file. Tip I recommend posting your failed PPP output to the comp.protocol.ppp newsgroup, where some very smart PPP experts can help answer your questions. Before you post, however, read a few days worth of messages from the group. Chances are that someone has already run into the same problem and has a solution. Also, post only the parts of the log file that are relevant. To have debugging directed to a separate log file for PPP, add these lines to the /etc/syslog.conf file: daemon.* /var/log/pppmsg local2.* /var/log/pppmsg After this, restart the syslogd daemon process as follows: # service syslog restart It s best to try to do this debugging process from the desktop because it helps to have several Terminal windows open (I would suggest at least three). From the first window, start a command that lists the contents of the log file we just defined above (pppmsg) as debug messages come in: # tail -f /var/log/pppmsg In the next window, start the PPP interface. Assuming ppp0, use the following command as root user: # ifup ppp0 Here is a partial listing of the output: Jun 6 20:43:51 maple pppd[2077]: pppd 2.3.7 started by root, uid 0 Jun 6 20:43:51 maple ifup-ppp: pppd started for ppp0 on /dev/modem at 115200 Jun 6 20:43:52 maple chat[2079]: abort on (BUSY) Jun 6 20:43:52 maple chat[2079]: abort on (ERROR) Jun 6 20:43:52 maple chat[2079]: abort on (NO CARRIER) Jun 6 20:43:52 maple chat[2079]: abort on (NO DIALTONE) Jun 6 20:43:52 maple chat[2079]: abort on (Invalid Login)
Note: If you are looking for cheap and reliable webhost to host and run your mysql application check Vision mysql hosting services

your PPP connection result from getting some of these options wrong (particularly asking for features that the server can t or won t provide). Here is an example of the ifcfg-ppp0 file that you can use to connect to a Windows NT PPP server: DEVICE=ppp0 NAME=Acme_Internet_Service MODEMPORT=/dev/ttyS0 LINESPEED=115200 PAPNAME=guest ONBOOT=no DEFROUTE=yes DEMAND=yes IDLETIMEOUT=600 The device name is ppp0 (which is associated with the configuration file ifcfg-ppp0). NAME is the name you assigned to the connection. MODEMPORT is the device name associated with the port the modem is connected to (in this case, COM1). LINESPEED sets the speed, in bps, between the computer and the modem (not the dial-up speed, which is typically slower). PAPNAME is the user name that you log in with, assuming you are using PAP authentication. ONBOOT is set to no, meaning that the connection doesn t start automatically at boot time. DEFROUTE=yes sets the default route to be this PPP connection. DEMAND=yes causes the link to be initiated only when traffic is present. IDLETIMEOUT=600 causes your connection to time out after 600 seconds (that is, ten minutes). Tip If you want to see the exact options that each of these parameters set, look at the contents of the /etc/sysconfig/network-scripts/ifup-ppp script. For example, if DEFROUTE=yes, then the option defaultroute is sent to the pppd daemon. See the pppd man page for a description of each option (type man pppd). You can add PPPOPTIONS lines to set any additional options you want passed to the pppd daemon process. There are some cases where the ISP will require other values that are not included here. Likewise, there are some options that you should not put in this file when connecting to certain types of servers. Here are some suggestions of values that either should not be in this file or should be (in some cases) for some Windows NT servers. For descriptions of these options, see the pppd man page: remotename=remotename You may need this value for PAP authentication, but it should not be entered for CHAP authentication. (For CHAP, the remote PPP server sends you its name.) require-chap, require-pap, auth, noauth It s a nice idea to ask a Windows NT server to authenticate itself (which is what require-chap and require-pap do for their respective protocols). The auth value requires the server to authenticate itself before packets can be sent or received. However, I m told on good authority that Windows NT will not let you do any of this. Authentication will fail and you will not get a connection. You may need to indicate explicitly that the server is not required to authenticate itself by entering the noauth option. default-asyncmap PAP can fail to authenticate because of “link transparency problems.” If authentication fails and you are sure you have the authentication information correct, try adding this value. ipcp-accept-local, ipcp-accept remote Sometimes a server will request your local IP address, even if it wants to assign one itself. The same is true of the remote address. Try adding these lines to
Note: In case you are looking for affordable and reliable webhost to host and run your business application check Vision ftp web hosting services

This shows that the gateway was set to the remote PPP server (198.62.1.1), as well as showing the other interfaces running on my computer. There are two ppp0 entries. The first shows the destination as a host (UH). The second shows the destination as a gateway (UG). All addresses that can t be resolved on the local LAN are directed to the gateway address. Check that the name servers are set If you are able to ping a remote computer by IP address, but are not able to resolve any addresses, your DNS servers may not be set correctly. As root user from a Terminal window, open the /etc/resolv.conf file and check that there are lines identifying one or more DNS servers in this file. These should be supplied to you by your ISP. Here are some examples (the numbers are fictitious): nameserver 111.11.11.111 nameserver 222.22.22.222 Check the chap-secrets or pap-secrets files PPP supports two authentication protocols in Red Hat Linux: Challenge Handshake Authentication Protocol (CHAP) and Password Authentication Protocol (PAP). Here is what each protocol does to authenticate: CHAP The server sends the client a challenge packet (which includes the server name). The client sends back a response that includes its name and a value that combines the secret and the challenge. The client name and secret are stored in your /etc/ppp/chap-secrets file. PAP The client sends its name and a password (clear text) for authentication. The client name and secret are stored in your /etc/ppp/pap-secrets file. By default, PPP in Red Hat Linux will authenticate if the server requests it, unless it has no secrets to share. If it has no secrets, PPP (or, more specifically, the PPP daemon pppd) will refuse authentication. It is likely that if you look in these files you will find the user names and passwords you provided when you set up your PPP connection (Red Hat assumes that you may be using CHAP or PAP authentication). The chap-secrets and pap-secrets file formats are the same. Each authentication line can contain the client name, the server name, and the secret. The server name can be represented by an * (to allow this secret to be used to authenticate any server). This is useful if you don t know what the server name will be. Also, remember that case is significant (that is, Myserver is not the same as myserver). Tip For more details about PAP and CHAP in PPP for Linux, see the pppd man page (type man pppd). In any case, here s an example of what a chap-secrets file may look like: # Secrets for authentication using CHAP # client server secret IP addresses 0300584919390921 * JckMLt4CwZiYo03/bkNTpLmU * Caution The pap-secrets and chap-secrets files should not be accessible by anyone but the root user. Anyone gaining this information could use it to access your Internet account. (To close permission, type chmod 600 /etc/ppp/*-secrets.) You need to obtain your own client name and secret from your ISP. The ones shown here are just examples. Look at the ifcfg-ppp0 file The ifcg-ppp0 file (/etc/sysconfig/network-scripts/ifcfg-ppp0) contains options that are passed to the pppd daemon for features that are negotiated with the remote PPP server. Most of the problems that can occur with
Note: In case you are looking for affordable webhost to host and run your web application check Vision http web server services

Type Dialup.kdelnk. 3. Click the icon and select an icon to represent the application; then click OK (There is one called kppp that you can use.) 4. Click the Execute tab and then type kppp into the Execute box. Click OK. 5. An icon called Dialup appears on your KDE desktop. Click it to open the kppp window. Then select your ISP from the Connect box and click Connect to start your PPP connection. From this point forward, icons will appear on your desktop that you can select to immediately connect to your ISP over the dial-up connection you configured. Both GNOME and KDE support drag-and-drop, so you can drag the dial-up icon to the desktop to make it even more easily available. Checking your PPP connection To debug your PPP connection or simply to better understand how it works, you can run through the steps below. They will help you understand where information is being stored and how tools can be used to track this information. Check that your PPP interface is working One way to do this is with the ping command. From the Terminal window, type ping along with any Internet address you know. For example: $ ping www.handsonhistory.com PING handsonhistory.com (198.60.22.8) from 192.168.0.43 : 56(84) bytes of data. 64 bytes from handsonhistory.com (198.60.22.8): icmp_seq=0 ttl=240 time=120 msec 64 bytes from handsonhistory.com (198.60.22.8): icmp_seq=1 ttl=240 time=116 msec 64 bytes from handsonhistory.com (198.60.22.8): icmp_seq=2 ttl=240 time=120 msec — www.handsonhistory.com ping statistics — 4 packets transmitted, 3 packets received, 25% packet loss round-trip min/avg/max/mdev = 116.816/119.277/120.807/1.779 ms Press Ctrl+C to end the ping command. The lines above show the responses from http://www.handsonhistory.com/. It sent back packets from the IP address 198.60.22.8 in response to each one it received. You can see the sequence of packets (icmp_seq) and the time it took for each response (in milliseconds). If you receive packets in return, you will know two things: first, that your connection is working, and second, that your name to address translation (from the DNS addresses in /etc/resolv.conf) is working. Check the default route Check that the default route is set using the route -n command. # /sbin/route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 198.62.1.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 198.62.1.1 0.0.0.0 UG 0 0 0 ppp0
Note: In case you are looking for affordable and reliable webhost to host and run your j2ee application check Vision web design programs services

Click the Execute tab. If you want to run a special command or script before or at the point of connection or disconnection, you can add the full path to the command or script in the appropriate box. (You will typically leave these blank.) 8. Click the Accounting tab. If you need to account for the amount of traffic being received or sent over this connection, you can click the Enable Accounting button on this tab. You must then select the Available rules, based on your country and type of service. This feature is more useful outside of the United States, where billing for Internet service is done differently. 9. Click OK. The new account should appear in the Account Setup box. 10. Click the Device tab. Select the modem device that will be used for the connection. Your modem may already be linked to the /dev/modem device (whether it is on COM1 or COM2). To specifically set the modem to one of those ports, you could select /dev/ttyS0 for COM1, or select /dev/ttyS1 for COM2 (and so on). 11. Click OK to exit from the kppp Configuration window. 12. From the main kppp window (which should still be on your screen), make sure that your new connection type appears in the Connect to window. The first time you try the connection, click the Show Log Window box. Type the login ID and password for your ISP account. 13. Click Connect. The Login Script Debug window will step through the process of initializing the modem, dialing, and making the PPP connection. If all goes well, you should be able to start browsing the Internet. If the connection fails, skip to the Checking your PPP connection section for information on hunting down the problem. Launching your PPP connection After you have a working PPP connection configured, you can set up that connection to launch easily from the desktop. Here s how: From the GNOME desktop: 1. Right-click Panel and then choose Panel Add to Panel Applet Network RH PPP Dialer from the GNOME menu. When the Choose pop-up window appears, click the interface you want to use and then click OK. 2. You can either start the connection now or not. In either case, after you finish Step 1, an icon appears on the panel that you can click to immediately connect to the ISP (click the green button). From the KDE desktop: 1. Right-click the desktop and choose Create New Link to Application. 2.
Note: In case you are looking for affordable webhost to host and run your servlet application check Vision servlet hosting services

Figure 16-2: Configure PPP connections from KDE using the kppp Configuration window. 1. From the kppp Configuration window (Accounts tab), click New. A pop-up window asks if you want to use the wizard to create a new account. 2. Click Dialog Setup. A New Account window appears. 3. From the Dial tab on the New Account window, add the following information: Connection Name Enter any name you choose to identify the connection. Typically, the name would identify your ISP. Phone Number Click on the Add button, enter the telephone number of the ISP s modem pool, and click on OK. Authentication Determine from your ISP the type of authentication that is used to establish the connection. Many ISPs use a PAP or CHAP type of authentication (which are used with Windows NT and other types of servers), while universities and other sites where UNIX and Linux servers are used tend to use Terminal and Script-based authentication. Customize pppd arguments Click on this button, type an argument you want to add, click on Add, repeat for additional arguments (optional), and click on OK. These arguments are passed to the pppd daemon (which establishes and maintains your PPP connections). Some of these arguments are described later in the section “Checking your PPP connection.” See the pppd manual page (type man pppd) for information on available arguments. 4. Click the IP tab. Chances are that the ISP will use Dynamic IP addresses. If the ISP gave you a Static IP address, click the Static IP Address box and type in the address and netmask the ISP gave you. You can also click on the “Autoconfigure hostname…” box to have your host name automatically assigned from your ISP. 5. Click the DNS tab. This is where you enter your domain name and the IP address for the DNS server (which is used to resolve Internet host/domain names into IP addresses). If DNS servers are not assigned dynamically (which they probably are), you will typically be given two DNS servers to enter (a primary and a backup). 6. Click the Login Script tab. This is a somewhat advanced feature. It can be used if your dial-up ISP connection doesn’t do the standard PAP, CHAP, or terminal login ways of setting up a connection. If that is the case, you can set up a custom “chat” script here that defines what you expect to receive from the remote side and what you will send in response. (When you try your connection a few steps later, you will be able to watch this chat take place.) 7.
Note: In case you are looking for affordable and reliable webhost to host and run your business application check Vision ftp web hosting services