Diald Control

Linux + IP Masquerade + Diald + Diald Control

since
09/Apr/1998

Linux kernel has a feature of IP Masquerade and we can connect our Home LAN to the Internet.

Diald calls and connects to the ISP automatically when any user of the home LAN is going to connect to the Internet. Diald monitors the traffic of the connection and if any data of the connection is not sent or received, diald disconnect the connection.

It is not useful in some situations. For examples, when someone wants to use a telephone but diald makes PPP connection. When surfing the web site no traffic is occurred for a short time, diald disconnects automatically. In such cases we would like to control the actions of diald manually.

Diald has a tcl/tk control client named dctrl. Dctrl and diald are connected through named pipe. Named pipe is the communication path between two processes on the same host.

Dctrl controls diald set to the state of Up, Down, Forced up or Block connection using named pipe. The restriction of named pipe that two processes must be on the same host makes dctrl inconvenient.　 We want to use the control feature of dctrl from some other host of home LAN which might be Windows, Mac or HP-UX :-).

I made a new control client Diald Control (dcntlc) written in Java and a daemon (dcntls) which accepts the connection from dcntlc and relay the request to diald. Dcntlc works on any host which Java is implemented (JDK1.1 or higher) or web browser (Netscape or IE) is available.
　

This is a figure of Diald Control client (dcntlc).

dcntlc

Source Code:

　Server dcntls:
dcntls.c
Diald Control client:
DcntlClient.java

Package:

diald-control.tgz

Compile and Installation :

Download diald-control.tgz and extract the package.

% zcat diald-control.tgz | tar xvf -

Set variables of Makefile: DCNTLDIR, SBINDIR, BINDIR, SERVER_ADDR, PORT_NUM to fit your environment.

DCNTLDIR: < /usr/local/etc/httpd/htdocs/dcntl >
Set directory to which Diald Control Applet will be installed.
DcntlClient.jar
index.html
will be installed here.
SBINDIR: < /usr/sbin >
Set directory to which Diald Control server will be installed.
dcntls
will be installed here.
BINDIR: < /usr/local/bin >
Set directory to which a script of Diald Control stand-alone client will be installed.
dcntlc
will be installed here.
SERVER_ADDR: < 192.168.0.1 >
Set IP address or hostname of Diald Control server.
PORT_NUM: < 8972 >
Set Port number of Diald Control server. Ordinary user is not required to change this value.

make and make install

       % make
       % su root
       # make install

Add this description to /etc/rc.d/rc.local

       # Start dcntls
       if [ -f /usr/sbin/dcntls ]; then
           /usr/sbin/dcntls ;
           echo -n "dcntls ";
       fi

Execution

Executing Diald Control server. This is not required if it has already executed in /etc/rc.d/rc.local
```
# /usr/sbin/dcntls
```
Running stand alone client.
```
% /usr/local/bin/dcntlc
```
Running as Applet from Web browser. Open http://your-Diald-Control-Server-address/dcntl/index.html
from your web browser. Use a right address of your web server.

Security Issues

Diald Control System does not have　 an authentication feature. Some problems that someone could control diald from outside of the home LAN through Internet can be avoidable using IP firewall feature of the Linux kernel.

# /sbin/ipfwadm -I -a deny -P tcp -S 0.0.0.0/0 -D 0.0.0.0/0 8972 -W ppp0

This command line can set the IP firewall to deny any connection through ppp0 on port 8972(Default Diald Control port). The connection from local home LAN is through network interface eth0 rather than ppp0, local connection can be acceptable.

Another security setting is:
Denying one particular host of local Home LAN can be set using this command line.

# /sbin/ipfwadm -I -a deny -P tcp -S 192.168.0.2 -D 192.168.0.1 8972

In this example, the server address is 192.168.0.1 and denying host address is 192.168.0.1.

Write this command line on /etc/rc.local just before running dcntls.