since
09/Apr/1998
Linux kernel has a feature of IP Masquerade and we can connect our Home LAN to the Internet.
Diald calls and connects to the ISP automatically when any user of the home LAN is going to connect to the Internet. Diald monitors the traffic of the connection and if any data of the connection is not sent or received, diald disconnect the connection.
It is not useful in some situations. For examples, when someone wants to use a telephone but diald makes PPP connection. When surfing the web site no traffic is occurred for a short time, diald disconnects automatically. In such cases we would like to control the actions of diald manually.
Diald has a tcl/tk control client named dctrl. Dctrl and diald are connected through named pipe. Named pipe is the communication path between two processes on the same host.
Dctrl controls diald set to the state of Up, Down, Forced up or Block connection using named pipe. The restriction of named pipe that two processes must be on the same host makes dctrl inconvenient. We want to use the control feature of dctrl from some other host of home LAN which might be Windows, Mac or HP-UX :-).
I made a new control client Diald Control (dcntlc) written in Java and a daemon (dcntls) which accepts the connection from dcntlc and relay the request to diald. Dcntlc works on any host which Java is implemented (JDK1.1 or higher) or web browser (Netscape or IE) is available.
This is a figure of Diald Control client (dcntlc).
% zcat diald-control.tgz | tar xvf -
% make % su root # make install
# Start dcntls if [ -f /usr/sbin/dcntls ]; then /usr/sbin/dcntls ; echo -n "dcntls "; fi
# /usr/sbin/dcntls
% /usr/local/bin/dcntlc
Diald Control System does not have an authentication feature. Some problems
that someone could control diald from outside of the home LAN through Internet
can be avoidable using IP firewall feature of the Linux kernel.
# /sbin/ipfwadm -I -a deny -P tcp -S 0.0.0.0/0 -D 0.0.0.0/0 8972 -W ppp0
This command line can set the IP firewall to deny any connection through ppp0 on port 8972(Default Diald Control port). The connection from local home LAN is through network interface eth0 rather than ppp0, local connection can be acceptable.
Another security setting is:
Denying one particular host of local Home LAN can be set using this command line.
# /sbin/ipfwadm -I -a deny -P tcp -S 192.168.0.2 -D 192.168.0.1 8972
In this example, the server address is 192.168.0.1 and denying host address is 192.168.0.1.
Write this command line on /etc/rc.local just before running dcntls.
Yoshiaki Shinmi
shinmi@ueda.info.waseda.ac.jp