[lug] ppp and eth0

Chuck Morrison cmorrison at greeleynet.com
Wed Apr 28 17:51:45 MDT 2004


NOAA has a security policy that states that you can't be connected to 
NOAA via PPP and also be connected to another network. It isn't so much 
a matter of not being able to do it technically, but conforming to the 
security regs. The student is correct, from a policy standpoint.

I would guess that you could talk with the security folks to see what 
you can do about this particular case if you need to be on the lan all 
the time.

Chuck Morrison

Gary Hodges wrote:
> rm at fabula.de wrote:
>> On Wed, Apr 28, 2004 at 09:28:54AM -0600, Gary Hodges wrote:
>>> Do I need to bring eth0 down when making a ppp connection?  I've had 
>>> a student working on a task for me and he believes that eth0 needs to 
>>> be brought down before the ppp connection is established.  This 
>>> doesn't make sense to me, but it wouldn't be the first time he proved 
>>> me wrong.
>>> Gray
>        ^^^^^
> That would be "Gary," but Gray sounds like a decent nickname....
>>> I might be able to help more if you can provide a bit more information.
> Thanks for the offer.  My configuration is an isolated machine connected 
> to an instrument with CAT5 cable, and a modem on /dev/ttyS1 with ppp 
> used to connect to the internet when needed.
> eth0:  (PC: -> (Instrument:
> ppp: Dials an ISP (NIST) to connect to the internet to upload data, set 
> time, etc.
> I have to confess an almost total lack of knowledge with Linux and PPP.  
> I've let another person deal with this totally and I'm now just sticking 
> my nose in because some things don't make sense.  My problem is that 
> when PPP is active, I don't get data through eth0.  Also, if I fail to 
> connect with PPP than I'm left with no connection to my instrument.  I 
> actually just commented out the portions of the scripts that bring eth0 
> down and it seemed to work, so maybe I'm fine now.
>  Of course, I ship this computer to Mississippi tomorrow so everything 
> has to be bullet proof today. :-)  I'd like to have the simplest scripts 
> to accomplish the task.
> The current scripts with my latest comments:
> --------------
> gwn-tsi:/home/tsi# more /etc/ppp/ppp-on
> #!/bin/sh
> #/sbin/ifconfig eth0 down
> cp /etc/ppp/options.bak /etc/ppp/options
> exec /usr/sbin/pppd /dev/ttyS1  57600
> ---------------
> gwn-tsi:/home/tsi# more /etc/ppp/ppp-off
> #!/bin/sh
> DEVICE=ppp0
> #
> # If the ppp0 pid file is present then the program is running. Stop it.
> if [ -r /var/run/$DEVICE.pid ]; then
>    kill -INT `head -1 /var/run/$DEVICE.pid`
> #
> # If the kill did not work then there is no process running for this
> # pid. It may also mean that the lock file will be left. You may wish
> # to delete the lock file at the same time.
>         if [ ! "$?" = "0" ]; then
>             rm -f /var/run/$DEVICE.pid
>             echo "ERROR: Removed stale pid file"
>             exit 1
>         fi
> #
> # Success. Let pppd clean up its own junk.
> echo "PPP link to $DEVICE terminated."
> /sbin/route delete default
> mv /etc/ppp/options /etc/ppp/options.bak
> #/sbin/ifconfig eth0 up
> #/sbin/route add -net netmask dev lo
> #/sbin/route add default gw
> exit 0
> fi
> #
> # The PPP process is not running for ppp0
> echo "ERROR: PPP link is not active on $DEVICE"
> exit 1
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug

More information about the LUG mailing list