Полезная информация

15.4. Setting up a SLIP Server

Contributed by Guy Helmer . v1.0, 15 May 1995.

This document provides suggestions for setting up SLIP Server services on a FreeBSD system, which typically means configuring your system to automatically startup connections upon login for remote SLIP clients. The author has written this document based on his experience; however, as your system and needs may be different, this document may not answer all of your questions, and the author cannot be responsible if you damage your system or lose data due to attempting to follow the suggestions here.

This guide was originally written for SLIP Server services on a FreeBSD 1.x system. It has been modified to reflect changes in the pathnames and the removal of the SLIP interface compression flags in early versions of FreeBSD 2.X, which appear to be the only major changes between FreeBSD versions. If you do encounter mistakes in this document, please email the author with enough information to help correct the problem.

15.4.1. Prerequisites

This document is very technical in nature, so background knowledge is required. It is assumed that you are familiar with the TCP/IP network protocol, and in particular, network and node addressing, network address masks, subnetting, routing, and routing protocols, such as RIP. Configuring SLIP services on a dial-up server requires a knowledge of these concepts, and if you are not familiar with them, please read a copy of either Craig Hunt's TCP/IP Network Administration published by O'Reilly & Associates, Inc. (ISBN Number 0-937175-82-X), or Douglas Comer's books on the TCP/IP protocol.

It is further assumed that you have already setup your modem(s) and configured the appropriate system files to allow logins through your modems. If you have not prepared your system for this yet, please see the tutorial for configuring dialup services; if you have a World-Wide Web browser available, browse the list of tutorials at http://www.FreeBSD.org/; otherwise, check the place where you found this document for a document named dialup.txt or something similar. You may also want to check the manual pages for sio(4) for information on the serial port device driver and ttys(5), gettytab(5), getty(8), & init(8) for information relevant to configuring the system to accept logins on modems, and perhaps stty(1) for information on setting serial port parameters (such as clocal for directly-connected serial interfaces).

15.4.2. Quick Overview

In its typical configuration, using FreeBSD as a SLIP server works as follows: a SLIP user dials up your FreeBSD SLIP Server system and logs in with a special SLIP login ID that uses /usr/sbin/sliplogin as the special user's shell. The sliplogin program browses the file /etc/sliphome/slip.hosts to find a matching line for the special user, and if it finds a match, connects the serial line to an available SLIP interface and then runs the shell script /etc/sliphome/slip.login to configure the SLIP interface.

15.4.2.1. An Example of a SLIP Server Login

For example, if a SLIP user ID were Shelmerg, Shelmerg's entry in /etc/master.passwd would look something like this (except it would be all on one line):

    Shelmerg:password:1964:89::0:0:Guy Helmer - SLIP:/usr/users/Shelmerg:/usr/sbin/sliplogin

When Shelmerg logs in, sliplogin will search /etc/sliphome/slip.hosts for a line that had a matching user ID; for example, there may be a line in /etc/sliphome/slip.hosts that reads:

    Shelmerg        dc-slip sl-helmer       0xfffffc00       autocomp

sliplogin will find that matching line, hook the serial line into the next available SLIP interface, and then execute /etc/sliphome/slip.login like this:

    /etc/sliphome/slip.login 0 19200 Shelmerg dc-slip sl-helmer 0xfffffc00 autocomp

If all goes well, /etc/sliphome/slip.login will issue an ifconfig for the SLIP interface to which sliplogin attached itself (slip interface 0, in the above example, which was the first parameter in the list given to slip.login) to set the local IP address (dc-slip), remote IP address (sl-helmer), network mask for the SLIP interface (0xfffffc00), and any additional flags (autocomp). If something goes wrong, sliplogin usually logs good informational messages via the daemon syslog facility, which usually goes into /var/log/messages (see the manual pages for syslogd(8) and syslog.conf(5), and perhaps check /etc/syslog.conf to see to which files syslogd is logging).

OK, enough of the examples --- let us dive into setting up the system.

15.4.3. Kernel Configuration

FreeBSD's default kernels usually come with two SLIP interfaces defined (sl0 and sl1); you can use netstat -i to see whether these interfaces are defined in your kernel.

Sample output from netstat -i:

    Name  Mtu   Network     Address            Ipkts Ierrs    Opkts Oerrs  Coll
    ed0   1500  <Link>0.0.c0.2c.5f.4a         291311     0   174209     0   133
    ed0   1500  138.247.224 ivory             291311     0   174209     0   133
    lo0   65535 <Link>                            79     0       79     0     0
    lo0   65535 loop        localhost             79     0       79     0     0
    sl0*  296   <Link>                             0     0        0     0     0
    sl1*  296   <Link>                             0     0        0     0     0

The sl0 and sl1 interfaces shown in netstat -i's output indicate that there are two SLIP interfaces built into the kernel. (The asterisks after the sl0 and sl1 indicate that the interfaces are ``down''.)

However, FreeBSD's default kernels do not come configured to forward packets (ie, your FreeBSD machine will not act as a router) due to Internet RFC requirements for Internet hosts (see RFC's 1009 [Requirements for Internet Gateways], 1122 [Requirements for Internet Hosts --- Communication Layers], and perhaps 1127 [A Perspective on the Host Requirements RFCs]), so if you want your FreeBSD SLIP Server to act as a router, you will have to edit the /etc/rc.conf file (called /etc/sysconfig in FreeBSD releases prior to 2.2.2) and change the setting of the gateway variable to YES. If you have an older system which predates even the /etc/sysconfig file, then add the following command:

    sysctl -w net.inet.ip.forwarding = 1
to your /etc/rc.local file.

You will then need to reboot for the new settings to take effect.

You will notice that near the end of the default kernel configuration file (/sys/i386/conf/GENERIC) is a line that reads:

    pseudo-device sl 2

This is the line that defines the number of SLIP devices available in the kernel; the number at the end of the line is the maximum number of SLIP connections that may be operating simultaneously.

Please refer to Configuring the FreeBSD Kernel for help in reconfiguring your kernel.

15.4.4. Sliplogin Configuration

As mentioned earlier, there are three files in the /etc/sliphome directory that are part of the configuration for /usr/sbin/sliplogin (see sliplogin(8) for the actual manual page for sliplogin): slip.hosts, which defines the SLIP users & their associated IP addresses; slip.login, which usually just configures the SLIP interface; and (optionally) slip.logout, which undoes slip.login's effects when the serial connection is terminated.

15.4.4.1. slip.hosts Configuration

/etc/sliphome/slip.hosts contains lines which have at least four items, separated by whitespace:

  • SLIP user's login ID

  • Local address (local to the SLIP server) of the SLIP link

  • Remote address of the SLIP link

  • Network mask

The local and remote addresses may be host names (resolved to IP addresses by /etc/hosts or by the domain name service, depending on your specifications in /etc/host.conf), and I believe the network mask may be a name that can be resolved by a lookup into /etc/networks. On a sample system, /etc/sliphome/slip.hosts looks like this:

    #
    # login local-addr      remote-addr     mask            opt1    opt2 
    #                                               (normal,compress,noicmp)
    #
    Shelmerg  dc-slip       sl-helmerg      0xfffffc00      autocomp

At the end of the line is one or more of the options.

  • normal --- no header compression

  • compress --- compress headers

  • autocomp --- compress headers if the remote end allows it

  • noicmp --- disable ICMP packets (so any ``ping'' packets will be dropped instead of using up your bandwidth)

Note that sliplogin under early releases of FreeBSD 2 ignored the options that FreeBSD 1.x recognized, so the options normal, compress, autocomp, and noicmp had no effect until support was added in FreeBSD 2.2 (unless your slip.login script included code to make use of the flags).

Your choice of local and remote addresses for your SLIP links depends on whether you are going to dedicate a TCP/IP subnet or if you are going to use ``proxy ARP'' on your SLIP server (it is not ``true'' proxy ARP, but that is the terminology used in this document to describe it). If you are not sure which method to select or how to assign IP addresses, please refer to the TCP/IP books referenced in the slips-prereqs section and/or consult your IP network manager.

If you are going to use a separate subnet for your SLIP clients, you will need to allocate the subnet number out of your assigned IP network number and assign each of your SLIP client's IP numbers out of that subnet. Then, you will probably either need to configure a static route to the SLIP subnet via your SLIP server on your nearest IP router, or install gated on your FreeBSD SLIP server and configure it to talk the appropriate routing protocols to your other routers to inform them about your SLIP server's route to the SLIP subnet.

Otherwise, if you will use the ``proxy ARP'' method, you will need to assign your SLIP client's IP addresses out of your SLIP server's Ethernet subnet, and you will also need to adjust your /etc/sliphome/slip.login and /etc/sliphome/slip.logout scripts to use arp(8) to manage the proxy-ARP entries in the SLIP server's ARP table.

15.4.4.2. slip.login Configuration

The typical /etc/sliphome/slip.login file looks like this:

    #!/bin/sh -
    #
    #       @(#)slip.login  5.1 (Berkeley) 7/1/90
    
    #
    # generic login file for a slip line.  sliplogin invokes this with
    # the parameters:
    #      1        2         3        4          5         6     7-n
    #   slipunit ttyspeed loginname local-addr remote-addr mask opt-args
    #
    /sbin/ifconfig sl$1 inet $4 $5 netmask $6

This slip.login file merely ifconfig's the appropriate SLIP interface with the local and remote addresses and network mask of the SLIP interface.

If you have decided to use the ``proxy ARP'' method (instead of using a separate subnet for your SLIP clients), your /etc/sliphome/slip.login file will need to look something like this:

    #!/bin/sh -
    #
    #       @(#)slip.login  5.1 (Berkeley) 7/1/90
    
    #
    # generic login file for a slip line.  sliplogin invokes this with
    # the parameters:
    #      1        2         3        4          5         6     7-n
    #   slipunit ttyspeed loginname local-addr remote-addr mask opt-args
    #
    /sbin/ifconfig sl$1 inet $4 $5 netmask $6 
    # Answer ARP requests for the SLIP client with our Ethernet addr
    /usr/sbin/arp -s $5 00:11:22:33:44:55 pub

The additional line in this slip.login, arp -s $5 00:11:22:33:44:55 pub, creates an ARP entry in the SLIP server's ARP table. This ARP entry causes the SLIP server to respond with the SLIP server's Ethernet MAC address whenever a another IP node on the Ethernet asks to speak to the SLIP client's IP address.

When using the example above, be sure to replace the Ethernet MAC address (00:11:22:33:44:55) with the MAC address of your system's Ethernet card, or your ``proxy ARP'' will definitely not work! You can discover your SLIP server's Ethernet MAC address by looking at the results of running netstat -i; the second line of the output should look something like:

    ed0   1500  <Link>0.2.c1.28.5f.4a         191923 0   129457     0   116

This indicates that this particular system's Ethernet MAC address is 00:02:c1:28:5f:4a --- the periods in the Ethernet MAC address given by netstat -i must be changed to colons and leading zeros should be added to each single-digit hexadecimal number to convert the address into the form that arp(8) desires; see the manual page on arp(8) for complete information on usage.

Note: When you create /etc/sliphome/slip.login and /etc/sliphome/slip.logout, the ``execute'' bit (ie, chmod 755 /etc/sliphome/slip.login /etc/sliphome/slip.logout) must be set, or sliplogin will be unable to execute it.

15.4.4.3. slip.logout Configuration

/etc/sliphome/slip.logout is not strictly needed (unless you are implementing ``proxy ARP''), but if you decide to create it, this is an example of a basic slip.logout script:

    #!/bin/sh -
    #
    #       slip.logout
    
    #
    # logout file for a slip line.  sliplogin invokes this with
    # the parameters:
    #      1        2         3        4          5         6     7-n
    #   slipunit ttyspeed loginname local-addr remote-addr mask opt-args
    #
    /sbin/ifconfig sl$1 down

If you are using ``proxy ARP'', you will want to have /etc/sliphome/slip.logout remove the ARP entry for the SLIP client:

    #!/bin/sh -
    #
    #       @(#)slip.logout
    
    #
    # logout file for a slip line.  sliplogin invokes this with
    # the parameters:
    #      1        2         3        4          5         6     7-n
    #   slipunit ttyspeed loginname local-addr remote-addr mask opt-args
    #
    /sbin/ifconfig sl$1 down
    # Quit answering ARP requests for the SLIP client
    /usr/sbin/arp -d $5

The arp -d $5 removes the ARP entry that the ``proxy ARP'' slip.login added when the SLIP client logged in.

It bears repeating: make sure /etc/sliphome/slip.logout has the execute bit set for after you create it (ie, chmod 755 /etc/sliphome/slip.logout).

15.4.5. Routing Considerations

If you are not using the ``proxy ARP'' method for routing packets between your SLIP clients and the rest of your network (and perhaps the Internet), you will probably either have to add static routes to your closest default router(s) to route your SLIP client subnet via your SLIP server, or you will probably need to install and configure gated on your FreeBSD SLIP server so that it will tell your routers via appropriate routing protocols about your SLIP subnet.

15.4.5.1. Static Routes

Adding static routes to your nearest default routers can be troublesome (or impossible, if you do not have authority to do so...). If you have a multiple-router network in your organization, some routers, such as Cisco and Proteon, may not only need to be configured with the static route to the SLIP subnet, but also need to be told which static routes to tell other routers about, so some expertise and troubleshooting/tweaking may be necessary to get static-route-based routing to work.

15.4.5.2. Running gated

An alternative to the headaches of static routes is to install gated on your FreeBSD SLIP server and configure it to use the appropriate routing protocols (RIP/OSPF/BGP/EGP) to tell other routers about your SLIP subnet. You can use gated from the ports collection or retrieve and build it yourself from the GateD anonymous ftp site; I believe the current version as of this writing is gated-R3_5Alpha_8.tar.Z, which includes support for FreeBSD ``out-of-the-box''. Complete information and documentation on gated is available on the Web starting at the Merit GateD Consortium. Compile and install it, and then write a /etc/gated.conf file to configure your gated; here is a sample, similar to what the author used on a FreeBSD SLIP server:

    #
    # gated configuration file for dc.dsu.edu; for gated version 3.5alpha5
    # Only broadcast RIP information for xxx.xxx.yy out the ed Ethernet interface
    #
    #
    # tracing options
    #
    traceoptions "/var/tmp/gated.output" replace size 100k files 2 general ;
    
    rip yes {
      interface sl noripout noripin ;
      interface ed ripin ripout version 1 ;
      traceoptions route ;
    } ;
    
    #
    # Turn on a bunch of tracing info for the interface to the kernel:
    kernel {
      traceoptions remnants request routes info interface ;
    } ;
    
    #
    # Propagate the route to xxx.xxx.yy out the Ethernet interface via RIP
    #
    
    export proto rip interface ed {
      proto direct {
          xxx.xxx.yy mask 255.255.252.0 metric 1; # SLIP connections
      } ;
    } ;
    
    #
    # Accept routes from RIP via ed Ethernet interfaces
              
    import proto rip interface ed {
      all ;
    } ;

The above sample gated.conf file broadcasts routing information regarding the SLIP subnet xxx.xxx.yy via RIP onto the Ethernet; if you are using a different Ethernet driver than the ed driver, you will need to change the references to the ed interface appropriately. This sample file also sets up tracing to /var/tmp/gated.output for debugging gated's activity; you can certainly turn off the tracing options if gated works OK for you. You will need to change the xxx.xxx.yy's into the network address of your own SLIP subnet (be sure to change the net mask in the proto direct clause as well).

When you get gated built and installed and create a configuration file for it, you will need to run gated in place of routed on your FreeBSD system; change the routed/gated startup parameters in /etc/netstart as appropriate for your system. Please see the manual page for gated for information on gated's command-line parameters.

15.4.6. Acknowledgments

Thanks to these people for comments and advice regarding this tutorial:

Wilko Bulte
Piero Serini