Dial-up, like VPN, is a point-to-point connection. These usually disable the existing default gateway (by changing its metric) so that all traffic uses the PPP connection. If you are using a Microsoft dialup connection, there is probably and option called "Use default gateway on remote network'. If you disable this, it should work as you wish.
Generally, ssh involves users generating public/private key pairs andusing them to authenticate: however, on the dialups, the sshd will askyou for your password instead. (The reason for this is that you needto get Kerberos tickets to be able to do things like read your filesand incorporate your mail, and you can't get tickets without typingyour password.)
Dialup Timer
To use ssh to connect to the dialups, just do: ssh athena.dialup.mit.eduIf your username on the machine you're connecting from is not the sameas your Athena username, you'll need to use the -l option: ssh athena.dialup.mit.edu -l cmvestThe first time you connect, ssh will tell you: Host key not found from the list of known hosts. Are you sure you want to continue connecting (yes/no)? Type `yes'. It will respond: Host 'athena.dialup.mit.edu' added to the list of known hosts. cmvest's password:Type your password now. (ssh always encrypts yourconnection, so it's safe to type it here.)
For secure file transfer, use scp, which works like rcp: scp localfilename athena.dialup.mit.edu:/path/to/remotefilenameor scp athena.dialup.mit.edu:/path/to/remotefilename localfilenameor, if you need to specify a different username: scp cmvest@athena.dialup.mit.edu:/path/to/remotefilename localfilenameWhat if I can't install an ssh client on my machineYou can use shellinabox toconnect to athena.dialup.mit.edu securely.
Theoretically, someone could trick you into accepting a false keythe first time you try to connect to one of the dialups, and use thisto capture your password. The odds of this are low, but in case you'reconcerned about it, here are the fingerprints for the SSH keys in useon the dialup.mit.edu servers.
Those of a certain age (ahem) well remember what it used to be like: even just booting up the computer required patience, particularly in the earlier part of the decade, when one could shower and make coffee in the time it took to boot up one's computer from a floppy disk. One needed a dedicated phone line for the Internet connection, because otherwise an incoming call could disrupt the connection, forcing one to repeat the whole dialup process. Browsing the web was equally time-consuming back in the salad days of Netscape and Microsoft Explorer.
The basic goal when setting up DNS to work with dialup is to enableevery host in your network to resolve the domain names of every hostit needs to access. (Of course, when your connection to the Internetis down, your hosts probably don't need to resolve Internetdomain names.) If you're using dial-on-demand, there'sthe additional goal of minimizing unnecessary dialouts: ifyou're looking up the domain name of a host on your localnetwork, that shouldn't require your router to bring up aconnection to the Internet.
We'll separate dialup connections into two categories: manualdialup, by which we mean a connection to the Internet that must bebrought up by a user; and dial-on-demand, which implies the use of adevice -- often a router, but sometimes just a host running Linuxor another server operating system -- to connect to the Internetautomatically whenever hosts generate traffic bound for the Internet.We'll also describe two scenarios for each category of dialup:one in which you have just one host dialing up a connection to theInternet, and one in which you have a small network of hosts dialingup a connection. Before we talk about these scenarios, though,let's discuss what causes dialouts and how to avoid them.
16.4.3. Manual Dialup with One HostThe easiest way to deal with the simple dialupscenario is to configure your host's resolver to use a nameserver provided by your Internet service provider (ISP). Most ISPsrun name servers for their subscribers' use. If you'renot sure whether your ISP provides name servers for your use, or ifyou don't know what their IP addresses are, check their website, send them email, or give them a call.
Some operating systems, such as Windows 95, 98, and NT, let youdefine a set of name servers for use with a particular dialupprovider. So, for example, you can configure one set of name serversto use when you dial up UUNet and another to use when you dial upyour office. This is useful if you dial in to multiple ISPs.
This configuration is usually adequate for most casual dialup users.Name resolution will fail unless the dialup connection is up, butthat's not likely to be a problem, since there's no usefor Internet name service without Internet connectivity.
Some of you, however, may want to run a name server when your dialupconnection is active. It could help your performance by cachingdomain names you look up frequently, for example. This is easy to setup with a Unix-like operating system such as Linux: you'lltypically use a script like ifup to bring upyour dialup connection and ifdown to bring itdown. If that's the case, there are probably also scriptscalled ifup-post and ifdown-postthat ifup andifdown call, respectively, after they'vedone most of their work. You can start named asnamed or with ndc start inifup-post, and shut it down with ndcstop or rndc stop inifdown-post. About the only other thingyou'd need to do is set your local domain name inresolv.conf. The default resolver behavior,querying a name server on the local host, should do fine both whenthe name server's running and when it's not.
16.4.4. Manual Dialup with Multiple HostsThe simplest solution to use with the multiple host/manual dialupscenario is similar to the resolver-only configuration. You canconfigure your resolvers to use your ISP's name servers, butalso configure the resolvers to check /etc/hosts(or NIS, if you go for that sort of thing)before querying a name server. Then make sureyour /etc/hosts file contains the names of allthe hosts on your local network.
If you run an authoritative name server behind a dial-on-demand link,you want to concentrate zone maintenance activities into as short awindow as possible. If your name server is authoritative for 100zones, you'd rather not have zone refresh timers popping everyfew minutes and the resulting SOA queries bringing up thedial-on-demand link over and over again.
If you then mark one or more of your zones as dialup zones, the nameserver will try to concentrate all maintenance of that zone into ashort period and to perform the maintenance no more often than theheartbeat interval. For a slave zone, that means inhibiting thenormal refresh timer (even ignoring the refresh interval, ifit's smaller than the heartbeat interval!) and querying themaster for the zone's SOA record only at the heartbeatinterval. For a master zone, that means sending out NOTIFY messages,which will presumably bring up the dial-on-demand link and trigger arefresh on the slaves.
zone "movie.edu" type master;file "db.movie.edu";dialup yes;;Dialup zones are also useful in another, perhaps unintended way: onname servers that serve as slaves for thousands of zones. Some ISPsprovide slave service on a large scale but get bitten by miscreantswho set their zone's refresh intervals far too low. Their nameservers end up swamped with sending out SOA queries for those zones.By configuring all the zones as dialup zones and setting theheartbeat interval to something reasonable, ISPs canprevent this.
This chapter introduces and explains some of the technologies used in dialup networks. You will find configuration tips and interpretations of some of the show commands, which are useful for verifying correct operation of the network. Troubleshooting procedures are beyond the scope of this document and can be found in the document entitled Troubleshooting Dialup.
Interesting is the term used to describe packets or traffic that will either trigger a dial attempt or, if a dial link is already active, will reset the idle timer on the dialer interface. For a packet to be considered interesting:
The destination address of the packet is evaluated against the access list specified in the associated dialer-list command. If it passes, either a call is initiated (if no connection has already been established) or the idle timer is reset (if a call is currently connected).
For each networking protocol that is to be sent across the dial connection, a access list may be configured. For purposes of cost control, it is usually desirable to configure an access list in order to prevent certain traffic, such as routing updates, from bringing up or keeping up a connection. Note that when we create access lists for the purpose of defining interesting and uninteresting traffic, we are not declaring that uninteresting packets cannot cross the dial link. We are just indicating that they will not reset the idle timer, nor will they bring up a connection on their own. As long as the dial connection is up, uninteresting packets will still be allowed to flow across the link.
A packet must be permitted by the access-list 121 statements, before crossing the interface async 1, in order to be considered interesting. In this case, EIGRP packets are denied, as are any other broadcast packets, while all other IP traffic is permitted. Remember that this does not prevent EIGRP packets from transiting the link. It only means that these packets will not reset the idle-timer or initiate a dial attempt.
When Multilink PPP is configured and you want a multilink bundle to be connected indefinitely, use the dialer idle-timeout command to set a very high idle timer. The dialer-load threshold 1 command does not keep a multilink bundle of n links connected indefinitely, and the dialer-load threshold 2 command does not keep a multilink bundle of two links connected indefinitely. 2ff7e9595c
Comentarios