/usr/share/isdn/default/device.DEVICE is in isdnutils-base 1:3.25+dfsg1-3.7ubuntu1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 | #!/bin/sh
# REMOVE the next line once configuration is complete #########################
echo "Warning! $0 not configured yet! Aborting..."; exit 1
# REMOVE the above line once configuration is complete ########################
# Instructions: read the comments for each command, and if necessary, edit
# the command (e.g. replace EAZ with your real EAZ or MSN). Look for lines
# marked with XXX_, which is probably all you need to change.
# If the command is commented out, remove the leading '#' to enable it if
# the command is needed.
#
# After you have configured this file, remove the "Warning!" line above to
# enable this file.
# If using dynamic IP addresses:
# Check out the /etc/ppp/ip-up.d/isdnutils and /etc/ppp/ip-down.d/isdnutils
# scripts, to ensure that any routing is done correctly there (the
# ip-up.d/isdnutils script is run after a syncPPP link is established, and the
# ip-down.d/isdnutils script is run after the link goes down).
# You need to have the ppp package installed for those scripts to work.
set -e # exit on _any_ error
# Get the device name
device=`basename $0`; device=${device#*.}
# this used to be simple, but POSIX is a bit more limited
# ippp0+8 -> devtype=ippp
devtype=${device%%[0-9]*}
# ippp0+8 -> devnums=0+8
devnums=${device##$devtype}
# ippp0+8 -> device=ippp8
device=$devtype${devnums#[0-9]*+}
dowhat="$1"
masterslave="$2"
case "x$masterslave" in
xmaster) master=true; slave=false;;
xslave) master=false; slave=true; masterdevice="$3";;
x) master=false; slave=false;;
*) echo "Error, $0 called with unknown 2nd arg '$masterslave', aborting!"
exit 1;;
esac
# The (dummy) IP addresses
#
# Use 169.255.255.169 for LOCALIP and 10.0.0.2 for REMOTEIP if you have
# dynamic IP addresses; with static address fill in the real values!
LOCALIP=169.255.255.169 # XXX_
REMOTEIP=10.0.0.2 # XXX_
# Phone numbers (without the leading zero)
#
# REMOTEMSN may be a list of numbers to dial, separated by a space.
# If you do that, DO put quotes around the whole value! Like:
# REMOTEMSN='221345788 221345789'
#
# The REMOTEMSN must be the areacode (without the leading zero) + phonenumber!
#
# Example: areacode: 0221 phonenumber: 345789
# => REMOTEMSN='221345789'
#
# EXPLANATION:
# A zero is added below when it is used as the outgoing number;
# when it it used as the incoming number, it must be without a leading zero
# (which is why you must leave that leading zero out below).
# The local number must also be given without the leading zero!
#
# EXCEPTION:
# In countries where there are NO areacodes, this leading zero must NOT be
# added. In that case, change the value of LEADINGZERO below to ''
# LEADINGZERO could conceivably need to be something else in certian
# situations, so it is configurable.
LOCALMSN=203123456 # XXX_
REMOTEMSN=221345789 # XXX_
LEADINGZERO=0 # XXX_ use LEADINGZERO='' if you have no areacodes.
# DIALMODE:
# New with kernel 2.0.36 is the `dialmode' setting.
# dialmode=auto is compatible with the old behaviour (dial-on-demand enabled).
# Read the isdnctrl manpage for more info.
# Change the value below if you want a different setting when the interface is
# started.
# For slave devices (channel bundling) dialmode _must_ be auto,
# so for slave devices this setting is ignored.
DIALMODE=auto # XXX_ other values can be 'on' and 'off'
# Encapsulation (default is syncppp for ipppX devices, rawip for isdnX devices)
# Change the next four lines if you need some other value.
if expr ${device} : ippp > /dev/null
then ENCAP=syncppp
else ENCAP=rawip
fi
# Configuration (start)
case "$dowhat" in
start)
# XXX_
# If running kernel 2.0.31 or higher, enable the IP dynamic hack
# (if needed). See linux/Documentation/networking/ip_dynaddr.txt .
# Default is: enabled. If you have static IP numbers, you can remove
# the next line.
[ -f /proc/sys/net/ipv4/ip_dynaddr ] && echo 5 > /proc/sys/net/ipv4/ip_dynaddr
# First you need to create the interface
if $slave
then isdnctrl addslave ${masterdevice} ${device}
else isdnctrl addif ${device}
fi
# l2_prot name protocol
# Set the layer-2 protocol for interface "name". Possible values for
# "protocol" are x75i, x75ui, x75bui and hdlc
# (most people use hdlc)
isdnctrl l2_prot ${device} hdlc
# l3_prot name protocol
# Set the layer-3 protocol for interface "name". At the moment only
# trans is supported. If protocol is omitted the current setting is
# printed.
isdnctrl l3_prot ${device} trans
# eaz name num
# Set the EAZ (German 1TR6 protocol) or MSN (Euro-ISDN E-DSS1) for
# interface "name" to "num". For an EAZ this is only one digit, for a
# MSN "num" is the whole MSN.
# In the Netherlands this includes the areacode, but not the leading 0.
# (other countries?)
isdnctrl eaz ${device} $LOCALMSN
# addphone name out num
# Set the phone number(s) of the remote site for the IP-interface
# "name". More than one number can be set by calling isdnctrl addphone
# repeatedly. If more than one number is set these will be tried one
# after another. When using an german SPV-type connection, with a
# ICN-card, the number has to be preceeded by a capital S.
# This is the "normal" number.
if [ ! -z "$REMOTEMSN" ]; then
for MSN in $REMOTEMSN; do
isdnctrl addphone ${device} out $LEADINGZERO$MSN
done
fi
# addphone name in num
# Set the phone number(s) that the IP-interface "name" is supposed to
# accept for incoming calls. If no number is given, incoming calls are
# disabled. More than one number can be set by calling isdnctrl addphone
# repeatedly. Also wildcards can be used (see below).
# In the Netherlands (and elsewhere?),
# this is with areacode but without leading 0
#if [ ! -z "$REMOTEMSN" ]; then
# for MSN in $REMOTEMSN; do
# isdnctrl addphone ${device} in $MSN
# done
#fi
# secure name on|off
# Turns on or off the security feature for interface "name". If set to
# on, incoming calls will only be accepted if the calling number has
# been added to the access list with isdnctrl addphone name in.
isdnctrl secure ${device} on
# huptimeout name seconds
# Set the hangup timeout for interface "name" to "seconds". If there
# is inactivity (i.e. no traffic on the interface) for the given time
# the driver automatically shuts down the connection.
# Default is 60 seconds
isdnctrl huptimeout ${device} 60 # XXX_
# dialmax name num
# Set the number of dial atempts for interface "name" to "num". If
# dialing, each phonenumber is tried this many times before giving up.
#isdnctrl dialmax ${device} NUM
# ihup name on|off
# Turn on or off the hangup timeout for incoming calls on interface name
#isdnctrl ihup ${device} on
# encap name encapname
# Set the encapsulation mode for interface "name". Possible modes for
# encapname are: rawip ip cisco-h ethernet syncppp uihdlc
# (most people use rawip, syncppp or cisco-h; syncppp is normal for
# ISP's, rawip is normal for semi-fixed linux-linux connections)
isdnctrl encap ${device} $ENCAP
# verbose num
# Set verbosity level to <num>.
# (2 shows the first package of every connection, that is very useful.)
# WARNING: this is a global parameter, that affects all isdn devices!
isdnctrl verbose 2
# CHARGEHUP FUNCTION
# chargehup name on|off
# Turn on or off hangup before next charge info for interface name. This
# can only be used if the ISDN provider transmits charge info during and
# after the connection. If set to on, the driver will close the
# connection just before the next charge info will be received if the
# interface is inactive.
#isdnctrl chargehup ${device} on
# chargeint name seconds
# When "seconds" are given, the charge interval for the given interface
# is set. This may be of use on ISDN lines with no chargeinfo or no
# online chargeinfo. The connection will only be closed 2 seconds before
# the end of the next charge interval and only, if huptime out seconds
# of inactivity have been reached. If ihup is on, also incomming
# connections are closed by this mechanism.
#isdnctrl chargeint ${device} NUM
# CALLBACK FUNCTION
# callback name off|in|out
# Selects callback mode for interface "name". If call-back mode is in,
# then after getting an incoming call, a callback is triggered. If
# callback mode is out, then this system does the initial call, then
# waiting for callback of the remote machine.
#isdnctrl callback ${device} MODE
# cbdelay name seconds
# Set the callback delay for interface "name" to "seconds". If callback
# mode for this interface is in, dialing is delayed the given time. If
# the callback mode is out, after dialing out and waiting the given
# time, a hangup is issued to free the line for the incoming callback
# from the remote machine. This hangup-after-dial is disabled by setting
# cbdelay to 0.
#isdnctrl cbdelay ${device} SECONDS
# cbhup name on|off
# Turns on or off Hangup (Reject) for interface "name" before starting
# Callback.
#isdnctrl cbhup ${device} MODE
# OTHER OPTIONS
# There are other options not used by most people. You can insert these
# options here.
# See also : isdnctrl(8), isdnctrl help text
# pppbind is needed when using one ipppd per ippp interface
# (like Debian does)
bindnum=`expr $device : 'ippp\(.*\)'` || true
if [ ! -z "$bindnum" ]; then
isdnctrl pppbind ${device} $bindnum
fi
# NETWORK SETUP
# Network device setup as usual (not applicable to slave devices!)
# See also : ifconfig(8) route(8) or any book about unix networking.
if ! $slave; then
ifconfig ${device} $LOCALIP pointopoint $REMOTEIP netmask 255.255.255.255
set +e # ignore errors from here on
route del -host $REMOTEIP ${device} 2>/dev/null
route add -host $REMOTEIP ${device}
# setting default route here is only useful if this is your only
# outside connection... The default is ippp0 for the default route.
# NOTE: default route for ippp0 is also set in /etc/ppp/ip-up.d/00-ipppd
# and /etc/ppp/ip-down.d/99-ipppd ! So if you don't want the
# default route over ippp0, edit those scripts as well.
# Another solution is not to use ippp0 at all; this is only done
# for ippp0 so by skipping that (and starting with ippp1 for
# example) you don't have to edit anything to avoid changing the
# default route!
if [ "$bindnum" = 0 ]; then
route del default 2>/dev/null
route add default netmask 0 ${device}
fi
# FIREWALL RULES XXX_
# Explicitly list what's allowed, and then deny the rest.
# I'm assuming kernel 2.2.x here, hence ipchains
# instead of ipfwadm or iptables. Note also that this is pretty
# simple-minded, and offers only rudimentary protection.
#
# The firewall rules below will only work here if using static IP
# addresses!!! For dynamic addresses the rules should be added in
# /etc/ppp/ip-up.d/00-isdnutils and deleted in
# /etc/ppp/ip-down.d/99-isdnutils .
# Also note you usually only want a setup as below for the interface
# facing the internet, not if you're using the interface to connect a
# local subnet (unless you're using masquerading).
# Also be sure to check the config to make sure it fits what you want.
#
# ipchains -A input -j ACCEPT -i ${device} -p TCP -d ${LOCALIP} 1000:
# ipchains -A input -j ACCEPT -i ${device} -p TCP -d ${LOCALIP} ssh
# ipchains -A input -j ACCEPT -i ${device} -p TCP -d ${LOCALIP} smtp
# ipchains -A input -j ACCEPT -i ${device} -p TCP -d ${LOCALIP} ident
# ipchains -A input -j ACCEPT -i ${device} -p TCP -d ${LOCALIP} ftp
# ipchains -A input -j ACCEPT -i ${device} -p TCP -d ${LOCALIP} http
# ipchains -A input -j ACCEPT -i ${device} -p UDP -d ${LOCALIP} 1024:
# ipchains -A input -j ACCEPT -i ${device} -p ICMP -d ${LOCALIP}
# ipchains -A input -j DENY -i ${device}
# If you don't have masquerading set up yet, try the following
# (I recommend the ipmasq package).
# Replace 192.168.1 with the network number you use on the hosts
# that will use masquerading.
# ipchains -I forward -j MASQ -s 192.168.1.0/24
fi # not slave
# ignore errors in case of older kernel
if $slave
then isdnctrl dialmode $device auto >/dev/null 2>&1
else isdnctrl dialmode $device $DIALMODE >/dev/null 2>&1
fi
;;
# Delete the interface
stop)
set +e # ignore errors from here on
isdnctrl dialmode $device off >/dev/null 2>&1
if ! $slave; then
# FIREWALL RULES XXX_
# Undo the things done above.
#
# ipchains -D input -j ACCEPT -i ${device} -p TCP -d ${LOCALIP} 1000:
# ipchains -D input -j ACCEPT -i ${device} -p TCP -d ${LOCALIP} ssh
# ipchains -D input -j ACCEPT -i ${device} -p TCP -d ${LOCALIP} smtp
# ipchains -D input -j ACCEPT -i ${device} -p TCP -d ${LOCALIP} ident
# ipchains -D input -j ACCEPT -i ${device} -p TCP -d ${LOCALIP} ftp
# ipchains -D input -j ACCEPT -i ${device} -p TCP -d ${LOCALIP} http
# ipchains -D input -j ACCEPT -i ${device} -p UDP -d ${LOCALIP} 1024:
# ipchains -D input -j ACCEPT -i ${device} -p ICMP -d ${LOCALIP}
# ipchains -D input -j DENY -i ${device}
# If you don't have masquerading set up yet, try the following.
# Replace 192.168.1 with the network number you use on the hosts
# that will use masquerading.
# ipchains -D forward -j MASQ -s 192.168.1.0/24
# Commands to undo the network stuff
route del $REMOTEIP $device 2> /dev/null
# only delete default route if set above!
# The default is to use ippp0 for your default route.
bindnum=`expr $device : 'ippp\(.*\)'`
if [ "$bindnum" = 0 ]; then
route del default netmask 0 2>/dev/null
fi
ifconfig $device down 2> /dev/null
isdnctrl delif $device 2> /dev/null
# If this was the master device,
# the delif will also have removed the slaves.
fi
;;
# the rest is generic, don't touch
*)
echo "Usage: $0 {start|stop}"
exit 1
;;
esac
exit 0
# vim:set sw=4 si:
|