Virtual OS/2 International Consumer Education
VOICE Home Page: http://www.os2voice.org
October 2002

[Newsletter Index]
[Previous Page] [Next Page]
[Feature Index]

editor@os2voice.org


How to create your own (small) ISP, in 3 easy (and 57,245 difficult) steps. Part 2

By Michael W. Cocke © October 2002

Part 2: In which we attempt to make use of all this stuff.

Registering a Domain:

Scream once, right now, to get it out of your system. Then contact your ISP and find out if their nameservers will host you or if you'll need to arrange something else. If they'll host your DNS record, get their NIC handle number (more on this later), and the names and IP addresses of their nameservers.

If they will not host you, go to IAT Holonet and get set up for HoloDNS service. This will cost you around $25.00 per month, but you really don't have another option. (You actually DO have another option, but I recommend against setting up your own DNS. You will not believe the documentation for BIND.)

Holonet is the BEST ISP, web host, and other service provider that I have ever had the good luck to encounter. Throw yourself on their mercy and tell them you're just in the process of registering a domain. They will be incredibly patient and very helpful.

After you're signed up with them, get their NIC Handle and nameserver names and addresses.

Next, go to Network Solutions and find a domain name that you like that isn't already in use. This could take a while. After you find one, the Network Solutions site will walk you through registration. The 'technical contact' is the NIC handle of whoever is hosting your DNS, and the name server info is obvious. You will be the administrative and billing contact. Sometime during this, you'll be issued a NIC handle of your own. Keep this handy, in case one of your coffee mugs should ever break, you'll have a spare handle.... No, seriously, you don't need to memorize this, but do make a note of it - if you ever need to make changes to your domain registration, this will save you a lot of typing.

This is as good a place as any to discuss the alternatives to registering with Network Solutions. Yes, there are other domain registrars. One of the domains I administer is registered that way, and the other seven are registered with Network Solutions. Network Solutions is slow, the paperwork authentication process is a royal pain in the butt, and they have occasions of complete non-performance. That notwithstanding, I recommend using them. They've been doing this longer than anyone, and they know what to do. I've had my share of opensrs (an alternate domain registrar) glitches too. At least Network Solutions occasionally answers their messages.

Ok - in about a week, more or less, people will be able to go to www.yourdomain.com and connect to you. Let's see if we can get something there, shall we?

Web Server:

Apache.

I use and recommend Apache (I use version 1.3.26 right now). It's free, it comes with the source code, and it can do about anything you can think of. It's also complex. The first thing you should do, before even downloading it (Apache for OS/2) is to go to your local bookstore (or amazon.com) and buy a few books on Apache. I recommend "Apache: The Definitive Guide", and "Apache Server for Dummies". The Definitive book is painfully complete, but they tend to assume you know what you're doing. Apache for Dummies is a good start. You should also probably pick up a book on HTML.

I'll mention one or two bizarre things with Apache that I've encountered here.

First, if you decide to set up mod_roaming at some point, be prepared to recompile Apache. I don't know what happened, but mod_roaming used to crash and burn every day or so. I decided to hack some debug code into it, to see if I could find the problem. After I managed to recompile Apache (which was a whole OTHER project), mod_roaming worked painlessly. Ultimately, I wrote a utility called PMRA (Poor Mans Roaming Access, which makes mod_roaming redundant.

Second, in some versions of Apache, exec-cmd has a bug in it. Use exec cgi. If this means nothing to you at this point, don't worry about it. Just remember it for when you DO encounter the problem.

Third, on the Apache for OS/2 web page, you will find a link to the correct emxrt on hobbes. The reason is quite technical:  "It works right."  Seriously - IBM has been playing with the TCP/IP stack in all versions of OS/2 for a while now, so you would assume it would all be straightened out by now; right? WRONG. With this latest emxrt and using the original IP stack that shipped with WSeB, I can run my system as long as I want to without rebooting. Change either of those variables, and you'll need to reboot weakly, er, weekly. I won't get into my theory (or any others) about WHY this is, this whole article is based on observation, not irrelevant details like what the manuals say or what the programmers think.

As was the case with the firewall, getting basic function is most important, you can fiddle with it later. Out of the box, Apache will serve its help pages, so if you can get to www.yourdomain.com with a browser and see the Apache help information, you've done well. If not, see httpd.conf (in the \apache\conf directory) and read it. Personally, I made do with just this info and a book on HTML for my first year. I broke down and bought some books when I started getting involved with the <virtualhost> stuff., which I have no intention of discussing here.

Email:

Weasel.

Ok - more detail. Go here to download Weasel. The docs are pretty good, although leave the sites to accept relay mail from and for set to * for now. Fiddle with it later, if you decide to. That's pretty much it. Weasel works very well with a minimum of configuration and fooling around. I'll pay it my highest compliment - it just works. No weirdness, nothing to watch out for. It just works.

Set up your email client to use yourdomain.com for SMTP and pop3 mail services, username and password as you configure in the weasel setup program. You're done.

Telnet and ftp servers:

I just use the standard servers for these that come with WSeB. There are other, and probably better ones, but these work. 

Dialin port(s):

And we're off into the weird again. Go back to F/X Communications again and purchase Injoy Connect(IC). There are other ways to do this, including the standard ppp program that's built into OS/2, but there are also issues with them. Injoy Connect is fairly complex to set up, but it works very well after that, and is much more flexible and capable.

First of all, this setup isn't configured to use dynamic IP addresses. Personally, I find the whole idea of dynamic IP addresses a royal pain. You'll spend more time trying to figure out why DHCP isn't working this week than you will ever save keeping track of your static IP addresses. "Can anyone say database?"

I assign the dialin port (gateway) an ip address of 10.2.2.1. and the dialing system an address of 192.168.0.6. That's all handled from injoy connect.

My IC is located in a directory called c:\ppp_svr

Injoy connect uses a whole bunch of text files for all of its config settings. Put these (see below) in the 'c:\ppp_svr\bin\default.db' directory and start connect with the lines:

cd\ppp_svr\bin
start /min fxkernel
start /min dbserv -s:default.db
start /min portserv -s:default.db
call delay 2
start /min icgui

(Here's delay.cmd - which you WILL need - the other stuff needs to be fully started before starting the gui.) It's also very handy for using in your startup.cmd file - some things need to fully started before other things start - I'll go into more detail on this in section 3.

/* delay.cmd - make system sleep for specified #of seconds */
/* syntax: sleep &lt;time&gt;, where &lt;time&gt; is time in seconds */
call RxFuncAdd "SysSleep", "RexxUtil", "SysSleep"
parse arg sleeptime;
sleeptime=strip(sleeptime)
if sleeptime= '' then do
say "SLEEP.CMD - make system sleep for specified #of seconds"
say "Usage: sleep &lt;time&gt;"
say " where &lt;time&gt; is time in seconds"
exit
end
else
call SysSleep sleeptime
exit


BTW - The Injoy Connect GUI seems to be optional, but it's nice to be able to see what's happening.

The following are the Injoy Connect default.db files. Please don't just cut and paste them - READ them. What I have configured works fine for what I want and how I want it done. YOUR NEEDS WILL ALMOST CERTAINLY BE DIFFERENT. I just modified the parts of the standard distribution files that I needed to, so you'll find lots of stuff that is disabled or irrelevant.

I did the best I could to avoid line wrapping where it shouldn't be, but check carefully.

--------------------------------------------------------------------------------------

Injoy Connect default.db files

autstart.cnf

#-----------------------------------------------------------------------------
#AUTSTART.CNF
#-----------------------------------------------------------------------------
#
#Location.: Setup directory
#
#Purpose..: Define program-entries for autostarting
#
#Syntax...: Records begin in first position of a line.
#Attribute and value pairs are case-sensitive!
#Strings and IP address must be in quotes.
#
#The following meta variables can be used in
#the parameter field (with common sense)
#
#"[$PORT-ID]" - Id of port
#"[$DTE-SPEED]" - Speed of com-port
#"[$DEVICE]" - Device name (e.g. com2)
#"[$USER-ID]" - User ID
#"[$USER-DESCR]" - User Description field
#"[$PRIORITY]" - User priority
#"[$FCS]" - FCS errors
#"[$IP-LOCAL]" - Local (gateway) IP address
#"[$IP-PEER]" - IP address of user (PEER)
#"[$NETMASK]" - Netmask of user (PEER)
#"[$PROTOCOL]" - "PPP" or "SLIP"
#"[$MTU]" - MTU of PPP link
#"[$PKT-OUT]" - Number of packets going to user (from IP stack)
#"[$PKT-IN]" - Number of packets from user (to IP stack)
#"[$CHARS-OUT]" - Characters going out the port (to user)
#"[$CHARS-IN]" - Characters coming in the port (from user)
#"[$CON-TIME]" - Connection time in seconds
#
#Help.....: Not yet available
#
#Errors...: Dumped to logs/errors.trc
#
#-----------------------------------------------------------------------------


comment.txt

#-----------------------------------------------------------------------------
SAMPLE: COM2, authentication required.
#-----------------------------------------------------------------------------


filters.cnf

#-----------------------------------------------------------------------------
#FILTERS.CNF
#-----------------------------------------------------------------------------
#
#Location.: Database Directory
#
#Purpose..: Define filter rules used by the F/X Packet Filter Plugin.
#Default values are picked up from filters.cnf in base directory.
#
#Syntax...: Records begin in first position of a line.
#Attribute and value pairs are case-sensitive!
#Strings and IP address must be in quotes.
#
#Help.....: FILTER.TXT
#
#Errors...: Dumped to logs/errors.trc
#
#-----------------------------------------------------------------------------
#Notice:
#
#Currently filters are global and not per user (as RADIUS defines).
#----------------------------------------------------------------------------- #
# #
#SAMPLE SAMPLE SAMPLE SAMPLE SAMPLE SAMPLE SAMPLE SAMPLE #
# #
#FUNCTION: Only NEW TCP connections and DNS lookups cause Dial-on-Demand #
# #
#When using the InJoy Dialer, it is often seen how just about #
#any packet can trigger Dial-on-Demand. With filtering you have #
#almost unlimited possibilities for fine-tuning DoD and below #
#is a example that will allow only DNS-lookups and new TCP #
#connections to trigger DoD. The three filters work together #
#and the fact that filters are analyzed top-down helps us to #
#simply allow the 2 special situations and then in the third #
#filter reject everything else. #
# #
#TO ACTIVATE THE 3 FILTERS, REPLACE 'Passive' WITH 'Offline' #
# #
#----------------------------------------------------------------------------- #
DOD-ALLOW-DNS Filter-Status = Passive,
Filter-Root = Yes,
Comment = "Allow DNS lookups",
Filter-Scope = Outgoing-Packets,
Protocol = UDP,
Port = DNS,
Action = Forward-Packet, DOD-ALLOW-SYN Filter-Status = Passive,
Filter-Root = Yes,
Comment = "Allow SYN packets (new tcp connections)",
Filter-Scope = Outgoing-Packets,
Protocol = TCP,
Bit-Number = SYN,
Bit-Value = 1,
Action = Forward-Packet,
DOD-REJECT-ALL Filter-Status = Passive,
Filter-Root = Yes,
Comment = "Reject everything else...",
Filter-Scope = Outgoing-Packets,
Protocol = IGNORE,
Port = IGNORE,
Action = Drop-Packet,
#----------------------------------------------------------------------------- #
# #
#SAMPLE SAMPLE SAMPLE SAMPLE SAMPLE SAMPLE SAMPLE SAMPLE #
# #
#FUNCTION: Removing outgoing NETBIOS packets #
# #
#An intranet with many Windows computers will typically generate #
#a large number of NETBIOS packets, keeping your network busy. #
# #
#Below three filters that will keep these packets from hitting the #
#ISP and the Internet. #
# #
#----------------------------------------------------------------------------- #
NETBIOS Filter-Status = Passive,
Filter-Root = Yes,
Comment = "Remove Outgoing UDP Netbios-NS",
Filter-Scope = Outgoing-Packets,
Protocol = UDP,
Port = NETBIOS,
Action = Drop-Packet,
NETBIOS-NS Filter-Status = Passive,
Filter-Root = Yes,
Comment = "Remove Outgoing UDP Netbios-NS",
Filter-Scope = Outgoing-Packets,
Protocol = UDP,
Port = NETBIOS-NS,
Action = Drop-Packet,
NETBIOS-NS-S137 Filter-Status = Passive,
Filter-Root = Yes,
Comment = "Remove packets with source port Netbios-NS",
Filter-Scope = Outgoing-Packets,
Protocol = UDP,
Port = 53,
Offset-Relativity = TCP-Head-Start,
Offset = 0,
Hex-String = "\x00\x89",
Action = Drop-Packet,
#----------------------------------------------------------------------------- #
# #
#SAMPLE SAMPLE SAMPLE SAMPLE SAMPLE SAMPLE SAMPLE SAMPLE #
# #
#FUNCTION: Demonstrate hex-matching #
# #
#Demonstrates the use of hex string matching to remove Netbios Keep #
#alive packets. #
# #
#----------------------------------------------------------------------------- #
NETBIOS-KEEPALIVE Filter-Status = Passive,
Filter-Root = Yes,
Comment = "Remove Keep-Alive via Hex-String match",
Filter-Scope = Outgoing-Packets,
Protocol = UDP,
Port = NETBIOS,
Offset-Relativity = Data-Start,
Offset = 0,
Hex-String = "\x00\x02\x0D\xF4\x0A\x03\x18\x61\x00\x8A\x00\xC6\x00\x00\x20",
Action = Drop-Packet,
#----------------------------------------------------------------------------- #
# #
#SAMPLE SAMPLE SAMPLE SAMPLE SAMPLE SAMPLE SAMPLE SAMPLE #
# #
#FUNCTION: Turning off ICMP #
# #
#Some system administrators turn off all ICMP traffic to harden #
#the job for hackers and possible flood pingers. A simple filter #
#to turn off ALL ICMP traffic (including your ping and tracerte) is #
#found below: #
# #
#----------------------------------------------------------------------------- #
ICMP-FILTER Filter-Status = Passive,
Filter-Root = Yes,
Comment = "Remove ICMP using Protocol matching",
Filter-Scope = Incoming-Packets,
Protocol = ICMP,
Action = Drop-Packet,
#----------------------------------------------------------------------------- #
# #
#SAMPLE SAMPLE SAMPLE SAMPLE SAMPLE SAMPLE SAMPLE SAMPLE #
# #
#FUNCTION: Block a WWW site #
# #
#The below filter demonstrates how all people on the 10.2.*.* network #
#are cut off from the porn site found at 207.126.124.139. #
# #
#----------------------------------------------------------------------------- #
PORN-FILTER Filter-Status = Passive,
Filter-Root = Yes,
Comment = "Filter WWW using IP Address matching",
Filter-Scope = Outgoing-Packets,
Protocol = TCP,
Port = WWW,
Source-IP = "10.2.0.0",
Destination-IP = "207.126.124.139",
Source-Netmask = "255.255.0.0",
Destination-Netmask = "255.255.255.255",
Action = Drop-Packet,
#----------------------------------------------------------------------------- #
# #
#SAMPLE SAMPLE SAMPLE SAMPLE SAMPLE SAMPLE SAMPLE SAMPLE #
# #
#FUNCTION: TCP session termination #
# #
#The tcp/ip stack has a habit of trying to kill tcp connections #
#even after the IP connection is lost and the tcp application is #
#dead. The below filters will remove these packets in the offline #
#state, dramatically reducing the number of bogus packets in your #
#network. Offers a nice improvement of Dial-on-Demand so use these #
#in the 'Offline' state (Filter-Status = Offline). #
# #
#----------------------------------------------------------------------------- #
FIN-PACKETS Filter-Status = Passive,
Filter-Root = Yes,
Comment = "Remove FIN pkts using Bit matching",
Filter-Scope = Outgoing-Packets,
Protocol = TCP,
Bit-Number = FIN,
Bit-Value = 1,
Action = Drop-Packet,
RST-PACKETS Filter-Status = Passive,
Filter-Root = Yes,
Comment = "Remove RST pkts using Bit matching",
Filter-Scope = Outgoing-Packets,
Protocol = TCP,
Bit-Number = RST,
Bit-Value = 1,
Action = Drop-Packet,
#-----------------------------------------------------------------------------



ip-pool.cnf

#-----------------------------------------------------------------------------
#IP-POOL.CNF
#-----------------------------------------------------------------------------
#
#Location.: Setup directory
#
#Purpose..: Define ip pools for dynamic assignment of IP addresses.
#
#Syntax...: Records begin in first position of a line.
#Attribute and value pairs are case-sensitive!
#Strings and IP address must be in quotes.
#
#Help.....: Not yet available
#
#Errors...: Dumped to logs/errors.trc
#
#-----------------------------------------------------------------------------



ports.cnf

#-----------------------------------------------------------------------------
#PORTS.CNF
#-----------------------------------------------------------------------------
#
#Location.: Setup directory
#
#Purpose..: Define ports
#
#Syntax...: Records begin in first position of a line.
#Attribute and value pairs are case-sensitive!
#Strings and IP address must be in quotes.
#
#Help.....: Not yet available
#
#Errors...: Dumped to logs/errors.trc
#
#-----------------------------------------------------------------------------

com1 Port-Status = Port-Enabled,
Port-Id = 0,
Description = "Port 1",
Default-User = "ppp_default",
Speed = 115200,
Authentication = CHAP-AND-PAP,

#-----------------------------------------------------------------------------

(You'll need to change this for your comm port setup.)



server.cnf

#-----------------------------------------------------------------------------
#SERVER.CNF
#-----------------------------------------------------------------------------
#
#Location.: Setup directory
#
#Purpose..: InJoy Connect General Server Settings.
#
#Syntax...: Records begin in first position of a line.
#Attribute and value pairs are case-sensitive!
#Strings and IP address must be in quotes.
#
#Help.....: Not yet available
#
#Errors...: Dumped to logs/errors.trc
#
#-----------------------------------------------------------------------------
SERVER_SETTINGS Status = Enabled,
Primary-DNS = "207.99.0.1"
Secondary-DNS = "207.99.0.2"
Autostart-Control=Enabled

#-----------------------------------------------------------------------------

(You'll need to change the nameserver addresses.)


users.cnf

#-----------------------------------------------------------------------------
#USERS.CNF
#-----------------------------------------------------------------------------
#
#Location.: Setup directory
#
#Purpose..: Database of users
#
#Syntax...: Records begin in first position of a line.
#Attribute and value pairs are case-sensitive!
#Strings and IP address must be in quotes.
#
#Help.....: Not yet available
#
#Errors...: Dumped to logs/errors.trc
#
#-----------------------------------------------------------------------------

#The below two users are used throughout the examples as "default users".
#Default users are users that are active on the port, as long as other
#(real) users have not logged in. If authentication is disabled (in the
#settings) for a port, then these default users provide enough information
#for a successful PPP or SLIP session.

ppp_default User-Service = Framed-User,
Framed-Protocol = PPP,
Login-Host = 10.2.2.1,
Framed-IP-Address = 10.2.2.10,
 

slip_default User-Service = Framed-User,
Framed-Protocol = SLIP,
Login-Host = 10.2.2.1,
Framed-IP-Address = 10.2.2.10,

USER Password = "PASSWORD",
User-Service = Framed-User,
Framed-Protocol = PPP,
Login-Host = 10.2.2.1,
Framed-IP-Address = 192.168.0.6,

#-----------------------------------------------------------------------------

(You'll need to change USER to your user name, and PASSWORD to your password.)


Now, observations and oddities: 

You absolutely positively MUST start IC before you start your firewall and connection to the internet. Strange things will happen otherwise.

You may experience strange things anyway, such as the GUI failing to start. Play with the load order in your startup.cmd file if this happens. I now start IC as the second item, right after net start server, and it works. I used to start it further down (just before Apache), and it bombed. Go figure. I'll go into more detail about this in section 3.

References:

Other links referenced:
  Apache for OS/2 - http://silk.apana.org.au/apache/
  Weasel SMTP/Pop3 server - http://eepjm.newcastle.edu.au/os2/weasel.html
  FX Communications - Injoy Firewall/Injoy Connect - http://www.fx.dk
  Timekeeper/2 - http://hobbes.nmsu.edu/cgi-bin/h-search?key=timekeeper
  cron214.zip - http://hobbes.nmsu.edu/pub/os2/util/schedule/cron214.zip
  Bind - http://hobbes.nmsu.edu/pub/os2/apps/internet/util/bind824.zip
  Mike's Notebook - http://www.catherders.com/mwcexp.shtml


Mike's Notebook - http://www.catherders.com/mwcexp.shtml web site contains an assortment of frequently updated articles and tips for OS/2 users.


[Feature Index]
editor@os2voice.org
[Previous Page] [Newsletter Index] [Next Page]
VOICE Home Page: http://www.os2voice.org