|
 |
6d6cf1 |
<sect1 id="server-usage-connections">
|
|
|
6d6cf1 |
|
|
|
6d6cf1 |
<title>Administering Dial-Up Connections</title>
|
|
|
6d6cf1 |
|
|
|
6d6cf1 |
<para>
|
|
|
6d6cf1 |
The lifetime of dial-up connections must be limitted based on
|
|
|
6d6cf1 |
the number of users you expect to establish connection and the
|
|
|
6d6cf1 |
kind of services you plan to provide. The mail service
|
|
|
6d6cf1 |
provided by the server computer is conceived as a public
|
|
|
6d6cf1 |
service so anyone with a modem attached to a computer would be
|
|
|
6d6cf1 |
able to have access to it. However, due to hardware
|
|
|
6d6cf1 |
limitations, only 100 users will be allowed to be registered
|
|
|
6d6cf1 |
in the public mail service. Based on this information, the
|
|
|
6d6cf1 |
lifetime of established connections will be of 15 minutes from
|
|
|
6d6cf1 |
the established moment on. Once the connection has been
|
|
|
6d6cf1 |
established, if the link is idle for 1 minute, the server
|
|
|
6d6cf1 |
computer will close the established connection to free the
|
|
|
6d6cf1 |
telephone line. This control can be implemented through the
|
|
|
6d6cf1 |
<option>maxconnect</option> and <option>idle</option> options
|
|
|
6d6cf1 |
inside the <application>pppd</application>'s configuration
|
|
|
6d6cf1 |
file.
|
|
|
6d6cf1 |
</para>
|
|
|
6d6cf1 |
|
|
|
6d6cf1 |
<para>
|
|
|
6d6cf1 |
Only registered user profiles will be able to establish connections
|
|
|
6d6cf1 |
to the server computer. This control can be implemented using
|
|
|
6d6cf1 |
the <option>allow-number</option> option in the
|
|
|
6d6cf1 |
<application>pppd</application>'s configuration file to define a
|
|
|
6d6cf1 |
list of all telephone numbers that are allowed to establish
|
|
|
6d6cf1 |
connection with the server computer, based on the list of
|
|
|
6d6cf1 |
registered user profiles. By default, all telephone numbers
|
|
|
6d6cf1 |
are denied from establishing access with the server computer,
|
|
|
6d6cf1 |
except those ones explicitly set by
|
|
|
6d6cf1 |
<option>allow-number</option> option. If the
|
|
|
6d6cf1 |
<option>allow-number</option> option is not present in
|
|
|
6d6cf1 |
<application>pppd</application>'s configuration file, all
|
|
|
6d6cf1 |
telephone numbers are allowed to establish connection with the
|
|
|
6d6cf1 |
server computer, so be sure to include the
|
|
|
6d6cf1 |
<option>allow-number</option> option in
|
|
|
6d6cf1 |
<application>pppd</application>'s configuration file if you
|
|
|
6d6cf1 |
want to control who can/cannot establish connection with the
|
|
|
6d6cf1 |
server computer.
|
|
|
6d6cf1 |
</para>
|
|
|
6d6cf1 |
|
|
|
6d6cf1 |
<screen>
|
|
|
6d6cf1 |
##### centos-pppd-config will overwrite this part!!! (begin) #####
|
|
|
6d6cf1 |
allow-number 12345
|
|
|
6d6cf1 |
allow-number 21345
|
|
|
6d6cf1 |
allow-number 34567
|
|
|
6d6cf1 |
##### centos-pppd-config will overwrite this part!!! (end) #####
|
|
|
6d6cf1 |
</screen>
|
|
|
6d6cf1 |
|
|
|
6d6cf1 |
<para>
|
|
|
6d6cf1 |
The <application>centos-pppd-admin</application> application
|
|
|
6d6cf1 |
must be considered part of user profile registration process
|
|
|
6d6cf1 |
inside the server computer. The
|
|
|
6d6cf1 |
<application>centos-pppd-admin</application> application would
|
|
|
6d6cf1 |
be used to control the list of allowed telephone numbers
|
|
|
6d6cf1 |
inside the <application>pppd</application>'s configuration
|
|
|
6d6cf1 |
file, based on the list of user profiles. The
|
|
|
6d6cf1 |
<application>centos-pppd-admin</application> application
|
|
|
6d6cf1 |
should be executed after any registration/deletion action
|
|
|
6d6cf1 |
against the list of user profiles with
|
|
|
6d6cf1 |
class="username">root</systemitem> privilages in order to be
|
|
|
6d6cf1 |
able of writing the settings on
|
|
|
6d6cf1 |
<application>pppd</application>'s configuration file.
|
|
|
6d6cf1 |
</para>
|
|
|
6d6cf1 |
|
|
|
6d6cf1 |
<para>
|
|
|
6d6cf1 |
Redialing consecutive connections from the same telephone
|
|
|
6d6cf1 |
number without any dealy between call retries must be avoided
|
|
|
6d6cf1 |
from client computers. This would reduce the possibilities for
|
|
|
6d6cf1 |
other client computers to establish connection with the server
|
|
|
6d6cf1 |
computer. To prevent this issue from happening, it would be
|
|
|
6d6cf1 |
necessary to provide more telephone lines than users
|
|
|
6d6cf1 |
authorized to establish connection with the server computer.
|
|
|
6d6cf1 |
Nevertheless, there is only one telephone line available for
|
|
|
6d6cf1 |
the server computer to use.
|
|
|
6d6cf1 |
</para>
|
|
|
6d6cf1 |
|
|
|
6d6cf1 |
</sect1>
|