The new ISDN drivers in 2.0.36 defaults to manual dialmode, not
autodial. This is done to prevent unexpected (and unnoticed) dialouts.
(See the big section about those and their dangers:
dod).
To enable autodial for a given interface e.g. ippp0, use
isdnctrl dialmode ippp0 auto
The meaning of the values for dialmode is:
off
means that you (or the system) cannot make any connection
(neither incoming nor outgoing connections are possible). Use
this if you want to be sure that no connections will be made.
auto
means that the interface is in auto-dial mode, and will
attempt to make a connection whenever a network data packet needs
the interface's link. Note that this can cause unexpected dialouts,
and lead to a high phone bill! Some daemons or other pc's that use
this interface can cause this.
Incoming connections are also possible.
manual
(DEFAULT) is a dial mode created to prevent the unexpected dialouts.
In this mode, the interface will never make any connections on its
own. You must explicitly initiate a connection with:
isdnctrl dial ippp0
To end the connection, use:
isdnctrl hangup ippp0
Please note that the huptimeout may still end the connection
automatically! To ensure that you have to hang up manually, you have to switch
this off:
isdnctrl huptimeout ippp0 0
To allow a normal user to initiate a dialout, have a look at question
dialout_permission.
ISDN usage depends on the permissions to the devices /dev/ttyI* and
/dev/cui*. You have several choices to selectively allow users to do
ISDN transactions.
You can establish the group `isdn' in /etc/group, and do:
It has been reported that you also may have to change group and
permissions on the programs ipppd and isdnctrl to 'isdn'.
Then all users not in the group 'isdn' have no reading or writing
privileges for the ISDN ttys. Those allowed to use ISDN have to be
explicitly added to the group 'isdn'.
You can allow only root to log out, but set up exceptions for other users
with the su1 functionality (see man su1). As root edit
/etc/su1.priv. Add these lines if they (or similar ones) are not yet
there, to allow users XXXX and YYYY to initiate dialups/hangups:
# log all dialouts in syslog
syslog all
define PPPUSER XXXX YYYY
alias dial /sbin/isdnctrl dial ippp0
alias hangup /sbin/isdnctrl hangup ippp0
ask never
allow PPPUSER prefix dial
allow PPPUSER prefix hangup
Now the users XXXX and YYYY can dial out by typing dial, and hangup with
hangup.
isdnctrl can be set SETUID root. Please not that if it is called by a
user different from root, isdnctrl will only allow you to dialin/hangup,
and addlink/removelink/show. However, the setup/configuration data can only be
modified by root.
If you only have one user that you use for ISDN interactions, you can
make him owner of the ISDN interface.
There are several possibilities to configure dialout.
Dialout anywhere (default: all available cards are a pool, dialout
on one MSN):
just configure your cards in the order in which you want them to be dialed out.
First all channels on the first card are used, then all on the second card,
and so on. Please note that the net interface or ttyI device will try to
dial out using the MSN it was configured for - on all cards. Even on those
that do not have this MSN! In such a case, the telco will replace that
invalid MSN with the correct one. Use isdnctrl mapping to configure the
correct MSNs (see item 'dialout on one specific card').
Dialout on one specific channel: Use the isdnctrl bind
(not pppbind) command to specify which channel should be used.
Please use this command after all other configuration with isdnctrl has
been done! Check with isdnctrl list that the binding actually works.
Dialout with different MSN on each card:
You can configure this by using the isdnctrl mappping functionality.
Just map MSNs on the letters 0 to 9, like this:
Now, you could configure for telephone number 0 when you really want to use
MSN 111 on <carddriver1> or 999 on <carddriver2> (however, since
0 has a special meaning, try to avoid using number 0). Configure to use
number 1 when you really want to use MSN 222 on <carddriver1> or 888
on <carddriver2>. Configure to use telephone number 2 when you really
want to use only MSN 333 on <carddriver1> (<carddriver2> will
use the default MSN when used). Configure to use telephone number 3 when you
really want to use only MSN 777 on <carddriver2> (<carddriver1>
will use the default MSN when used).
Dialout on one specific card:
After installing a patch that was posted by Karsten Keil on the mailing
list against 2.2.12, you can disallow calls on some cards by using the
isdnctrl mapping functionality.
It works as discribed for "Dialout with different MSN on each card", except
that the "-" means dialing is disallowed. Dialout on telephone number 2 will
now only dial out with MSN 333 on <carddriver1>, while dialout on 3 will
now only dial out with MSN 777 on <carddriver2>.
HiSax has an undocumented feature for this. Add 'P1' in front of the dialout
phone number for the first B channel, or 'P2' for the second B channel, like
this:
isdnctrl addphone <device> out P1<your_out_number>
This will indicate the preferred B channel in the outgoing SETUP message.
Please note that some PBX may not like this.
Obviously, a dialout will fail when another device already uses
the second B channel.
Create a script called ip-up. It will be called by the ipppd
whenever the connection is established with several parameters.
The ip address is passed in as the fourth parameter (access it as $4).
You are probably using the name server in 'forward' mode, and your ISP works
with dynamic ip addresses. The initial UDP query will be lost since it
carries the wrong source address. Unfortunately, bind will wait a whole minute
before retransmitting the query again if you have only one forwarder.
As a workaround, you can enter 4 times the same forwarder in named.conf
to adjust retransmission timing (in 'forward' mode, bind retransmits its
queries after the following period of time: 60 seconds divided by the number
of nameservers given in the section "forwarders" of named.conf).
Bind will then retransmit the query every 15 seconds to your forwarder
(here the forwarder is 10.0.0.40).
The same principle applies to two or more forwarders.