Overview

Internet Gateway Control Panel (IGCP) control SOME diald, squid and, in future, sendmail functions. It aims for used in a system which changed configuration frequently. For example, site with 2 ISPs. It contains some neat feature such as support 10 configurations, support 10 phone numbers per configuration, configure and control via web interface.

License

IGCP is free for non-commercial personal usage. IGCP is provided as-it-as. No warranty of all kind. For commercial, organizational, government, or educational usage, please contact me for more detail about license fee (which could be free in some cases.)

Download

Current version is 0.1.6. The version number uses the same notaion as Linux's.

• IGCP 0.1.6 (20 KB)

Feature

Feature in version 0.1.6.

• Support 10 configurations.
• Support 10 phone numbers per configuration.
• Automatically rotate phone number.
• All configuration and controlation is done via web interface.
• Configurable parameters in each configuration are:
  • Configuration Name
  • Automatic/Manual Connection Mode
  • Serial Device
  • Serial Speed
  • Modem Init String
  • Dial Prefix
  • Phone Numbers (up to 10)
  • Local, Remote IP Address
  • User Name (currently, only PAP is support)
  • PAP Password
  • Parent Proxy (up to 2)
• Control the link with:
  • Up/Down the link immediately
• Display current link status.
• Log connection times.
• Integrate script for change HTTP password.

Requirement

I don't know exactly what the requirement is, but these are my configurations which IGCP works.

1. Linux 2.0 base.
   • Linux 2.0.38 (based on Slackware 3.6)
   • Diald 0.99
   • Perl 5.005_02
   • Apache 1.3.6
   • Pppd 2.2.0f
   • Squid 2.2STABLE4
2. Linux 2.2 base.
   • Linux 2.2.12 (based on Slackware 4.0)
   • Diald 0.99.1
   • Perl 5.005_03
   • Apache 1.3.9
   • Pppd 2.3.7
   • Squid 2.2STABLE5

Installation

Distribution of IGCP assumes that you've install diald in default directory (/usr/lib/diald) and use original Slackware's Apache installation (/var/lib/apache). If your configuration differs from above, you have to edit some IGCP files manually. You also have to configure httpd so cgi-bin works properly. In Apache, this can be done by uncomment ScriptAlias directive found in srm.conf (Slackware) or httpd.conf (original Apache).

1. Backup files in diald's library (/usr/lib/diald) and pppd configuration (/etc/ppp) as some of them will be overwritten. Decompress igcp-x.x.x.tar.gz in temporary directory (for example, /tmp), you will get 4 files: igcp-etc.tar.gz, igcp-lib.tar.gz, igcp-etc.tar.gz, and igcp.html (this file).

   % cd /tmp
   % tar zxvf /path/to/igcp-x.x.x.tar.gz

2. Decompress igcp-etc.tar.gz into /etc

   % cd /etc
   % tar zxvf /tmp/igcp-etc.tar.gz

3. Decompress igcp-lib.tar.gz into /usr/lib/diald

   % cd /usr/lib/diald
   % tar zxvf /tmp/igcp-lib.tar.gz

4. You may need to recompile squid_reconfigure.c. Check the source code. It's simple one line C code. Be sure to turn on suid bit on executable file.

   % cd /usr/lib/diald
   % gcc -o squid_reconfigure squid_reconfigure.c
   % chmod u+s squid_reconfigure

5. Decompress igcp-www.tar.gz into web's directory. It assumes that there are htdocs and cgi-bin directories.

   % cd /var/lib/apache/share
   % tar zxvf /tmp/igcp-www.tar.gz

6. Remove any parent proxy configuration from squid.conf. Rename it to squid.conf.in. Make sure squid.conf is writable by nobody. This file will be dynamically generated by IGCP.

   % cd /usr/local/squid/etc
   % grep -v "^cache_peer" squid.conf > squid.conf.in
   % chmod 644 squid.conf
   % chown nobody squid.conf

7. Restart diald. The easiest way is to kill and restart it.

   % killall diald
   % diald

8. Base installation finished here. If you want to use Apache's HTTP Authentication follows below instructions.
9. Create file .htaccess in cgi-bin/gateway directory with this content:

   AuthName GatewayControl
   AuthType Basic
   AuthUserFile /var/lib/apache/share/gateway.pwd
   require valid-user
   

10. Enable override AuthConfig in /var/lib/apache/share/cgi-bin directory. This can be done by chaning the word None to AuthConfig in file httpd.conf (original Apache) or access.conf (Slackware). Then, restart Apache by:

    % apachectrl restart

11. Create password file in /var/lib/apache/share by:

    % cd /var/lib/apache/share
    % ../bin/htpassword -c gateway.pwd gateway

    The username must be gateway.

Usage

Point browser to http://your.host.name/gateway/ and follow instructions.

Bug, Caveat

• There's a lot of security issue. This because apache is run as nobody and it have to write some security-sensitive files. My currently work around is to chown those files to nobody and chmod to 600.
• Currently, I use suid program to reconfigure squid. If somebody know this will opens security hole, please tell me.
• There is no authorization. I think just using http authenticate is enough. (See Apache document.)
• Mail Server doesn't work yet.

To Do

• More Report.
• Integrate Sendmail configuration.
• Refocus the program to Linux 2.2.

Feed Back

Please send your comment, suggestion or opinion to joke@nakhon.net.