Introduction.
This is the Official Frequently Asked Questions document for TNOS. This
document is designed to aid the TNOS user, and prospective user in
setting up and maintaining a working TNOS system.
The document will take the form of common questions relating to TNOS, complete with answers. The document will cover both the Linux/Unix and DOS versions of TNOS. Where specific differences between the versions apply, they will be noted.
This document is prepared using the 'tkHTML 2.3' HTML editor for the X window system, using Linux. (Though to be honest much of it was done with good old vi & GPM selection !)
If you find any mistakes with this FAQ or have any suggestions etc, please mail me:- mike@lurpac.lancs.ac.uk
Notes.
In this FAQ I make reference to the TNOS 'home' or TNOS 'root' directory.
These directories are the same and refer to the directory from which the
other TNOS directories are made from. You may also see '..tnos/' and
can take this to mean the same.
Where I make reference to Linux specifics, this may also apply to
other Unix like operating systems as mentioned in question 5 below:-
"What platforms/operating systems has TNOS been successfully compiled/run on?".
*** Please login with '/n
bit back from
the server?
ctlcheck
program
that comes with TNOS actually do ?
Questions and comments relating to hardware issues.
Questions and comments relating to software/operating
system.
'ERROR: Group DGROUP exceeds 64k
limit.'
??
TNOS is a multi-threaded application that contains a complete implementation of industry standard TCP/IP with drivers, applications, and support for use in an RF environment, primarily the Amateur Packet Radio environment.
There are two versions, one that runs under MS-DOS/PC-DOS/DR-DOS and any multi-taskers that support virtual DOS boxes, and the other which runs as an application under Linux and other unix systems.
TNOS serves as a good dedicated router, firewall, email exchanger, gateway, etc.
TNOS is derived from KA9Q NOS, and has many of the same roots as JNOS, another KA9Q derivitive.
Some of the TNOS differences from JNOS:
TNOS is supported by it's author, Brian A. Lantz/KO4KS, and several Internet mailing lists.
A lot more information on what TNOS is can be found here.
TNOS can also be obtained from dial up BBS's for those without 'net' access.
Here is some info from Mike Bilow regarding his BBS:-
A working list, striving to produce a usable
Frequently Asked Questions (FAQ) document.
Varied discussions on TNOS and related topics.
SUBSCRIBE tnos-stuff@ko4ks.ampr.org tnos-topics
UNSUBSCRIBE tnos-stuff@ko4ks.ampr.org tnos-topics
Now we must add a line to execute the startnos script, this looks like
this:-
Remember to replace '/tnos' with the root directory of your TNOS
installation.
After a moment you can change to vt7 (press ALT F7) and TNOS should be
running! If you type 'exit' at the 'Net>' prompt it should exit and
restart again.
Ok occasionaly you will see TNOS 'lock' all together, at least I do with
version 1.12, it does not happen often, but you can bet it will happen just
after you leave on holiday, or for the weekend :-).
Here is a short script that can be run from one of you startup files, I put
the command:-
Below is the nosreset file itself.
Of course that may not be the only way to do it, but it works for me :-).
With the above two scripts I am able to make sure my TNOS system
is up and running all the time without having to keep looking to see if it
has crashed or locked.
As I do not run DOS on my packet PC's here I asked for the information from
a local DOS/NOS user. With DOS it is a case of adding a loop around TNOS, to
make sure that if TNOS crashes and exits it will be restarted again.
However if TNOS locks when it crashes this way of restarting
TNOS will be of no use!
As I do not use TNOS with DOS, I cannot really add much to this.
(The following four commands allow you to tailor your users security
level according to their connection method to your BBS)
security amprperms value
security ax25perms value
security nonamprperms value
security tipperms value
security ampronly [on|off]
Sorry, but only Amateur Radio IP stations can be reached from here!
Note. A message is NOT sent to sysop notifying you of the users action
With this set to off they will get a 'Permission denied' message.
Or, if you use the following script, and place it in
Permission denied.
Sorry, g9xxx, but access is denied :-(
Only telnets to ampr.org stations are permitted, and those are denied to
non-ampr telnet sessions.
To check out your security level permissions use the 'SEC' command.
Here is the script:-
The script also does other things!
Note. A message is sent to 'sysop' to notify you of the users actions.
security nonsecureampr < addr >
security encode
security mbsecure [on|off]
security level [levelname pathstring permissions]
Some examples:-
And in your ftpusers file.
From the above examples you can see it is easy to assign an easy to remember
name to a specific security level. Above I have only shown examples which are
useful for 'ftp' type connections, it is however possible to set up any type
of security level and assign it a name, e.g. sysop, sub-sysop,
guest etc. NOTE, you ,must put the hash '#' before the security level.
The "security level" command (without the rest of the parameters)
displays the currently defined security levels.
I should also point out that there is an addition to the
in the
This also works for the the output of the BBS 'ms' command too. But
be warned, if you have had mail in the areas you have excluded above, and
they still show up on the Mail for: line, you will have to do a
If I had the time (or volunteers) to document this stuff, you'd already
have the docs ;-)
My setup has ONE port out, to ONE TNC, that forwards to many BBSs. MOST
of them go out on ONE RF port.
In order to pace the traffic and better use the bandwidth, I place all
those that must travel the same RF path into a subchannel together. Ones
that travel ANOTHER RF path, go into another subchannel.
Then the 'forward subchannel' command allows me to restrict HOW MANY of
these will be active at one time (outgoing), and how many I will reverse
forward to (incoming). When a BBS has been deferred due to a maximum
being reached on a subchannel, a flag is set, and when a forwarding
session completes (making a slot available), the forwarding cycle is
'kicked' again (even if the 'forward timer' hasn't expired), to allow the
subchannel to be 'filled' again.
BUT, no one BBS will get a second turn, until all have had their shot
at it.
On mine, I set a maximum of 1 per subchannel, and this makes them all go
in turn, rather than all at once.
If I had several ports with a single BBS on each, I would probably not
define these BBSs as being on a subchannel; so they would not have any
pacing used.
NOTE: The FBB forwarding (inbound) needs a little attention here, since
it doesn't yet account for subchannels. TNOS Version 2.01 when released
will fix this.
1) DO take your time and explain the situation. DON'T assume that the
reader(s) have your knowledge.
2) DO give as detailed a description as possible, indicating what
actions/commands you used, the order used, the given output (if any), and
the expected results.
3) DON'T send along a copy of your config files unless asked.
4) DO your own investigation.
5) DO use the trace function for the feature you are having a
problem/question with, if there is one available.
6) DO double-check your config files.
7) DON'T present bug reports/questions with an attitude or when angry.
8) DON'T even bother with a report if all you can say is "it don't
work!". If you follow the rest of this list, you will have FAR more to
say about the situation than this.
9) DO indicate the Operating System being used, and the release version
number. These can be found in the first line of output from the Command
Session command 'status'.
10) DO realize that the author of TNOS CANNOT fully test/debug all
portions of a program as vast as TNOS, and that some conditions MAY slip
through the cracks.
11) DO be wise enough to know that everything you can do to help pin down
the circumstances of failure will make it that much easier to fix the
problem.
12) DON'T be afraid to ask questions.
13) DON'T expect that there are answers to all questions.
14) DON'T send bug reports/questions to the author directly, unless he has
asked you to. DO send bug reports/questions to the TNOS-TOPICS mailing list.
15) DON'T send the same question/bug repeatedly.
16) DON'T *even* expect immediate resolution of problems. This support is
free and you get what you pay for, sometimes ;^D
17) DON'T get discouraged if you run into problems. TNOS is very complex,
with scores of complete subsystems. It is easy to enter areas where you
can get lost.
18) DO provide GDB output (if you can) if you are running Unix. A
'backtrace' command's COMPLETE output can make a massive problem
disappear in seconds.
19) DO read the docs before posting. Yep, SOME of the FAQs are there in
the body of the new2tnx.xx files. DO take the time to see if the answer
has already been given to you, before asking for it to be given again.
20) DON'T go out into the rain without your raincoat (I ran out of ones
that pertained to the subject, and thought an even 20 would be nice) ;-)
Example:-
ifconfig 2m linkaddress gb7mbb
Here, users connecting in via ax25 would connect to gb7mbb. and all IP
packets/frames would use gb7mbb-5 as the hardware address.
Since the AREA.SYS is THE file that defines which are public areas, it
MUST (at least) have all of the areas listed in the AREAS file.
"It will run, but only if you use a stripped down version (less features
compiled in), and have almost NO drivers, etc loaded into memory. TNOS
must exist in conventional memory, and on processors earlier than a 386,
you had no support in the CPU for altering memory maps to maximize the
conventional memory.
I ran TNOS on a 286 for several years, I just needed a good "shoehorn" to
get in what features I needed."
So there you go. Of course the above *only* applies to the DOS version of
TNOS, as Linux needs at least a 80386 or greater processor.
At about line 447 (function asy_speed() ) in file unixasy.c change
the #if 1 to #if 0.
See the examples below.
This adds an interface named 'linux' to TNOS, which it 'thinks' is a
SLIP connection at 38400, but is actually a 'pseudo-terminal' link into
the Linux kernel
Ok, now we have configured and setup the Linux IP stack to talk to TNOS
via a pseudo (internal) slip link. We used the device
Ok that should do it, you should now be able to sucessfully communicate
between TNOS and your Linux kernel. Test it by trying a ping or better
still telnet between the two. If it fails make sure you have a kernel with
SLIP compiled in, (check /var/adm/messages or watch your system
bootup messages) also make sure TNOS has SLIP in it and that you have the
speeds set correctly at each end.
Now, with TNOS 2.01 (and possibly later versions, you must look further
down the
This should be changed for:-
This is of course assuming you are using GCC 2.6.3 as comes with Slackware
2.3.0.
However if it fails on the
You must also have IP_FORWARDING enabled in your Linux kernel. This is set
in the make config part of building a kernel.
where xxxxx above is your patch file to be applied.
John says:-
Following is an "xterm.tic" souce file for my hacked version that restores
fkey functionality. Run it through tic to generate the new database file,
and the problem should be solved in xterms (or rxvts) opened thereafter.
BTW -- this problem drove me nuts for almost a month. It was only sheer luck
that led to me finding it; the way the config files and docs for X are
scattered around makes it great fun to track down problems like this.
John
--
John Ackermann AG9V
Internet: jra@ag9v.ampr.org
Packet: AG9V@N8ACV.#DAY.OH.USA
xterm.tic (from /usr/lib/terminfo, run 'tic xterm.tic' to compile and install):
Then, from your xterm you wish to trace to, you must telnet to your TNOS
host/ip on port 1236.
TNOS 2.02 will have support for X builtin. I hope to make this a part of
the next FAQ!
For the Linux version only, you can also try sunsite.unc.edu in the /Pub/Linux/Incoming directory.
There is also a mirror site of ftp.lantz.com which you will probably get
better performance from, Brians net link is 28.8k PPP, this is a T1 link.
FTP to ftp.mwmicro.com and look in
linux/tnos. You will also find all the other goodies from ftp.lantz.com
mirrored here.
Now available for FReq (1:323/107@fidonet) or download (+1 401 944 8498), at up
to 28800 bps V.34, KO4KS TNOS v2.01:
***** DOS *****
Filename Area Size Date Description
TNOS201.RDM TCP-TNOS 2K 9-24-95* TNOS 950924v2.01: README: Instructions to
assist you in chosing the proper files to
download
TN201EX4.ZIP TCP-TNOS 267K 9-24-95* TNOS 950924v2.01: Same as TN201EX1, with
PPP, & DIALER
TN201EX3.ZIP TCP-TNOS 260K 9-23-95* TNOS 950924v2.01: Same as TN201EX1, with
SLIP, TIPMAIL, DIALER, & XMODEM
TN201EX2.ZIP TCP-TNOS 259K 9-23-95* TNOS 950924v2.01: Assorted TNOS
executables with CONFERENCE BRIDGE
TN201EX1.ZIP TCP-TNOS 263K 9-23-95* TNOS 950924v2.01: Assorted TNOS
executables without CONFERENCE BRIDGE
TNOS201S.ZIP TCP-TNOS 1217K 9-23-95* TNOS 950924v2.01: All TNOS release 2.01
source code
TNOS201B.ZIP TCP-TNOS 228K 9-23-95* TNOS 950924v2.01: All TNOS release 2.01
base files/support executables; has not
changed since release 1.10
***** Linux/Unix *****
TN201DOC.TGZ TCP-UNIX 81K 9-24-95* (Tnos-2.01-doc.tgz) KO4KS TNOS for
Linux/Unix 95-Sep-24, all TNOS release
2.01 docs
TN201EXE.TGZ TCP-UNIX 641K 9-24-95* (Tnos-2.01.tgz) KO4KS TNOS for Linux/Unix
95-Sep-24, all TNOS release 2.01
executables
TN201SRC.TGZ TCP-UNIX 1048K 9-24-95* (Tnos-2.01-src.tgz) KO4KS TNOS for
Linux/Unix 95-Sep-24, all TNOS release
TNOS and lots of other Linux/Dos packet programs etc can also be downloaded
from BayBBS (more useful for those in the UK.) BayBBS is at +44 (0)1524 833222
. It is run by myself Mike Dent- G6PHF and also provides dial in
access for
licensed amateur radio operators to the WW convers and my TNOS system.
Please note, as of 22nd Oct. 1995, BayBBS is off-line at present.
Mailing Lists at lantz.com
There are several mailing lists maintained at lantz.com. All are
available as regular subscriptions or digest subscriptions.
Current TNOS specific mailing lists include:
Other mailing lists may be created later if need develops.
Joining a Mailing List
To join one of these mailing lists, send a mail message to
listserv@lantz.com
and in the data of the message include
a single line "SUBSCRIBE emailaddress group", where "group" is the name of one
of the above groups (minus the '@lantz.com'), and "emailaddress" is an
optional name of a complete email address that you wish the subscription
sent. The "emailaddress" is only necessary if you wish the subscription to
go to an address other than the one you are sending the email from. Example:
Leaving a Mailing List
To leave one of these mailing lists, you use the same method of
sending a mail message to
listserv@lantz.com, but use
"UNSUBSCRIBE emailaddress group". Example:
Sending to the Mailing List
To send mail to the mailing list, use the full address of the list (i.e.
tnos-topics@lantz.com). When replying to email from the mailing list, make
sure that you CC: a copy back to the group, to make the information exchange
complete.Help with the Listserver
For help on the listserver, use a data line of
"HELP".
Differences with Digests
The names of
the digest lists are the same as the regular list name, with "-digest" added
to it (i.e. 'tnos-topics' becomes 'tnos-topics-digest'). All mail submissions
are sent to the NON-digest address, though. Digests are formed at approximately
midnight each day for the mailing lists that have had activity that day.Archives of the Mailing Lists
Archives of the mailing list digests are available via anonymous FTP at
lantz.com in the directory '/digests'.
SPECIAL NOTE:
PLEASE!!! Do NOT subscribe from an ampr.org address UNLESS that
address is either available on the Internet, or that address has a
defined Mail Exchanger that is available on the Internet.
If the mail fails due to an unknown route, you
will be MANUALLY removed from the list. Nothing personal ;-)
It may also compile for SunOS 4.1.x.(not confirmed, anybody??)
To compile for BSD/OS, you should add the following make.inc
to your source directory and compile.
#
# Included makefile for BSD/OS by Dave VK2KFU
#
USEELF =
INSTALL= install -c -g dialer -m 2755
CC = gcc
PATCHES = -DIS_LITTLE_ENDIAN -DUSE_SETSTACK -DBSD_RANDOM -DDUMP_CORE
SETSTACK= setsp.o
ICURSES = -I/usr/local/include/ncurses
OPTIONAL = "-DOPTIONAL="
DEBUG = -g
LOCKDIR = /var/spool/uucp
#
Thanks to Dave Horsfell, vk2kfu@amsat.org for BSD/OS information.
Recent versions of TNOS seem to do this after the TNOS binary is made
..tnos/spool/askhome.dat
. This
file will then be shown to the user before the HOME-BBS> prompt.
Here is a sample askhome.dat
file.
Sorry to have to ask, but this system does not know your HOME BBS!
This information is needed in order to properly send any mail to you from
users of this system.
Your HOME BBS is like your Postal Address. If you have already defined your
HOME BBS on another system, the name of that system is needed.
NOTE: only use a BBS hierarchial address, not a TCP/IP address.
forward fbb-style on
. If you also want
the FBB compressed forwarding then use forward fbb-compression on
. You should also note that the syntax of the forward.bbs
file has changed completely. You can use the cnvfwd program distributed
with
TNOS 2.0+ releases to convert your old pre-2.0 forward.bbs file to the new
format.
mbox tdisc 1800
will disconnect a BBS user if they have
been idle for more than 30 minutes. Also make sure you are using version
1.12 or newer of TNOS, there was a bug with the tdisc timer in earlier
versions.
ax25 mycall
and ax25 user
. Make sure these are set to your callsign, or
at least the callsign you want.
It should also be noted that with TNOS 1.13 you should only need to do
an ax25 user
*if* you want it different from the 'ax25 mycall'.
That bug
is fixed in 1.14 and later.
You should also make sure you are running a fairly recent version of TNOS.
At the time of writing this I am running 2.0pl2 for Linux, and it seems to
be proving very stable. If you must run an earlier version than 2.0 for
Linux, then make sure you do not have the status line turned on, also the
tcpgate facility is buggy in earlier versions.
Check you are not using trace iface 0211
if using 1.13 or older,
there is a bug in the trace code when it is used in this way.This trace bug
is fixed in 1.14 and later.
*** Please login with '/n
bit back from
the server?
convers header
to on.
Linux.
../tnos/startnos
from the /etc/inittab
file. The
way I do it is to start it in place of one of the VT's (virtual
terminals), I choose the one under function key F7.
Note, this will depend on which style of init your system uses!
If you have a line in
your /etc/inittab
file to start a 'getty' process on this
key, then you must comment it out, just put a '#' sign at the start of the
line, for example:-
#c7:45:respawn:/sbin/agetty 38400 tty7
c7:3456:respawn:/tnos/startnos /dev/tty7
Here is a sample of the 'startnos' script incase you did not get it with
your TNOS files (please note, this is a slightly different startnos
script to the one currently distributed in the TNOS releases):-
##########################################################################
# Sample 'startos' script to keep TNOS running if it should crash. Place
# this script in your TNOS root directory.
##########################################################################
#!/bin/bash
ps -aux | grep " ./tnos" | while read user pid rest
do
kill -STOP ${pid} 2>/dev/null
sleep 2
kill -KILL ${pid} 2>/dev/null
done
/bin/rm /home/g6phf/bin/tnos/spool/mqueue/*.lck 2>/dev/null
/bin/rm -f /home/g6phf/bin/tnos/spool/mail/*.lck 2>/dev/null
cd /home/g6phf/bin/tnos
export TZ=GMT0
export TERM=console
sleep 1
exec ./tnos < $1 > $1 2>&1
##########################################################################
# In this script you must make sure to replace the root directory of your
# TNOS installation. Mine is set to /home/g6phf/bin/tnos.
# This script also does a check to make sure there is not already a TNOS
# running, if so it kills it before it restarts.
# Thanks to Mat, dl1bjl@db0fho.ampr.org.
#
##########################################################################
Ok, once you are satisfied you have the script correct, and have made the
changes to /etc/inittab
then you can go ahead and re-read the
file in. To do this type:-
telinit q
echo "Starting TNOS watchdog."
/home/g6phf/bin/tnos/nosreset &
to start it at the end of my /etc/rc.d/rc.local
file, this will depend on your installation of Linux I guess and of course you
will have to alter the path to your nosreset script above.
############################################################################
# Nosreset script.
############################################################################
#!/bin/bash
# This is the nosreset script that checks that TNOS is still running, and
# if not will kill the process and restart it. NOTE!! this script assumes
# that you have the Linux kernel IP talking to TNOS over a pseudo slip link.
# It also assumes you are running TNOS with the 'startnos' script.
# See another section of this FAQ to connect Linux IP to TNOS.
# Every 5 minutes several pings are sent to your TNOS IP address from your
# Linux IP address. If 0 packets are received it assumes your TNOS has
# locked and will then find the process, stop it and kill it. Then the
# startnos script will restart TNOS.
# A message is then mailed to you to let you know when it was restarted.
#
while test -f /home/g6phf/bin/tnos/nosreset
do
if
ping -q -c 3 g6phf | grep "0 packets received" > /dev/null
then
ps -aux | grep " ./tnos" | while read user pid rest
do
kill -STOP ${pid} 2> /dev/null
sleep 2
kill -KILL ${pid} 2> /dev/null
done
sleep 20
echo "TNOS was restarted by nosreset" | mailx -s "TNOS reset" g6phf
fi
sleep 300
done
##########################################################################
# Thanks again to Mat, dl1bjl@db0fho.ampr.org.
#
##########################################################################
DOS.
# These lines can be put in a batch file maybe called startnos.bat, and
# called from the last line in your autoexec.bat file.
# The sleep program is just a little utility to give you chance to stop
# the loop if you want to come out of TNOS.
#
:loop
n:
cd\
@echo "Control C to abort TNOS load !"
n:\sleep 6
del n:\spool\mqueue\*.lck
del n:\spool\mail\*.lck
n:\tnos\tnos
@echo " Control C to abort TNOS load !"
n:\sleep 6
goto :loop
#
# EOF
Sysops can also use the 'AS ALL' command, which gives the above and all
USER areas, too.....
If the site you are mailing is down stream of a TheNet X1J type node/router,
(or indeed any other router that does not handle SMTP connects) and you have
a IP route set via one of these nodes, then the smtp hopper code will be trying
to deliver your mail to this node!
If this is the case simply turn off the smtp hopper, smtp hopper off.
# TNOS FTPUSERS permissions as of Version 2.01
#
#LABEL DECIMAL HEX DESCRIPTION
#ftp_read 1 0x00000001 (Read files)
#ftp_create 2 0x00000002 (Create new files)
#ftp_write 4 0x00000004 (Overwrite or delete existing files)
#ax25_cmd 8 0x00000008 (AX.25 gateway operation allowed)
#telnet_cmd 16 0x00000010 (Non-ampr Telnet gateway operation allowed)
#netrom_cmd 32 0x00000020 (NET/ROM gateway operation allowed)
#sysop_cmd 64 0x00000040 (Remote sysop access allowed)
#excluded_cmd 128 0x00000080 (This user is banned from the BBS)
# 256 0x00000100 (Used in PPP)
# 512 0x00000200 (Used in PPP)
#no_sendcmd 1024 0x00000400 (Disallow send command)
#no_readcmd 2048 0x00000800 (Disallow read command)
#no_3party 4096 0x00001000 (Disallow third-party mail)
#is_bbs 8192 0x00002000 (This user is a bbs)
#is_expert 16384 0x00004000 (This user is an expert)
#no_convers 32768 0x00008000 (Disallow convers command)
#no_escape 65536 0x00010000 (Default is no escape)
#ampr_telnet 131072 0x00020000 (Ampr Telnet gateway operation allowed)
#no_slip 1048576 0x00100000 (Disallow tipmail exit to IP)
#no_pbbs_mail 2097152 0x00200000 (Disallow PBBS mail addresses)
#no_inet_mail 4194304 0x00400000 (Disallow non-ampr mail addresses)
#no_ampr_mail 8388608 0x00800000 (Disallow ampr mail addresses)
#hold_mail 16777216 0x01000000 (Any mail entered held for sysop review)
#no_linkedto 262144 0x00040000 (No '*** LINKED TO' allowed)
You can further configure the security of your TNOS system by using the
security
commands.
This defaults to 0, disabled. When a user logs in anonymously
via telnet, i.e. they do not
have a specific entry in the ftpusers file, then they first get
assigned the value of 'univperm' (assuming it is set), then their permission
will be set to whatever value you have this set to, as long as it is non-zero.
NOTE:- ampr/nonampr is determined by a 44.xx.xx.xx address, NOT by a
.ampr.org hostname.
This defaults to 0, disabled. When a user logs in anonymously
via AX25, i.e. they do not
have a specific entry in the ftpusers file, then they first get
assigned the value of 'univperm' (assuming it is set), then their permission
will be set to whatever value you have this set to, as long as it is non-zero.
This defaults to 0, disabled. When a user logs in anonymously
via a non ampr IP address, i.e. they do not
have a specific entry in the ftpusers file, then they first get
assigned the value of 'univperm' (assuming it is set), then their permission
will be set to whatever value you have this set to, as long as it is non-zero.
NOTE:- ampr/nonampr is determined by a 44.xx.xx.xx address, NOT by a
.ampr.org hostname.
This defaults to 0, disabled. When a user logs in anonymously
via a TIP connection, i.e. they do not
have a specific entry in the ftpusers file, then they first get
assigned the value of 'univperm' (assuming it is set), then their permission
will be set to whatever value you have this set to, as long as it is non-zero.
When set to on and assumiung you do not allow non amprnet telnets (see
ftpusers permissions above), then when a user attempt to telnet to a non 44
address, they will see the following message:-spool/cmds
it will give them some further information:-
~ Denied access
Sorry, ~c, but access is denied :-(
~p 1 0 7 20
~a 2 converse
~c 1 2
~n test2
The Conference Bridge is not available to non-ampr telnet sessions.
~g common
~l test2
~a 2 telnet
~c 1 2
~n test3
Only telnets to ampr.org stations are permitted, and those are denied to
non-ampr telnet sessions.
~g common
~l test3
~a 2 ax25
~c 1 2
~n test4
AX25 connects are not allowed from non-ampr telnet sessions.
~g common
~l test4
~a 2 netrom
~c 1 2
~n test5
NETROM connects are not allowed from non-ampr telnet sessions.
~g common
~l test5
The BBS is secured against any RF access from all anonymous users.
~g common
~l common
To check out your security level perimissions use the 'SEC' command.
Here is what Brian has to say about this one:-
I discovered one remaining security hole that I had, so we have a new
subcommand of the security command, 'security nonsecureampr
This simply encodes the passwords in your ftpusers
file so
that they cannot be determined if somebody was to get hold of or view your
ftpusers file. Please note that if you make an alteration to the ftpusers
file whilst TNOS is running, then you must do a 'security encode' to make the
changes take effect. 'security encode' is also done at TNOS boot time.
MD5 is the encoding method used, for those interested.
This secures your radio ports so that any anonymous user cannot gateway
out on them via AX25 or netrom, this overrides any permissions set for anonymous
users in the 'ftpusers' file. Please note it also overrides any
'security [ampr | non | ax25p | tip] values which are set.
Allows you to set up a name for a security level, that can be used
as a shortcut in the ftpusers files. The
levelname can be anything descriptive. The pathstring is the same
format as the third field of the ftpusers files .
The permissions field is the same format as the fourth field of the
ftpusers files.
# Security level examples for inclusion in autoexec.nos file.
#
# set a security level called 'low' and allow the user(s) with this level
# access only to '/pub/restricted' directory with ftp read permission only.
#
security level low /pub/restricted 1
#
# set a security level called 'medium' and allow user(s) with this level
# of access to the directory '/pub' with ftp read and write permission.
#
security level medium /pub 3
#
# set a security level called 'top' and allow user(s) with this level of
# access to the '/' (root) directory with read/write and overwrite permission!.
#
security level top / 7
##################
# Assign a lowly security level to guest users!
guest * #low
#
# and a slightly higher level to univperm.
univperm * #medium
#
# and a level for our registered/trusted users perhaps?
g0vgs sEcret_PwoRD #top
#
###################
ftpusers
file which
allows you to branch out to another file with further users/permissions in it.
To do this use the line:-
#include filename
ftpusers
file.
Where 'filename' above is the name of your 'sub' ftpusers file. Maybe called
ftpusers-2 or something.
After this additional file has been scanned, and the user lookup was
unsuccessful, control returns to the original 'ftpusers' file.
You can have as many included files as you wish, but
you cannot include a file from within an included file.
mbox mailfor now
to 'flush' these out.
An example, you should be able to fill in the blanks........
ctlcheck
program
that comes with TNOS actually do ?
ctlcheck
is a diagnostic tool used to display the
raw values of a *.ctl file. It is not normally needed other than for
diagnosing problems when altering code that manipulates *.ctl files.
(GDB is the GNU debugger, used to get better
information from a TNOS crash. You have to have the de-bugging code
compiled into TNOS to use this. Read the GDB man page.- ED)
To overcome this you must set your ifconfig <port> ipcall
and your ifconfig <port> linkaddress
to different
callsigns or more usually different SSID's.
ifconfig 2m ipcall gb7mbb-5
################################################################################
# Startup file for Linux based TNOS, as used at gb7mbb.ampr.org.
# Virtually everything in this file applies to both DOS and Unix
# TNOS installations.
# This file was annotated in somewhat of a rush to help out users who
# often request an example autoexec.nos file for TNOS. It is likely
# that you will have to heavily modify this sample file to make it
# useful for your system. You have been warned!.
# Mike Dent. g6phf. October 1995.
The AREA file defines which public areas are available to the non-SYSOP
users. The AREAS.SYS file defines ALL of the public areas, even those that
are NOT available to the normal users. Such areas would be areas that you
place outgoing PBBS mail that is to be forwarded, etc.
Questions and comments relating to hardware issues.
Brian says:-
Questions and comments relating to software/operating system.
'ERROR: Group DGROUP exceeds
64k limit.'
??
-----unixasy.c before mod for FreeBSD--------
#if 1 /* This is obsolete stuff! */
termios.c_cflag &= ~CBAUD;
termios.c_cflag |= speed_table[sp].flags;
#endif
-----------------------------------------------
-----unixasy.c after mod for FreeBSD-----------
#if 0 /* This is obsolete stuff! */
termios.c_cflag &= ~CBAUD;
termios.c_cflag |= speed_table[sp].flags;
#endif
------------------------------------------------
After this mod TNOS 1.13 should work ok with FreeBSD.
Brian says:-Installation of TNOS
There are two releases of TNOS, so choose the proper set of instructions.
MS-DOS Installation
Installation under MS-DOS is very simple, but does require
To install TNOS/Dos:
See these instructions on compiling your own copy of TNOS...
Linux/FreeBSD Installation
Installation under Unix is very simple, but does require
To install TNOS/Linux:
Before connecting TNOS/Linux to a TNC:
You should look in the /etc/rc.d directory and see if you have an rc.serial
file. If you do, examine it, as it MAY need to have some changes made to it
before the serial ports will be ready for use.
To connect TNOS/Linux to the Linux kernel:
attach asy ttypf - slip linux 1024 1024 38400
Either way, you need something like the following example to connect the
TNOS process to the Linux kernel, allowing a non-ampr and an ampr address
for both sides of the link. Of course, you MUST supply your own addresses ;-)
#
# Setup for TNOS/Linux gateway
#
# 44.98.24.1 is the TNOS ampr IP address (ko4ks.ampr.org)
# 163.125.16.254 is the TNOS internet IP address (gw.lantz.com)
# 44.98.24.25 is the linux box's AMPR IP address (linux.ko4ks.ampr.org)
# 163.125.16.1 is the linux box's internet IP address (lantz.com)
echo "" # blank line
echo "Initiating SLIP connection to TNOS/Linux..."
/usr/net/bin/slattach -s 38400 -p slip /dev/ptypf &
sleep 1 # allow time for slattach to catch up
/usr/net/bin/ifconfig sl0 broadcast 44.255.255.255 pointopoint 44.98.24.1 \
mtu 576 44.98.24.25
/usr/net/bin/route add 44.98.24.1 sl0
/usr/net/bin/route add 163.125.16.254 sl0
/usr/net/bin/route add -net 44.0.0.0 netmask 255.0.0.0 gw 44.98.24.1
NOTE: while other values probably CAN be used for MTU in the ifconfig line
here and the 'attach' line in the autoexec.nos file, these are KNOWN to
work.
NOTE: You must also have IP_FORWARDING enabled in your Linux kernel.
This is set in the make config part of building a kernel.
Setting TNOS/Linux to come up automatically in it's own virtual console:
This example will use the 7th virtual console (tty7), that is selected with
the
ls -la /dev/tty7
You should see something like the following:
crw-rw-rw- 1 root system 4, 7 May 13 20:43 /dev/tty7
If you do, skip the next step....
Also, note that you will need to change the pathlist for the startnos file,
if you do not have '/nos' as your TNOS 'root' directory. If you have the
first style of entry, look at the other entries at the '234' field. Some
use '2345' or other combinations here. Look at the 'getty' line for tty2,
and use the same value as in that entry, to be safe.
Installing the source tree for TNOS/Linux also requires:
Compiling your own TNOS
Building the source tree for TNOS in either DOS or Linux is nearly identical.
Can't make it any easier! ;-)
copy makefile.dos makefile
touch depend
ln -s makefile.lnx Makefile
make doeverything
autoexec.nos
file. An example:-
attach asy ttyS0 - ax25 iface 1024 256 9600
You must use the linux device name of the serial port you are attaching.
In the above case 'ttyS0', is your first serial port, COM1 in DOS terms, or
0x3f8. Just put a '-' hyphen after the port, this field is not used. Next
comes the protocol to use, 'ax25'. Then put your interface name, 'iface' in the
above example. Next '1024' is the buffer size, then '256' is the MTU, and
lastly '9600' is the TNC to serial port speed.
If you where using COM2 you would use ttyS1, COM3 is ttyS2 and COM4 is
ttyS3.
NOTE: You must also have IP_FORWARDING enabled in your Linux kernel.
This is set in the make config part of building a kernel.
Please note. Brian, ko4ks, shows another similar way of doing this
above.
########################################################################
# Usually these lines can be put in one of the rc.* files found in #
# the /etc/rc.d directory, at least that is the case for the Slackware #
# Linux distriution. I recommend the file /etc/rc.d/rc.inet1, though #
# rc.local is an alternative. #
# Add these lines to the bottom of the file. #
########################################################################
#
# First we must set up a pseudo slip port at the Linux kernel side to
# talk to linux. If this is your only slip port on your Linux machine
# it will become 'sl0'. If you already have a slip port configured on
# your machine, say to talk to a modem or another pc, then this port
# will become 'sl1'. Your will need to know this for later. We will assume
# that it is your only slip port, 'sl0'.
#
/sbin/slattach -v -s 38400 -p slip ptypf &
#
# OK, that is the port attached, now we must wait a while for it to get a
# hold before we can configure it.
#
/bin/sleep 1
#
# Right that should have done it. We now have a slip port 'sl0' attached
# to the kernel. The -v indicates verbose, so we can see everything is
# ok, the -s is the speed 38400, the -p is the port, ptypf in this case
# and the ampersand is to put the command in the background.
#
# Next we shall configure it and assign it an IP address. You must
# have seperate IP addresses for TNOS and Linux. Make sure you have
# these entries in /etc/hosts also.
#
/sbin/ifconfig sl0 linux.g6phf.ampr.org up
#
# Ok we have now assigned the Linux kernel IP stack with its own
# IP address and set it in an 'up' or working state.
# Next we must add a route to TNOS down the pseudo slip link, 'sl0',
# so the kernel IP knows how to reach it.
#
/sbin/route add g6phf.ampr.org sl0
#
# Right now the kernel IP knows how to reach TNOS, we should tell
# the kernel how to reach the other 44.x.y.z addreses.
#
/sbin/route add 44.0.0.0 gw g6phf.ampr.org sl0
#
# That should do it. We have added a route to all 44 addresses via the
# gateway 'gw' of g6phf.ampr.org (TNOS) down sl0.
# If you wanted to add any other routes to non 44 addresses, you would
# do it in the same way, e.g.
# /sbin/route add 148.88.0.0 gw g6phf.ampr.org sl0
#
# NOTES: If you paste the above file into one of your rc.* files
# remember to change g6phf.ampr.org to your TNOS hostname and
# linux.g6phf.ampr.org to your Linux hostname. These hostnames will
# also need to be in your /etc/hosts file, and your ../tnos/domain.txt.
########################################################################
/dev/ptypf
for the port 'sl0', we shall now use the other end of this slip
link /dev/ttypf
for our interface within TNOS.
Below are the necessary lines for your ../tnos/autoexec.nos file.
#####################################################################
# Lines needed in autoexec.nos file for Linux TNOS this allows TNOS #
# to talk to the Linux IP stack and visa-versa. #
#####################################################################
#
# First we must attach the port. Put this attach line with your other
# attach statements.
#
attach asy ttypf - slip kernel 1024 512 38400
#
# As you can see the format is very similar to your other attach
# statement(s).
/dev/ttypf
is the other end of the pseudo
# slip port from /dev/ptypf
, the Linux kernel end. 'slip'
# is of course the protocol used, 'kernel' is the name of the interface
# I have chosen, you can of course call this 'sl0' or whatever you like.
# 1024 is the buffer size, 512 the MTU of the port and 38400 the speed.
#
# Now we must add a route to the Linux IP stack down out port 'kernel'.
#
route add linux.g6phf.ampr.org kernel
#
# Make sure your hostname and IP address are in your ../tnos/domain.txt
# file. If we want other people to be able to access your Linux IP, be
# it for smtp, ftp or whatever, then it is best if your TNOS will answer
# ARP queries for it. So we need to advertise that fact. We use 'proxy'
# arp to do that.
#
arp publish linux.g6phf.ampr.org ax25 g6phf 2m
#
# In the statement above replace linux.g6phf.ampr.org with the hostname
# or IP address of your Linux kernel, replace g6phf with your ax25
# callsign, and replace '2m' with the interface name of your radio port.
# If you have several radio ports you may need to arp publish your
# Linux address on each port. I have 2 more entries like this:-
# arp publish linux.g6phf.ampr.org ax25 g6phf 4m
# arp publish linux.g6phf.ampr.org ax25 g6phf 70cm
#
########################################################################
NOTE. You will have to reboot your machine for the changes in rc.local
to take effect. I recommend typing them in by hand (logged in as root)
at the Linux prompt first to check you have everything correct.
start time
.
ln -s makefile.lnx Makefile
, you must make a
small change to Makefile
. About 2 screens down the file:-
#######################
# Compiler Variables #
#######################
#
# Define whether or not you are using GCC 2.6.x which support ELF and a.out
#
USEELF = 1
# Use this for GCC 2.5.x or for 2.6.x a.out-only compiler setup
#USEELF =
You need to un-hash the #USEELF = and hash out the USEELF = 1 line. So it
should look like this:-
#######################
# Compiler Variables #
#######################
#
# Define whether or not you are using GCC 2.6.x which support ELF and a.out
#
#USEELF = 1
# Use this for GCC 2.5.x or for 2.6.x a.out-only compiler setup
USEELF =
Makefile
, about line 162 and you will see:-
# if you are using GCC 2.7.0, you need this line.....
OPTIONAL = "-DOPTIONAL=__attribute__ ((unused))"
# otherwise, use this one....
# OPTIONAL = "-DOPTIONAL="
# if you are using GCC 2.7.0, you need this line.....
#OPTIONAL = "-DOPTIONAL=__attribute__ ((unused))"
# otherwise, use this one....
OPTIONAL = "-DOPTIONAL="
curses.c
file, then you will need to
remove your ncurses package, 1.8.6. , use pkgtool to do this. Then
you will need to get the ncurses package from an earlier Slackware release
and install this. To do this put the package ncurses.tgz
in
your root directory and use the installpkg program.
At present (as of TNOS 2.0pl2) you will need ncurses 1.8.5 to compile TNOS.
You can ftp the ncurses Slackware 1.8.5 package from
ftp://lurpac.lancs.ac.uk/tnos,
the package is 'ncurses.tgz'.
rc.local
or rc.inet1
file (or wherever
you choose to put it depending on your Linux/unix installation.
It is usual to assign a non 44 IP address to TNOS too, when working with
a network/internet connection. This is assigned to the TNOS end of the
pseudo slip link to the kernel. You should refer to Brian's setup details
in Software section, Q-4 for more details of this type of setup.
Assuming you have TNOS talking ok to the kernel, but cannot access TNOS from
other machines on the ethernet/network, then you need to add the following
line:-
# Line to add to your /etc/rc.d/rc.local or rc.inet1 file.
#
echo "Publishing TNOS IP address"
/sbin/arp -s 192.129.16.99 00:00:c0:99:1a:1c pub
#
# Needless to say you *must* replace the IP address and hw address of the
# network card above.
patch -p1 -s < xxxxx
For more information on patch see the patch man page.
The function key problem with TNOS under X has to do with the fact that the
terminfo entry for xterm is seriously broken in many distributions (I know
it is in Slackware through at least 1.2.0).
xterm|vs100|xterm terminal emulator (X Window System),
am, km, mir, msgr, xenl, xon,
cols#80, lines#25,
bel=^G, bold=\E[1m, clear=\E[H\E[2J, cr=\r,
csr=\E[%i%p1%d;%p2%dr, cub1=\b, cud=\E[%p1%dB,
cud1=\n, cuf1=\E[C, cup=\E[%i%p1%d;%p2%dH,
cuu=\E[%p1%dA, cuu1=\E[A, dch=\E[%p1%dP, dch1=\E[P,
dl=\E[%p1%dM, dl1=\E[M, ed=\E[J, el=\E[K, home=\E[H,
ht=\t, ich=\E[%p1%d@, il=\E[%p1%dL, il1=\E[L, ind=\n,
is2=\E[r\E[m\E[2J\E[H\E[?7h\E[?1;3;4;6l\E[4l, kbs=\b,
kcub1=\EOD, kcud1=\EOB, kcuf1=\EOC, kcuu1=\EOA,
rc=\E8,
rev=\E[7m, ri=\EM, rmcup=\E[2J\E[?47l\E8, rmir=\E[4l,
rmkx=\E[?1l\E>, rmso=\E[m, rmul=\E[m,
rs2=\E[r\E[m\E[2J\E[H\E[?7h\E[?1;3;4;6l\E[4l\E<,
sc=\E7, sgr0=\E[m, smcup=\E7\E[?47h, smir=\E[4h,
smkx=\E[?1h\E=, smso=\E[7m, smul=\E[4m, tbc=\E[3k,
kf1=\E[11~,kf2=\E[12~,kf3=\E[13~,kf4=\E[14~,kf5=\E[15~,
kf6=\E[17~,kf7=\E[18~,kf8=\E[19~,kf9=\E[20~,kf10=\E[21~,
You must first make sure you have the trace server running in TNOS
start trace
One the session is established you can issue the command:-
trace <iface> <mode> !
The '!' tells it to attach the output to the current session.
e.g.:-
trace 2m 111 !
This would trace your '2m' port with input and output (ASCII dump) to
your current session or xterm.
Mike Dent. mike@lurpac.lancs.ac.uk. v0.2 14th November 1995.