A low profile mini network for Linux
Without a telnet connection into your Linux system you cannot do much.
Unfortunately getting an IP address and routing in place
is not always easy to arrange on short notice.
The following describes a very minimal network when running under VM.
We created a private subnet for the Linux virtual machine(s) and
use CMS Pipelines TCP/IP support to connect that subnet to your
primary TCP/IP stack.
This approach does not require any changes to your production TCP/IP.
In the examples setup I'll use the following userids.
- LINUXTCP
- The alternative stack. A normal class G userid with a R/O link to
the TCPIP 591 disk and IUCV ALLOW and IUCV ANY directory statements.
- TCPIP
- Your production stack.
- WARPHOLE
- Ordinary class G userid that runs a pipeline to connect the two
networks.
- LINUXVM
- One of the virtual machines running Linux
Configure the LINUXTCP stack
LINUXTCP DTCPARMS
<![CDATA[
:nick.LINUXTCP :type.server
:class.stack
:owner.RVDHEIJ
:diskwarn.
]]>
PUCC TCPIP
When I defined this I didn't have the IUCV options in the directory so
I did a CTC link. You should be able to do an IUCV link as well.
<![CDATA[
device dev_700 CTC 700
link link_linuxvm ctc 1 dev_700
]]>
The 192.168.16 subnet is one of the private
subnets that you
can use internally but that can not go out to the Internet.
<![CDATA[
home 192.168.16.254 link_linuxvm
]]>
The following will let you tn3270 from your Linux virtual machine to
your VM system, if you need that.
<![CDATA[
port
23 tcp intclien
internalclientparms
port 23
endinternalclientparms
]]>
When you add move Linux guests you need to think about routing.
<![CDATA[
gateway
192.168.16.2 = link_linuxvm defaultsize host
bsdroutingparms true
endbsdroutingparms
start dev_700
]]>
PROFILE EXEC
This one works for me.
<![CDATA[
/* */
'VMLINK TCPIP 591 TCPIP 592 ( NONAMES'
'DEF CTC 700' ; 'COUPLE 700 TO LINUXVM 700'
'DEF CTC 701' ; 'COUPLE 701 TO LINUXVM 701'
'TCPRUN'
]]>
Your LINUXVM userid
should do something similar so you get yout connection also when
LINUXVM starts up after LINUXTCP.
Verify the setup
Now put a TCPIP DATA on your A-disk with
<![CDATA[
tcpipuserid linuxtcp
]]>
First try to ping 192.168.16.254 (the stack itself). When that works
you should be able to ping 192.168.16.2 (to verify the connection to
your Linux virtual machine).
The next test could be to telnet or ftp to 192.168.16.2 (still using
the modified TCPIP DATA file.
Configure WARPHOLE
The WARPHOLE userid runs the WARPHOLE EXEC. The program is in fact a
stripped down version of TCPSNIFF from John Hartmann.
WARPHOLE EXEC
The core pipeline has a number of segments like this:
<![CDATA[
\ tcplisten <i>from-port</i> user tcpip reuseaddr
| spawner tcpclient linuxvm <i>target</i> user linuxtcp
]]>
You need one of those for each port on the production network that
you want to connect to your Linux virtual machine. If you reverse
them you can make a port on the LINUXTCP stack that goes out.
<![CDATA[
/* WARPHOLE EXEC TCP/IP Socket Relay */
/* Author: Rob van der Heij, 27 Oct 1999 */
ports = '23 25 80'
'PIPE(end \ name WARPHOLE.EXEC:3)',
'\ var ports',
'| split',
'| spec ,tcplisten 100, 1 w1 n ,user tcpip reuseaddr, nw x4f nw',
',spawner tcpclient 192.168.16.2, nw w1 nw ,user linuxtcp, nw',
'x4f nw ,cons, nw',
'| join * ,\\,',
'| var pipe1'
'PIPE (end \ name WARPHOLE.EXEC:7)' pipe1
return rc
]]>
SPAWNER REXX
<![CDATA[
/* SPAWNER REXX Spawn a subprocess like InetD does it */
/* Author: Rob van der Heij, 27 Oct 1999 */
signal on error
arg process /* Process plus arguments */
do forever
'peekto req' /* Wait for connection request */
'callpipe (end \ name SPAWNER.REXX:4)',
'\ var req ', /* Take the request */
'| spec 65.16 1', /* Requester address & port */
'| socka2ip', /* Make it readable */
'| spec w3 1 ,:, n w2 n',
'| var whosthat'
say whosthat 'calling' process
'addpipe (end \ name SPAWNER.REXX:9)',
'\ *.output: ',
'| i: fanin ',
'| tcpdata ',
'|' process ,
'| elastic ',
'| i:'
'callpipe( end \) *: | take',
'| c: count lines',
'| *:', /* Feed it one request */
'\ c: | var cnt'
if cnt = 0 then 'readto' /* Reject the connection */
'sever output' /* Cut it loose */
end
error: return rc * ( rc ^= 12 )
]]>
Verify WarpHole
Rename your modified TCPIP DATA file and check for listening ports:
<![CDATA[
netstat ( select user warphole
]]>
This should give you something like this
<![CDATA[
VM TCP/IP Netstat Level 320
Active Transmission Blocks
User Id Conn Local Socket Foreign Socket State
---- -- ---- ----- ------ ------- ------ -----
WARPHOLE 1860 *..10025 *..* Listen
WARPHOLE 1234 *..10023 *..* Listen
WARPHOLE 1363 *..10080 *..* Listen
]]>
From VM you can now telnet 127.0.0.1 10023 to logon to
Linux, or from your workstation to your production stack port 10023.
Remember you telnet into Linux with a VT220 emulator or such, not a
tn3270. I found IVT very useful (search on
www.shareware.com for VT220.