On Tue, Aug 11, 2009 at 2:16 PM, Ivan Shmakov
<oneingray@gmail.com> wrote:
[...]
> Thank you Jonathan for writing the nice blog article and it works.
> But it requries some customization in debian Lenny.
> For some reason, the script in /etc/network/if-pre-up.d/ doesn't load
> up by default.
Did you set the execute permission on the script?
# chmod +x /etc/network/if-pre-up.d/SCRIPTNAMEHERE
Sure. However, Lenny doesn't load the scripts.
>> I apparently used /etc/network/if-pre-up.d (I can't remember the
>> reasoning why, but I guess it's useful to make sure you load the
>> rules prior to bringing the interfaces up, which means the rules
>> will be there once network connectivity is brought up)
> You have to explicitly call it from /etc/network/interfaces like:
> auto eth0
> iface eth0 inet static
[...]
> pre-up /etc/network/if-pre-up.d/iptables
It somewhat defeats its advantage of /not/ having it mentioned
for each of the host's interfaces.
In my case, the gateway got three NICs, one for internet, one for DMZ and one for LAN inside. Loading the iptables once is enough for all.
So, one instance of
pre-up /etc/network/if-pre-up.d/iptables
is enough.
auto eth0 eth1 ...
iface eth0 inet static
...
pre-up /etc/network/if-pre-up.d/iptables
iface eth1 inet static
...
pre-up /etc/network/if-pre-up.d/iptables
...
[...]
--