[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC: new network config (was: Re: network configuration)

On Thu, Feb 04, 1999 at 11:26:45PM +0000, Christian Hammers wrote:
> On Wed, Feb 03, 1999 at 09:14:08AM +1100, Craig Sanders wrote:
> > > Then who is the one who has the power to change it =;-)
> > 
> > you. anyone has the power to change it. all it takes is to write the
> > code to implement it.
> Ok ! 
> I'm a "Brave Debian" (tm) and I try to change something.

cool. i'm glad you took my comments in the spirit intended, rather than
as a flame :-)

> But I *strongly* need comments. Not for the implemention - I have no
> problems with sed and sh scripts - but I like to know what can be done
> better or what I missed *before* I implement that !

see the message i sent a few minutes ago on this thread for more ideas.

that message is focussing on something different (but related) to what
you're working on....there's an obvious need to co-ordinate ideas here
so that they don't get wildly incompatible.

> BTW: Who is the responsible package ? Boot-floppies or netbase ?

netbase, i think.

> My approach is now the following. I try to use as many well-known files as
> possible. 

excellent.  this is (nearly) always the Best Way<tm>

> The only new file is /etc/interfaces which is itself very 
> "compatible" since it takes the parameters for insmod 1:1 (nearly).
> Now the workflow in pseudo-perl:
> /etc/init.d/interfaces start
> 	foreach $line (<"/etc/interfaces">) {
> 		`ifconfig $line up`
> 		`route add &calc_base_address($ip, $netmask) eth0`
> 	}
> /etc/init.d/routes start
> 	foreach $line (<"/etc/gateways">) {
> 		`route add $ip gw $gw`
> 	}
> Is this good ?

is good :-)

> Oh, 2nd thing. As someone suggested: the IP spoofing part gets out of
> netbase. I think it should in routes.

i suggested that ages ago.  Peter Tobias didn't seem to think it was a
good idea.

i think it should be in /etc/init.d/spoof-protect or
/etc/init.d/firewall or similar.

reason being is that it should be possible to stop or restart
spoof-protection without resetting all your routes - e.g. you might have
just flushed all your ipchains/ipfwadm rules in order to recreate them
from scratch.

> ----------------------------------------------------------------
> # /etc/gateways:
> # Add here all your gateways.
> # 
> # /etc/init.d/routes which is normally called at boottime reads this file.
> #
> #<net | host> NAME1 gateway NAME2 metric VALUE <passive | active | external> 
> net default 		gateway
> net 	gateway
> -----------------------------------------------------------------

cool. one suggestion: 

unless you know that routed will keep with misformed config lines,
always use the same format as routed needs (you've skipped the
"metric VALUE ..." part), even if your script doesn't need the extra

that way, the end user can easily switch back and forth between using
routed or not.

also, your /etc/init.d/routes should check to see whether routed is
running or if the system is configured to start it...and exit before
doing anything if it is.


craig sanders

Reply to: