Re: Proposal: Network configuration file format
Anthony Towns wrote:
>
> On Wed, Aug 04, 1999 at 10:13:17AM +0200, Rene Mayrhofer wrote:
> > Here is my proposal for a network configuration file format.
>
> Hmmm. I suppose that's my cue.
>
> Included in netbase 3.14-4 (and the short lived 3.14-3 too actually),
> and currently available for i386, m68k and alpha, are a couple of
> binaries "/sbin/ifup" and "/sbin/ifdown", and a configuration file
> "/etc/network/interfaces".
>
> Note, this is existing, working, even partially tested (!) code.
Then I will look at it and I will probably throw my network interface
format away. The firewall configuration remains. I missed the last 2
weeks of debian-devel because of a problem with my provider, therefore I
actually did not know that something has been implemented. Is it in the
standard potato already ?
> It more or less works for standard ethernet based configs (hardcoded
> addresses, bootp and pcmcia cards should all work; dhcp is a bit flakey),
> coping with network routes under 2.0 and 2.2, and so on.
DHCP is a must for me, mabye I could improve your code as you saved me
lots of work ;-)
> It should expand gracefully to support ipv6 and ipx, and should support
> wacky networking via ax25 and stuff too.
ipv6 is also a must, here goes the same as with dhcp.
> It has some nominal support for schemes (add "scheme foo" before one
> group of interfaces, and "scheme bar" before another and use "ifup -s
> foo eth0" or "ifup -s bar eth0" to select which one you want), but I
> have a feeling how it works probably needs to change.
You mean e.g. a home and a work scheme that configures the network
system occording to the location the computer is at the moment ?
> The source is my second attempt at a literate program, so *theoretically*
> you should be able to take the source to bed and read it and *enjoy* it,
> but in reality... Well, YMMV.
It's written in ANSI C ?
> If you download the source, and have a look at the *.defn files, you
> should get some idea how to handle different address families (inet6, ipx,
> or whatever). Patches to support some of those better would be welcome.
I will try to implement something for ipv6, but it will take me some
time to become familiar with your code (and to get ipv6 working on my
server...).
> The two biggest changes I expect are support for logical interfaces
> ("extppp" which may turn out to be ppp1 sometimes instead of ppp0, or
> similar) and schemes (I expect these two to influence each other); and I
> expect the .defn format to become a little snazzier to make configuration
> files more pleasant to write.
>
> Actually, the other biggest change I expect is an "/etc/interface/up.d/"
> directory for handling any services that need to be reconfigured/restarted
> when interfaces change; for example proxy redirectors, bind, NFS mounts,
> etc.
>
> Anyway. Have a look at /etc/network/interfaces and play around. The "-v"
> and "-n" (verbose, and no-act) will probably be useful. If you use "-n"
> it'll tell you exactly what commands it would run.
Great !
> Oh. For reference:
>
> [aj@azure ~]$ cat /etc/init.d/network
> #!/bin/sh
> ifup -a
> [aj@azure ~]$ _
>
> (actually, I lie. I have some firewalling rules in there too)
>
> Patches, proposals, praise and prestidigitation on any of the above is
> quite welcome.
OK, after reading your repsonse I think I will drop my proposal and try
to make some patches to your working code. This actually saves me some
weeks of coding.
Thank you ;-)
Let's work on this together to complete your system (I will look at it
closely tomorrow).
> > 5.1 An example as I would use it for my home network:
> > # The local network.
> > network "internal" {
> > # The main connection to the internal network.
> > interface "eth0" { addressv4 10.0.0.4 }
> > # This is for testing apache's virtual server capabilities
> > interface "eth0:0" { addressv4 dhcp }
> > networkv4 10.0.0.0;
> > netmaskv4 255.255.255.0;
> > broadcastv4 10.0.0.255;
> > }
>
> scheme internal
> iface eth0 inet4 static
> address 10.0.0.4
> netmask 255.0.0.0
> network 10.0.0.0
> broadcast 10.255.255.255
How do you handle multiple addresses for an interface (kernel 2.2.x does
that without the need of interface aliases) ?
> iface eth0:0 inet4 dhcp
> # erm. I think. this may or may not work. Does dhcp over an
> # alias actually work?
It should AFAIK.
> > # a direct connection to a other local network that provides some services
> > network "untrusted" {
> > interface "eth1" { addressv4 192.168.1.34 }
> > networkv4 192.168.1.0;
> > netmaskv4 255.255.254.0;
>
> Is this what you mean? It's the same as 192.168.0.0/255.255.254.0 ?
Oops, my fault. Yes, I meant it.
> > broadcastv4 192.168.2.255;
>
> This also seems weird?
>
> > }
>
> scheme untrusted
> iface eth1 inet static
> address 192.168.1.34
> network 192.168.1.0
> netmask 255.255.254.0
> broadcast 192.168.2.255
>
> > # For using Vmware's network capabilities.
> > network "vmnet" {
> > interface "vmnet0" { addressv4 10.0.1.1 }
> > networkv4 10.0.1.0;
> > netmaskv4 255.255.255.0;
> > broadcastv4 10.0.1.255;
> > }
>
> (left as an exercise to the interested reader :)
>
> > # The ISDN connection to the outside
> > network "isdn" {
> > interface "isdn0" {
> > addressv4 193.170.191.36;
> > ptpaddressv4 193.170.191.33;
> > }
> > networkv4 193.170.191.32;
> > netmaskv4 255.255.255.240;
> > arp false;
> > # A shell script sets this to true if I want automatic connections to
> > be made
> > enabled false;
> > # Maybe we should put in the ISDN settings here too (telephone number,
> > # protocol, ...)
> > }
>
> I've never actually had the pleasure of setting up an ISDN interface. I
> expect you'd want to write a special defn for it though, and have something
> like:
>
> iface isdn0 inet isdn
> noauto
> address 193.170.191.36
> ptpaddress 193.170.191.33
> network 193.170.191.32
> netmask 255.255.255.240
> # whatever other parameters isdn takes
I will try your system on my server and contribute the ISDN defn file as
soon as it is working. Can your system set up the isdn parameters at the
moment or has this to be changed ?
I only have an isdn connection (with a static ip address - I get a
working internet connection in under 2 seconds....), but I can not test
ppp or slip dialup. Does this work ?
> (use "ifup isdn0" by hand, instead of expecting it to come up as part of
> /etc/init.d/network (ie, ifup -a))
> > # The default route to the internet
> > route default {
> > gatewayv4 193.170.190.33;
> > }
>
> gateway 193.170.190.33
> # in the appropriate iface block
>
> > # Now some firewalling rules
> > # masquerade the internal network to the internet, but do www access
> > over a
> > # (transparent) proxy on the local host
>
> These I don't have at all. I'm not convinced they're *incredibly*
> necessary.
I am setting up a Debian based firewall distribution, therefore they are
necessary for me. However, I would be happy to work on this with you
commenting on my way to do things as I hope to get the firewall stuff in
the netbase package (or - if more appropriate - I could make up another
package).
But I think that even on non-firewall systems there should be some
protection. Think of web servers that have (by misconfiguration) a
telnet service running. Even if the web administrator knows nothing
about ip security, the server should be reasonably secure by default.
Firewalling rules help a lot.
> > rule { from "dialin" to "internet" masquerade }
> > rule { from "dialin" to "internal" reject incoming }
>
> These could be kind of cute, though.
I think so too.
> ``The thing is: trying to be too generic is EVIL. It's stupid, it
> results in slower code, and it results in more bugs.''
> -- Linus Torvalds
He is right for sure !
best greets
Rene
Linux developer at ViaNova ( http://www.vianova.at )
Reply to: