Re: RFC: new network config (was: Re: network configuration)
On Sun, Feb 07, 1999 at 03:47:33PM +1000, Anthony Towns wrote:
> The netmask is usually the default (ie 255.0.0.0 for class A, 255.255.0.0
> for class B, and 255.255.255.0 for class C), so it seems a shame to have
> to specify it in these cases. :-/
maybe allow either a netmask or a prefix to be specified.
IMO, /24 is a better way of saying 255.255.255.0 - less typing, easier
to read "at a glance".
> Two questions:
> is all the "metric 1 external" "net vs host" stuff more complication
> than we really want in /etc/gateways?
no. /etc/gateways really does belong to routed so if we're putting it to a
secondary use we should do so in a manner compatible with routed.
/etc/init.d/routing (or whatever it is called) should have a config
option telling it whether to set static routes or not. default would be
'yes'. anyone who needs to run routed or gated or zebra (which i have
packaged but not released - too buggy at this stage[*]) would set it to
'no'.
[*] if anyone who has time to deal with a large number of bug reports
for a pre-alpha program wants to package this, email me and i'll send
you my work so far. or maybe i'll just upload it to experimental.
> should /etc/init.d/routing and /etc/init.d/interfaces really
> be separate? PCMCIA and /etc/init.d/routing both have to parse
> /etc/gateways -- maybe this should just be incorporated into ifup? If
> so, then this will happen automagically in /etc/init.d/interfaces and
> /etc/init.d/routing is completely redundant.
more granularity is a good thing. one of the things i disliked about
the spoof-protection stuff in current netbase was that it was in
the main /etc/init.d/netbase script. this meant that my own custom
firewall script had to duplicate the spoof-protection functionality.
it would have been much better for my script to be able to call
/etc/init.d/spoof-protect immediately after flushing the existing
ipchains rules.
there should be at least:
/etc/init.d/interfaces
/etc/init.d/spoof-protect
/etc/init.d/routing
and maybe:
/etc/init.d/ip-aliases
/etc/init.d/firewall (although this may be better in it's own package,
possibly a merger with the ipmasq package)
and /etc/init.d/network should exist and call each of them in the
correct order. it should also contain lots of comments so that anyone
who is used to editing /etc/init.d/network wont have to spend hours
puzzling out the changes.
maybe something like:
#! /bin/sh
# configure interfaces. defined in /etc/interfaces
/etc/init.d/interfaces
# setup spoof-protection
/etc/init.d/spoof-protect
# set up static routes. defined in /etc/gateways. disable by doing
# "blah" if you want to run routed, gated, zebra, etc.
/etc/init.d/routing
# set up alias interfaces. defined in /etc/ip-aliases
/etc/init.d/ip-aliases
# set up firewall rules
[ -x /etc/init.d/firewall ] && /etc/init.d/firewall
and, of course, man pages should be written for each of the config
files.
craig
--
craig sanders
Reply to: