Re: Modifying Routing Tables on the fly

To: Ian Perry <iperry@ram.net.au>
Cc: debian-user@lists.debian.org
Subject: Re: Modifying Routing Tables on the fly
From: Craig Sanders <cas@taz.net.au>
Date: Mon, 2 Mar 1998 19:23:54 +1059 (EST)
Message-id: <[🔎] Pine.LNX.3.96.980302190928.449k-100000@siva.taz.net.au>
In-reply-to: <[🔎] 199803020644.RAA10391@rip.ram.net.au>

On Mon, 2 Mar 1998, Ian Perry wrote:

> I am trying to modify a route table dependant on which user logs in through
> a dial-up connection.
> viz:	route add 192.168.1.1 eth0
> 
> I have already got
> 
> route add -net 192.168.0.0 netmask 255.255.0.0 lo
> to stop other users getting to the local network (other than what they are
> supposed to)

this is what the /etc/ppp/ip-up script is for.  

e.g.

---cut here---
#!/bin/sh
#
# $Id: ip-up,v 1.1 1997/12/16 11:37:26 phil Exp $
#
# This script is run by the pppd after the link is established.
# It should be used to add routes, set IP address, run the mailq 
# etc.
#
# This script is called with the following arguments:
#    Arg  Name               Example
#    $1   Interface name     ppp0
#    $2   The tty            ttyS1
#    $3   The link speed     38400
#    $4   Local IP number    12.34.56.78
#    $5   Peer  IP number    12.34.56.99

case "$5" in
	192.168.0.1)	route add ..blah... ;;

	192.168.0.2)	ipfwadm -I ...... ;;

	192.168.0.3)    blah blah blah
					blah line 2
					blah line 3 ;;
esac
---cut here---

this example executes the "route add...." command if (and only if) the
remote IP address is 192.168.0.1. 

it also has demonstrates a special ipfwadm (firewall/packet filter)
rule for 192.168.0.2. e.g. say you have a service running on one
of your machines which your users have to pay extra to get access
to...actually, you'd probably do this based on user name rather than IP
address - you could use $2 (the tty) to lookup the user name. you'd use
/etc/ppp/ip-down to delete the ipfwadm rule when the interface died.

the third case shows that multiple script lines can be executed for any
case - ";;" is used to end the case.

> I have set up the user's login shell to run the file to add the route and 
> ip-down to remove the route.

this wont work.

> I get the error message:
> 
> SIOCADDRT : Operation not permitted.
> 
> I gather this is because the user is not root.

yep.

> Is there a way to safely change the routing table dependant on who logs in
> ?
> 
> Any help would be appreciated.

/etc/ppp/ip-up is executed whenever a ppp interface goes up, and
/etc/ppp/ip-down is executed whenever a ppp interface goes down.  These
files are often shell scripts, but they don't have to be....write them
in perl or C or whatever you like.

the debian ppp package comes with a sample script (similar to the
example above) which doesn't do anything.

craig

--
craig sanders

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

References:
- Modifying Routing Tables on the fly
  - From: "Ian Perry" <iperry@ram.net.au>

Prev by Date: Re: Microsoft Intellimouse
Next by Date: Re: Lee: Re: smail Solution for Dynamic IP's
Previous by thread: Modifying Routing Tables on the fly
Next by thread: Re: Modifying Routing Tables on the fly
Index(es):
- Date
- Thread