Re: Modifying Routing Tables on the fly
Sorry, Maybe I did not explain it well enough.
The remote IP stays the same for all users loggin in (there is only one
dial-in port)
The route table has to change according to the user, not by the remote IP.
The only means I have of Identifying which user is logging in is the Login
Name.
If it were a different IP then, not a problem, I have done it on other
nodes.
The modem dialin line gets IP 12.45.67.89 This never changes, and
any one of half a dozen people can use it.
This is routes out onto node 192.168.1.127 on eth0
Only one user is permitted to get to machine 192.168.1.1
Can ip-up identify a user ?... or can you specify a different ip-up for
each user ?
Ian
----------
----------
> From: Craig Sanders <cas@taz.net.au>
> To: Ian Perry <iperry@ram.net.au>
> Cc: debian-user@lists.debian.org
> Subject: Re: Modifying Routing Tables on the fly
> Date: Monday, 2 March 1998 19:24
>
> On Mon, 2 Mar 1998, Ian Perry wrote:
>
> > I am trying to modify a route table dependant on which user logs in
through
> > a dial-up connection.
> > viz: route add 192.168.1.1 eth0
> >
> > I have already got
> >
> > route add -net 192.168.0.0 netmask 255.255.0.0 lo
> > to stop other users getting to the local network (other than what they
are
> > supposed to)
>
> this is what the /etc/ppp/ip-up script is for.
>
> e.g.
>
> ---cut here---
> #!/bin/sh
> #
> # $Id: ip-up,v 1.1 1997/12/16 11:37:26 phil Exp $
> #
> # This script is run by the pppd after the link is established.
> # It should be used to add routes, set IP address, run the mailq
> # etc.
> #
> # This script is called with the following arguments:
> # Arg Name Example
> # $1 Interface name ppp0
> # $2 The tty ttyS1
> # $3 The link speed 38400
> # $4 Local IP number 12.34.56.78
> # $5 Peer IP number 12.34.56.99
>
> case "$5" in
> 192.168.0.1) route add ..blah... ;;
>
> 192.168.0.2) ipfwadm -I ...... ;;
>
> 192.168.0.3) blah blah blah
> blah line 2
> blah line 3 ;;
> esac
> ---cut here---
>
> this example executes the "route add...." command if (and only if) the
> remote IP address is 192.168.0.1.
>
> it also has demonstrates a special ipfwadm (firewall/packet filter)
> rule for 192.168.0.2. e.g. say you have a service running on one
> of your machines which your users have to pay extra to get access
> to...actually, you'd probably do this based on user name rather than IP
> address - you could use $2 (the tty) to lookup the user name. you'd use
> /etc/ppp/ip-down to delete the ipfwadm rule when the interface died.
>
> the third case shows that multiple script lines can be executed for any
> case - ";;" is used to end the case.
>
>
>
>
> > I have set up the user's login shell to run the file to add the route
and
> > ip-down to remove the route.
>
> this wont work.
>
> > I get the error message:
> >
> > SIOCADDRT : Operation not permitted.
> >
> > I gather this is because the user is not root.
>
> yep.
>
>
> > Is there a way to safely change the routing table dependant on who logs
in
> > ?
> >
> > Any help would be appreciated.
>
> /etc/ppp/ip-up is executed whenever a ppp interface goes up, and
> /etc/ppp/ip-down is executed whenever a ppp interface goes down. These
> files are often shell scripts, but they don't have to be....write them
> in perl or C or whatever you like.
>
> the debian ppp package comes with a sample script (similar to the
> example above) which doesn't do anything.
>
>
> craig
>
> --
> craig sanders
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: