[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: default route

On Sun, Jan 14, 2001 at 08:42:41PM +1100, Matt Chipman wrote:
> Thanks for all the replies everybody, the problem is still there, and
> whatever route i put in /etc/network/interfaces still doesnt apply at boot.
> 
> I am thinking maybe i have to have a package installed that makes the route
> stick?? I am using a custom install of potatoe
> 
> Is there something route relies on?
> 
> <shrug> any ideas?

in my /etc/rcS.d/S40networking script, which is called at boot
time via inittab instructions before launching runlevels, it
starts all the net stuff automatically.

on potato (debian 2.2) the "netbase" package supplies the parts
for this. maybe (to borrow a windo~1 metaphor) if you reinstall
it? could be you inadvertently removed a file or two...?

just for completeness, attached is my /etc/init.d/networking
script that you could install via

	update-rc.d networking start 40 S . stop 35 0 6 .

(i think)...


-- 
See, if you were allowed to keep the money, you wouldn't
create jobs with it. You'd throw it in the bushes or
something.  But the government will spend it, thereby
creating jobs.      -- Dave Barry

will@serensoft.com    ***    http://www.dontUthink.com/

volunteer to document your experience for next week's
newbies -- http://www.eGroups.com/messages/newbieDoc

#!/bin/sh
#
# start/stop networking daemons.

if ! [ -x /sbin/ifup ]; then
    exit 0
fi

if [ -e /etc/network/spoof-protect ]; then
    . /etc/network/spoof-protect
fi

spoofprotect_rp_filter () {
    # This is the best method: turn on Source Address Verification and get
    # spoof protection on all current and future interfaces.
    
    if [ -e /proc/sys/net/ipv4/conf/all/rp_filter ]; then
        for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
            echo 1 > $f
        done
        return 0
    else
        return 1
    fi
}

spoofprotect_ipfwadm () {
    # rules for linux 2.0.x and 2.1.x (x < 102) kernels

    # can't do ipfwadm based spoof protection if we don't have the appropriate
    # configuration info.

    if [ -z "$LOCAL_IPS" -o -z "$LOCAL_IFACES" ]; then return 1; fi

    #what about 127.0.0.0/8 ?
    #deny incoming packets pretending to be from our own system.
    #set your own IP address below (or use `hostname -i` to set it).

    if [ -e /proc/net/ip_input ]; then
        # delete and re-add entry (this way we don't get duplicate entries)
        for ip in $LOCAL_IPS; do
            for iface in $LOCAL_IFACES; do
                ipfwadm -I -d deny -o -P all -S $ip -W $iface -D 0/0 \
                    2>/dev/null || true
                ipfwadm -I -i deny -o -P all -S $ip -W $iface -D 0/0 >/dev/null
            done
        done

        return 0
    else
        return 1
    fi
}

spoofprotect_ipchains () {
    # rules for linux 2.1.x (x > 101) kernels

    # can't do ipfwadm based spoof protection if we don't have the appropriate
    # configuration info.

    if [ -z "$LOCAL_IPS" ]; then return 1; fi

    if [ -e /proc/net/ip_fwchains ]; then
        for ip in $LOCAL_IPS; do
	    ipchains -D input -j DENY -l -s $ip -i ! lo 2>/dev/null || true
	    ipchains -A input -j DENY -l -s 127.0.0.0/8 -i ! lo
        done

        return 0
    else
        return 1
    fi
}

spoofprotect () {
    echo -n "Setting up IP spoofing protection: "
    if spoofprotect_rp_filter; then
        echo "rp_filter."
    elif spoofprotect_ipfwadm; then
        echo "ipfwadm."
    elif spoofprotect_ipchains; then
        echo "ipchains."
    else
        echo "FAILED"
    fi
}

ip_forward () {
    if [ -e /proc/sys/net/ipv4/ip_forward ]; then
        echo -n "Enabling packet forwarding: "
        echo 1 > /proc/sys/net/ipv4/ip_forward
        echo "done."
    fi
}

syncookies () {
    if [ -e /proc/sys/net/ipv4/tcp_syncookies ]; then
        echo -n "Enabling TCP/IP SYN cookies: "
        echo 1 > /proc/sys/net/ipv4/tcp_syncookies
        echo "done."
    fi
}

doopt () {
    optname=$1
    default=$2
    opt=`grep "^$optname=" /etc/network/options`
    if [ -z "$opt" ]; then
        opt="$optname=$default"
    fi
    optval=${opt#$optname=}
    if [ "$optval" = "yes" ]; then
        eval $optname
    fi
}

case "$1" in
    start)
	doopt spoofprotect yes
        doopt syncookies no
        doopt ip_forward no

        echo -n "Configuring network interfaces: "
        ifup -a
	echo "done."
	;;
    stop)
        if sed -n 's/^[^ ]* \([^ ]*\) \([^ ]*\) .*$/\1 \2/p' /proc/mounts | 
          grep -q "^/ nfs$"
        then
            echo "NOT deconfiguring network interfaces: / is an NFS mount"
        elif sed -n 's/^[^ ]* \([^ ]*\) \([^ ]*\) .*$/\1 \2/p' /proc/mounts |  
          grep -q "^/ smb$"
        then
            echo "NOT deconfiguring network interfaces: / is an SMB mount"
	elif sed -n 's/^[^ ]* \([^ ]*\) \([^ ]*\) .*$/\2/p' /proc/mounts | 
          grep -E '^(nfs|smb)$'
        then
            echo "NOT deconfiguring network interfaces: NFS/SMB shares still mounted."
        else
            echo -n "Deconfiguring network interfaces: "
            ifdown -a
	    echo "done."
        fi
	;;
    reload)
	;;
    force-reload)
	$0 restart
	;;
    restart)
        echo -n "Reconfiguring network interfaces: "
        ifdown -a
        ifup -a
	echo "done."
	;;
    *)
	echo "Usage: /etc/init.d/networking {start|stop|reload|restart}"
	exit 1
	;;
esac

exit 0
Reply to: