[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

usage of "ifup ppp0" as opposed to "pon"

(I am using Debian Sarge, running kernel 2.4.24-1-686)
I recently installed new version of iptables and noticed it had made some changes to the start up scripts. While going over the documentation, I realized that I can use pre-up and up and down and post-down commands in the /etc/network/interfaces file to execute my firewall scripts. I am totally new to this method and I have it sort of working. But the problem is that I am not sure how ifup command relates to the pon command. I can have the various commands executed as an interface is brought up, but what happens if I just pon (which I think brings up the interfaces?). I may not have made myself very clear, so feel free to ask that I rephrase.
In the ppp0 section, what do you make of my pre-up, up and down and post-down command? At present, "/etc/init.d/networking restart" works perfectly fine, so that if I boot my computer I should have my firewall up. But "ifdown ppp0" says: 
# ifdown ppp0
/usr/bin/poff: I could not find a pppd process for provider 'dsl-provider'. None stopped.
"ifup ppp0" works fine. But I am not sure what happens if I use the usual method of pon and poff. Also, this troubles me because I guess "pon" activates my connection on start up. If this command ignores the ppp0 section in interfaces file, I will be without my firewall till I manually bring it up. 


Here is my interfaces file:
# cat /etc/network/interfaces
# Used by ifup(8) and ifdown(8). See the interfaces(5) manpage or
# /usr/share/doc/ifupdown/examples for more information.
# /etc/network/interfaces -- configuration file for ifup(8), ifdown(8)

# The loopback interface
auto lo
iface lo inet loopback
# The first network card - this entry was created during the Debian installation 
# (network, broadcast and gateway are optional)
auto eth0
iface eth0 inet static
        address 192.168.1.0
        netmask 255.255.255.0
        network 192.168.0.0
        broadcast 192.168.0.255
        #drop everthing on all interfaces except lo
        pre-up /etc/iptables/iptables.sh panic
        #get the rules up which do not require my DSL IP
        pre-up /etc/iptables/iptables.sh preup_start
auto eth1
iface eth1 inet static
        address 192.168.0.2
        netmask 255.255.255.0
        network 192.168.0.0
        broadcast 192.168.0.255
#        gateway 192.168.1.0

#this is for ppp0 configuration
auto ppp0
iface ppp0 inet ppp
        #pre-up /etc/iptables/iptables.sh preup_start
        #pre-up ip link set eth0 up
        #now that ppp0 is up, implement more detailes rules that
        #use the IP address that my DSL provider assigned me just now
        up /etc/iptables/iptables.sh start
        provider dsl-provider
        down poff -a
        post-down /etc/iptables/iptables.sh stop




In the above:
"/etc/iptables/iptables.sh preup_start" command implements a ruleset that does not use any public IP of my machine, and "/etc/iptables/iptables.sh start" commands first obtains the IP address that my provider assigns me (I get a new one everytime I logon) and then implements a rule set with more details using this IP address. 



thanks,
->HS

--
(Remove all underscores,_if any_, from my email address to get the correct one. Apologies for the inconvenience, but this is to reduce spam.)
Reply to: