usage of "ifup ppp0" as opposed to "pon"
(I am using Debian Sarge, running kernel 2.4.24-1-686)
I recently installed new version of iptables and noticed it had made
some changes to the start up scripts. While going over the
documentation, I realized that I can use pre-up and up and down and
post-down commands in the /etc/network/interfaces file to execute my
firewall scripts. I am totally new to this method and I have it sort of
working. But the problem is that I am not sure how ifup command relates
to the pon command. I can have the various commands executed as an
interface is brought up, but what happens if I just pon (which I think
brings up the interfaces?). I may not have made myself very clear, so
feel free to ask that I rephrase.
In the ppp0 section, what do you make of my pre-up, up and down and
post-down command? At present, "/etc/init.d/networking restart" works
perfectly fine, so that if I boot my computer I should have my firewall
up. But "ifdown ppp0" says:
# ifdown ppp0
/usr/bin/poff: I could not find a pppd process for provider
'dsl-provider'. None stopped.
"ifup ppp0" works fine. But I am not sure what happens if I use the
usual method of pon and poff. Also, this troubles me because I guess
"pon" activates my connection on start up. If this command ignores the
ppp0 section in interfaces file, I will be without my firewall till I
manually bring it up.
Here is my interfaces file:
# cat /etc/network/interfaces
# Used by ifup(8) and ifdown(8). See the interfaces(5) manpage or
# /usr/share/doc/ifupdown/examples for more information.
# /etc/network/interfaces -- configuration file for ifup(8), ifdown(8)
# The loopback interface
auto lo
iface lo inet loopback
# The first network card - this entry was created during the Debian
installation
# (network, broadcast and gateway are optional)
auto eth0
iface eth0 inet static
address 192.168.1.0
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
#drop everthing on all interfaces except lo
pre-up /etc/iptables/iptables.sh panic
#get the rules up which do not require my DSL IP
pre-up /etc/iptables/iptables.sh preup_start
auto eth1
iface eth1 inet static
address 192.168.0.2
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
# gateway 192.168.1.0
#this is for ppp0 configuration
auto ppp0
iface ppp0 inet ppp
#pre-up /etc/iptables/iptables.sh preup_start
#pre-up ip link set eth0 up
#now that ppp0 is up, implement more detailes rules that
#use the IP address that my DSL provider assigned me just now
up /etc/iptables/iptables.sh start
provider dsl-provider
down poff -a
post-down /etc/iptables/iptables.sh stop
In the above:
"/etc/iptables/iptables.sh preup_start" command implements a ruleset
that does not use any public IP of my machine, and
"/etc/iptables/iptables.sh start" commands first obtains the IP address
that my provider assigns me (I get a new one everytime I logon) and then
implements a rule set with more details using this IP address.
thanks,
->HS
--
(Remove all underscores,_if any_, from my email address to get the
correct one. Apologies for the inconvenience, but this is to reduce spam.)
Reply to: