Paul Cartwright wrote:
> Bob Proulx wrote:
> > Without 'auto' calling /etc/init.d/networking will bring the interface
> > down. But it won't bring the interface up. With 'auto' there then it
> > will bring the interface up. I just verified that now with a quick
> > test on a Lenny and Squeeze machine. And you definitely want to keep
> > 'allow-hotplug' there so that link status events will trigger
> > configuration too.
>
> so how exactly would it look in the interfaces file. here is mine:
> auto lo
> iface lo inet loopback
The loopback device doesn't need to be hotplugged since it always
exists. The debian-install sets it up with 'auto' only.
> #iptables loaded here:
> pre-up iptables-restore < /etc/firewall-rules
That looks like something local to your system. It seems like an odd
place to put that. It looks like someone was trying to reload the
firewall rules at startup time but didn't know about the directory of
scripts /etc/network/if-up.d/* and so associated the timing with the
loopback device coming online instead. Eww...
> # static setup
> auto eth0
> iface eth0 inet static
> address 192.168.10.2
> netmask 255.255.255.0
> dns-nameservers 4.2.2.3 208.67.222.222 208.67.220.220 4.2.2.2 192.168.10.1
> gateway 192.168.10.1
Looks okay. It is a static entry. Therefore it doesn't really need
to dynamically configure anything when the link is established. It
won't hurt anything to have allow-hotplug there. It would look like
this in that case:
# static setup
auto eth0
allow-hotplug eth0
iface eth0 inet static
address 192.168.10.2
netmask 255.255.255.0
dns-nameservers 4.2.2.3 208.67.222.222 208.67.220.220 4.2.2.2 192.168.10.1
gateway 192.168.10.1
The more typical use would be with a dhcp device. Which would look
like this:
auto eth0
allow-hotplug eth0
iface eth0 inet dhcp
And again, you wouldn't have any configuration for a wicd or
network-manager controlled device since those only control devices
without a local configuration.
> did I put that iptables entry in? I don't remember.. should it be there?
I think you did put that in there. It has that look. As to whether
it /should/ be there... well *I* wouldn't put it there. :-) I think
that type of reloading belongs elsewhere such as in an if-up.d/*
script. But I don't know about your firewall setup. I could guess
something like this in /etc/network/if-up.d/local-firewall using your
current config as a template.
#!/bin/sh
case $IFACE in
eth*)
iptables-restore < /etc/firewall-rules
;;
esac
exit 0
That will run your command whenever any eth* device is brought up.
Personally I like the shorewall package quite a bit for setting up
firewalls.
Bob
Attachment:
signature.asc
Description: Digital signature