Am Donnerstag 20 November 2008 17:10:08 schrieb JC Janos:
I'm using Opensuse 11.0 as a router/firewall to connect directly to the Internet via PPPoE & a bridged ADSL connection.
After exploring available options, I've decided to use:
(1) kernel-, not user-space, pppoe (2) native scripts, not rp-pppoe (3) manually-configured iptables; no SuSEFirewall2 (4) 'raw' iptables, i.e. no shorewall-like wrapper ...
So far, I've got the individual pieces working.
pppoe configuration is defined in,
/etc/ppp/peers/att /etc/ppp/pap-secrets /etc/ppp/options /etc/ppp/ip-up.local /etc/ppp/ip-down.local
and I can bring up the connection simply with,
pppd call att
after which I can load my firewall rules.
Now, I just want to get everything setup correctly -- in the right places & righht order -- @ boot.
It seems that Opensuse has its own way of doing some things, compared to other distros.
To that end, instead of in "boot.local" or "rc.local", I've created an /etc/init.d/custom-iptables startup script, using /etc/init.d/skeleton as a starting point.
I've made sure that the iptables script loads after the network is up
ls -al /etc/init.d/rc3.d/S*{network,iptables}* lrwxrwxrwx 1 root root 10 2008-10-11 09:47 /etc/init.d/rc3.d/S05network -> ../network lrwxrwxrwx 1 root root 20 2008-11-20 08:01 /etc/init.d/rc3.d/S06iptables -> /etc/init.d/custom-iptables
Now where should the start-pppd-on-boot logic go? Lots of choices ... but what's best/recommended practice?
In the "custom-iptables" script? In the "network" script? In a separate init.d script? Elsewhere?
I recommend creating a seperate init.d script. This makes it easier when you need restarting/reloading the pppd stuff (if you have static ip's you do not need to restart the iptables stuff for example) When you followed the instructions from /etc/init.d/skeleton (Required-Start/ Required-Stop is importand) everything should be ok, even when you install /uninstall later other services that provide there own start/stop scripts. regards, Paul -- To unsubscribe, e-mail: opensuse-networking+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-networking+help@opensuse.org