Where & when to launch pppd/pppoe @ boot?
I'm using Opensuse 11.0 as a router/firewall to connect directly to the Internet via PPPoE & a bridged ADSL connection. After exploring available options, I've decided to use: (1) kernel-, not user-space, pppoe (2) native scripts, not rp-pppoe (3) manually-configured iptables; no SuSEFirewall2 (4) 'raw' iptables, i.e. no shorewall-like wrapper ... So far, I've got the individual pieces working. pppoe configuration is defined in, /etc/ppp/peers/att /etc/ppp/pap-secrets /etc/ppp/options /etc/ppp/ip-up.local /etc/ppp/ip-down.local and I can bring up the connection simply with, pppd call att after which I can load my firewall rules. Now, I just want to get everything setup correctly -- in the right places & righht order -- @ boot. It seems that Opensuse has its own way of doing some things, compared to other distros. To that end, instead of in "boot.local" or "rc.local", I've created an /etc/init.d/custom-iptables startup script, using /etc/init.d/skeleton as a starting point. I've made sure that the iptables script loads after the network is up ls -al /etc/init.d/rc3.d/S*{network,iptables}* lrwxrwxrwx 1 root root 10 2008-10-11 09:47 /etc/init.d/rc3.d/S05network -> ../network lrwxrwxrwx 1 root root 20 2008-11-20 08:01 /etc/init.d/rc3.d/S06iptables -> /etc/init.d/custom-iptables Now where should the start-pppd-on-boot logic go? Lots of choices ... but what's best/recommended practice? In the "custom-iptables" script? In the "network" script? In a separate init.d script? Elsewhere? Thanks. --JC -- To unsubscribe, e-mail: opensuse-networking+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-networking+help@opensuse.org
Am Donnerstag 20 November 2008 17:10:08 schrieb JC Janos:
I'm using Opensuse 11.0 as a router/firewall to connect directly to the Internet via PPPoE & a bridged ADSL connection.
After exploring available options, I've decided to use:
(1) kernel-, not user-space, pppoe (2) native scripts, not rp-pppoe (3) manually-configured iptables; no SuSEFirewall2 (4) 'raw' iptables, i.e. no shorewall-like wrapper ...
So far, I've got the individual pieces working.
pppoe configuration is defined in,
/etc/ppp/peers/att /etc/ppp/pap-secrets /etc/ppp/options /etc/ppp/ip-up.local /etc/ppp/ip-down.local
and I can bring up the connection simply with,
pppd call att
after which I can load my firewall rules.
Now, I just want to get everything setup correctly -- in the right places & righht order -- @ boot.
It seems that Opensuse has its own way of doing some things, compared to other distros.
To that end, instead of in "boot.local" or "rc.local", I've created an /etc/init.d/custom-iptables startup script, using /etc/init.d/skeleton as a starting point.
I've made sure that the iptables script loads after the network is up
ls -al /etc/init.d/rc3.d/S*{network,iptables}* lrwxrwxrwx 1 root root 10 2008-10-11 09:47 /etc/init.d/rc3.d/S05network -> ../network lrwxrwxrwx 1 root root 20 2008-11-20 08:01 /etc/init.d/rc3.d/S06iptables -> /etc/init.d/custom-iptables
Now where should the start-pppd-on-boot logic go? Lots of choices ... but what's best/recommended practice?
In the "custom-iptables" script? In the "network" script? In a separate init.d script? Elsewhere?
I recommend creating a seperate init.d script. This makes it easier when you need restarting/reloading the pppd stuff (if you have static ip's you do not need to restart the iptables stuff for example) When you followed the instructions from /etc/init.d/skeleton (Required-Start/ Required-Stop is importand) everything should be ok, even when you install /uninstall later other services that provide there own start/stop scripts. regards, Paul -- To unsubscribe, e-mail: opensuse-networking+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-networking+help@opensuse.org
Paul, On Thu, Nov 20, 2008 at 1:09 PM, Paul Zirnik <tami@disconnected.de> wrote:
I recommend creating a seperate init.d script. This makes it easier when you need restarting/reloading the pppd stuff
I was thinking of dealing with that using 'case' statements and additional arguments (e.g. $2 = 'pppoe'), but this is probably simpler.
(if you have static ip's you do not need to restart the iptables stuff for example)
I do have static IPs, so this may be relevant. What happens if iptables is depending on the external interface == "pppoe", but then pppd is restarted? During that time, does iptables have any issues/problems?
When you followed the instructions from /etc/init.d/skeleton (Required-Start/ Required-Stop is importand) everything should be ok, even when you install /uninstall later other services that provide there own start/stop scripts.
So placing the "ppoed" service-name in the iptables scripts' Required-Start/Required-Stop, correct? If that's good enough, and the dependencies are properly setup using Required-Start/Required-Stop, does it matter at all as to the order-by-name in the init.d directory? E.g. S05network, S06myppp, then S07myiptables? Thanks. --JC -- To unsubscribe, e-mail: opensuse-networking+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-networking+help@opensuse.org
Hi, On Thursday, November 20, 2008 at 08:10:08, JC Janos wrote:
After exploring available options, I've decided to use:
(1) kernel-, not user-space, pppoe (2) native scripts, not rp-pppoe (3) manually-configured iptables; no SuSEFirewall2 (4) 'raw' iptables, i.e. no shorewall-like wrapper ...
Now where should the start-pppd-on-boot logic go? Lots of choices ... but what's best/recommended practice?
You throw away all your manual configuration and use yast to configure your ppp connection to be enabled during boot. Make sure you use the traditional method (ifup) and not NetworkManager. Your custom firewall script you throw into /etc/ppp/ip-up.d. There really is no need to do everything manualy. Henne -- Henne Vogelsang, openSUSE. Everybody has a plan, until they get hit. - Mike Tyson -- To unsubscribe, e-mail: opensuse-networking+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-networking+help@opensuse.org
participants (3)
-
Henne Vogelsang -
JC Janos -
Paul Zirnik