Cipe starts before firewalldaemon on SuSe-Live CD
Hi there. We've got a SuSe Linux Firewall on CD 2 and use CIPE to connect a branch office. Because the remote network is on a dialup-line, we use the cipe's ip-up script to insert some iptables rules for the network connection between the LANs. Our Problem is that the CIPE Daemon starts before the FAS Daemon and so the rules defined in the CIPE's ip-up Script become overwritten. On a "normal" Linux machine we renamed the link of the CIPE Daemon in /etc/init.d/rcX.d/@SXXcipe to let cipe start after the Firewallscript. How can i then change the order in which the services start on that SuSe Firewall On CD?? I'm not that into cronjobs, would it be possible to create a job that runs after the Firewallscript has been run successful? Thanks for any comments. Regards, Jan F. Pielhau Systemintegration / Helpdesk inuIT Lyrenstr. 13 D-44866 Bochum Tel.: +49 (2327) 30 92 8 - 0 Fax: +49 (2327) 30 92 8 - 33 eMail: J.Pielhau@inuIT.de Web: http://www.inuIT.de
Hi there.
We've got a SuSe Linux Firewall on CD 2 and use CIPE to connect a branch office. Because the remote network is on a dialup-line, we use the cipe's ip-up script to insert some iptables rules for the network connection between the LANs. Why do you put the iptables rules in the cipe script? You have to create a cipe chain in the firewall script; with fas GUI is very simple: go to IP-Filter and NAT menu, choose Expert Configuration and New Chain in IP Filter Menu, add your rules there. For example you could create 2 chains: one that accepts the key from your peer and another that forwards the traffic between the 2 lans
On Thu, 2003-09-11 at 11:58, Jan Frederik Pielhau wrote: trough the cipe interface; the first will be added in the INPUT chain and the second in the FORWARD chain. Don't forget to start cipe deamon by hand on the floppy in /etc/rc.config Anyway I suggest you to join the suse-fwoncd list: http://lists.suse.com/archive/suse-fwoncd/ Ciao
On Thu, 2003-09-11 at 05:58, Jan Frederik Pielhau wrote:
Hi there.
We've got a SuSe Linux Firewall on CD 2 and use CIPE to connect a branch office. Because the remote network is on a dialup-line, we use the cipe's ip-up script to insert some iptables rules for the network connection between the LANs. Our Problem is that the CIPE Daemon starts before the FAS Daemon and so the rules defined in the CIPE's ip-up Script become overwritten. On a "normal" Linux machine we renamed the link of the CIPE Daemon in /etc/init.d/rcX.d/@SXXcipe to let cipe start after the Firewallscript. How can i then change the order in which the services start on that SuSe Firewall On CD?? I'm not that into cronjobs, would it be possible to create a job that runs after the Firewallscript has been run successful?
Thanks for any comments.
Regards,
Jan F. Pielhau
In general you can change the start order of the scripts by changing the "S" number to one that is higher the the firewall startup script. I don't use the firewall because I'm on a local lan but this applies to -any- start script. Simply cd into the appropriate run level -rc#.d- directory and relink the firewall script with a number higher than the "cipe" script. OR the better way is to modify the firewall script in /etc/init.d "# Required-Start:" line and run SuSEconfig. I have used this method with the webmin script that wants to run before the network is up. -- Ken Schneider unix user since 1989 linux user since 1994 SuSE user since 1998
participants (3)
-
Alex
-
Jan Frederik Pielhau
-
Ken Schneider