Discussion:
firewall script in /etc/ppp/ip-up.d
(too old to reply)
oinophlux
2005-10-15 20:53:19 UTC
Permalink
Greetings All,

I have a dialup debian box that serves as a gateway for my home LAN.

I have a firewall/ipmasq script (from the iptables HOWTO) that runs fine
after the ppp0 interface comes up. I'd like to have it work
automagically everytime I establish the connection, and therefore I have
the script in /etc/ppp/ip-up.d (I am getting sick of executing
/etc/ppp/ip-up.d/firewall.sh by hand everytime I dial up).

Only it does not work in that fashion. Following is the first section
of the script (minus the iptables ruleset).


#!/bin/sh

echo -e "\n\nSETTING UP IPTABLES FIREWALL..."

INTIF="eth0"

# Enter the NETWORK address the Internal Interface is on
INTNET="192.168.0.0/24"

# Enter the IP address of the Internal Interface
INTIP="192.168.0.1/24"

EXTIF="ppp0"

EXTIP="`/sbin/ifconfig ppp0 | grep 'inet addr' | awk '{print $2}' | sed
-e 's/.*://'`"


.......

I suspect the script is bombing because it seeks ppp0 before the
interface is actually registered?

I've tried adding a "sleep 30" line at the start.

Is there any way I can debug this to see why it is failing?

Thanks for any tips,

Georg Simmel
Lew Pitcher
2005-10-16 00:25:29 UTC
Permalink
Post by oinophlux
Greetings All,
I have a dialup debian box that serves as a gateway for my home LAN.
I have a firewall/ipmasq script (from the iptables HOWTO) that runs fine
after the ppp0 interface comes up. I'd like to have it work
automagically everytime I establish the connection, and therefore I have
the script in /etc/ppp/ip-up.d (I am getting sick of executing
/etc/ppp/ip-up.d/firewall.sh by hand everytime I dial up).
Only it does not work in that fashion. Following is the first section
of the script (minus the iptables ruleset).
#!/bin/sh
echo -e "\n\nSETTING UP IPTABLES FIREWALL..."
INTIF="eth0"
# Enter the NETWORK address the Internal Interface is on
INTNET="192.168.0.0/24"
# Enter the IP address of the Internal Interface
INTIP="192.168.0.1/24"
EXTIF="ppp0"
EXTIP="`/sbin/ifconfig ppp0 | grep 'inet addr' | awk '{print $2}' | sed
-e 's/.*://'`"
.......
I suspect the script is bombing because it seeks ppp0 before the
interface is actually registered?
Probably.

The interface won't be initialized until the /etc/ppp/ip-up script completes,
and it's my guess that /etc/ppp/ip-up invokes the /etc/ppp/ip-up.d/* scripts,
in your environment.

You should know that pppd passes several parameters to /etc/ppp/ip-up (and
/etc/ppp/ip-down) that are probably passed on to your scripts. Read the
manpage on pppd(8) ("man 8 pppd") and look for the section on ip-up. There,
you will find that pppd gives ip-up
- - the name of the interface ("ppp0")
- - the name of the device ("/dev/ttyS0")
- - the speed of the interface ("33600")
- - the IP address assigned by pppd to your end of the ppp connection,
- - the IP address assigned by pppd to the other end of the ppp connection, and
- - a text value that was passed to pppd through the "ipparm" parameter
Your scripts should be able to use these values directly instead of trying to
parse the output of ifconfig to obtain them indirectly.

FWIW, my pppd enables and disables my firewall through the ip-up and ip-down
scripts respectively, and I get the local IP address and interface name from
the values passed in to the ip-up and ip-down scripts by pppd. For an example
of how these values come in, you can see my Linux Gazette article at
http://linuxgazette.net/105/pitcher1.html The article doesn't discuss
firewalling, but it does show (incidentally) the origin and use of those
parameters.

- --
Lew Pitcher

Master Codewright & JOAT-in-training | GPG public key available on request
Registered Linux User #112576 (http://counter.li.org/)
Slackware - Because I know what I'm doing.

Loading...