On Tue, Aug 11, 2009 at 2:16 PM, Ivan Shmakov <[email protected]> wrote:
> >>>>> Kinglok, FONG <[email protected]> writes: > >>>>> Jonathan Yu <[email protected]> wrote: > > [...] > > > Thank you Jonathan for writing the nice blog article and it works. > > But it requries some customization in debian Lenny. > > > For some reason, the script in /etc/network/if-pre-up.d/ doesn't load > > up by default. > > Did you set the execute permission on the script? > > # chmod +x /etc/network/if-pre-up.d/SCRIPTNAMEHERE > Sure. However, Lenny doesn't load the scripts. > > >> I apparently used /etc/network/if-pre-up.d (I can't remember the > >> reasoning why, but I guess it's useful to make sure you load the > >> rules prior to bringing the interfaces up, which means the rules > >> will be there once network connectivity is brought up) > > > You have to explicitly call it from /etc/network/interfaces like: > > > auto eth0 > > iface eth0 inet static > [...] > > pre-up /etc/network/if-pre-up.d/iptables > > It somewhat defeats its advantage of /not/ having it mentioned > for each of the host's interfaces. > In my case, the gateway got three NICs, one for internet, one for DMZ and one for LAN inside. Loading the iptables once is enough for all. So, one instance of *pre-up /etc/network/if-pre-up.d/iptables* is enough. > > auto eth0 eth1 ... > iface eth0 inet static > ... > pre-up /etc/network/if-pre-up.d/iptables > iface eth1 inet static > ... > pre-up /etc/network/if-pre-up.d/iptables > ... > > [...] > > -- > FSF associate member #7257 > > > -- > To UNSUBSCRIBE, email to [email protected] > with a subject of "unsubscribe". Trouble? Contact > [email protected] > > -- Personal Webpage: http://kinglok.org
