On 7 November 2015 at 20:21, lee <l...@yagibdah.de> wrote: > Alon Bar-Lev <alo...@gentoo.org> writes: > >> On 6 November 2015 at 17:28, lee <l...@yagibdah.de> wrote: >>> Hi, >>> >>> finally I got set up pppoe, which turned out to be surprisingly easy. >>> It's working fine, though I'm getting a warning when the pppoe interface >>> is brought up: >>> >>> >>> heimdali init.d # service net.ppp0 start >>> * Bringing up interface ppp0 >>> * Starting pppd in ppp0 ... [ ok ] >>> * Backgrounding ... >>> * WARNING: net.ppp0 has started, but is inactive >>> heimdali init.d # >>> >>> >>> Why is this warning showing, and what can I do about it? >>> >> >> this warning can be safely ignored, all it tells you is that the >> service will be fully up when connection will be established. >> the same state is for ethernet until the ifplugd detects connection to >> network. >> >>> How does pppoe work together with shorewall and bind? >>> >>> When I stop the net.ppp0 service, shorewall is automatically stopped as >>> well. When I start net.ppp0, shorewall is not started automatically. >>> >>> I would like to automatically have net.ppp0 first started and then >>> shorewall. >> >> usually the firewall service should be started before all interfaces >> (except lo). >> add the following to /etc/conf.d/net.ppp0: >> --- >> rc_net_ppp0_need="firewall net.enp2s0" >> --- > > Thanks! I copied net.lo to net.ppp0 and put it at the top so it now > goes: > > > #!/sbin/runscript > # Copyright (c) 2007-2009 Roy Marples <r...@marples.name> > # Released under the 2-clause BSD license. > > MODULESDIR="/lib/netifrc/net" > MODULESLIST="${RC_SVCDIR}/nettree" > _config_vars="config routes"
you do not need these^ > rc_net_ppp0_need="firewall net.enp2s0" > you do need ^ and you probably need to configure the pppoe with these: config_ppp1="ppp" plugins_ppp1="pppoe" link_ppp1="enp2s0" # PPPoE requires an ethernet interface username_ppp1='1@1' password_ppp1='' > I'm not sure if that's right --- I guess I shouldn't make a copy? correct :) >> this will make sure that the ppp0 interface is started after both >> firewall and enp2s0. >> >> I also have the following in /etc/rc.conf to avoid stopping services >> while network is down: >> --- >> rc_hotplug="!net.enp2s0 !net.ppp*" >> --- > > The comment in /etc/rc.conf says no hotplugging is done by default. > IIUC, you are hotplugging 'net.enp2s0' and 'net.ppp*'? So allowing to > hotplug them would kinda make them independent of other services, or > other services independent from them? no... the opposite, we do not want to be effected (! == not) by hotplug of these devices. >>> When net.ppp0 is stopped and restarted, I also must restart the name >>> server (bind) :( Otherwise it is unable to resolve anything. >>> >>> Can this somehow be avoided? If not, can this be done automatically? >> >> this is strange... why bind must be restarted? >> I use dnsmasq and it survive network down without any issue. >> but if you must, add the following to /etc/conf.d/net.ppp0: >> --- >> postup() { >> # whatever required after interface is up >> return 0 >> } >> --- > > Ah, yes, good idea :) > > Fortunately, everything survives when the link goes down and comes back > up, so this would only be an issue when I manually stop/start the > net.ppp0 service. I can live with that. > > >>> The log files show martian sources from a bridge device which is used >>> for the networking of a container: >>> >>> >>> [1734776.722127] IPv4: martian source 255.255.255.255 from 192.168.1.1, on >>> dev enp2s0 >>> [1734776.722132] ll header: 00000000: ff ff ff ff ff ff 00 0b 6b 81 c9 44 >>> 08 00 ........k..D.. >>> >>> >>> The enp2s0 interface is used for pppoe, 192.168.1.1 is the IP of the >>> bridge. The bridge does not have a physical network interface assigned >>> to it. >>> >>> The routefilter option is enabled on all interfaces. Why would there be >>> such a broadcast originating from the bridge, and how can I prevent it? >> >> not sure what you describe here, but maybe you would like to disable >> spanning tree, add the following to disable spanning tree to >> /etc/conf.d/br0.conf (provided br0 is the name of the bridge). >> --- >> stp_state_br0=0 >> --- > > STP is disabled when the bridge is brought up with > > > config_br_dmz="192.168.1.1 netmask 255.255.255.0 brd 192.168.1.255" > brctl_br_dmz="setfd 0 sethello 10 stp off" > > ... in /etc/conf.d/net. > > > heimdali init.d # brctl show > bridge name bridge id STP enabled interfaces > br_dmz 8000.fe150e283be5 no vethJRMBC7 > heimdali init.d # > > > [1829515.036283] IPv4: martian source 255.255.255.255 from 192.168.1.1, on > dev enp2s0 > [1829515.036296] ll header: 00000000: ff ff ff ff ff ff 00 0b 6b 81 c9 44 08 > 00 ........k..D.. > [1829575.021793] IPv4: martian source 255.255.255.255 from 192.168.1.1, on > dev enp2s0 > [1829575.021806] ll header: 00000000: ff ff ff ff ff ff 00 0b 6b 81 c9 44 08 > 00 ........k..D.. > [1829634.958151] IPv4: martian source 255.255.255.255 from 192.168.1.1, on > dev enp2s0 > [1829634.958164] ll header: 00000000: ff ff ff ff ff ff 00 0b 6b 81 c9 44 08 > 00 ........k..D.. > [1829694.919256] IPv4: martian source 255.255.255.255 from 192.168.1.1, on > dev enp2s0 > [1829694.919269] ll header: 00000000: ff ff ff ff ff ff 00 0b 6b 81 c9 44 08 > 00 ........k..D.. > [1829754.880046] IPv4: martian source 255.255.255.255 from 192.168.1.1, on > dev enp2s0 > [1829754.880059] ll header: 00000000: ff ff ff ff ff ff 00 0b 6b 81 c9 44 08 > 00 ........k..D.. > [1829814.849173] IPv4: martian source 255.255.255.255 from 192.168.1.1, on > dev enp2s0 > [1829814.849186] ll header: 00000000: ff ff ff ff ff ff 00 0b 6b 81 c9 44 08 > 00 ........k..D.. > [1829874.802373] IPv4: martian source 255.255.255.255 from 192.168.1.1, on > dev enp2s0 > [1829874.802386] ll header: 00000000: ff ff ff ff ff ff 00 0b 6b 81 c9 44 08 > 00 ........k..D.. > [1829934.762920] IPv4: martian source 255.255.255.255 from 192.168.1.1, on > dev enp2s0 > [1829934.762933] ll header: 00000000: ff ff ff ff ff ff 00 0b 6b 81 c9 44 08 > 00 ........k..D.. > [1829994.724216] IPv4: martian source 255.255.255.255 from 192.168.1.1, on > dev enp2s0 > [1829994.724230] ll header: 00000000: ff ff ff ff ff ff 00 0b 6b 81 c9 44 08 > 00 ........k..D.. > [1830054.689127] IPv4: martian source 255.255.255.255 from 192.168.1.1, on > dev enp2s0 > [1830054.689132] ll header: 00000000: ff ff ff ff ff ff 00 0b 6b 81 c9 44 08 > 00 ........k..D.. > > > It looks as if there is a broadcast on the bridge interface every 60 > seconds. This could come from the bridge itself, or from something > running inside the container. Once I have more containers, there might > be more broadcasts and thus more martian sources. > > Can I run some network spying tool inside the container to find out > where the broadcasts are coming from? > > With 'tcpdump -e -i eth0 ether broadcast and ether multicast', I'm not > getting anything so far, neither on the bridge interface itself from the > host, nor on the virtual eth0 from within the container. > > > -- > Again we must be afraid of speaking of daemons for fear that daemons > might swallow us. Finally, this fear has become reasonable. >