/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! 
/* ALSO: Don't quote this header. It makes you look lame :-) */

Raf,

Thanks for your comments. Since my post about a month ago, I have "fixed" the 
problem, but the problem was not with my firwall script. I'm still confused, 
and I would also appreciate any feedback regarding this fix.

Initially, I was using:

        /usr/sbin/netconfig

to set the ip information for eth0. I _assume_ that it was appropriate to do 
so.  I also assume I only had to set the ip information once and never have 
to worry about touching it again. However, as per my post, I couldn't get the 
masquerade stuff up and running without doing quirky things.

Now, I simply run the following line (through rc.local):
/sbin/ifconfig eth0 192.168.0.1  netmask 255.255.255.0  broadcast 
192.168.0.254

After that line, I execute rc.firewall.

(rc.firewall is executed again through ip-up to get the dynamic ip address 
for ppp0, obviously).

Things work smoothly, now.

Comments, further improvements on my method, or anything else is welcome. 

Jason

ps: The "contorted methods" were discovered accidentally when for some 
strange reason things would start working for no apparent reason. I had to at 
least backtrace my steps to figure out why the hell things all of a sudden 
"worked," which also included going back to the firewall script, trying to 
find more documentation off the net, searching through the ip masquerading 
website, re-reading material over again, etc.... The fact that I found a 
pattern to what initially seemd chaotic to me, I think, is really just a 
testament to my true genious (!!!!!!). 

;)

On Tuesday 30 July 2002 12:10 pm, you wrote:
> Send Masq mailing list submissions to
>       [EMAIL PROTECTED]
>
> To subscribe or unsubscribe via the World Wide Web, visit
>       http://home.indyramp.com/mailman/listinfo/masq
> or, via email, send a message with subject or body 'help' to
>       [EMAIL PROTECTED]
>
> You can reach the person managing the list at
>       [EMAIL PROTECTED]
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Masq digest..."
>
>
> This is the Linux IP Masquerading mailing list digest. To unsubscribe,
> change to realtime distribution, or adjust your other list options, visit
> the web page at
>
> http://home.indyramp.com/mailman/listinfo/masq
>
> PLEASE read the HOWTO and search the archives before posting.
> You can start your search at http://www.indyramp.com/masq/
> Please keep general linux/unix/pc/internet questions off the list.
>
> Today's Topics:
>
>    1. Re: order in which rc.firewall starts (raf)
>
> --__--__--
>
> Message: 1
> Date: Tue, 30 Jul 2002 20:52:02 +1000
> From: raf <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: Re: [Masq]  order in which rc.firewall starts
>
> Jason W. Martinez wrote:
> > Hello,
> >
> > I have been able to get my firewall script to work (with masq
> > functionality) but not without having to go through this strange morning
> > ritual everytime I boot my computer:
> >
> > I have a home network (redhat 7.2), where my external device is ppp0
> > (dynamic ip)---my other pc has XP home edition.
> >
> > Each morning, I must go through the following steps:
> >
> > 1. Delete the following network information.
> >     ip: 192.168.0.1
> >     subnet: 255.255.255.0
> >     gateway: 192.168.0.254
> >
> > 2. restart the network services.
>
> how can you restart the network after having deleted the
> network configuration?
>
> > 3. dial the modem, which also executes the rc.firewall 2.4 stronger rules
> > through ipp-up.
> >
> > 4. change the internal ip address back to its original configuration that
> > is located in step one.
> >
> > 5. Restart the network services again.
>
> this is all very wierd.
>
> > This is the ONLY way I have been able to get ip masquerading to work on
> > my computer. The rc.firewall rules are first executed when the computer
> > boots /etc/rc.d/rc.local (as per the instructions that I have found in
> > the documentation), but I suspect that I could/should change the order in
> > which this is executed at boot time.
>
> in general, /etc/rc.d/rc.local is a bad place to start a firewall. this
> script runs after all other boot scripts have run which means after the
> network is started. if you start your firewall after starting the network,
> then there is a period of time where your network is unprotected. the best
> thing to do is to start the firewall before starting the network and then
> restart it after interfaces are brought up (now that you know your
> address(es)). if your only connection to the outside world is via a modem,
> though, this doesn't matter.
>
> > I have read the docs and searched the mailing lists, but I have had no
> > luck. Any advice? Suggestions?
>
> debug rc.firewall. obviously, it's supposed to work as advertised (in
> rc.local and /etc/ppp/ip-up). if it's not, you need to debug it to
> find out why, not come up with contorted methods to work around it.
> maybe it's spitting out errors and you're just not seeing them. add
>
>    exec >/tmp/rc.firewall.out 2>&1
>
> to the top of the script so you can see if anything's going wrong.
>
> > I'm a novice, so please be kind!
>
> good luck!
>
> > Jason
>
> raf
>
>
>
> --__--__--
>
> _______________________________________________
> Masq maillist  -  [EMAIL PROTECTED]
> http://home.indyramp.com/mailman/listinfo/masq
> Admin requests handled at the above URL or
> [EMAIL PROTECTED]
>
> PLEASE read the HOWTO and search the archives before posting.
> You can start your search at http://www.indyramp.com/masq/
> Please keep general linux/unix/pc/internet questions off the list.
>
> End of Masq Digest

-- 
Jason Martinez
Sociology Graduate Student
University of California, Riverside
_______________________________________________
Masq maillist  -  [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- 
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]

PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.

Reply via email to