/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
Raf,
Thanks for your comments. Since my post about a month ago, I have "fixed" the
problem, but the problem was not with my firwall script. I'm still confused,
and I would also appreciate any feedback regarding this fix.
Initially, I was using:
/usr/sbin/netconfig
to set the ip information for eth0. I _assume_ that it was appropriate to do
so. I also assume I only had to set the ip information once and never have
to worry about touching it again. However, as per my post, I couldn't get the
masquerade stuff up and running without doing quirky things.
Now, I simply run the following line (through rc.local):
/sbin/ifconfig eth0 192.168.0.1 netmask 255.255.255.0 broadcast
192.168.0.254
After that line, I execute rc.firewall.
(rc.firewall is executed again through ip-up to get the dynamic ip address
for ppp0, obviously).
Things work smoothly, now.
Comments, further improvements on my method, or anything else is welcome.
Jason
ps: The "contorted methods" were discovered accidentally when for some
strange reason things would start working for no apparent reason. I had to at
least backtrace my steps to figure out why the hell things all of a sudden
"worked," which also included going back to the firewall script, trying to
find more documentation off the net, searching through the ip masquerading
website, re-reading material over again, etc.... The fact that I found a
pattern to what initially seemd chaotic to me, I think, is really just a
testament to my true genious (!!!!!!).
;)
On Tuesday 30 July 2002 12:10 pm, you wrote:
> Send Masq mailing list submissions to
> [EMAIL PROTECTED]
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://home.indyramp.com/mailman/listinfo/masq
> or, via email, send a message with subject or body 'help' to
> [EMAIL PROTECTED]
>
> You can reach the person managing the list at
> [EMAIL PROTECTED]
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Masq digest..."
>
>
> This is the Linux IP Masquerading mailing list digest. To unsubscribe,
> change to realtime distribution, or adjust your other list options, visit
> the web page at
>
> http://home.indyramp.com/mailman/listinfo/masq
>
> PLEASE read the HOWTO and search the archives before posting.
> You can start your search at http://www.indyramp.com/masq/
> Please keep general linux/unix/pc/internet questions off the list.
>
> Today's Topics:
>
> 1. Re: order in which rc.firewall starts (raf)
>
> --__--__--
>
> Message: 1
> Date: Tue, 30 Jul 2002 20:52:02 +1000
> From: raf <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: Re: [Masq] order in which rc.firewall starts
>
> Jason W. Martinez wrote:
> > Hello,
> >
> > I have been able to get my firewall script to work (with masq
> > functionality) but not without having to go through this strange morning
> > ritual everytime I boot my computer:
> >
> > I have a home network (redhat 7.2), where my external device is ppp0
> > (dynamic ip)---my other pc has XP home edition.
> >
> > Each morning, I must go through the following steps:
> >
> > 1. Delete the following network information.
> > ip: 192.168.0.1
> > subnet: 255.255.255.0
> > gateway: 192.168.0.254
> >
> > 2. restart the network services.
>
> how can you restart the network after having deleted the
> network configuration?
>
> > 3. dial the modem, which also executes the rc.firewall 2.4 stronger rules
> > through ipp-up.
> >
> > 4. change the internal ip address back to its original configuration that
> > is located in step one.
> >
> > 5. Restart the network services again.
>
> this is all very wierd.
>
> > This is the ONLY way I have been able to get ip masquerading to work on
> > my computer. The rc.firewall rules are first executed when the computer
> > boots /etc/rc.d/rc.local (as per the instructions that I have found in
> > the documentation), but I suspect that I could/should change the order in
> > which this is executed at boot time.
>
> in general, /etc/rc.d/rc.local is a bad place to start a firewall. this
> script runs after all other boot scripts have run which means after the
> network is started. if you start your firewall after starting the network,
> then there is a period of time where your network is unprotected. the best
> thing to do is to start the firewall before starting the network and then
> restart it after interfaces are brought up (now that you know your
> address(es)). if your only connection to the outside world is via a modem,
> though, this doesn't matter.
>
> > I have read the docs and searched the mailing lists, but I have had no
> > luck. Any advice? Suggestions?
>
> debug rc.firewall. obviously, it's supposed to work as advertised (in
> rc.local and /etc/ppp/ip-up). if it's not, you need to debug it to
> find out why, not come up with contorted methods to work around it.
> maybe it's spitting out errors and you're just not seeing them. add
>
> exec >/tmp/rc.firewall.out 2>&1
>
> to the top of the script so you can see if anything's going wrong.
>
> > I'm a novice, so please be kind!
>
> good luck!
>
> > Jason
>
> raf
>
>
>
> --__--__--
>
> _______________________________________________
> Masq maillist - [EMAIL PROTECTED]
> http://home.indyramp.com/mailman/listinfo/masq
> Admin requests handled at the above URL or
> [EMAIL PROTECTED]
>
> PLEASE read the HOWTO and search the archives before posting.
> You can start your search at http://www.indyramp.com/masq/
> Please keep general linux/unix/pc/internet questions off the list.
>
> End of Masq Digest
--
Jason Martinez
Sociology Graduate Student
University of California, Riverside
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
