openrc questions (Re: [gentoo-user] pppoe questions)
Alon Bar-Levwrites: > On 7 November 2015 at 20:21, lee wrote: >> Alon Bar-Lev writes: >> How does pppoe work together with shorewall and bind? When I stop the net.ppp0 service, shorewall is automatically stopped as well. When I start net.ppp0, shorewall is not started automatically. I would like to automatically have net.ppp0 first started and then shorewall. >>> >>> usually the firewall service should be started before all interfaces >>> (except lo). >>> add the following to /etc/conf.d/net.ppp0: >>> --- >>> rc_net_ppp0_need="firewall net.enp2s0" >>> --- >> >> Thanks! I copied net.lo to net.ppp0 and put it at the top so it now >> goes: >> >> >> #!/sbin/runscript >> # Copyright (c) 2007-2009 Roy Marples >> # Released under the 2-clause BSD license. >> >> MODULESDIR="/lib/netifrc/net" >> MODULESLIST="${RC_SVCDIR}/nettree" >> _config_vars="config routes" > > you do not need these^ They were already there, so I'll leave them. >> rc_net_ppp0_need="firewall net.enp2s0" >> > > you do need ^ I took it out because when shorewall is started before ppp0 is up, shorewall says it can't do things with ppp0. So I think ppp0 needs to be up for shorewall to work right and things have to be started in an undesirable order (unless perhaps I would restart shorewall when ppp0 is up). What's the right way of handling this? >> I'm not sure if that's right --- I guess I shouldn't make a copy? > > correct :) ok >>> this will make sure that the ppp0 interface is started after both >>> firewall and enp2s0. >>> >>> I also have the following in /etc/rc.conf to avoid stopping services >>> while network is down: >>> --- >>> rc_hotplug="!net.enp2s0 !net.ppp*" >>> --- >> >> The comment in /etc/rc.conf says no hotplugging is done by default. >> IIUC, you are hotplugging 'net.enp2s0' and 'net.ppp*'? So allowing to >> hotplug them would kinda make them independent of other services, or >> other services independent from them? > > no... the opposite, we do not want to be effected (! == not) by > hotplug of these devices. The description of this option says: , | # rc_hotplug is a list of services that we allow to be hotplugged. | # By default we do not allow hotplugging. | # A hotplugged service is one started by a dynamic dev manager when a matching | # hardware device is found. | # This service is intrinsically included in the boot runlevel. | # To disable services, prefix with a ! | # Example - rc_hotplug="net.wlan !net.*" | # This allows net.wlan and any service not matching net.* to be plugged. | # Example - rc_hotplug="*" | # This allows all services to be hotplugged | #rc_hotplug="*" ` With 'rc_hotplug="!net.enp2s0 !net.ppp*"', you would: [1] forbid 'net.enp2s0' to be hotplugged and [2] allow all services that do not match 'net.ppp*' to be hotplugged. [1] is not necessary because nothing can be hotplugged by default. [2] is very likely /not/ what you want --- or why would you want this. Aside from this, what exactly happens when you allow a service to be hotplugged? Is this service never started by openrc because openrc figures that the service is started otherwise (like by a device manager)? What does it do about services that depend on a service that can be hotplugged? And yet another question: Does rc-update, or something else, monitor the scripts in /etc/init.d? When I remove a script, or a link to one, from there, 'rc-update show' doesn't show the removed script anymore, and it cannot be deleted from its runlevel.
Re: [gentoo-user] pppoe questions
On 7 November 2015 at 20:21, leewrote: > Alon Bar-Lev writes: > >> On 6 November 2015 at 17:28, lee wrote: >>> Hi, >>> >>> finally I got set up pppoe, which turned out to be surprisingly easy. >>> It's working fine, though I'm getting a warning when the pppoe interface >>> is brought up: >>> >>> >>> heimdali init.d # service net.ppp0 start >>> * Bringing up interface ppp0 >>> * Starting pppd in ppp0 ... [ ok ] >>> * Backgrounding ... >>> * WARNING: net.ppp0 has started, but is inactive >>> heimdali init.d # >>> >>> >>> Why is this warning showing, and what can I do about it? >>> >> >> this warning can be safely ignored, all it tells you is that the >> service will be fully up when connection will be established. >> the same state is for ethernet until the ifplugd detects connection to >> network. >> >>> How does pppoe work together with shorewall and bind? >>> >>> When I stop the net.ppp0 service, shorewall is automatically stopped as >>> well. When I start net.ppp0, shorewall is not started automatically. >>> >>> I would like to automatically have net.ppp0 first started and then >>> shorewall. >> >> usually the firewall service should be started before all interfaces >> (except lo). >> add the following to /etc/conf.d/net.ppp0: >> --- >> rc_net_ppp0_need="firewall net.enp2s0" >> --- > > Thanks! I copied net.lo to net.ppp0 and put it at the top so it now > goes: > > > #!/sbin/runscript > # Copyright (c) 2007-2009 Roy Marples > # Released under the 2-clause BSD license. > > MODULESDIR="/lib/netifrc/net" > MODULESLIST="${RC_SVCDIR}/nettree" > _config_vars="config routes" you do not need these^ > rc_net_ppp0_need="firewall net.enp2s0" > you do need ^ and you probably need to configure the pppoe with these: config_ppp1="ppp" plugins_ppp1="pppoe" link_ppp1="enp2s0"# PPPoE requires an ethernet interface username_ppp1='1@1' password_ppp1='' > I'm not sure if that's right --- I guess I shouldn't make a copy? correct :) >> this will make sure that the ppp0 interface is started after both >> firewall and enp2s0. >> >> I also have the following in /etc/rc.conf to avoid stopping services >> while network is down: >> --- >> rc_hotplug="!net.enp2s0 !net.ppp*" >> --- > > The comment in /etc/rc.conf says no hotplugging is done by default. > IIUC, you are hotplugging 'net.enp2s0' and 'net.ppp*'? So allowing to > hotplug them would kinda make them independent of other services, or > other services independent from them? no... the opposite, we do not want to be effected (! == not) by hotplug of these devices. >>> When net.ppp0 is stopped and restarted, I also must restart the name >>> server (bind) :( Otherwise it is unable to resolve anything. >>> >>> Can this somehow be avoided? If not, can this be done automatically? >> >> this is strange... why bind must be restarted? >> I use dnsmasq and it survive network down without any issue. >> but if you must, add the following to /etc/conf.d/net.ppp0: >> --- >> postup() { >> # whatever required after interface is up >> return 0 >> } >> --- > > Ah, yes, good idea :) > > Fortunately, everything survives when the link goes down and comes back > up, so this would only be an issue when I manually stop/start the > net.ppp0 service. I can live with that. > > >>> The log files show martian sources from a bridge device which is used >>> for the networking of a container: >>> >>> >>> [1734776.722127] IPv4: martian source 255.255.255.255 from 192.168.1.1, on >>> dev enp2s0 >>> [1734776.722132] ll header: : ff ff ff ff ff ff 00 0b 6b 81 c9 44 >>> 08 00k..D.. >>> >>> >>> The enp2s0 interface is used for pppoe, 192.168.1.1 is the IP of the >>> bridge. The bridge does not have a physical network interface assigned >>> to it. >>> >>> The routefilter option is enabled on all interfaces. Why would there be >>> such a broadcast originating from the bridge, and how can I prevent it? >> >> not sure what you describe here, but maybe you would like to disable >> spanning tree, add the following to disable spanning tree to >> /etc/conf.d/br0.conf (provided br0 is the name of the bridge). >> --- >> stp_state_br0=0 >> --- > > STP is disabled when the bridge is brought up with > > > config_br_dmz="192.168.1.1 netmask 255.255.255.0 brd 192.168.1.255" > brctl_br_dmz="setfd 0 sethello 10 stp off" > > ... in /etc/conf.d/net. > > > heimdali init.d # brctl show > bridge name bridge id STP enabled interfaces > br_dmz 8000.fe150e283be5 no vethJRMBC7 > heimdali init.d # > > > [1829515.036283] IPv4: martian source 255.255.255.255 from 192.168.1.1, on > dev enp2s0 > [1829515.036296] ll header: : ff ff ff ff ff ff 00 0b 6b 81 c9 44 08 > 00k..D.. > [1829575.021793] IPv4: martian source 255.255.255.255 from 192.168.1.1, on > dev enp2s0 > [1829575.021806]
Re: [gentoo-user] pppoe questions
Alon Bar-Levwrites: > On 6 November 2015 at 17:28, lee wrote: >> Hi, >> >> finally I got set up pppoe, which turned out to be surprisingly easy. >> It's working fine, though I'm getting a warning when the pppoe interface >> is brought up: >> >> >> heimdali init.d # service net.ppp0 start >> * Bringing up interface ppp0 >> * Starting pppd in ppp0 ... [ ok ] >> * Backgrounding ... >> * WARNING: net.ppp0 has started, but is inactive >> heimdali init.d # >> >> >> Why is this warning showing, and what can I do about it? >> > > this warning can be safely ignored, all it tells you is that the > service will be fully up when connection will be established. > the same state is for ethernet until the ifplugd detects connection to > network. > >> How does pppoe work together with shorewall and bind? >> >> When I stop the net.ppp0 service, shorewall is automatically stopped as >> well. When I start net.ppp0, shorewall is not started automatically. >> >> I would like to automatically have net.ppp0 first started and then >> shorewall. > > usually the firewall service should be started before all interfaces > (except lo). > add the following to /etc/conf.d/net.ppp0: > --- > rc_net_ppp0_need="firewall net.enp2s0" > --- Thanks! I copied net.lo to net.ppp0 and put it at the top so it now goes: #!/sbin/runscript # Copyright (c) 2007-2009 Roy Marples # Released under the 2-clause BSD license. MODULESDIR="/lib/netifrc/net" MODULESLIST="${RC_SVCDIR}/nettree" _config_vars="config routes" rc_net_ppp0_need="firewall net.enp2s0" I'm not sure if that's right --- I guess I shouldn't make a copy? > this will make sure that the ppp0 interface is started after both > firewall and enp2s0. > > I also have the following in /etc/rc.conf to avoid stopping services > while network is down: > --- > rc_hotplug="!net.enp2s0 !net.ppp*" > --- The comment in /etc/rc.conf says no hotplugging is done by default. IIUC, you are hotplugging 'net.enp2s0' and 'net.ppp*'? So allowing to hotplug them would kinda make them independent of other services, or other services independent from them? >> When net.ppp0 is stopped and restarted, I also must restart the name >> server (bind) :( Otherwise it is unable to resolve anything. >> >> Can this somehow be avoided? If not, can this be done automatically? > > this is strange... why bind must be restarted? > I use dnsmasq and it survive network down without any issue. > but if you must, add the following to /etc/conf.d/net.ppp0: > --- > postup() { > # whatever required after interface is up > return 0 > } > --- Ah, yes, good idea :) Fortunately, everything survives when the link goes down and comes back up, so this would only be an issue when I manually stop/start the net.ppp0 service. I can live with that. >> The log files show martian sources from a bridge device which is used >> for the networking of a container: >> >> >> [1734776.722127] IPv4: martian source 255.255.255.255 from 192.168.1.1, on >> dev enp2s0 >> [1734776.722132] ll header: : ff ff ff ff ff ff 00 0b 6b 81 c9 44 08 >> 00k..D.. >> >> >> The enp2s0 interface is used for pppoe, 192.168.1.1 is the IP of the >> bridge. The bridge does not have a physical network interface assigned >> to it. >> >> The routefilter option is enabled on all interfaces. Why would there be >> such a broadcast originating from the bridge, and how can I prevent it? > > not sure what you describe here, but maybe you would like to disable > spanning tree, add the following to disable spanning tree to > /etc/conf.d/br0.conf (provided br0 is the name of the bridge). > --- > stp_state_br0=0 > --- STP is disabled when the bridge is brought up with config_br_dmz="192.168.1.1 netmask 255.255.255.0 brd 192.168.1.255" brctl_br_dmz="setfd 0 sethello 10 stp off" ... in /etc/conf.d/net. heimdali init.d # brctl show bridge name bridge id STP enabled interfaces br_dmz 8000.fe150e283be5 no vethJRMBC7 heimdali init.d # [1829515.036283] IPv4: martian source 255.255.255.255 from 192.168.1.1, on dev enp2s0 [1829515.036296] ll header: : ff ff ff ff ff ff 00 0b 6b 81 c9 44 08 00 k..D.. [1829575.021793] IPv4: martian source 255.255.255.255 from 192.168.1.1, on dev enp2s0 [1829575.021806] ll header: : ff ff ff ff ff ff 00 0b 6b 81 c9 44 08 00 k..D.. [1829634.958151] IPv4: martian source 255.255.255.255 from 192.168.1.1, on dev enp2s0 [1829634.958164] ll header: : ff ff ff ff ff ff 00 0b 6b 81 c9 44 08 00 k..D.. [1829694.919256] IPv4: martian source 255.255.255.255 from 192.168.1.1, on dev enp2s0 [1829694.919269] ll header: : ff ff ff ff ff ff 00 0b 6b 81 c9 44 08 00 k..D.. [1829754.880046] IPv4: martian source 255.255.255.255 from 192.168.1.1, on dev enp2s0 [1829754.880059] ll
Re: [gentoo-user] pppoe questions
On 6 November 2015 at 17:28, leewrote: > Hi, > > finally I got set up pppoe, which turned out to be surprisingly easy. > It's working fine, though I'm getting a warning when the pppoe interface > is brought up: > > > heimdali init.d # service net.ppp0 start > * Bringing up interface ppp0 > * Starting pppd in ppp0 ... [ ok ] > * Backgrounding ... > * WARNING: net.ppp0 has started, but is inactive > heimdali init.d # > > > Why is this warning showing, and what can I do about it? > this warning can be safely ignored, all it tells you is that the service will be fully up when connection will be established. the same state is for ethernet until the ifplugd detects connection to network. > How does pppoe work together with shorewall and bind? > > When I stop the net.ppp0 service, shorewall is automatically stopped as > well. When I start net.ppp0, shorewall is not started automatically. > > I would like to automatically have net.ppp0 first started and then > shorewall. usually the firewall service should be started before all interfaces (except lo). add the following to /etc/conf.d/net.ppp0: --- rc_net_ppp0_need="firewall net.enp2s0" --- this will make sure that the ppp0 interface is started after both firewall and enp2s0. I also have the following in /etc/rc.conf to avoid stopping services while network is down: --- rc_hotplug="!net.enp2s0 !net.ppp*" --- > When net.ppp0 is stopped and restarted, I also must restart the name > server (bind) :( Otherwise it is unable to resolve anything. > > Can this somehow be avoided? If not, can this be done automatically? this is strange... why bind must be restarted? I use dnsmasq and it survive network down without any issue. but if you must, add the following to /etc/conf.d/net.ppp0: --- postup() { # whatever required after interface is up return 0 } --- > > The log files show martian sources from a bridge device which is used > for the networking of a container: > > > [1734776.722127] IPv4: martian source 255.255.255.255 from 192.168.1.1, on > dev enp2s0 > [1734776.722132] ll header: : ff ff ff ff ff ff 00 0b 6b 81 c9 44 08 > 00k..D.. > > > The enp2s0 interface is used for pppoe, 192.168.1.1 is the IP of the > bridge. The bridge does not have a physical network interface assigned > to it. > > The routefilter option is enabled on all interfaces. Why would there be > such a broadcast originating from the bridge, and how can I prevent it? not sure what you describe here, but maybe you would like to disable spanning tree, add the following to disable spanning tree to /etc/conf.d/br0.conf (provided br0 is the name of the bridge). --- stp_state_br0=0 --- > > -- > Again we must be afraid of speaking of daemons for fear that daemons > might swallow us. Finally, this fear has become reasonable. >