Archive for June 2nd, 2012
In the process of figuring out how to set up the isolated WiFi Internet link on the file server, I discovered that the
/etc/rc.local file runs before the
eth0 interface that connects to the outside world comes up. As a result, my DynDNS host address hadn’t been updated in quite some time.
Worse, trying to set up
eth1 failed, apparently because there’s a bunch of other network infrastructure that doesn’t start until
eth0 comes online. Part of that infrastructure involves iptables; the added rules simply vanished.
The solution seems to require writing an upstart script that waits for whatever events it needs, does what needs to be done, and then goes away. The whole upstart mechanism and its event list seems, um, lightly documented, as I discovered there, but the custom setup formerly in
/etc/rc.local now lives in
description "Stuff that used to be in /etc/rc.local" author "Ed Nisley - KE4ZNU" start on (local-filesystems and net-device-up IFACE=eth0) stop on shutdown script logger Starting local init... logger Updating dyndns ddclient -force logger Bringing up eth1 ifconfig eth1 192.168.3.1 netmask 255.255.255.0 up logger Setting iptables iptables -A FORWARD -i eth1 --destination 192.168.0.0/16 -j REJECT iptables -A INPUT -i eth1 --destination 192.168.0.0/16 -j REJECT iptables -A POSTROUTING -t nat -j MASQUERADE logger Ending local init end script
That code assumes the outbound network interface will be
eth0, which won’t work on a system using a pure wireless connection on, say,
wlan0 or anything more exotic. I haven’t a clue how to parameterize that selection. Most likely, one would write another upstart script that would emit a custom signal based on the usual suspect …
It also assumes the networking infrastructure triggered by
eth0 lighting up has hauled itself to its feet and is ready to roll. That seems to be true, although I’ll admit the script is, at best, lightly tested.
eth1 NIC up and iptables rules added, I think this script will restart
eth1 when it goes down, but it’s not clear where the requisite
network-device-down event comes from (certainly not from any script in
description "Restart eth1 when it dies" author "Ed Nisley - KE4ZNU" start on net-device-down IFACE=eth1 stop on net-device-up IFACE=eth1 script logger Restarting eth1... ifconfig eth1 192.168.3.1 netmask 255.255.255.0 up logger Ending eth1 setup end script
But, eh, at least the isolated interface comes up and packets go where they should (and not where they shouldn’t). Early results are encouraging…