Upstart vs. rc.local

In the process of figuring out how to set up the isolated WiFi Internet link on the file server, I discovered that the /etc/rc.local file runs before the eth0 interface that connects to the outside world comes up. As a result, my DynDNS host address hadn’t been updated in quite some time.

Worse, trying to set up eth1 failed, apparently because there’s a bunch of other network infrastructure that doesn’t start until eth0 comes online. Part of that infrastructure involves iptables; the added rules simply vanished.

The solution seems to require writing an upstart script that waits for whatever events it needs, does what needs to be done, and then goes away. The whole upstart mechanism and its event list seems, um, lightly documented, as I discovered there, but the custom setup formerly in /etc/rc.local now lives in /etc/init/local.conf:

description "Stuff that used to be in /etc/rc.local"
author "Ed Nisley - KE4ZNU"

start on (local-filesystems and net-device-up IFACE=eth0)
stop on shutdown

script

logger Starting local init...

logger Updating dyndns
ddclient -force

logger Bringing up eth1
ifconfig eth1 192.168.3.1 netmask 255.255.255.0 up

logger Setting iptables
iptables -A FORWARD -i eth1 --destination 192.168.0.0/16 -j REJECT
iptables -A INPUT -i eth1 --destination 192.168.0.0/16 -j REJECT
iptables -A POSTROUTING -t nat -j MASQUERADE

logger Ending local init

end script

That code assumes the outbound network interface will be eth0, which won’t work on a system using a pure wireless connection on, say, wlan0 or anything more exotic. I haven’t a clue how to parameterize that selection. Most likely, one would write another upstart script that would emit a custom signal based on the usual suspect …

It also assumes the networking infrastructure triggered by eth0 lighting up has hauled itself to its feet and is ready to roll. That seems to be true, although I’ll admit the script is, at best, lightly tested.

With the eth1 NIC up and iptables rules added, I think this script will restart eth1 when it goes down, but it’s not clear where the requisite network-device-down event comes from (certainly not from any script in /etc/init/*conf):

description "Restart eth1 when it dies"
author "Ed Nisley - KE4ZNU"

start on net-device-down IFACE=eth1
stop on net-device-up IFACE=eth1

script

logger Restarting eth1...
ifconfig eth1 192.168.3.1 netmask 255.255.255.0 up

logger Ending eth1 setup

end script

But, eh, at least the isolated interface comes up and packets go where they should (and not where they shouldn’t). Early results are encouraging…