"ifcfg-ethx" and "network-functions" files

peok · 08-13-2003, 12:46 AM

on my soon to be firewall using rh9, in /etc/sysconfig/network-scripts/ there are the ifcfg-ethx files for my nic's and also a network-functions file. i'm kinda new to scripts, but i think i want to use a "function" in the file specifically need_hostname for the GATEWAY=___ in my ifcfg-eth1 file because i have a dynamic ip address and i can't specify it. you can stop and tell me now if i've got it all wrong, but assuming this is right, at the top of the network-functions file it says

This file is not a stand-alone shell script; it provides functions to network scripts that source it.

so my question if i'm right so far do the ifcfg-ethx file automatically source the file, or is there a command i need to put in or something? and if i were to stick in need_hostname into GATEWAY=___, would it need quotes or anything special around it like GATEWAY="need_hostname"

again i'm just gessing at half of this so excuse me if i'm way off

Vengenc · 08-13-2003, 01:41 AM

There wont be a GATEWAY= settingin the ifcfg-ethX config file.
You are correct in assuming you'll need to set a default gateway.
You can change the line (or add it as the case may be)

DEFROUTE=no
to
DEFROUTE=yes

and it will attempt make that interface the default route BUT
since you'll probably using pppoe with your dynamic connection you'll have to either try
using that line in ppp0 when the time comes or add the lines

route del default
route add default gw $5

to /etc/ip-up or if your strict about it make ip-up.local and put it in there.

for a static ip setup you simply add the line
GATEWAY=<gateway_ip>
or change it to a device with
GATEWAYDEV=<interface>

to /etc./sysconfig/network (I know you don't need this but others might)

A word of warning RH9s implementation of pppoe seems to not be "perfect"
and people are having problems with doing just this.
I wound up having to down-grade pppoe to roaring penguins current version
using

rpm -Uvh rp-pppoe.xx.xx.rpm --oldprogram

after that I reset up my pppoe connection and it actually started working.

peok · 08-13-2003, 02:25 AM

first, i use dhcp to connect, and i'm not sure but i'm pretty sure thats totally different from pppoe, right?

let me tell you how i started with the script. i installed my eth1 card manually because it wasn't installed automatically and therefore didn't havve a ifcfg-ethX file generated for it. i got the info from a bit dated website here:

http://www.tldp.org/HOWTO/Firewall-HOWTO-6.html#ss6.3

currently my ifcfg-eth1 file reads:

DEVICE=eth1
IPADDR=192.168.1.1
NETMASK=255.255.255.0
NETWORK=192.168.1.0
BROADCAST=192.168.1.255
GATEWAY=
ONBOOT=yes

I filled this out from info in that howto and a bit of experience with LRP distos

stupid question: what exactly does a gateway do?

is there a listing of all the options for the ifcfg-ethX files? i wasn't able to find a man page or anything

final thought: could i just stick GATEWAYDEV=eth0 into the file?

Vengenc · 08-13-2003, 02:35 AM

dhcp through an ISP highspeed router usually isnt very dynamic even though it appears that way. Usually it assigns the same IP over and over but your easiest solution is adding
GATEWAYDEV=eth0
to /etc/sysconfig/network (assuming eth0 is your ethernet card connected to the ISPs router.

A gateway setting in this case just tells the machine where to send its data by default. Some machine (like mine) have 2 or more cards with an internal LAN on one and an internet connection on the other. With no default route (or with a default route set wrong) it wont send the packets out the correct interface. Very bothersome when you're trying to surf the web

peok · 08-13-2003, 02:50 AM

cool thanks alot. i'll put GATEWAYDEV=eth0 in and try it. yeah i have a cable modem and my ip changes about once every 2-3 days. i'm planning on learning iptables (hopefully i can do it from the man pages) and having a server on my internal network. will this be possible or will i need to get into a DMZ (which i don't know much about).

Vengenc · 08-13-2003, 03:03 AM

if you mean a server(router) so that your internal lan can use your linux machines internet connection, then yes

I do it myself. the man pages are pretty easy to follow as well. If they aren't people here seem to answer fast enough

peok · 08-13-2003, 03:10 AM

no i mean i have the firewall/router, then i have my pc's inside, but i have another box that's a webserver that i want to run. can this just be on the internal network, or do i need another nic for a DMZ

Vengenc · 08-13-2003, 01:26 PM

Well lets put it this way no matter what you can do it. You could still have a couple of different scenarios from what you describe.

------------------------
You ISPs router connects all machines to the internet.

Each PC and the Server get an ip straight from your ISP. Large ISPs do provide this now a days. In this case you really don't have an internal lan, You have 4 computers connected to the internet. You can setup a server and provide web services but all will be available to the internet. With static IPs you could setup a firewall to block all but your 3 other machines. With dynamic it'll be a little trickier and you'd probably end up just securing apache and locking the rest of the machine's ports down.
------------------------

------------------------
You use a personal router that gives all machines ip addresses and provides an internet connection for all machines as well.

This is a lot easier to setup. You can buy small routers to handle giving out local IP addresses. You can then firewall the server and allow only the traffic you wish to get to it.
------------------------

------------------------
A third scenario would be to replace the router with the Server and a hub or switch. You set up everything yourself and control everything.

Its basically the same thing but your using the linux machine with a switch as the router. This is the method I use.
------------------------

So depending on your case just pick the right setup and start working on it.

Vengenc

peok · 08-13-2003, 04:51 PM

this is what i'm planning:

| Internet/ISP |
v-------------|
|
^--------------|
| Cable Modem |
V--------------|
|
^--------------------|
| RH9 Firewall/Router |
v--------------------|
|
^-----|
| Hub |
|--v--|-----v------------v
|--^---| |--^---| |-----^-----|
| PC#1 | | PC#2 | | RH9 Server |
|------| |-------| |------------|

how do i configure the firewall to statically give ip's according to mac address or allow the clients to request certain ip's? (should i start a new thread for this queston?)

Looking_Lost · 08-13-2003, 05:39 PM

When you get your dhcp server up and running you can use syntax like so

host <computername>
{
hardware ethernet <MAC Address Of Computer>
fixed-address <IP Address To Assign>
}

to assign IP's to specific computers

Or just use static addresses and type them in - voila.

peok · 08-13-2003, 05:46 PM

cool! what's the dhcp server program that assigns ip's? that may be a stupid question but i can't figure it out. and in what script would i stick that awsome bit of configuration? thanks Looking_Lost

Looking_Lost · 08-13-2003, 05:55 PM

I guess in red hat fashion to run it you can try

do
chkconfig --list
and if dhcpd is in the output it's installed, if not install it from your disks

/etc/init.d/dhcpd start
will probably start it

configuration file should be

/etc/dhcpd.conf

Then read up on it !!

peok · 08-13-2003, 07:06 PM

sweet. had to install dhcpd from the cd rpm's, but that was a self taught learning experience (pretty easy too). no /etc/dhcpd.conf file, i'll have to create it i suppose. gotta read that man page a few times though! thanks again