LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (http://www.linuxquestions.org/questions/slackware-14/)
-   -   pppoe-setup masquerade firewall vs custom firewall (http://www.linuxquestions.org/questions/slackware-14/pppoe-setup-masquerade-firewall-vs-custom-firewall-705644/)

matters 02-18-2009 09:31 AM
pppoe-setup masquerade firewall vs custom firewall
 
How can i setup that when i start pppoe-start will start my own customized firewall rules instead of ones that i selected while doing pppoe-setup?

Thanks!

allend 02-18-2009 09:46 AM
Create a symbolic link /etc/ppp/ip-pre-up that points to the firewall script you want to run and set the firewall option to NONE in pppoe-setup.

matters 02-24-2009 05:41 AM
Quote:
Originally Posted by allend (Post 3448341)
Create a symbolic link /etc/ppp/ip-pre-up that points to the firewall script you want to run and set the firewall option to NONE in pppoe-setup.
that didnt work out, when i specified none in firewall it didnt show up customized firewall

allend 02-24-2009 07:22 AM
From 'man pppd'
Quote:
/etc/ppp/ip-pre-up
A program or script which is executed just before the ppp network interface is brought up. It is exe-
cuted with the same parameters as the ip-up script (below). At this point the interface exists and has
IP addresses assigned but is still down. This can be used to add firewall rules before any IP traffic
can pass through the interface. Pppd will wait for this script to finish before bringing the interface
up, so this script should run quickly.
I know from experience that this technique works.
What do mean by "it didnt show up customized firewall"? Your firewall script will not be shown in pppoe-setup, but the rules in your custom firewall should show up in the output of 'iptables -L' when the connection is made. (Compare the output of 'iptables -L' before and after making a connection.)
Also, is your firewall script executable?

matters 02-24-2009 11:44 AM
what ive done is in /etc/ppp/ ive created firewall script called firewalls
ive chmod +x the file. in pppoe-setup ive selected 0 for none firewall

next ive created symlink in in /etc/ppp/ip-pre-up to point to /etc/ppp/firewalls

now it looks as follows:
Code:
/etc/ppp
root@parade:/etc/ppp# ls -l
total 68
-rw------- 1 root root  34 2009-02-24 12:14 chap-secrets
-rw------- 1 root root  34 2009-02-24 12:14 chap-secrets-bak
-rw-r--r-- 1 root root 2276 2006-06-29 09:00 firewall-masq
-rw-r--r-- 1 root root  978 2006-06-29 09:00 firewall-standalone
-rwxr-xr-x 1 root root 2172 2009-02-24 12:13 firewalls
lrwxrwxrwx 1 root root    9 2009-02-24 12:09 ip-pre-up -> firewalls
-rw-r--r-- 1 root root 2276 2009-02-24 12:09 ip-pre-up~
-rw------- 1 root root  34 2009-02-24 12:14 pap-secrets
-rw------- 1 root root  34 2009-02-24 12:14 pap-secrets-bak
drwxr-xr-x 2 root root 4096 2008-09-16 02:12 plugins
-rw-r--r-- 1 root root  104 2006-06-29 09:00 pppoe-server-options
-rw-r--r-- 1 root root 4573 2009-02-24 12:14 pppoe.conf
-rw------- 1 root root 4579 2009-02-24 12:14 pppoe.conf-bak
-rw-r--r-- 1 root root 4524 2008-09-16 02:12 pppoe.conf.new
-rw-r--r-- 1 root root  52 2009-02-24 18:21 resolv.conf
scenario is this:

before establishing ppp connection i make sure no firewall rules are set
when i do iptables -L

Code:
root@parade:~# iptables -L
Chain INPUT (policy ACCEPT)
target    prot opt source              destination

Chain FORWARD (policy ACCEPT)
target    prot opt source              destination

Chain OUTPUT (policy ACCEPT)
target    prot opt source              destination

root@parade:/home/matters12/speedtouch_novi# pppoe-start
. Connected!
root@parade:/home/matters12/speedtouch_novi# iptables -L
Chain INPUT (policy ACCEPT)
target    prot opt source              destination

Chain FORWARD (policy ACCEPT)
target    prot opt source              destination

Chain OUTPUT (policy ACCEPT)
target    prot opt source              destination
root@parade:/home/matters12/speedtouch_novi# pppoe-stop
Killing pppd (7199)
Killing pppoe-connect (7182)
As you can see before establishing ppp no customized firewall is applied as it should be but also after the connection is made.

but if i run firewalls script manually before connection is made then its executed successfully and remains even after the connection is made.

what am i doing wrong?

allend 02-26-2009 06:00 AM
It seems that you have done all that is required. My only thought is that perhaps the symlink is not correct.
From your listing I note that the permissions for the symlink are not the same as for the firewalls script.
Try deleting the symlink and remaking it. i.e. (as root)
cd /etc/ppp
rm ip-pre-up
ln -s firewalls ip-pre-up

+Alan Hicks+ 02-26-2009 02:02 PM
Those are the proper permissions on the symlink. symlinks always have those permissions unless for some strange reason you change them.

As for why pppoe-start isn't running the firewall rules, that could be any number of issues. I'm not familiar with pppoe-*, so I'll defer to those who are. However, unless you have some need to start and stop pppoe routinely as oppossed to say, running it once on boot-up, I'd just put your firewall rules in /etc/rc.d/rc.firewall and run pppoe-start inside them.

allend 02-26-2009 05:07 PM
Ah, of course the symlink permissions are correct.
Just had a look at the setup that I had on an old machine.
Try making the symlink an absolute path. i.e.
ln -s /etc/ppp/firewalls ip-pre-up

matters 03-03-2009 09:22 AM
Hi guys sorry for long delay!

As alan hicks stated to put firewalls to rc.firewalls to /etc/rc.d/
it works on booting ive tried that before, however i want to know what cause ip-pre-up not to start while doing pppoe-start manually :)

allend - ive tried also absolute path and no joy

ive also tried to rename firewalls to ip-pre-up directly and again no joy

wondering what might cause ip-pre-up not to start?

firewalls has modified rules of firewall-masq nothing else

allend 03-04-2009 08:17 AM
I am scratching my head at this point. You are executing 'pppoe-start' as root, I presume?

matters 03-04-2009 04:11 PM
yes im starting pppoe-start as root, tried also to start as normal user, but it must be started as root.

mRgOBLIN 03-04-2009 05:03 PM
Ok first thing to understand is the rp-pppoe is a bit different than normal ppp.

Set "FIREWALL=MASQUERADE" in /etc/ppp/pppoe.conf

Then simply rename your firewall script to "firewall-masq" (make sure it's chmod +x)

And all should be well (maybe back-up the existing firewall-masq first)

matters 03-06-2009 04:50 AM
Quote:
Originally Posted by mRgOBLIN (Post 3465109)
Ok first thing to understand is the rp-pppoe is a bit different than normal ppp.

Set "FIREWALL=MASQUERADE" in /etc/ppp/pppoe.conf

Then simply rename your firewall script to "firewall-masq" (make sure it's chmod +x)

And all should be well (maybe back-up the existing firewall-masq first)
That method also works!

But what im wondering how to make ip-pre-up to work aswell, wheres the catch why it dosent want to start?

as far as i found is that ip-pre-up is linked with ppp-2.4.4 package and ip-pre-up scripts wont run unless there is 2.4.4 version installed or higher.

i do have it installed but we are talking about rp-pppoe package.

So my question is how its possible for allend got it ip-pre-up started when establishing pppoe connection?
Its interesting!

Can someone clarify for me the difference between rp-pppoe and ppp packages?


Thanks!


All times are GMT -5. The time now is 08:21 PM.