LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 02-18-2009, 10:31 AM   #1
matters
Member
 
Registered: May 2007
Distribution: Slackware
Posts: 281

Rep: Reputation: Disabled
pppoe-setup masquerade firewall vs custom firewall


How can i setup that when i start pppoe-start will start my own customized firewall rules instead of ones that i selected while doing pppoe-setup?

Thanks!
 
Old 02-18-2009, 10:46 AM   #2
allend
LQ 5k Club
 
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware64-15.0
Posts: 6,525

Rep: Reputation: 2812Reputation: 2812Reputation: 2812Reputation: 2812Reputation: 2812Reputation: 2812Reputation: 2812Reputation: 2812Reputation: 2812Reputation: 2812Reputation: 2812
Create a symbolic link /etc/ppp/ip-pre-up that points to the firewall script you want to run and set the firewall option to NONE in pppoe-setup.
 
Old 02-24-2009, 06:41 AM   #3
matters
Member
 
Registered: May 2007
Distribution: Slackware
Posts: 281

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by allend View Post
Create a symbolic link /etc/ppp/ip-pre-up that points to the firewall script you want to run and set the firewall option to NONE in pppoe-setup.
that didnt work out, when i specified none in firewall it didnt show up customized firewall
 
Old 02-24-2009, 08:22 AM   #4
allend
LQ 5k Club
 
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware64-15.0
Posts: 6,525

Rep: Reputation: 2812Reputation: 2812Reputation: 2812Reputation: 2812Reputation: 2812Reputation: 2812Reputation: 2812Reputation: 2812Reputation: 2812Reputation: 2812Reputation: 2812
From 'man pppd'
Quote:
/etc/ppp/ip-pre-up
A program or script which is executed just before the ppp network interface is brought up. It is exe-
cuted with the same parameters as the ip-up script (below). At this point the interface exists and has
IP addresses assigned but is still down. This can be used to add firewall rules before any IP traffic
can pass through the interface. Pppd will wait for this script to finish before bringing the interface
up, so this script should run quickly.
I know from experience that this technique works.
What do mean by "it didnt show up customized firewall"? Your firewall script will not be shown in pppoe-setup, but the rules in your custom firewall should show up in the output of 'iptables -L' when the connection is made. (Compare the output of 'iptables -L' before and after making a connection.)
Also, is your firewall script executable?
 
Old 02-24-2009, 12:44 PM   #5
matters
Member
 
Registered: May 2007
Distribution: Slackware
Posts: 281

Original Poster
Rep: Reputation: Disabled
what ive done is in /etc/ppp/ ive created firewall script called firewalls
ive chmod +x the file. in pppoe-setup ive selected 0 for none firewall

next ive created symlink in in /etc/ppp/ip-pre-up to point to /etc/ppp/firewalls

now it looks as follows:
Code:
/etc/ppp
root@parade:/etc/ppp# ls -l
total 68
-rw------- 1 root root   34 2009-02-24 12:14 chap-secrets
-rw------- 1 root root   34 2009-02-24 12:14 chap-secrets-bak
-rw-r--r-- 1 root root 2276 2006-06-29 09:00 firewall-masq
-rw-r--r-- 1 root root  978 2006-06-29 09:00 firewall-standalone
-rwxr-xr-x 1 root root 2172 2009-02-24 12:13 firewalls
lrwxrwxrwx 1 root root    9 2009-02-24 12:09 ip-pre-up -> firewalls
-rw-r--r-- 1 root root 2276 2009-02-24 12:09 ip-pre-up~
-rw------- 1 root root   34 2009-02-24 12:14 pap-secrets
-rw------- 1 root root   34 2009-02-24 12:14 pap-secrets-bak
drwxr-xr-x 2 root root 4096 2008-09-16 02:12 plugins
-rw-r--r-- 1 root root  104 2006-06-29 09:00 pppoe-server-options
-rw-r--r-- 1 root root 4573 2009-02-24 12:14 pppoe.conf
-rw------- 1 root root 4579 2009-02-24 12:14 pppoe.conf-bak
-rw-r--r-- 1 root root 4524 2008-09-16 02:12 pppoe.conf.new
-rw-r--r-- 1 root root   52 2009-02-24 18:21 resolv.conf
scenario is this:

before establishing ppp connection i make sure no firewall rules are set
when i do iptables -L

Code:
root@parade:~# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

root@parade:/home/matters12/speedtouch_novi# pppoe-start
. Connected!
root@parade:/home/matters12/speedtouch_novi# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
root@parade:/home/matters12/speedtouch_novi# pppoe-stop
Killing pppd (7199)
Killing pppoe-connect (7182)
As you can see before establishing ppp no customized firewall is applied as it should be but also after the connection is made.

but if i run firewalls script manually before connection is made then its executed successfully and remains even after the connection is made.

what am i doing wrong?
 
Old 02-26-2009, 07:00 AM   #6
allend
LQ 5k Club
 
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware64-15.0
Posts: 6,525

Rep: Reputation: 2812Reputation: 2812Reputation: 2812Reputation: 2812Reputation: 2812Reputation: 2812Reputation: 2812Reputation: 2812Reputation: 2812Reputation: 2812Reputation: 2812
It seems that you have done all that is required. My only thought is that perhaps the symlink is not correct.
From your listing I note that the permissions for the symlink are not the same as for the firewalls script.
Try deleting the symlink and remaking it. i.e. (as root)
cd /etc/ppp
rm ip-pre-up
ln -s firewalls ip-pre-up
 
Old 02-26-2009, 03:02 PM   #7
+Alan Hicks+
Member
 
Registered: Feb 2005
Distribution: Slackware
Posts: 72

Rep: Reputation: 55
Those are the proper permissions on the symlink. symlinks always have those permissions unless for some strange reason you change them.

As for why pppoe-start isn't running the firewall rules, that could be any number of issues. I'm not familiar with pppoe-*, so I'll defer to those who are. However, unless you have some need to start and stop pppoe routinely as oppossed to say, running it once on boot-up, I'd just put your firewall rules in /etc/rc.d/rc.firewall and run pppoe-start inside them.
 
Old 02-26-2009, 06:07 PM   #8
allend
LQ 5k Club
 
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware64-15.0
Posts: 6,525

Rep: Reputation: 2812Reputation: 2812Reputation: 2812Reputation: 2812Reputation: 2812Reputation: 2812Reputation: 2812Reputation: 2812Reputation: 2812Reputation: 2812Reputation: 2812
Ah, of course the symlink permissions are correct.
Just had a look at the setup that I had on an old machine.
Try making the symlink an absolute path. i.e.
ln -s /etc/ppp/firewalls ip-pre-up

Last edited by allend; 02-26-2009 at 06:14 PM.
 
Old 03-03-2009, 10:22 AM   #9
matters
Member
 
Registered: May 2007
Distribution: Slackware
Posts: 281

Original Poster
Rep: Reputation: Disabled
Hi guys sorry for long delay!

As alan hicks stated to put firewalls to rc.firewalls to /etc/rc.d/
it works on booting ive tried that before, however i want to know what cause ip-pre-up not to start while doing pppoe-start manually

allend - ive tried also absolute path and no joy

ive also tried to rename firewalls to ip-pre-up directly and again no joy

wondering what might cause ip-pre-up not to start?

firewalls has modified rules of firewall-masq nothing else
 
Old 03-04-2009, 09:17 AM   #10
allend
LQ 5k Club
 
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware64-15.0
Posts: 6,525

Rep: Reputation: 2812Reputation: 2812Reputation: 2812Reputation: 2812Reputation: 2812Reputation: 2812Reputation: 2812Reputation: 2812Reputation: 2812Reputation: 2812Reputation: 2812
I am scratching my head at this point. You are executing 'pppoe-start' as root, I presume?
 
Old 03-04-2009, 05:11 PM   #11
matters
Member
 
Registered: May 2007
Distribution: Slackware
Posts: 281

Original Poster
Rep: Reputation: Disabled
yes im starting pppoe-start as root, tried also to start as normal user, but it must be started as root.
 
Old 03-04-2009, 06:03 PM   #12
mRgOBLIN
Slackware Contributor
 
Registered: Jun 2002
Location: New Zealand
Distribution: Slackware
Posts: 999

Rep: Reputation: 232Reputation: 232Reputation: 232
Ok first thing to understand is the rp-pppoe is a bit different than normal ppp.

Set "FIREWALL=MASQUERADE" in /etc/ppp/pppoe.conf

Then simply rename your firewall script to "firewall-masq" (make sure it's chmod +x)

And all should be well (maybe back-up the existing firewall-masq first)
 
Old 03-06-2009, 05:50 AM   #13
matters
Member
 
Registered: May 2007
Distribution: Slackware
Posts: 281

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by mRgOBLIN View Post
Ok first thing to understand is the rp-pppoe is a bit different than normal ppp.

Set "FIREWALL=MASQUERADE" in /etc/ppp/pppoe.conf

Then simply rename your firewall script to "firewall-masq" (make sure it's chmod +x)

And all should be well (maybe back-up the existing firewall-masq first)
That method also works!

But what im wondering how to make ip-pre-up to work aswell, wheres the catch why it dosent want to start?

as far as i found is that ip-pre-up is linked with ppp-2.4.4 package and ip-pre-up scripts wont run unless there is 2.4.4 version installed or higher.

i do have it installed but we are talking about rp-pppoe package.

So my question is how its possible for allend got it ip-pre-up started when establishing pppoe connection?
Its interesting!

Can someone clarify for me the difference between rp-pppoe and ppp packages?


Thanks!

Last edited by matters; 03-06-2009 at 06:25 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Using RedHat 8.x with PPPoE as a router/firewall tnine9 Linux - Networking 12 07-31-2005 02:27 PM
help with client side NFS-firewall setup and server side NIS-firewall setup niverson Linux - Networking 3 02-02-2004 09:52 AM
Firewall/Router/pppoe/dhcp Beetle B. Linux - Networking 3 09-15-2003 03:07 PM
pppoe through linux router/firewall ..Tookers.. Linux - Networking 2 04-30-2003 08:34 AM
linux gateway/firewall with MASQUERADE willix Linux - Networking 2 08-06-2002 06:37 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 10:17 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration