Slackware This Forum is for the discussion of Slackware Linux.
|
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
02-18-2009, 10:31 AM
|
#1
|
Member
Registered: May 2007
Distribution: Slackware
Posts: 281
Rep: 
|
pppoe-setup masquerade firewall vs custom firewall
How can i setup that when i start pppoe-start will start my own customized firewall rules instead of ones that i selected while doing pppoe-setup?
Thanks!
|
|
|
02-18-2009, 10:46 AM
|
#2
|
LQ 5k Club
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware64-15.0
Posts: 6,525
|
Create a symbolic link /etc/ppp/ip-pre-up that points to the firewall script you want to run and set the firewall option to NONE in pppoe-setup.
|
|
|
02-24-2009, 06:41 AM
|
#3
|
Member
Registered: May 2007
Distribution: Slackware
Posts: 281
Original Poster
Rep: 
|
Quote:
Originally Posted by allend
Create a symbolic link /etc/ppp/ip-pre-up that points to the firewall script you want to run and set the firewall option to NONE in pppoe-setup.
|
that didnt work out, when i specified none in firewall it didnt show up customized firewall
|
|
|
02-24-2009, 08:22 AM
|
#4
|
LQ 5k Club
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware64-15.0
Posts: 6,525
|
From 'man pppd'
Quote:
/etc/ppp/ip-pre-up
A program or script which is executed just before the ppp network interface is brought up. It is exe-
cuted with the same parameters as the ip-up script (below). At this point the interface exists and has
IP addresses assigned but is still down. This can be used to add firewall rules before any IP traffic
can pass through the interface. Pppd will wait for this script to finish before bringing the interface
up, so this script should run quickly.
|
I know from experience that this technique works.
What do mean by "it didnt show up customized firewall"? Your firewall script will not be shown in pppoe-setup, but the rules in your custom firewall should show up in the output of 'iptables -L' when the connection is made. (Compare the output of 'iptables -L' before and after making a connection.)
Also, is your firewall script executable?
|
|
|
02-24-2009, 12:44 PM
|
#5
|
Member
Registered: May 2007
Distribution: Slackware
Posts: 281
Original Poster
Rep: 
|
what ive done is in /etc/ppp/ ive created firewall script called firewalls
ive chmod +x the file. in pppoe-setup ive selected 0 for none firewall
next ive created symlink in in /etc/ppp/ip-pre-up to point to /etc/ppp/firewalls
now it looks as follows:
Code:
/etc/ppp
root@parade:/etc/ppp# ls -l
total 68
-rw------- 1 root root 34 2009-02-24 12:14 chap-secrets
-rw------- 1 root root 34 2009-02-24 12:14 chap-secrets-bak
-rw-r--r-- 1 root root 2276 2006-06-29 09:00 firewall-masq
-rw-r--r-- 1 root root 978 2006-06-29 09:00 firewall-standalone
-rwxr-xr-x 1 root root 2172 2009-02-24 12:13 firewalls
lrwxrwxrwx 1 root root 9 2009-02-24 12:09 ip-pre-up -> firewalls
-rw-r--r-- 1 root root 2276 2009-02-24 12:09 ip-pre-up~
-rw------- 1 root root 34 2009-02-24 12:14 pap-secrets
-rw------- 1 root root 34 2009-02-24 12:14 pap-secrets-bak
drwxr-xr-x 2 root root 4096 2008-09-16 02:12 plugins
-rw-r--r-- 1 root root 104 2006-06-29 09:00 pppoe-server-options
-rw-r--r-- 1 root root 4573 2009-02-24 12:14 pppoe.conf
-rw------- 1 root root 4579 2009-02-24 12:14 pppoe.conf-bak
-rw-r--r-- 1 root root 4524 2008-09-16 02:12 pppoe.conf.new
-rw-r--r-- 1 root root 52 2009-02-24 18:21 resolv.conf
scenario is this:
before establishing ppp connection i make sure no firewall rules are set
when i do iptables -L
Code:
root@parade:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
root@parade:/home/matters12/speedtouch_novi# pppoe-start
. Connected!
root@parade:/home/matters12/speedtouch_novi# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
root@parade:/home/matters12/speedtouch_novi# pppoe-stop
Killing pppd (7199)
Killing pppoe-connect (7182)
As you can see before establishing ppp no customized firewall is applied as it should be but also after the connection is made.
but if i run firewalls script manually before connection is made then its executed successfully and remains even after the connection is made.
what am i doing wrong?
|
|
|
02-26-2009, 07:00 AM
|
#6
|
LQ 5k Club
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware64-15.0
Posts: 6,525
|
It seems that you have done all that is required. My only thought is that perhaps the symlink is not correct.
From your listing I note that the permissions for the symlink are not the same as for the firewalls script.
Try deleting the symlink and remaking it. i.e. (as root)
cd /etc/ppp
rm ip-pre-up
ln -s firewalls ip-pre-up
|
|
|
02-26-2009, 03:02 PM
|
#7
|
Member
Registered: Feb 2005
Distribution: Slackware
Posts: 72
Rep:
|
Those are the proper permissions on the symlink. symlinks always have those permissions unless for some strange reason you change them.
As for why pppoe-start isn't running the firewall rules, that could be any number of issues. I'm not familiar with pppoe-*, so I'll defer to those who are. However, unless you have some need to start and stop pppoe routinely as oppossed to say, running it once on boot-up, I'd just put your firewall rules in /etc/rc.d/rc.firewall and run pppoe-start inside them.
|
|
|
02-26-2009, 06:07 PM
|
#8
|
LQ 5k Club
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware64-15.0
Posts: 6,525
|
Ah, of course the symlink permissions are correct.
Just had a look at the setup that I had on an old machine.
Try making the symlink an absolute path. i.e.
ln -s /etc/ppp/firewalls ip-pre-up
Last edited by allend; 02-26-2009 at 06:14 PM.
|
|
|
03-03-2009, 10:22 AM
|
#9
|
Member
Registered: May 2007
Distribution: Slackware
Posts: 281
Original Poster
Rep: 
|
Hi guys sorry for long delay!
As alan hicks stated to put firewalls to rc.firewalls to /etc/rc.d/
it works on booting ive tried that before, however i want to know what cause ip-pre-up not to start while doing pppoe-start manually
allend - ive tried also absolute path and no joy
ive also tried to rename firewalls to ip-pre-up directly and again no joy
wondering what might cause ip-pre-up not to start?
firewalls has modified rules of firewall-masq nothing else
|
|
|
03-04-2009, 09:17 AM
|
#10
|
LQ 5k Club
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware64-15.0
Posts: 6,525
|
I am scratching my head at this point. You are executing 'pppoe-start' as root, I presume?
|
|
|
03-04-2009, 05:11 PM
|
#11
|
Member
Registered: May 2007
Distribution: Slackware
Posts: 281
Original Poster
Rep: 
|
yes im starting pppoe-start as root, tried also to start as normal user, but it must be started as root.
|
|
|
03-04-2009, 06:03 PM
|
#12
|
Slackware Contributor
Registered: Jun 2002
Location: New Zealand
Distribution: Slackware
Posts: 999
|
Ok first thing to understand is the rp-pppoe is a bit different than normal ppp.
Set "FIREWALL=MASQUERADE" in /etc/ppp/pppoe.conf
Then simply rename your firewall script to "firewall-masq" (make sure it's chmod +x)
And all should be well (maybe back-up the existing firewall-masq first)
|
|
|
03-06-2009, 05:50 AM
|
#13
|
Member
Registered: May 2007
Distribution: Slackware
Posts: 281
Original Poster
Rep: 
|
Quote:
Originally Posted by mRgOBLIN
Ok first thing to understand is the rp-pppoe is a bit different than normal ppp.
Set "FIREWALL=MASQUERADE" in /etc/ppp/pppoe.conf
Then simply rename your firewall script to "firewall-masq" (make sure it's chmod +x)
And all should be well (maybe back-up the existing firewall-masq first)
|
That method also works!
But what im wondering how to make ip-pre-up to work aswell, wheres the catch why it dosent want to start?
as far as i found is that ip-pre-up is linked with ppp-2.4.4 package and ip-pre-up scripts wont run unless there is 2.4.4 version installed or higher.
i do have it installed but we are talking about rp-pppoe package.
So my question is how its possible for allend got it ip-pre-up started when establishing pppoe connection?
Its interesting!
Can someone clarify for me the difference between rp-pppoe and ppp packages?
Thanks!
Last edited by matters; 03-06-2009 at 06:25 AM.
|
|
|
All times are GMT -5. The time now is 10:17 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|