Shorewall users - Nov 2003 - How to fix allocation of I/F numbers for ppp

This is one off-topic but I think a many Shorewall users would
be interested in the answer.

The problem is to control the assignment of i/f numbers to ppp
connections, i.e. ppp0, ppp1. It can be useful to know this in
the Shorewall config files. Is it possible?

--- ahg1@swiftdsl.com.au wrote:
> 
> This is one off-topic but I think a many Shorewall users would
> be interested in the answer.
> 
> The problem is to control the assignment of i/f numbers to ppp
> connections, i.e. ppp0, ppp1. It can be useful to know this in
> the Shorewall config files. Is it possible?
I don''t quite understand. Please elaborate specifically with a
hypothectical network scenario/example please.

Is as if your kindof referencing a dialin server or something. Not
sure. Sorry.

JBanks

__________________________________
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree

Joshua Banks wrote:
> 
> I don''t quite understand. Please elaborate specifically with a
> hypothectical network scenario/example please.
> 
> Is as if your kindof referencing a dialin server or something. Not
> sure. Sorry.
> 
Consider a firewall that has in-dials (PPP) and PPPoE connections
to the Internet. It would be useful to specify exactly which ppp?
interface the various connections got.

On Thu, 6 Nov 2003 ahg1@swiftdsl.com.au wrote:
>
> This is one off-topic but I think a many Shorewall users would
> be interested in the answer.
>
> The problem is to control the assignment of i/f numbers to ppp
> connections, i.e. ppp0, ppp1. It can be useful to know this in
> the Shorewall config files. Is it possible?
>
I recently spent considerable time documenting the workaround for this
problem at http://www.shorewall.net/PPTP.htm.

See the sub-section entitled "Configuring Shorewall"

-Tom
--
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

----- Original Message -----
From: <ahg1@swiftdsl.com.au>
To: "Shorewall Users Mailing List"
<shorewall-users@lists.shorewall.net>
Sent: Thursday, November 06, 2003 08:00
Subject: Re: [Shorewall-users] How to fix allocation of I/F
numbers for ppp

> Joshua Banks wrote:
> >
> > I don''t quite understand. Please elaborate specifically
with a
> > hypothectical network scenario/example please.
> >
> > Is as if your kindof referencing a dialin server or
something. Not
> > sure. Sorry.
> >
>
> Consider a firewall that has in-dials (PPP) and PPPoE
connections
> to the Internet. It would be useful to specify exactly
which ppp?
> interface the various connections got.
You can fix the ip the dialins get, but not the interfaces.
I have dialins, vpns,
and adsl all on the same box. I have run in to this problem,
adsl gets dumped,
and then someone dials in at the same time. The workaround
for me was to
have a boot configuration for shorewall with the adsl not
starting on boot,
( The adsl is a second provider ) and then call a second
shorewall config
from a different directory when the adsl starts. Using the
params file that
''includes'' a second params file where I dump the adsl
interface information
using a scrip called from ip-up.local and restart shorewall,
if required. I then
use the variable as required in shorewall (masq, interface
files). The only time
shorewall needs to restarted, for me, is if the interface
changes, I have a
fixed ip address, others may need to reload because the ip
changed, but that
can be added to the script. I use a file to track the last
interface used for the
adsl, to see if a restart is required.

Hope you find it useful

Jerry Vonau




-------------- next part --------------
#!/bin/bash
# called from ip-up.local

. /etc/shorewall.test/params.ppp

# Interface to Internet
sleep 10
INETPPP="`/usr/sbin/adsl-status | awk ''{print $1}''| grep
ppp`"
echo PUBPPP="${INETPPP}" > /etc/shorewall.test/params.ppp

## Just to be sure....
                                                                              
if [ "${PUBPPP}" = "" ]; then
echo "waiting on PPPOE" >> /var/log/messages
sleep 10

INETPPP="`/usr/sbin/adsl-status | awk ''{print $1}''| grep
ppp`"
echo PUBPPP="${INETPPP}" > /etc/shorewall.test/params.ppp
fi                                                                          

##

LASTTIME=`cat /var/run/pppoe.last`

if [ "${LASTTIME}"  = "${INETPPP}" ]; then       

echo " ADSL RESTARTED " >> /var/log/messages

        else

echo " ADSL INTERFACE CHANGED" >> /var/log/messages
echo $INETPPP > /var/run/pppoe.last

/sbin/shorewall try /etc/shorewall.test    

fi