Shorewall users - Mar 2007 - Keeping multiple network interfaces straight?

Can anyone offer suggestions on how to make sure the right network
interface card is being assigned to the right network?

I''m uncomfortable with the way my OS (Ubuntu 6.10 Server, 2.6.17-10
kernel) simply calls the interfaces "eth0", "eth1", and
"eth2".  I''m
worried that some unnoticed system change could cause these labels
to be switched around without warning after a reboot.

I imagine it might be possible to write code that would probe the
network cards, identify each card by its MAC address, and assign the
correct IP address info and Shorewall function to each card, no matter
what the kernel might choose to call the card.

Presumably, this would involve replacing the existing network startup
script (/etc/init.d/networking) and invoking a suitable script in
/etc/shorewall/params to set variables to point to the interfaces as
appropriate.

I have no idea if Shorewall''s save/restore would still work in such an
environment.

Has anyone successfully implemented this?

Rich Wales      ===      Palo Alto, CA, USA      ===     richw@richw.org
http://www.richw.org   ===   http://en.wikipedia.org/wiki/User:Richwales

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

On Fri, 2007-30-03 at 08:39 -0700, Rich Wales wrote:
> Can anyone offer suggestions on how to make sure the right network
> interface card is being assigned to the right network?
$ man iftab

b.

-- 
My other computer is your Microsoft Windows server.

Brian J. Murrell


-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

nameif does exactly what you''ve described - fix the interface name and
mac address.

You''ll need to put in a mactab file, and make sure nameif runs at the
beginning of your /etc/init.d/networking

You can give whatever names you want - wan0, lan0, dmz0, or anything
else.. some programs might crib about interfaces with weird names, but
most should be ok.

In your shorewall interfaces file, merely give the new names and you''re
done.

Prasanna.

On 3/30/07, Rich Wales <richw@richw.org> wrote:
> Can anyone offer suggestions on how to make sure the right network
> interface card is being assigned to the right network?
>
> I''m uncomfortable with the way my OS (Ubuntu 6.10 Server,
2.6.17-10
> kernel) simply calls the interfaces "eth0", "eth1", and
"eth2".  I''m
> worried that some unnoticed system change could cause these labels
> to be switched around without warning after a reboot.
>
> I imagine it might be possible to write code that would probe the
> network cards, identify each card by its MAC address, and assign the
> correct IP address info and Shorewall function to each card, no matter
> what the kernel might choose to call the card.
>
> Presumably, this would involve replacing the existing network startup
> script (/etc/init.d/networking) and invoking a suitable script in
> /etc/shorewall/params to set variables to point to the interfaces as
> appropriate.
>
> I have no idea if Shorewall''s save/restore would still work in
such an
> environment.
>
> Has anyone successfully implemented this?
>
> Rich Wales      ===      Palo Alto, CA, USA      ===     richw@richw.org
> http://www.richw.org   ===   http://en.wikipedia.org/wiki/User:Richwales
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net''s Techsay panel and you''ll get the
chance to share your
> opinions on IT & business topics through brief surveys-and earn cash
>
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

Prasanna Krishnamoorthy wrote:
> nameif does exactly what you''ve described - fix the interface name
and
> mac address.
> 
> You''ll need to put in a mactab file, and make sure nameif runs at
the
> beginning of your /etc/init.d/networking
As Brian mentioned, the Ubuntu file is ''iftab'' (not
''mactab'') and the
ifrename init script that uses it is enabled by default.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

On 3/30/07, Tom Eastep <teastep@shorewall.net>
wrote:
> As Brian mentioned, the Ubuntu file is ''iftab'' (not
''mactab'') and the
> ifrename init script that uses it is enabled by default.
>
Just saw his mail. I was using mactab and nameif, but iftab seems a
much better option.

Thanks!
Prasanna.

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

"iftab" was precisely what I needed to learn about and use.

Thanks to everyone who replied.

Rich Wales      ===      Palo Alto, CA, USA      ===     richw@richw.org
http://www.richw.org   ===   http://en.wikipedia.org/wiki/User:Richwales

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV