This configuration gives me trouble in the down section ( stolen from
shorewall site )
The pre-down section complaints about pre-down entries being duplicates
as you can see I have comment out the down parts to bring the interface
up ...
however from command line all is ok ...
auto br0
iface br0 inet static
address 192.168.2.254
netmask 255.255.255.0
pre-up /usr/sbin/openvpn --mktun --dev tap0
pre-up /bin/ip link set tap0 up
pre-up /bin/ip link set eth3 up
pre-up /usr/sbin/brctl addbr br0
pre-up /usr/sbin/brctl addif br0 eth3
pre-up /usr/sbin/brctl addif br0 tap0
# pre-down /usr/sbin/brctl delif br0 eth3
# pre-down /bin/ip link set eth3 down
# pre-down /usr/sbin/brctl delif br0 tap0
# pre-down /bin/ip link set tap0 down
# post-down /usr/sbin/brctl delbr br0
# post-down /usr/sbin/openvpn --rmtun --dev tap0
BTW: No daemontools ????? should I compile my own ??
I know I can use inittab for this but I hate it ...
Cheers..
( Thanks Nathan, NC )
Nathan U R Greek, correct ???
---
Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org
Help: alpine-devel+help@lists.alpinelinux.org
---
Harry,
> The pre-down section complaints about pre-down entries being duplicates> as you can see I have comment out the down parts to bring the interface > up ...
You've run into (yet another) busybox ifupdown weirdness. pre-down is
not a valid keyword - but instead of reporting that, it says you have
duplicates. (evidently you are allowed to have a "foobar" keyword in
each stanza, but not two... ?!
It appears to be a pretty common mistake to think there's a pre-down
command (that would be logical) but the actual command is "down"
so you have
pre-up (before iface is "up")
up (should be called post-up)
down (should be called pre-down)
post-down (after interface is "down")
The following adjustments should work:
auto br0
iface br0 inet static
address 192.168.2.254
netmask 255.255.255.0
pre-up /usr/sbin/openvpn --mktun --dev tap0
pre-up /bin/ip link set tap0 up
pre-up /bin/ip link set eth3 up
pre-up /usr/sbin/brctl addbr br0
pre-up /usr/sbin/brctl addif br0 eth3
pre-up /usr/sbin/brctl addif br0 tap0
down /usr/sbin/brctl delif br0 eth3
down /bin/ip link set eth3 down
down /usr/sbin/brctl delif br0 tap0
down /bin/ip link set tap0 down
post-down /usr/sbin/brctl delbr br0
post-down /usr/sbin/openvpn --rmtun --dev tap0
One last thing that you might want to keep in mind: the sequence of
*-up/down commands will stop whenever the *first* one returns false.
For example, adding this line before the delif br0 eth3 ...
down false
down /usr/sbin/brctl delif br0 eth3
.
.
Will never actually run the delif/iplink/openvpn commands. That makes
it possible to get into ifup/down hell where ifup says the device is
already up, and ifdown won't let you take it down.
I'm mention this so that if you ever run a command that *might* return
false, you should escape it:
down /usr/sbin/command_that_might_fail || true
^^^^^^^^^
The "|| true" forces the command to be true. Problem solved. :-)
And, since I'm responding after natanael did, we have a fundamental
difference of opinion on bridges - I think they are interfaces (they
show up in ip link) so they should go in the interfaces file. He
prefers the init.d script. Take your pick - either way will work.
> BTW: No daemontools ????? should I compile my own ??
Natanael really likes busybox init :-) Send in a patch and I'm sure
he'll add it though.
> I know I can use inittab for this but I hate it ...> > > Cheers..> > ( Thanks Nathan, NC )> > Nathan U R Greek, correct ???>
Mostly the name. My father's father was greek - but I mostly take after
my Hungarian mom... (Greeks+Hungarians... talk about hard-headed!)
By the way, thanks very much for your work on muli-isp failover - its
VERY much appreciated!
---
Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org
Help: alpine-devel+help@lists.alpinelinux.org
---
Harry Lachanas wrote:
> Thank's Nathan ....> Thanks NC....> >>>>> BTW: No daemontools ????? should I compile my own ??>>> Daemon tools from Dr Dan Bernstein <http://cr.yp.to/djb.html>
Yeah, I meant you compile the package, send NC whatever he needs for the
makefile, and you get it in Alpine.
<snip>
>> By the way, thanks very much for your work on muli-isp failover - its >> VERY much appreciated!>>> There are grounds to polish this up ....> For instance once U have 3 ISP profiders and they get about 33% of the > traffic once one goes down then one of the providers ( U decide which ) > gets about 66% of the traffic....> > I think in order to do this better, other ( more underground and bad ) > modules have to be incorporated> random ????> ROUTE ????> fuzzy ??> nth ??> > Then after that I think shorewall doesn't fit in there anymore .... ( We > better study and become experts on netfilter :-( , but we'll avoid all > the sarcasm and sadism of shorewall lists :-) )>
Speaking of shorewall, a buddy is looking at ferm
http://ferm.foo-projects.org/ as a replacement for shorewall.
Take care!
---
Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org
Help: alpine-devel+help@lists.alpinelinux.org
---
On Wed, 2008-12-10 at 18:21 +0200, Harry Lachanas wrote:
> This configuration gives me trouble in the down section ( stolen from > shorewall site )> > The pre-down section complaints about pre-down entries being duplicates> as you can see I have comment out the down parts to bring the interface > up ...> > however from command line all is ok ...> > > > auto br0> iface br0 inet static> address 192.168.2.254> netmask 255.255.255.0> pre-up /usr/sbin/openvpn --mktun --dev tap0> pre-up /bin/ip link set tap0 up> pre-up /bin/ip link set eth3 up> pre-up /usr/sbin/brctl addbr br0> pre-up /usr/sbin/brctl addif br0 eth3> pre-up /usr/sbin/brctl addif br0 tap0> # pre-down /usr/sbin/brctl delif br0 eth3> # pre-down /bin/ip link set eth3 down> # pre-down /usr/sbin/brctl delif br0 tap0> # pre-down /bin/ip link set tap0 down> # post-down /usr/sbin/brctl delbr br0> # post-down /usr/sbin/openvpn --rmtun --dev tap0>
iirc there is an init.d script doing bridges for you.
have a look at /etc/conf.d/bridge and /etc/init.d/bridge
> > BTW: No daemontools ????? should I compile my own ??> > I know I can use inittab for this but I hate it ...> > > Cheers..> > ( Thanks Nathan, NC )> > Nathan U R Greek, correct ???> > > > ---> Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org> Help: alpine-devel+help@lists.alpinelinux.org> --->
---
Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org
Help: alpine-devel+help@lists.alpinelinux.org
---
Thank's Nathan ....
Thanks NC....
>>> BTW: No daemontools ????? should I compile my own ??>
Daemon tools from Dr Dan Bernstein <http://cr.yp.to/djb.html>
> Natanael really likes busybox init :-) Send in a patch and I'm sure > he'll add it though.>>> I know I can use inittab for this but I hate it ...>>>>>> Cheers..>>>> ( Thanks Nathan, NC )>>>> Nathan U R Greek, correct ???>>>> Mostly the name. My father's father was greek - but I mostly take > after my Hungarian mom... (Greeks+Hungarians... talk about hard-headed!)>>
Hungarian soccer used to be super ....
Greek Civilization used to be super also ...
U combine both worlds ( so u must be a civilized good soccer player ;-) )
> By the way, thanks very much for your work on muli-isp failover - its > VERY much appreciated!>
There are grounds to polish this up ....
For instance once U have 3 ISP profiders and they get about 33% of the
traffic once one goes down then one of the providers ( U decide which )
gets about 66% of the traffic....
I think in order to do this better, other ( more underground and bad )
modules have to be incorporated
random ????
ROUTE ????
fuzzy ??
nth ??
Then after that I think shorewall doesn't fit in there anymore .... ( We
better study and become experts on netfilter :-( , but we'll avoid all
the sarcasm and sadism of shorewall lists :-) )
Cheers.....
---
Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org
Help: alpine-devel+help@lists.alpinelinux.org
---