Subject: Re: going bananas
From: Dennis Murphy (dmurphy@leguin.montclair.edu)
Date: Wed Jun 21 2000 - 21:27:45 MDT
This is a _really_ _REALLY_ fugly hack, but it works (sort of)... :-)
Basically, what happens on system boot is that one of the rc.* scripts (for
me, it's /etc/rc.d/rc.local) calls /usr/local/sbin/startpppnet, which fires up
the PPP connection.
In my crontab, I have an entry that looks like:
*/2 * * * * /usr/local/sbin/ppptest
This runs ppptest every 2 minutes, which checks if PPP is up. If not, it runs
startpppnet and emails root that PPP died.
Of course, this assumes that PPP is already setup and works. Please feel free
to modify this at will... Let me know if it works for you!
--- Dennis Murphy Verizon Wireless Technical Analyst Sun Support Group murphde@bam.com (914)365-7104Source of /usr/local/sbin/ppptest ================= #! /bin/bash # Quickie script hacked together by Dennis Murphy <dmurphy@nbvb.com> # This is free-as-in-free software; if you break it, you keep both # pieces. TESTVAR=`/bin/ps auxw|/bin/grep pppd|/bin/grep -v grep` if [ -z "$TESTVAR" ]; then echo "Ack! PPP connection died. Restarting..."|/bin/mail -s "PPP died at `date`" root /usr/local/sbin/startpppnet & fi
Source of /usr/local/sbin/startpppnet ===================== #! /bin/bash # Quickie script hacked together by Dennis Murphy <dmurphy@nbvb.com> # This is free-as-in-free software; if you break it, you keep both # pieces. cd /etc/sysconfig/network-scripts ./ifup-ppp ppp0 sleep 10 /usr/local/sbin/firewall-up ppp0
Source of /usr/local/sbin/firewall-up ===================================== #! /bin/sh # This stuff is stolen directly from the IP-MASQ faq. Thanks!
PATH=/sbin:/bin:/usr/sbin:/usr/bin /sbin/depmod -a /sbin/modprobe ip_masq_ftp /sbin/modprobe ip_masq_raudio /sbin/modprobe ip_masq_irc /sbin/modprobe ip_masq_quake 26000,27000,27910,27960 /sbin/modprobe ip_masq_cuseeme /sbin/modprobe ip_masq_vdolive echo "1" > /proc/sys/net/ipv4/ip_forward extip="`/sbin/ifconfig ppp0|grep 'inet addr'|awk '{print $2}' | sed -e 's/.*://'`" extint="ppp0" intint="eth0" intnet="192.168.0.0/24" ipchains -M -S 7200 10 60
# Input rules. # Taken from the IP-Masq-FAQ, using the STRONG Firewall section. ipchains -F input ipchains -P input REJECT ipchains -A input -i $intint -s $intnet -d 0.0.0.0/0 -j ACCEPT ipchains -A input -i $extint -s $intnet -d 0.0.0.0/0 -j REJECT ipchains -A input -i $extint -s 0.0.0.0/0 -d $extip/32 -j ACCEPT ipchains -A input -i lo -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT ipchains -A input -s 0.0.0.0/0 -d 0.0.0.0/0 -j REJECT
# Output rules. # Same source as the input rules. ipchains -F output ipchains -P output REJECT ipchains -A output -i $intint -s 0.0.0.0/0 -d $intnet -j ACCEPT ipchains -A output -i $extint -s 0.0.0.0/0 -d $intnet -j REJECT ipchains -A output -i $extint -s $intnet -d 0.0.0.0/0 -j REJECT ipchains -A output -i $extint -s $extip/32 -d 0.0.0.0/0 -j ACCEPT ipchains -A output -i lo -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT ipchains -A output -s 0.0.0.0/0 -d 0.0.0.0/0 -j REJECT ipchains -F forward ipchains -P forward DENY ipchains -A forward -i $extint -s $intnet -d 0.0.0.0/0 -j MASQ ipchains -A forward -s 0.0.0.0/0 -d 0.0.0.0/0 -j REJECT
This archive was generated by hypermail 2a24 : Wed Jun 21 2000 - 21:30:14 MDT