Re: going bananas

Subject: Re: going bananas
From: matthew vidic (matt@procopyonline.com)
Date: Thu Jun 22 2000 - 07:36:56 MDT

thanks dennis

i'll let you know how it goes...

matt 

-- 

> From: Dennis Murphy <dmurphy@leguin.montclair.edu>
> Reply-To: yellowdog-general@lists.yellowdoglinux.com
> Date: Wed, 21 Jun 2000 23:27:45 -0400 (EDT)
> To: yellowdog-general@lists.yellowdoglinux.com
> Subject: Re: going bananas
> 
> This is a _really_ _REALLY_ fugly hack, but it works (sort of)... :-)
> 
> Basically, what happens on system boot is that one of the rc.* scripts (for
> me, it's /etc/rc.d/rc.local) calls /usr/local/sbin/startpppnet, which fires up
> the PPP connection.
> 
> In my crontab, I have an entry that looks like:
> */2 * * * *     /usr/local/sbin/ppptest
> 
> This runs ppptest every 2 minutes, which checks if PPP is up. If not, it runs
> startpppnet and emails root that PPP died.
> 
> Of course, this assumes that PPP is already setup and works.  Please feel free
> to modify this at will...  Let me know if it works for you!
> 
> ---
> Dennis Murphy
> Verizon Wireless
> Technical Analyst
> Sun Support Group
> murphde@bam.com
> (914)365-7104
> 
> Source of /usr/local/sbin/ppptest
> =================
> #! /bin/bash
> # Quickie script hacked together by Dennis Murphy <dmurphy@nbvb.com>
> # This is free-as-in-free software; if you break it, you keep both
> # pieces.
> TESTVAR=`/bin/ps auxw|/bin/grep pppd|/bin/grep -v grep`
> if [ -z "$TESTVAR" ]; then
> echo "Ack!  PPP connection died.  Restarting..."|/bin/mail -s "PPP died at
> `date`" root
> /usr/local/sbin/startpppnet &
> fi
> 
> Source of /usr/local/sbin/startpppnet
> =====================
> #! /bin/bash
> # Quickie script hacked together by Dennis Murphy <dmurphy@nbvb.com>
> # This is free-as-in-free software; if you break it, you keep both
> # pieces.
> cd /etc/sysconfig/network-scripts
> ../ifup-ppp ppp0
> sleep 10
> /usr/local/sbin/firewall-up ppp0
> 
> Source of /usr/local/sbin/firewall-up
> =====================================
> #! /bin/sh
> # This stuff is stolen directly from the IP-MASQ faq.  Thanks!
> 
> PATH=/sbin:/bin:/usr/sbin:/usr/bin
> /sbin/depmod -a
> /sbin/modprobe ip_masq_ftp
> /sbin/modprobe ip_masq_raudio
> /sbin/modprobe ip_masq_irc
> /sbin/modprobe ip_masq_quake 26000,27000,27910,27960
> /sbin/modprobe ip_masq_cuseeme
> /sbin/modprobe ip_masq_vdolive
> echo "1" > /proc/sys/net/ipv4/ip_forward
> extip="`/sbin/ifconfig ppp0|grep 'inet addr'|awk '{print $2}' | sed -e
> 's/.*://'`"
> extint="ppp0"
> intint="eth0"
> intnet="192.168.0.0/24"
> ipchains -M -S 7200 10 60
> 
> # Input rules.
> # Taken from the IP-Masq-FAQ, using the STRONG Firewall section.
> ipchains -F input
> ipchains -P input REJECT
> ipchains -A input -i $intint -s $intnet -d 0.0.0.0/0 -j ACCEPT
> ipchains -A input -i $extint -s $intnet -d 0.0.0.0/0 -j REJECT
> ipchains -A input -i $extint -s 0.0.0.0/0 -d $extip/32 -j ACCEPT
> ipchains -A input -i lo -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT
> ipchains -A input -s 0.0.0.0/0 -d 0.0.0.0/0 -j REJECT
> 
> # Output rules.
> # Same source as the input rules.
> ipchains -F output
> ipchains -P output REJECT
> ipchains -A output -i $intint -s 0.0.0.0/0 -d $intnet -j ACCEPT
> ipchains -A output -i $extint -s 0.0.0.0/0 -d $intnet -j REJECT
> ipchains -A output -i $extint -s $intnet -d 0.0.0.0/0 -j REJECT
> ipchains -A output -i $extint -s $extip/32 -d 0.0.0.0/0 -j ACCEPT
> ipchains -A output -i lo -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT
> ipchains -A output -s 0.0.0.0/0 -d 0.0.0.0/0 -j REJECT
> ipchains -F forward
> ipchains -P forward DENY
> ipchains -A forward -i $extint -s $intnet -d 0.0.0.0/0 -j MASQ
> ipchains -A forward -s 0.0.0.0/0 -d 0.0.0.0/0 -j REJECT

This archive was generated by hypermail 2a24 : Thu Jun 22 2000 - 07:39:03 MDT