File: README.Debian

package info (click to toggle)
netscript-2.4 5.5.1
  • links: PTS
  • area: main
  • in suites: stretch
  • size: 480 kB
  • ctags: 123
  • sloc: sh: 2,166; makefile: 85
file content (131 lines) | stat: -rw-r--r-- 4,938 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
 
netscript-2.4 for Debian
----------------------

It is designed to work best with a router software like quagga or bird.

Most of the interface level configuration you will need will be found in
/etc/netscript/network.conf including lower level protocol
daemons/configuration programs like ciped, pppd, or wanconfig. See below 
for more details on this recommended editing policy.

You will have to configure the firewall using the iptables commands directly.
Don't forget to save the configurations using the 
'netscript ipfilter|ip6filter save' commands!  Unlike the last version, 
the firewalling and filtering is no longer configured from network.conf.  
This has been done as stateful filtering obviates the need for great 
complexity in the firewall scripts, and  more flexibility is possible.  
You have to get down and get dirty with iptables and learn it, which is a
good thing to do if you are running this to build a network - you should 
understand things fully, or else you will get things wrong.

CONFIGURATION
-------------

Sysvinit is no longer supported, thanks to some irresolvable boot order
dependency loops with the ifupdown package.

For systemd:

systemctl mask networking
systemctl mask ifupdown
systemctl mask ifup\@.service

Or saving /etc/network/interfaces and purging ifupdown should suffice. 
A lot cleaner.

cp /etc/network/interfaces /tmp
dpkg --purge ifupdown
cp /tmp/interfaces /etc/network

You may also want to mask all the NetworkManager services as well, it likes
configuring things that are not in /etc/network/interfaces.

You may also want to disable inetd and/or portmap from starting up, but check
that you have something like ssh setup to run in daemon mode first before doing
inetd!  The commands would be:

update-rc.d -f portmap remove
update-rc.d -f inetd remove

or:

systemctl mask portmap
systemctl mask inetd

All of the above steps will integrated into a debhelper setup for this
package if possible in the near future.

If you want to set up static routing using this package, it would be a good
idea to install the quagga or bird routing software packages as it is probably
a good idea to set up a routing protocol on any network that needs static
routes other than the default, and static routes are more easily setup from the
routing software anyhow if they are really needed.

LAPTOP SETUP
------------

This is still being developed, and I have been unable to complete the work on
the wireless and starting stopping services like NFS mounts due to my laptop
giving me a lot of trouble under linux.  Lockups and particularly keyboards 
being unpredictable make development hard work.  

IPv6 support is there as it is an analogue of the IPv4 work but needs testing.
Wireless support with waproamd still needs to be teased out.

You will need to install the whereami, ifplugd, and waproamd, dnsmasq, and 
resolvconf.  Get whereami configured to detect the network location and 
print it out using the --mapping switch.  Then edit /etc/netscript/network.conf 
, you will see a section half way down the file just after the DHCP setup 
examples.  

You will have to add the following file to the /etc/ifplugd/action.d directory:

#!/bin/sh
set +e
#
case "$2" in
up)
        /sbin/netscript ifup  $1 > /dev/null 2>&1
        RETVAL=$?
        sleep 5
        exit $RETVAL
        ;;
down)
        /sbin/netscript ifdown $1 > /dev/null 2>&1
        exit $?
        ;;
esac

to the file netscript, chmod 0755, and comment out all lines in the ifupdown
script in hte same directory.

After this dnsmasq, and resolvconf will just basically work for ethernet.

Waproamd setup should be similar to the above, but I have not been able to
experiment yet.


UPGRADE PATH FROM KERNEL 2.2.X
------------------------------

The firewall/IP filtering stuff in ipfilter.conf is the part that changed 
radically with the move to iptables and a far better way of setting up the 
IP filtering rules, however the QoS and interface startup/shutdown in if.conf 
have changed but are backwards compatible with the old 2.2.x ipchains version
of netscript for the interface address configuration settings.  You will have
to set up the filtering again to use iptables by directly using the iptables
commands.  

Also, the kernel 2.2.x version scripts are set up so that iptables is only 
run on a 2.4.x kernel, otherwise IP forwarding is disabled if beforehand 
you set IPFWDING_KERNEL to FILTER_ON in network.conf.

This means that when you upgrade a box to a 2.4.x router kernel, you should
then be able to reboot it and log into remotely and upgrade netscript to the
version that will support 2.4.x.  In this situation, if you have set
old IPFWDING_KERNEL setting to FILTER_ON beforehand in network.conf, all 
IP forwarding through the box will also be disabled.  This means that you 
can safely remotely upgrade a firewall.


 -- Matthew Grant <grantma@anathoth.gen.nz>, Sat, 30 Oct 2004 18:03:24 +1300