Date: Tue, 1 Jul 2003 07:32:48 +0100 From: lewiz <purple@lewiz.info> To: FreeBSD-questions <freebsd-questions@freebsd.org>, FreeBSD-mobile <freebsd-mobile@freebsd.org> Subject: Variable NFS mounts / firewall rules. Message-ID: <20030701063248.GA904@lewiz.org>
next in thread | raw e-mail | index | archive | help
--0F1p//8PRICkK4MW Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, I have recently gotten around to setting up my laptop to play nicely with dhclient (not as easy as it sounds). I have a number of questions I should like to ask. I am going to provide a brief rundown of what I would like to know, and more detail, for those interested. 1. Why does dhclient.conf ``ignore'' the media directive? 2. Can I have /different/ NFS mounts, depending on the IP address dhclient assigns to me? 3. Can I have /different/ firewall rules, depending on the IP address dhclient assigns to me? And now for the more through version: Firstly, even though I specify ``media "media 10base2/BNC"'' in the correct manner in the /etc/dhclient.conf file, why does dhclient fail to switch the media to the BNC port? I have been searching through the dhclient-script file to no avail and the documentation is light on this issue. I have overcome the issue by putting ``/sbin/ifconfig ep0 media 10base2/BNC'' in /etc/start_if.ep0. Secondly, having been playing with the ``new'' /etc/rc.d stuff in 5-RELEASE I have started to wonder how I might go about setting up a nicely roaming laptop. When I'm at home I am assigned a static IP by the DHCP server, which serves as a way of determining my current location (although, if by chance I were assigned the same address by another DHCP server, I would run into troubles). When at home I want to have certain NFS mounts available to me (say, /usr/ports/distfiles and /usr/home.nfs). When I am roaming and there is no assigned address, I have /usr/home.ufs, which I want symlinked to /home to allow me to login. I synchronize /usr/home.ufs with the NFS home periodically. I have a local user account that I log on with whilst away from home. Previously, I did this with a nasty hack in /etc/dhclient-exit-hooks (a bit of grepping and gawking did the job to get the current IP, I compared it to what I was expecting then mounted exports accordingly). However, now that I have IPFIREWALL enabled this does not work, as the firewall rules are loaded /after/ dhclient-exit-hooks are executed (default to deny means there is no connectivity -- btw, how does dhclient communicate?) This led me to a second issue: while I am away, I want much more stringent firewall rules (i.e. deny almost all, allow me to establish out and allow DNS UDP requests). My question is therefore: is it possible that I could write either a) a new script to go in /etc/rc.d to perform different NFS mounting based on my ``location'' (i.e. IP address -- unless anybody else can think of a better, more robust way to do this (maybe some server checksum?)); or b) modify an existing script (probably mountcritremote?) to include this functionality. Regardless of which method might be chosen: would I use /etc/rc.conf to specify the options, or provide a custom configuration file in /etc that the new script would use? Furthermore, can the rc.firewall script be modified (or passed an argument) that causes different firewall rules to be loaded depending on my ``location'' (i.e. IP address, again)? If anybody can provide any insight into this problem, preferably with an idea of which files I might go modifying (please!) then I would do my best to come up with some solution which might be of benefit to others in a similar situation (if it exists). Sorry for such a bulky mail, I couldn't really find how else to cut it down. Many thanks! -lewiz. --=20 Welcome thy neighbor into thy fallout shelter. He'll come in handy if you run out of food. -- Dean McLaughlin. ------------------------------------------------------------------------ -| msn:purple@lewiz.net | jab:lewiz@jabber.org | url:http://lewiz.net |- --0F1p//8PRICkK4MW Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE/ASsQItq0KFQv7T8RApzoAJ492MzCsRcavostEytvZRNyzKpy1QCePGIM kMUlkZuHiYPhVwCVwpK9J2w= =ka4z -----END PGP SIGNATURE----- --0F1p//8PRICkK4MW--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030701063248.GA904>