From owner-freebsd-mobile@FreeBSD.ORG Mon Jun 30 23:33:35 2003 Return-Path: Delivered-To: freebsd-mobile@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5E83537B401; Mon, 30 Jun 2003 23:33:35 -0700 (PDT) Received: from mail.lewiz.org (pam80-1-4-49.man.dial.ntli.net [80.1.4.49]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8387743FDD; Mon, 30 Jun 2003 23:33:33 -0700 (PDT) (envelope-from lewiz@green.lewiz.org) Received: from green.lewiz.org ([192.168.0.10]) by mail.lewiz.org with smtp (Exim 4.20) id 19XEh5-0006iW-LP; Tue, 01 Jul 2003 06:32:47 +0000 Received: (nullmailer pid 939 invoked by uid 4001); Tue, 01 Jul 2003 06:32:49 -0000 Date: Tue, 1 Jul 2003 07:32:48 +0100 From: lewiz To: FreeBSD-questions , FreeBSD-mobile Message-ID: <20030701063248.GA904@lewiz.org> Mail-Followup-To: lewiz , FreeBSD-questions , FreeBSD-mobile Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="0F1p//8PRICkK4MW" Content-Disposition: inline X-GPG-Fingerprint: 90A4 939E 3847 A3E4 8103 2A48 22DA B428 542F ED3F X-GPG-Info: http://www.westwood.karoo.net/pgpkey / horowitz.surfnet.nl User-Agent: Mutt/1.5.4i X-MailScanner-Information: Please contact the ISP for more information X-MailScanner: Found to be clean Subject: Variable NFS mounts / firewall rules. X-BeenThere: freebsd-mobile@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Mobile computing with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Jul 2003 06:33:35 -0000 --0F1p//8PRICkK4MW Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, I have recently gotten around to setting up my laptop to play nicely with dhclient (not as easy as it sounds). I have a number of questions I should like to ask. I am going to provide a brief rundown of what I would like to know, and more detail, for those interested. 1. Why does dhclient.conf ``ignore'' the media directive? 2. Can I have /different/ NFS mounts, depending on the IP address dhclient assigns to me? 3. Can I have /different/ firewall rules, depending on the IP address dhclient assigns to me? And now for the more through version: Firstly, even though I specify ``media "media 10base2/BNC"'' in the correct manner in the /etc/dhclient.conf file, why does dhclient fail to switch the media to the BNC port? I have been searching through the dhclient-script file to no avail and the documentation is light on this issue. I have overcome the issue by putting ``/sbin/ifconfig ep0 media 10base2/BNC'' in /etc/start_if.ep0. Secondly, having been playing with the ``new'' /etc/rc.d stuff in 5-RELEASE I have started to wonder how I might go about setting up a nicely roaming laptop. When I'm at home I am assigned a static IP by the DHCP server, which serves as a way of determining my current location (although, if by chance I were assigned the same address by another DHCP server, I would run into troubles). When at home I want to have certain NFS mounts available to me (say, /usr/ports/distfiles and /usr/home.nfs). When I am roaming and there is no assigned address, I have /usr/home.ufs, which I want symlinked to /home to allow me to login. I synchronize /usr/home.ufs with the NFS home periodically. I have a local user account that I log on with whilst away from home. Previously, I did this with a nasty hack in /etc/dhclient-exit-hooks (a bit of grepping and gawking did the job to get the current IP, I compared it to what I was expecting then mounted exports accordingly). However, now that I have IPFIREWALL enabled this does not work, as the firewall rules are loaded /after/ dhclient-exit-hooks are executed (default to deny means there is no connectivity -- btw, how does dhclient communicate?) This led me to a second issue: while I am away, I want much more stringent firewall rules (i.e. deny almost all, allow me to establish out and allow DNS UDP requests). My question is therefore: is it possible that I could write either a) a new script to go in /etc/rc.d to perform different NFS mounting based on my ``location'' (i.e. IP address -- unless anybody else can think of a better, more robust way to do this (maybe some server checksum?)); or b) modify an existing script (probably mountcritremote?) to include this functionality. Regardless of which method might be chosen: would I use /etc/rc.conf to specify the options, or provide a custom configuration file in /etc that the new script would use? Furthermore, can the rc.firewall script be modified (or passed an argument) that causes different firewall rules to be loaded depending on my ``location'' (i.e. IP address, again)? If anybody can provide any insight into this problem, preferably with an idea of which files I might go modifying (please!) then I would do my best to come up with some solution which might be of benefit to others in a similar situation (if it exists). Sorry for such a bulky mail, I couldn't really find how else to cut it down. Many thanks! -lewiz. --=20 Welcome thy neighbor into thy fallout shelter. He'll come in handy if you run out of food. -- Dean McLaughlin. ------------------------------------------------------------------------ -| msn:purple@lewiz.net | jab:lewiz@jabber.org | url:http://lewiz.net |- --0F1p//8PRICkK4MW Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE/ASsQItq0KFQv7T8RApzoAJ492MzCsRcavostEytvZRNyzKpy1QCePGIM kMUlkZuHiYPhVwCVwpK9J2w= =ka4z -----END PGP SIGNATURE----- --0F1p//8PRICkK4MW--