Date: Sun, 17 Jul 2005 21:38:58 -0500 From: Billy Newsom <smartweb@leadhill.net> To: stefan@aeschbacher.ch, hackers@freebsd.org Subject: Re: rc.d ppp dependency Message-ID: <42DB1642.4020801@leadhill.net> In-Reply-To: <1121426237.42d79b3dcf954@horde.nts.ch> References: <1121426237.42d79b3dcf954@horde.nts.ch>
next in thread | previous in thread | raw e-mail | index | archive | help
stefan@aeschbacher.ch wrote: > Hi > when using ppp together with pf there seems to exist a dependency problem. > I start ppp and pf with : ppp_enable="YES" and pf_enable="YES" in rc.conf. > > At startup when the pf rulefile is loaded, the tun0 (which I use in the pf > config) device does not yet exist and therefore the rules can not load. > > I noticed that in /etc/rc.d/ppp-user, ipfilter is resynced after ppp has > started. Shouldn't the same be done for pf? > > thanks > > Stefan > > P.S. a similar problem exists with sshd when a ListenAddress directive is > used with an address configured to tun0 Attn: I have been trying to get the same exact problem dealt with for ipnat and renaming interfaces. It appears that under FreeBSD 5-Stable, that although we are welcome to rename a network interface (like fxp0) to whatever we want (say out0), there seems to be a problem with the order in which things happen at boot. RENAMING happens after the ipnat has started, and so I feel that we need to re-sync ipnat after the renaming occurs. Otherwise, ipnat seems to have the old interface names, and ipnat will not work. Notice that in the rcorder of things, we see this (I skipped a bunch for brevity): ipfilter ... ipmon ... ipnat ipfs ... netif (interface renaming occurs; resync of ipfilter) isdnd ppp-user ipfw dhclient nsswitch ip6addrctl atm2 routing ip6fw network_ipv6 mroute6d route6d mrouted routed NETWORKING ... pflog pf pppoed ... localpkg natd What I see is that we need an IF-THEN-ELSE statement in the rcorder system someplace, that can notify pf if ppp is being used, and that will force ipnat to reload, etc. The ppp-user file, as you say, might need to reload pf if necessary. A simple patch could be thought up and attached here, huh? Can you post some of these comments as a bug (PR) to the FreeBSD system? I have one that could probably be fixed if my patch is used. See my related PR at http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/81606 You might refer to PR 81606 as potentially being a similar issue with rcng. These thigns are slowly coming to light. rcng has got a lot of little tweaks it needs, especially if we start to let ports interact with the system rcng files. Billy
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42DB1642.4020801>