Variable NFS mounts / firewall rules.

lewiz purple at lewiz.info
Mon Jun 30 23:33:35 PDT 2003


Hi,

  I have recently gotten around to setting up my laptop to play nicely
with dhclient (not as easy as it sounds).  I have a number of questions
I should like to ask.  I am going to provide a brief rundown of what I
would like to know, and more detail, for those interested.

1. Why does dhclient.conf ``ignore'' the media directive?
2. Can I have /different/ NFS mounts, depending on the IP address
   dhclient assigns to me?
3. Can I have /different/ firewall rules, depending on the IP address
   dhclient assigns to me?

  And now for the more through version:

Firstly, even though I specify ``media "media 10base2/BNC"'' in the
correct manner in the /etc/dhclient.conf file, why does dhclient fail to
switch the media to the BNC port?  I have been searching through the
dhclient-script file to no avail and the documentation is light on this
issue.  I have overcome the issue by putting ``/sbin/ifconfig ep0 media
10base2/BNC'' in /etc/start_if.ep0.

Secondly, having been playing with the ``new'' /etc/rc.d stuff in
5-RELEASE I have started to wonder how I might go about setting up a
nicely roaming laptop.
When I'm at home I am assigned a static IP by the DHCP server, which
serves as a way of determining my current location (although, if by
chance I were assigned the same address by another DHCP server, I would
run into troubles).  When at home I want to have certain NFS mounts
available to me (say, /usr/ports/distfiles and /usr/home.nfs).
When I am roaming and there is no assigned address, I have
/usr/home.ufs, which I want symlinked to /home to allow me to login.  I
synchronize /usr/home.ufs with the NFS home periodically.  I have a
local user account that I log on with whilst away from home.
Previously, I did this with a nasty hack in /etc/dhclient-exit-hooks (a
bit of grepping and gawking did the job to get the current IP, I
compared it to what I was expecting then mounted exports accordingly).
However, now that I have IPFIREWALL enabled this does not work, as the
firewall rules are loaded /after/ dhclient-exit-hooks are executed
(default to deny means there is no connectivity -- btw, how does
dhclient communicate?)  This led me to a second issue: while I am away,
I want much more stringent firewall rules (i.e. deny almost all, allow
me to establish out and allow DNS UDP requests).

My question is therefore: is it possible that I could write either a) a
new script to go in /etc/rc.d to perform different NFS mounting based on
my ``location'' (i.e. IP address -- unless anybody else can think of a
better, more robust way to do this (maybe some server checksum?)); or b)
modify an existing script (probably mountcritremote?) to include this
functionality.  Regardless of which method might be chosen: would I use
/etc/rc.conf to specify the options, or provide a custom configuration
file in /etc that the new script would use?
Furthermore, can the rc.firewall script be modified (or passed an
argument) that causes different firewall rules to be loaded depending on
my ``location'' (i.e. IP address, again)?

If anybody can provide any insight into this problem, preferably with an
idea of which files I might go modifying (please!) then I would do my
best to come up with some solution which might be of benefit to others
in a similar situation (if it exists).

  Sorry for such a bulky mail, I couldn't really find how else to cut it
down.  Many thanks!

-lewiz.

-- 
Welcome thy neighbor into thy fallout shelter.  He'll come in handy if
you run out of food.
		-- Dean McLaughlin.
------------------------------------------------------------------------
-| msn:purple at lewiz.net | jab:lewiz at jabber.org | url:http://lewiz.net |-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-mobile/attachments/20030701/6089fba7/attachment-0003.bin


More information about the freebsd-mobile mailing list