Problem with Network Manager/ Iptables etc
Peter Garrett
peter.garrett at optusnet.com.au
Mon Oct 2 14:21:25 UTC 2006
On Mon, 02 Oct 2006 09:29:54 -0300
Derek Broughton <news at pointerstop.ca> wrote:
> It is. It's _mostly_ ready for primetime - now that my wireless interface
> seems to be working again, I'll be using it fulltime, but for a month it's
> been flaky.
> >>
> >> When it works, it's very nice. It's a bit temperamental at times, it
> >> seems...
>
> Agreed. btw, the whole /etc/network/interfaces business is apparently
> something debian or ubuntu introduced. The vanilla upstream NM doesn't
> care, but somebody wanted a way to force NM to ignore certain interfaces.
I don't quite understand this last paragraph - could you explain it a bit?
There's another aspect of NM that I haven't worked out properly. The "new"
Debian Way (tm) of using iptables apparently involves calling your iptables
script from /etc/network/interfaces . On my desktop, which uses the
interfaces file, this is pretty easy: - for instance you can call iptables
as " pre-up" or "post-up" . I prefer the latter. I have no idea how this
is best done using NM.
Example: some of the IPs for which I want rules are not "static", or are
not always on line ( irc.freenode.net for example has a variable set of
IPs depending on which servers are available). Thus the easiest way to
ensure that iptables finds the right IP for those addresses is to have the
iptables script run immediately after connecting to the Net. That way the
IPs are resolved for the time at which you connect on your laptop.
Something like
iptables -P INPUT DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
..........
........
iptables -A INPUT -s irc.freenode.net -p tcp --dport 113 -j ACCEPT
for the auth port, which I only use for freenode.
I'm an iptables beginner :) Any ideas? No doubt I'm going about it the
wrong way....
Peter
More information about the ubuntu-users
mailing list