Problem with Network Manager/ Iptables etc

Derek Broughton news at pointerstop.ca
Mon Oct 2 16:31:51 UTC 2006 

Peter Garrett wrote:

> On Mon, 02 Oct 2006 09:29:54 -0300
> Derek Broughton <news at pointerstop.ca> wrote:
>>  
>> Agreed.  btw, the whole /etc/network/interfaces business is apparently
>> something debian or ubuntu introduced.  The vanilla upstream NM doesn't
>> care, but somebody wanted a way to force NM to ignore certain interfaces.
> 
> I don't quite understand this last paragraph - could you explain it a bit?

According to the folks on the network-manager list, it's strictly a
debian/ubuntu patch.  NM on Fedora or SuSE doesn't check this file - maybe
it doesn't even exist for them, but the important thing is that NM doesn't
do anything other than what those distro's users expect.  So every time
someone says NM doesn't see their wifi interface, the first question asked
is "are you using Debian or Ubuntu..."?

> There's another aspect of NM that I haven't worked out properly. The "new"
> Debian Way (tm) of using iptables apparently involves calling your
> iptables script from /etc/network/interfaces . On my desktop, which uses
> the interfaces file, this is pretty easy: - for instance you can call
> iptables as " pre-up" or "post-up" . I prefer the latter. I have no idea
> how this is best done using NM.

Afaik (and I was just in the process of making sure of this, as I dropped
whereami last week and need to get some things to run from NM or an
interface change), it still runs the /etc/network/if-up.d and if-down.d
scripts, so that seems the place to put them to me.

> Example: some of the IPs for which I want rules are not "static", or are
> not always on line ( irc.freenode.net for example has a variable set of
> IPs depending on which servers are available). Thus the easiest way to
> ensure that iptables finds the right IP for those addresses is to have the
> iptables script run immediately after connecting to the Net. 

Yes, I've always done that - from if-up.d/ and it still seems to run.
> 
> I'm an iptables beginner :)  Any ideas? No doubt I'm going about it the
> wrong way....

I'm an iptables-phobe - but I got my iptables configured with guarddog
(which creates all the rules specifying the local interface IPs, so needs
to be rerun everytime I move my laptop), and everything seems to work now -
including from NM.
-- 
derek

More information about the ubuntu-users mailing list