Problem with Network Manager/ Iptables etc
Peter Garrett
peter.garrett at optusnet.com.au
Mon Oct 2 19:21:13 UTC 2006
On Mon, 02 Oct 2006 13:31:51 -0300
Derek Broughton <news at pointerstop.ca> wrote:
> Peter Garrett wrote:
>
> > On Mon, 02 Oct 2006 09:29:54 -0300
> > Derek Broughton <news at pointerstop.ca> wrote:
> According to the folks on the network-manager list, it's strictly a
> debian/ubuntu patch. NM on Fedora or SuSE doesn't check this file - maybe
> it doesn't even exist for them, but the important thing is that NM doesn't
> do anything other than what those distro's users expect. So every time
> someone says NM doesn't see their wifi interface, the first question asked
> is "are you using Debian or Ubuntu..."?
Ah , OK - thanks for the clarification.
>
> > There's another aspect of NM that I haven't worked out properly. The "new"
> > Debian Way (tm) of using iptables apparently involves calling your
> > iptables script from /etc/network/interfaces . On my desktop, which uses
> > the interfaces file, this is pretty easy: - for instance you can call
> > iptables as " pre-up" or "post-up" . I prefer the latter. I have no idea
> > how this is best done using NM.
>
> Afaik (and I was just in the process of making sure of this, as I dropped
> whereami last week and need to get some things to run from NM or an
> interface change), it still runs the /etc/network/if-up.d and if-down.d
> scripts, so that seems the place to put them to me.
I'll try that.
[snip]
> > I'm an iptables beginner :) Any ideas? No doubt I'm going about it the
> > wrong way....
>
> I'm an iptables-phobe - but I got my iptables configured with guarddog
> (which creates all the rules specifying the local interface IPs, so needs
> to be rerun everytime I move my laptop), and everything seems to work now -
> including from NM.
I was an iptables-phobe too, until recently - but once you get the concept,
iptables is quite elegant. For me the problem was that every howto and
instruction page I found made it *much* more complex than it needed to be,
and most of the ready-made scripts strike me as huge overkill. For my
needs, an iptables script really only needs to be a few lines - perhaps a
dozen or so.
Once you have your policy worked out, and understand how the rule chains
work, it all drops into place quite easily. Of course, I'm talking about
simple needs here, not major sysadmin stuff...
Peter
More information about the ubuntu-users
mailing list