I'm having some trouble understanding the startup sequence relating to ethernet interfaces, ip_forward, etc...

I'm running Mandrake 8.1 as a gateway for another machine. I have two ethernet interfaces (eth0 to DSL modem, eth1 to hub serving "internal" machines) in the Linux box. I configured Roaring Penguin for my PPPoE service, and all ran well the first time I configured everything, after I remembered to set /proc/sys/net/ipv4/ip_forward to 1.

Next time I rebooted, nothing worked. After some trial and error (and completely by accident), I found that I had to run commands manually in the following order:

1) Set /proc/sys/net/ipv4/ip_forward to 1
2) Bring down both ethernet interfaces (through ifconfig down)
3) Bring up both ethernet interfaces (ifconfig up)
4) Start adsl connection
5) Run firewall script

Of course, I wanted to automate this. I modified /etc/sysconfig/network and changed forward_ipv4 to "true". I then added a couple of lines at the end of rc.local to bring up the DSL connection, then run the firewall script.

Unfortunately, it didn't work. Although it appears that things run in the proper order when observing the boot sequence, I must still give it a push by doing the above after the machine boots. Unless it is done, the machine acts as if nothing can go through. Sooo....what am I missing? I was a little confused with the rabbit trails in the startup config files, so maybe something has been placed improperly. Can anyone shed some light on this?

Thanks!

Are your ethercards cards set to startup during boot?

Have a look at /etc/sysconfig/network-scripts/ifcfg-eth0 to see if it contains ONBOOT="yes"

#!/bin/sh
#>>>Device type: ethernet
#>>>Variable declarations:
DEVICE="eth0"
IPADDR="192.168.1.4"
NETMASK="255.255.255.0"
NETWORK="192.168.1.0"
BROADCAST="192.168.1.255"
GATEWAY="192.168.1.1"
ONBOOT="yes"
DYNAMIC=""
#>>>End variable declarations

Also do the same for eth1.

If that doesn't help, could you please descibe what you have added to rc.local etc.

Yes, both cards are set to start up on boot per ifcfg-ethx.

I found that Mandrake automatically runs a file called "rc.firewall", if it exists, from rc.sysinit. I removed (through comment) this entry, as my rc.firewall is set to ascertain interface IP addresses that are obtained through DHCP from the DSL connection. As the "adsl-start" command has not been run to this point in the startup process, I didn't want to run the file at this time.

After that, I added the following to rc.local:

./[path]/adsl-start -- Which starts my DSL connection

./etc/rc.d/rc.firewall -- Which runs my firewall

So... I assume that the initialization scripts handle setting IP_FORWARD and interface startup in the correct order. This appears to be true both in observing the startup sequence, and browsing the files. After than, rc.local takes care of starting the DSL connection and running the firewall script. For some reason, it doesn't work. Masq'ed connections don't work, and I can't even ping an outside machine from the gateway. However, if I bring the interfaces down, bring them back up, then re-run the firewall script, everything purrs.

That has been confirmed with my latest edit. I modified rc.local, and placed the following immediately before the adsl-start script:

ifconfig eth0 down
ifconfig eth1 down
ifconfig eth0 up
ifconfig eth1 up

That works, but feels like something of a crock. Looking for an elegant solution, and trying to understand what is going on.

Thanks!

The on boot should be set to no for the DSL nic,
along with no ip, etc, the adsl-start script should bring it up for you.

DEVICE="eth0"
IPADDR=""
NETMASK=""
NETWORK=""
BROADCAST=""
GATEWAY=""
ONBOOT="no"

That should save you the ifconfig part...

add "Set /proc/sys/net/ipv4/ip_forward to 1"
to the firewall script.

Give that a spin and see how it goes...

Master, thou art truly wise. ;)

Works like a champ. I may do some prodding later to figure out what happened. I think it was something with the external card not getting the gateway on boot, since it came up before the DSL connection. Either way, removing eth0 on boot and letting the DSL script activate it works great.

Many thanks for your help! I have learned quite a bit about the boot sequence through this and looking through rc.sysinit.

With the detailed explanation that you gave of what you tried made life much easier. At least you tried to fix it on your own, you just needed a push in the right direction. That info is in roaring penguin' how-to -connect file. HINT: Check for a /etc/rc.d/init.d/adsl file, if present do a 'chkconfig --add adsl' then you can start it like a service....