Mageia forum

[jiml8]

To do a particular job, I have added a dual nic card to my mageia workstation, giving me 3 ethernet interfaces.

I am connecting a VOIP phone directly to one of those nics because I need the traffic running through my box so that I can do things to it.

I installed and configured dhcpd, and it is working fine.

Binding the nic with the phone to my internet port is trivial - just one iptables rule, and when I need to I can reroute the data through my box (and through a VM that is in the box) without any difficulty.

However, I want my iptables rule to be automatically invoked when the system boots, so that the system comes up with the phone working. I have written iptables.rules into /etc and I suppose this will cause the rule to be loaded on boot, though I am not sure of that anymore. But I also have shorewall running on this system, and sorting out what it does is a freaking nightmare - and it keeps changing, from release to release.

Now, once upon a time, when we used sysV scripts, I would just have put my iptables rule into rc.local. Where/how do I put this rule in the approved systemd fashion, and can I easily make it a service or some such so that, on those occasions where I stop and restart shorewall I can also easily reinvoke this rule?

This actually is becoming a more general problem for me; I have a number of different rules that I invoke selectively, depending on what my particular needs are, and as a result, I have a number of different scripts that I have to keep sorted out. When I restart the firewall I then have to immediately (and manually) run several different scripts...and this new rule will be another script.

So, what is the approved systemd way to do this?

[doktor5000]

Now, once upon a time, when we used sysV scripts, I would just have put my iptables rule into rc.local. Where/how do I put this rule in the approved systemd fashion, and can I easily make it a service or some such so that, on those occasions where I stop and restart shorewall I can also easily reinvoke this rule?
[...]
So, what is the approved systemd way to do this?

You can still put the rules into /etc/rc.d/rc.local, and maybe you can even "restart" that to reapply.
But I've not clue what the approved way is, you should probably write a systemd unit for this.

https://wiki.archlinux.org/index.php/sy ... vice_files
http://www.freedesktop.org/software/sys ... .unit.html
http://patrakov.blogspot.de/2011/01/wri ... files.html

[jiml8]

There is no longer an rc.local script anyplace in /etc.

But you are saying that if I create one in rc.d it will be recognized and run? And run last, as was the sysV way?

[doktor5000]

Yes it is not present by default - check viewtopic.php?f=41&t=4734
and the related systemd unit:

Code: Select all

[doktor5000@Mageia4 ~]$ systemctl status rc-local.service
rc-local.service - /etc/rc.d/rc.local Compatibility
   Loaded: loaded (/usr/lib/systemd/system/rc-local.service; static)
   Active: inactive (dead)

For your questions: Yes, yes and yes - Ahh, and the file needs to be executable IIRC.

[jiml8]

Then that is what I shall do.

[doktor5000]

FWIW, would be nice if you can provide some feedback if restarting rc-local.service works as one might expect regarding your iptables rules.

[jiml8]

The rc.local file that I wrote consists of one line, just the iptables rule. So I am quite sure it will not work as a service restart. To make it work that way, I would have to construct the script in the format of the service scripts, with stop, start, restart, and perhaps status supported by appropriate code. It will be good enough for me, at present, to have it run when the system starts. If I have to re-generate the iptables rule at a later time (because I restarted shorewall, for instance) then I can just run it again.

[doktor5000]

Well, I'm not sure about that - maybe systemd handles that magically ...
As the real work is done by /usr/lib/systemd/system/rc-local.service and systemd itself, and it does attempt to restart if you tell it to.

[jiml8]

Code: Select all

root@dadsbox:jiml> cd /etc
root@dadsbox:etc> cat rc.d/rc.local
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to-source 192.168.0.2

root@dadsbox:etc> service rc.local restart
Cannot find rc.local service
Usage: service -[Rfshv] SERVICE ARGUMENTS
        -f|--full-restart:      Do a fullrestart of the service.
        -R|--full-restart-all:  Do a fullrestart of all running services.
        -s|--status-all:        Print a status of all services.
        --ignore-dependencies:  Do not start required systemd services
        --skip-redirect:        Do not redirect to systemd
        -d|--debug:             Launch with debug.
        -h|--help:              This help.

root@dadsbox:etc> ln -s /etc/rc.d/rc.local /etc/rc.d/init.d/rc.local
root@dadsbox:etc> service rc.local restart
root@dadsbox:etc> service rc.local stop   
root@dadsbox:etc>


So the service command DID find the rc.local "service". But it had no effect. stopping it did not remove the iptables rule, and restarting it presumably did nothing.

[jiml8]

As a followup on this, putting rc.local in /etc/rc.d and making it executable was the wrong thing for me to do.

I was forced to reboot my workstation last night, and it did not boot correctly. I needed it up, so I manually did some things which got it going, and I kept on going. Today, however, I discovered other problems as a consequence of the improper boot, so I rebooted again and then wound up diagnosing the boot problem.

Turns out that since I had placed my one line rc.local in rc.d AND made it executable, systemd was trying to execute it as a service...and failing. This "service" failed, then the startup continued, and the plymouth_quit_wait service failed, somehow as a result of the rc.local failure. This resulted in the dm service not being started. When I logged into a console and started dm manually, my desktop came up. However, somehow all my consoles were lost. This morning, I needed a console to diagnose a desktop problem and did not have one. So, knowing my bootup had been funky, I rebooted and did the troubleshooting, and this is what I found.

I removed the executable bit from rc.local and my system started fine. I then ran scripts to bind what I wanted bound. :shrug

[ozky]

You have to add this to first line of /etc/rc.d/rc.local.

Code: Select all

#!/bin/sh

http://kezhong.wordpress.com/2012/10/15 ... -rc-local/