Saving policy routes and rules

Greetings, all… I need to set a series of policy routes and routing rules in openSUSE 12.1, and I’m looking for advice on how best to achieve persistence across reboots, i.e., which script(s) to use.

Examples:

Set default route for alias IP:

ip route add 10.10.70.0/24 dev eth0 src 10.10.70.38 table alias4
ip route add default via 10.10.70.254 dev eth0 table alias4

Related rules:

ip rule add from 10.10.70.38/32 table alias4
ip rule add to 10.10.70.38/32 table alias4

Additional tos rule for proxied traffic from Squid:

ip rule add tos 0x0c table alias4

Any help is greatly appreciated.

Thanks!

On Sat, 07 Jul 2012 00:46:02 +0000, Rachelsdad wrote:

> Greetings, all… I need to set a series of policy routes and routing
> rules in openSUSE 12.1, and I’m looking for advice on how best to
> achieve persistence across reboots, i.e., which script(s) to use.
> Examples: Set default route for alias IP: ip route add 10.10.70.0/24
> dev eth0 src 10.10.70.38 table alias4 ip route add default via
> 10.10.70.254 dev eth0 table alias4 Related rules: ip rule add from
> 10.10.70.38/32 table alias4 ip rule add to 10.10.70.38/32 table alias4
> Additional tos rule for proxied traffic from Squid: ip rule add tos
> 0x0c table alias4 Any help is greatly appreciated. Thanks!

Have a look at /etc/rc.d/after.local - looks like that might be a good
candidate.

I would probably test to make sure that the current runlevel is 3 or 5
(both being runlevels that have networking enabled).

Jim


Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

On 2012-07-07 02:46, Rachelsdad wrote:
>
> Greetings, all… I need to set a series of policy routes and routing
> rules in openSUSE 12.1, and I’m looking for advice on how best to
> achieve persistence across reboots, i.e., which script(s) to use.
> Examples: Set default route for alias IP: ip route add 10.10.70.0/24
> dev eth0 src 10.10.70.38 table alias4 ip route add default via
> 10.10.70.254 dev eth0 table alias4 Related rules: ip rule add from
> 10.10.70.38/32 table alias4 ip rule add to 10.10.70.38/32 table alias4
> Additional tos rule for proxied traffic from Squid: ip rule add tos
> 0x0c table alias4 Any help is greatly appreciated. Thanks!

Routes can be added with YaST, and I thought they were stored in
/etc/sysconfig/network/routes, but I have reason to suspect that’s not the
full truth.


Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)

Thanks, Jim. I’ll give that a shot.


Lewis

Lewis G Rosenthal, CNA, CLP, CLE, CWTS
Rosenthal & Rosenthal, LLC www.2rosenthals.com
Need a managed Wi-Fi hotspot? www.hautspot.com
visit my IT blog www.2rosenthals.net/wordpress

On 2012-07-07 02:57, Jim Henderson wrote:

> Have a look at /etc/rc.d/after.local - looks like that might be a good
> candidate.

No, IMO that’s not a good idea for routes; they would not be applied if you
stop/start the network later. You have to use network hooks.


Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)

So, Carlos, you think it best to add the route statements to /etc/sysconfig/network/scripts/…what? ifup-route? And what about the other policy rules?

FWIW, I can only see how to create/save standard static routes via YaST, not policy routes

TIA


Lewis

Lewis G Rosenthal, CNA, CLP, CLE, CWTS
Rosenthal & Rosenthal, LLC

On 2012-07-07 16:36, Rachelsdad wrote:
>
> So, Carlos, you think it best to add the route statements to
> /etc/sysconfig/network/scripts/…what? ifup-route? And what about the
> other policy rules?

The routes can simply be written in /etc/sysconfig/network/routes:


192.168.1.129 192.168.1.1 255.255.255.255 eth0
default 192.168.1.1 - -

You can also have other files like routes.eth0 (I think) to have those
routes loaded when that particular interface is loaded.

The scripts that run on network up are stored in
“/etc/sysconfig/network/if-up.d/”, but I’m unsure of the naming convention.
They place there symlinks to the scripts directory, or local scripts.


Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)

On 07/07/12 11:03 am, Carlos E. R. thus wrote :
> On 2012-07-07 16:36, Rachelsdad wrote:
>>
>> So, Carlos, you think it best to add the route statements to
>> /etc/sysconfig/network/scripts/…what? ifup-route? And what about the
>> other policy rules?
>
> The routes can simply be written in /etc/sysconfig/network/routes:
>
>


> 192.168.1.129 192.168.1.1 255.255.255.255 eth0
> default 192.168.1.1 - -
> 

>
> You can also have other files like routes.eth0 (I think) to have those
> routes loaded when that particular interface is loaded.
>
> The scripts that run on network up are stored in
> “/etc/sysconfig/network/if-up.d/”, but I’m unsure of the naming convention.
> They place there symlinks to the scripts directory, or local scripts.
>
[Ahh… NNTP access…]

I’ll give /etc/sysconfig/network/routes a shot first. It would be great
if there was a How-To on this type of stuff (and it would also be great
if this wasn’t so distro-specific).

Thanks for the tip. Now to find a good place for the other rules. I
looked in if-up.d, and found:

21-dhcpd-hook-samba
50-ntp
ndp-proxy
SuSEfirewall2

Looks like I have some more hunting to do. :wink:

Cheers


Lewis

Lewis G Rosenthal, CNA, CLP, CLE, CWTS
Rosenthal & Rosenthal, LLC
visit my IT blog www.2rosenthals.net/wordpress

On 2012-07-07 17:19, Lewis G Rosenthal wrote:
> On 07/07/12 11:03 am, Carlos E. R. thus wrote :

>>
> [Ahh… NNTP access…]

Hehe - you found it :slight_smile:

> I’ll give /etc/sysconfig/network/routes a shot first. It would be great
> if there was a How-To on this type of stuff (and it would also be great
> if this wasn’t so distro-specific).

Hummmm…

openSUSE Docs

Chapter 9.6 of the reference book documents the scripts :slight_smile:

>
> Thanks for the tip. Now to find a good place for the other rules. I
> looked in if-up.d, and found:
>
> 21-dhcpd-hook-samba
> 50-ntp
> ndp-proxy
> SuSEfirewall2

I think that you can simply add your script there, taking one of those as a
base.


Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)

On 07/07/12 02:03 pm, Carlos E. R. thus wrote :
> On 2012-07-07 17:19, Lewis G Rosenthal wrote:
>> On 07/07/12 11:03 am, Carlos E. R. thus wrote :
>
>>>
>> [Ahh… NNTP access…]
>
> Hehe - you found it :slight_smile:
>
:wink:

>> I’ll give /etc/sysconfig/network/routes a shot first. It would be great
>> if there was a How-To on this type of stuff (and it would also be great
>> if this wasn’t so distro-specific).
>
> Hummmm…
>
> openSUSE Docs
>
> Chapter 9.6 of the reference book documents the scripts :slight_smile:
>
Thanks!

>>
>> Thanks for the tip. Now to find a good place for the other rules. I
>> looked in if-up.d, and found:
>>
>> 21-dhcpd-hook-samba
>> 50-ntp
>> ndp-proxy
>> SuSEfirewall2
>
> I think that you can simply add your script there, taking one of those as a
> base.
>
Gotcha. Now to get my ToS values working (see thread subject: Unable to
set various tos values (RTNETLINK answers: Invalid argument)).

Thanks so much, Carlos. Much appreciated.


Lewis

Lewis G Rosenthal, CNA, CLP, CLE, CWTS
Rosenthal & Rosenthal, LLC
visit my IT blog www.2rosenthals.net/wordpress

On 2012-07-08 21:00, Lewis G Rosenthal wrote:
> Gotcha. Now to get my ToS values working (see thread subject: Unable to
> set various tos values (RTNETLINK answers: Invalid argument)).

Yes, I saw it. No idea about that, sorry.

> Thanks so much, Carlos. Much appreciated.

Welcome :slight_smile:


Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)

Totally agree. There are some talks about /etc/sysconfig and stuff like that not being distro specific but I don’t see any work being done towards that goal.