6 Jun 2007

Firestarter, gnome-network-manager and 2 interfaces.

After a successful upgrade of my Desktop PCs from Eddy to Ubuntu Feisty Fawn it was time to upgrade my Laptop. Open Source Operating Systems on Laptops have always been a bit troublesome for me, due to the nature of exotic hardware components in many Laptops.

Because it was upgraded a couple of time already, I decided to do a fresh install. a fresh installation took about 15-20 minutes (and this is a 3 year old laptop). While on a nearly virgin system (i took my home partition over, so many gnome configs were migrated) I decided to solve a long standing problem on this machine; network configuration.

This Laptop (like most) has 2 Network interfaces, a gigabit ethernet NIC and a wireless NIC. I am almost always only using one interface at a time. Therefore I have become accustomed to firestarter and gnome-network-manager.

Firestarter is a simple firewall UI (and daemon) which is pretty handy if you do not have special firewalling needs. And gnome-network-manager is a daemon which tries to keep up your network conection whenever possible. Both tools offer a gnome try icon for easy access and up to date infos of the status of each (connectivity, firewall events).


(1st from left, network-manager, 3rd Firestarter)

The problem with this combo is, that firestarter can only manage 1 Interface at a time. Whenever switching to another interface, firestarter's config has to be adjusted. Fortunately firestarter's configuration is (as expected) a plain text file in /etc. Debian's interface configuration config allows scripts to be executed and many stages during interface initialisation and shutdown. With a little sed, this problem could be solved as follows.

Copy this script to /etc/network/firestarter. It will start/stop and reconfigure firestarter whenever an interface is brought up or down.

#!/bin/bash
# Description:      Remove routes to allow communication between machines which

if [[ "$IFACE" != "eth0" && "$IFACE" != "eth1" ]]; then
exit 0
fi

export PATH=/sbin:/bin:/usr/bin:$PATH;

#echo "firewall configuration ... $PHASE";

firestarter_init="/etc/init.d/firestarter";
fs_config="/etc/firestarter/configuration";
fs_config_tmp="/tmp/firestarter.conf";

# reconfigure firestarter's interface
function reconfigure_firestarter {
#echo "reconfiguring firestarter for $1 ...";
cat $fs_config | \
sed -e 's/IF=.*/IF="'$1'"/;s/INIF=.*/INIF="'$1'"/' > $fs_config_tmp && \
mv $fs_config_tmp $fs_config && \
chmod 440 $fs_config;
}

if [[ "$MODE" = "start" ]] ; then
reconfigure_firestarter $IFACE;
#echo "starting firestarter for interface $IFACE ...";
$firestarter_init start 2>&1 >/dev/null
#echo "fsstart";
exit 0;
fi
if [[ "$MODE" = "stop" ]] ; then
#echo "stopping firestarter for interface $IFACE ...";
$firestarter_init stop 2>&1 >/dev/null
#echo "fsstop";
exit 0;
fi

exit 1;

Then make sure all interfaces of concern are configured to use the firestarter configuration script. My /etc/network/interfaces looks like this:

auto eth0
iface eth0 inet dhcp
post-up /etc/network/firestarter
pre-down /etc/network/firestarter
auto eth1
iface eth1 inet dhcp
wireless-essid wundinet
post-up /etc/network/firestarter  pre-down /etc/network/firestarter

That's it.

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)