Re: RC Service Order

2009-09-16 Thread Nathan England 
Eric Cope wrote:
> Hello all,
> Does anyone know how to change the order in which services are started 
> using the rc script? My particular system is FreeBSD, but Linux is 
> similar (right?)?
> Eric

I will assume it is similar to slackware where a single script is used 
to load the system. I would suggest making several backup copies of the 
original, then use your favorite text editor and move things around in 
the script until you get your desired order... Obviously if one thing 
depends on another you might be up a creek, so keep a knoppix disc handy...

If you can be more specific we can too...

nathan
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: RC Service Order

2009-09-16 Thread JD Austin 
>From my understanding changing the number in /etc/rc.d/rc*.d/K* or
/etc/rc.d/rc*.d/S* changes the order.  If two have the same number they go
alphabetically.
--
JD Austin
Twin Geckos Technology Services LLC
j...@twingeckos.com
480.288.8195x201
http://www.twingeckos.com


Jonathan Swift
- "May you live every day of your life."

On Wed, Sep 16, 2009 at 6:21 PM, Eric Cope  wrote:

> Hello all,
> Does anyone know how to change the order in which services are started
> using the rc script? My particular system is FreeBSD, but Linux is similar
> (right?)?
> Eric
>
> --
> Eric Cope
> http://cope-et-al.com
>
> ---
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: RC Service Order

2009-09-16 Thread Eric Cope 
I need openvpn, then samba, and finally pf (packet filter). Its currently
the reverse order.
I know where the conf file is, where is the script?

Eric


On Wed, Sep 16, 2009 at 6:33 PM, Nathan England wrote:

> Eric Cope wrote:
> > Hello all,
> > Does anyone know how to change the order in which services are started
> > using the rc script? My particular system is FreeBSD, but Linux is
> > similar (right?)?
> > Eric
>
> I will assume it is similar to slackware where a single script is used
> to load the system. I would suggest making several backup copies of the
> original, then use your favorite text editor and move things around in
> the script until you get your desired order... Obviously if one thing
> depends on another you might be up a creek, so keep a knoppix disc handy...
>
> If you can be more specific we can too...
>
> nathan
> ---
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>


-- 
Eric Cope
http://cope-et-al.com
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: RC Service Order

2009-09-16 Thread Nathan England 
Eric Cope wrote:
> I need openvpn, then samba, and finally pf (packet filter). Its 
> currently the reverse order.
> I know where the conf file is, where is the script?
>
> Eric
>
usually it would be

  /etc/rc.sysinit
 /etc/rc.multi


look at your /etc/inittab file and it will tell you what script runs for 
what run level and maybe you can figure it out. Once you know, just re 
arrange the order of those services in the script.

nathan
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: RC Service Order

2009-09-16 Thread Craig White 
On Wed, 2009-09-16 at 18:38 -0700, Eric Cope wrote:
> I need openvpn, then samba, and finally pf (packet filter). Its
> currently the reverse order.
> I know where the conf file is, where is the script?

I don't know enough about BSD but in general, you want the packet filter
scripts to run early, even before network devices are up and running
because if you have a system hang in between starting the network
devices and the packet filtering, you have a very exposed system.

I would suspect that the reason you are wanting to fiddle with what is
probably an already well considered sequence is to try to get around a
problem that should probably be solved elsewhere.

It seems to me that having pf, samba and openvpn load in this order is
the logical way. Whatever problems you are experiencing are probably
best solved without tinkering with this.

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: RC Service Order

2009-09-16 Thread Ryan Rix 
JD Austin wrote:

> From my understanding changing the number in /etc/rc.d/rc*.d/K* or
> /etc/rc.d/rc*.d/S* changes the order.  If two have the same number they go
> alphabetically.

THis is correct.

> --
> JD Austin
> Twin Geckos Technology Services LLC
> j...@twingeckos.com
> 480.288.8195x201
> http://www.twingeckos.com
> 
> 
> Jonathan
> Swift -
> "May you live every day of your life."
> 
> On Wed, Sep 16, 2009 at 6:21 PM, Eric Cope  wrote:
> 
>> Hello all,
>> Does anyone know how to change the order in which services are started
>> using the rc script? My particular system is FreeBSD, but Linux is
>> similar (right?)?
>> Eric
>>
>> --
>> Eric Cope
>> http://cope-et-al.com
>>
>> ---
>> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>

-- 
Ryan Rix
(623)-826-0051

Please refrain from mailing me directly in replies, I am subsribing 
via GMane NNTP. Thank you.

Fortune:
Sic transit discus mundi
-- From the System Administrator's Guide, by Lars Wirzenius

http://hackersramblings.wordpress.com | http://identi.ca/phrkonaleash
XMPP: phrkonale...@gmail.com  | MSN: phrkonale...@yahoo.com
AIM:  phrkonaleash| Yahoo: phrkonaleash
IRC:  phrkon...@irc.freenode.net/#srcedit,#teensonlinux,#plugaz and
  countless other FOSS channels.


---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: RC Service Order

2009-09-16 Thread Nathan England 
Ryan Rix wrote:
> JD Austin wrote:
>
>   
>> From my understanding changing the number in /etc/rc.d/rc*.d/K* or
>> /etc/rc.d/rc*.d/S* changes the order.  If two have the same number they go
>> alphabetically.
>> 
>
> THis is correct.
>
>   
Yes, except in BSD they do not use SysV init scripts like you are 
expecting in rpm or deb based systems. BSD is based on a couple of 
scripts used to start all the services. You can add SysV init support, 
but by default...

nathan
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: RC Service Order

2009-09-16 Thread James Mcphee 
Why must all rc systems be different?  bleh.  Here's the link to freebsd's
stuff.  The dependency stuff at the bottom is what you're looking for.

http://www.freebsd.org/doc/en/books/handbook/configtuning-rcd.html

On Wed, Sep 16, 2009 at 8:01 PM, Nathan England wrote:

> Ryan Rix wrote:
> > JD Austin wrote:
> >
> >
> >> From my understanding changing the number in /etc/rc.d/rc*.d/K* or
> >> /etc/rc.d/rc*.d/S* changes the order.  If two have the same number they
> go
> >> alphabetically.
> >>
> >
> > THis is correct.
> >
> >
> Yes, except in BSD they do not use SysV init scripts like you are
> expecting in rpm or deb based systems. BSD is based on a couple of
> scripts used to start all the services. You can add SysV init support,
> but by default...
>
> nathan
> ---
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>



-- 
James McPhee
jmc...@gmail.com
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: RC Service Order

2009-09-16 Thread Eric Cope 
That was my concern. However, PF fails to start properly because the VPN TUN
interface isn't established yet. Have you had issues like this on other
systems?
Eric

On Wed, Sep 16, 2009 at 6:59 PM, Craig White  wrote:

> On Wed, 2009-09-16 at 18:38 -0700, Eric Cope wrote:
> > I need openvpn, then samba, and finally pf (packet filter). Its
> > currently the reverse order.
> > I know where the conf file is, where is the script?
> 
> I don't know enough about BSD but in general, you want the packet filter
> scripts to run early, even before network devices are up and running
> because if you have a system hang in between starting the network
> devices and the packet filtering, you have a very exposed system.
>
> I would suspect that the reason you are wanting to fiddle with what is
> probably an already well considered sequence is to try to get around a
> problem that should probably be solved elsewhere.
>
> It seems to me that having pf, samba and openvpn load in this order is
> the logical way. Whatever problems you are experiencing are probably
> best solved without tinkering with this.
>
> Craig
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> ---
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>



-- 
Eric Cope
http://cope-et-al.com
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: RC Service Order

2009-09-16 Thread Craig White 
I don't recall ever creating firewall rules for the tun or tap
interfaces.

Craig

On Wed, 2009-09-16 at 20:18 -0700, Eric Cope wrote:
> That was my concern. However, PF fails to start properly because the
> VPN TUN interface isn't established yet. Have you had issues like this
> on other systems?
> Eric
> 
> On Wed, Sep 16, 2009 at 6:59 PM, Craig White 
> wrote:
> On Wed, 2009-09-16 at 18:38 -0700, Eric Cope wrote:
> > I need openvpn, then samba, and finally pf (packet filter).
> Its
> > currently the reverse order.
> > I know where the conf file is, where is the script?
> 
> 
> I don't know enough about BSD but in general, you want the
> packet filter
> scripts to run early, even before network devices are up and
> running
> because if you have a system hang in between starting the
> network
> devices and the packet filtering, you have a very exposed
> system.
> 
> I would suspect that the reason you are wanting to fiddle with
> what is
> probably an already well considered sequence is to try to get
> around a
> problem that should probably be solved elsewhere.
> 
> It seems to me that having pf, samba and openvpn load in this
> order is
> the logical way. Whatever problems you are experiencing are
> probably
> best solved without tinkering with this.
> 
> Craig




-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: RC Service Order

2009-09-16 Thread Eric Cope 
is this because you can rely on the VPN to properly protect access to it
through the vpn mechanisms?
Eric

On Wed, Sep 16, 2009 at 8:23 PM, Craig White  wrote:

> I don't recall ever creating firewall rules for the tun or tap
> interfaces.
>
> Craig
>
> On Wed, 2009-09-16 at 20:18 -0700, Eric Cope wrote:
> > That was my concern. However, PF fails to start properly because the
> > VPN TUN interface isn't established yet. Have you had issues like this
> > on other systems?
> > Eric
> >
> > On Wed, Sep 16, 2009 at 6:59 PM, Craig White 
> > wrote:
> > On Wed, 2009-09-16 at 18:38 -0700, Eric Cope wrote:
> > > I need openvpn, then samba, and finally pf (packet filter).
> > Its
> > > currently the reverse order.
> > > I know where the conf file is, where is the script?
> >
> > 
> > I don't know enough about BSD but in general, you want the
> > packet filter
> > scripts to run early, even before network devices are up and
> > running
> > because if you have a system hang in between starting the
> > network
> > devices and the packet filtering, you have a very exposed
> > system.
> >
> > I would suspect that the reason you are wanting to fiddle with
> > what is
> > probably an already well considered sequence is to try to get
> > around a
> > problem that should probably be solved elsewhere.
> >
> > It seems to me that having pf, samba and openvpn load in this
> > order is
> > the logical way. Whatever problems you are experiencing are
> > probably
> > best solved without tinkering with this.
> >
> > Craig
>
>
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> ---
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>



-- 
Eric Cope
http://cope-et-al.com
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: RC Service Order

2009-09-16 Thread Nathan England 
Craig White wrote:
> I don't recall ever creating firewall rules for the tun or tap
> interfaces.
>
> Craig
>
> On Wed, 2009-09-16 at 20:18 -0700, Eric Cope wrote:
>   
>> That was my concern. However, PF fails to start properly because the
>> VPN TUN interface isn't established yet. Have you had issues like this
>> on other systems?
>> Eric
>> 

In my head, it seems that the network interfaces in general may not be 
up yet but the PF rules are loading okay. That means the device is 
found, though it has not been given instruction. Is it possible the 
modules for the tun and tap devices have not been loaded yet so the PF 
is failing because the devices do not exist yet?

Rather than moving anything around, can you add a line to your rc conf 
file to load the modules before the PF starts???

modprobe tun

Is there a module for tap? I don't recall off the top of my head.

nathan
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: RC Service Order

2009-09-16 Thread Eric Cope 
modprobe must be a linux thing. Its not found.
Eric

On Wed, Sep 16, 2009 at 8:30 PM, Nathan England wrote:

> Craig White wrote:
> > I don't recall ever creating firewall rules for the tun or tap
> > interfaces.
> >
> > Craig
> >
> > On Wed, 2009-09-16 at 20:18 -0700, Eric Cope wrote:
> >
> >> That was my concern. However, PF fails to start properly because the
> >> VPN TUN interface isn't established yet. Have you had issues like this
> >> on other systems?
> >> Eric
> >>
>
> In my head, it seems that the network interfaces in general may not be
> up yet but the PF rules are loading okay. That means the device is
> found, though it has not been given instruction. Is it possible the
> modules for the tun and tap devices have not been loaded yet so the PF
> is failing because the devices do not exist yet?
>
> Rather than moving anything around, can you add a line to your rc conf
> file to load the modules before the PF starts???
>
> modprobe tun
>
> Is there a module for tap? I don't recall off the top of my head.
>
> nathan
> ---
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>



-- 
Eric Cope
http://cope-et-al.com
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: RC Service Order

2009-09-16 Thread Nathan England 
Eric Cope wrote:
> is this because you can rely on the VPN to properly protect access to 
> it through the vpn mechanisms?
> Eric
That should never be a consideration when you think about it. Most of 
the attacks on systems come from INSIDE the network.

I have had systems across a VPN between tribal networks that were not 
allowed to communicate except a single machine on one side to a single 
machine on the other and we had rules in the VPN to control the traffic 
between those machines. There are lots of reasons for rules inside a 
tunnel but usually a tunnel is just between a single machine and some 
other device. In my case I had two VPN boxes connecting to networks...

nathan
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss