Integrating ipmasq with whatever system you use to connect
networks is a simple matter of running /usr/sbin/ipmasq when ever
the routing changes or an interface goes up or down.
ipmasq installs a script in the /etc/init.d
directory, and uses update-rc.d to install symlinks into
/etc/rcS.d. ipmasq starts at 46, while
ipmasq-kmod starts at 47. This is to make sure that
/usr is mounted and available (NFS mounts are mounted at position
45 in the boot sequence).
The package ipmasq installs scripts into the ip-up
and ip-down mechanism of pppd. These scripts check
for the presence of a file (/etc/ipmasq/ppp) before running
/usr/sbin/ipmasq. Remove this file to not have
ipmasq run when pppd brings the link up or down.
Please note that doing so is not recommended.
Diald is a system which allows a link to be brought up and down based on network traffic. Diald accomplishes this bit of routing prestidigitation by setting up a proxy SLIP interface to be the system's default route and monitoring traffic on that interface.
On Debian systems, diald (by default) starts in runlevel 2, while
ipmasq starts during the boot process (technically, runlevel S).
ipmasq runs first, and intializes a firewall that does not include
the proxy route. diald then starts, and creates a new route
without informing ipmasq that the underlying routing has changed.
As a result of the firewall not including the proxy route, no packets will be
sent along the proxy, and diald will not bring the link up.
To solve this problem, invokations of /usr/sbin/ipmasq must be
added to two (or four, depending on your undelying connection) scripts.
/usr/sbin/ipmasq must be added to your addroute and
delroute scripts. This will cause ipmasq to
re-evaluate the firewall when the proxy interface is established and removed.
Also, if your system does not utilize PPP, it must be added to your
ipup and ipdown scripts. (If your system uses PPP,
the facilities in place for using pppd will handle it. For more
information, see PPP, Section 4.2.)
Hopefully, future versions of the Debian diald package will use a
setup where other packages can drop scripts in a directory to have them run
when diald runs a script. ipmasq will support this scheme when
implemented.
The pcmcia-cs package provides a mechanism for running programs
after a PC Card network card interface is initialized and before it is taken
down. Simply add a call to ipmasq in start_fn and
stop_fn of /etc/pcmcia/network.opts, as shown in the
example below:
------ Begin /etc/pcmcia/network.opts -------
# Network adapter configuration
#
# The address format is "scheme,socket,instance,hwaddr".
#
# Note: the "network address" here is NOT the same as the IP address.
# See the Networking HOWTO. In short, the network address is the IP
# address masked by the netmask.
#
case "$ADDRESS" in
*,*,*,*)
# Transceiver selection, for some cards -- see 'man ifport'
IF_PORT=""
# Use BOOTP? [y/n]
BOOTP="n"
# Use DHCP? [y/n]
DHCP="y"
# Use DHCLIENT? [y/n]
DHCLIENT="n"
# Host's IP address, netmask, network address, broadcast address
IPADDR=""
NETMASK="255.255.255.0"
NETWORK="1.2.0.0"
BROADCAST="1.2.255.255"
# Gateway address for static routing
GATEWAY="1.2.0.1"
# Things to add to /etc/resolv.conf for this interface
DOMAIN=""
SEARCH="eecs.wsu.edu"
# The nameserver IP addresses specified here complement the
# nameservers already defined in /etc/resolv.conf. These nameservers
# will be added to /etc/resolv.conf automatically when the PCMCIA
# network connection is established and removed from this file when
# the connection is broken.
DNS_1=""
DNS_2=""
DNS_3=""
# NFS mounts, should be listed in /etc/fstab
MOUNTS=""
# For IPX interfaces, the frame type and network number
IPX_FRAME=""
IPX_NETNUM=""
# Extra stuff to do after setting up the interface
start_fn () { /usr/sbin/ipmasq; return; }
# Extra stuff to do before shutting down the interface
stop_fn () { /usr/sbin/dhcpcd-sv -k; /usr/sbin/ipmasq --rules /etc/ipmasq/ipmasq-down; return; }
;;
esac
------- End /etc/pcmcia/network.opts --------
Please note that this is needed only if you have a PC Card network card. A PC
Card modem will typically use pppd. For more information about
setting up pppd, please see PPP, Section 4.2.
brianb@debian.org