Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Pre-up doesn't work

Linux Kernel, Network, and Services configuration.
Post Reply
Message
Author
VHSt
Posts: 6
Joined: 2020-09-30 14:49

Pre-up doesn't work

#1 Post by VHSt »

Hi everyone,

I was following a recipe (https://blog.souvlaki.cf/posts/250420_homerouter/) and no matter what I always end up blocked at the same position: the "pre-up ip" commands are not accepted.
e.g.

Code: Select all

pre-up ip route add default via 10.10.10.1 dev veth0
and also

Code: Select all

pre-up iptables -t nat -A POSTROUTING -o veth0 -j MASQUERADE
They error (pre-up: command not found)
I've googled it, but cannot find any answer to this problem. When I add it to the /etc/network/interfaces file, and reboot, I don't find any error message (dmesg) but the instructions are not applied either.
In the end, the lanbr cannot be used to start my vm.
To me this is a chicken-vs-egg problem I can't get around while pre-up isn't accepted.
Any help is greatly appreciated. Let me know what you need from my system and I'll reply asap.

Thank you.

sgosnell
Posts: 975
Joined: 2011-03-14 01:49

Re: Pre-up doesn't work

#2 Post by sgosnell »

Google NAT rules. The tutorial says that you should add those lines to a NAT rule.
Take my advice, I'm not using it.

VHSt
Posts: 6
Joined: 2020-09-30 14:49

Re: Pre-up doesn't work

#3 Post by VHSt »

sgosnell wrote:The tutorial says that you should add those lines to a NAT rule
ok, what tutorial are you referencing then? I've googled a lot and came accross plenty of tutorials, also on NAT rules.
None really helped me further with this.

Thanks

sgosnell
Posts: 975
Joined: 2011-03-14 01:49

Re: Pre-up doesn't work

#4 Post by sgosnell »

The one you linked. https://blog.souvlaki.cf/posts/250420_homerouter/
As the management subnet and the LAN subnet are different, we will also configure a NAT rule on veth0.

pre-up ip route add default via 10.10.10.1 dev veth0
pre-up iptables -t nat -A POSTROUTING -o veth0 -j MASQUERADE
Take my advice, I'm not using it.

VHSt
Posts: 6
Joined: 2020-09-30 14:49

Re: Pre-up doesn't work

#5 Post by VHSt »

hmmm, sorry, I spent time loooking more things up, but I still don't understand you I'm afraid.

As soon as I activate these lines in /etc/network/interfaces, the lanbr no longer gets created.
If it doesn't work by entering them in this file nor gets it accepted if issuead as a command, how else should I get this to work?

Thank you,

Steven.

sgosnell
Posts: 975
Joined: 2011-03-14 01:49

Re: Pre-up doesn't work

#6 Post by sgosnell »

I'm no NAT expert, nor do I care to be. There is plenty of information about NAT and configuring its rules available on the internet.
Take my advice, I'm not using it.

p.H
Global Moderator
Global Moderator
Posts: 3049
Joined: 2017-09-17 07:12
Has thanked: 5 times
Been thanked: 132 times

Re: Pre-up doesn't work

#7 Post by p.H »

VHSt wrote:They error (pre-up: command not found)
How exactly do you get this error ?
"pre-up" is not a command. It is an option used in /etc/network/interfaces "iface" stanzas.
Note that commands in such options are run before the interface is configured and up but adding a route requires that the interface is configured enough to accept the route (e.g. the route gateway must be reachable).

Please post the full contents of /etc/network/interfaces.
VHSt wrote:sorry, I spent time loooking more things up, but I still don't understand you
There is no reason for being sorry. "add those lines to a NAT rule" just makes no sense.
sgosnell wrote:I'm no NAT expert, nor do I care to be
Obviously not.

VHSt
Posts: 6
Joined: 2020-09-30 14:49

Re: Pre-up doesn't work

#8 Post by VHSt »

Hi p.H

Here's the content you requested
It should match closely to what was written in that link of my first post.

Code: Select all

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug enp6s0
iface enp6s0 inet static
  address 192.168.2.5
  netmask 255.255.255.0

# This is an autoconfigured IPv6 interface
iface enp6s0 inet6 auto

# WAN interface
allow-hotplug enp1s0
iface enp1s0 inet manual

# WAN bridge
auto wanbr
iface wanbr inet dhcp
  bridge_ports enp1s0
  bridge_waitport 0    # no delay before a port becomes available
  bridge_fd 0          # no forwarding delay
  bridge_maxwait 0

# LAN interfaces
allow-hotplug enp2s0
iface enp1s0 inet manual

allow-hotplug enp3s0
iface enp1s0 inet manual

allow-hotplug enp4s0
iface enp1s0 inet manual

allow-hotplug enp5s0
iface enp1s0 inet manual

# LAN Bridge
auto lanbr
iface lanbr inet manual
  pre-up ip link add veth-p6 type veth peer name veth-lanbr
  pre-up ip addr add 192.168.1.5/24 dev veth-p6
  pre-up ip link set veth-p6 up
  pre-up ip link set veth-lanbr up
  post-up ip route add default via 192.168.1.1 dev veth-p6
  post-up iptables -t nat -A POSTROUTING -o veth-p6 -j MASQUERADE
  bridge_ports enp2s0 enp3s0 enp4s0 enp5s0 veth-lanbr
  bridge_waitport 0    # no delay before a port becomes available
  bridge_fd 0          # no forwarding delay
  bridge_maxwait 0
  bridge_stp on
What you wrote makes sense but I was wondering:
* The gateway 192.168.1.1 can't ever exist before startup of the host and it's networking since it runs as a vm under this host using this lanbr bridge.
Does the existence of the ip-address 192.168.1.5/24 (the veth-pair) not warrant enough the route creation to 192.168.1.1?
I suppose the route line is written here because of the pre-up reflecting on the lanbr and the other pre-ups entries (veth-pair etc).
* but why pre-up? I tried using post-up (in the code above), since at least it doesn't break the lanbr-creation but nor the route nor the NAT-rule are created in the end.

Thank you already for your insights.

Steven

VHSt
Posts: 6
Joined: 2020-09-30 14:49

Re: Pre-up doesn't work

#9 Post by VHSt »

small edit: the iptables can be entered as a command. So after startup finished, I could login and add those two mising lines manually.
- Adding the default route fails because there's already a default route which I have to delete first. It seems not t overwrite it with the new data.
- after issuing the iptables as a command, then trying to list it using

Code: Select all

iptables -L
I still don't see it.
Knowing that, I might have been wrong when I said that it didn't work with pre-up and... I have again more to look into.

I'll let it know if I find out more.

VHSt
Posts: 6
Joined: 2020-09-30 14:49

Re: Pre-up doesn't work

#10 Post by VHSt »

Hi all,

I got it working :D
I assume, the pre-up was a red harring to me.
Changes made:
I wrote the lanbr creation before the wanbr to avoid the creation of another default route earlier than the one I want to have.
listing the nat rule was found by entering

Code: Select all

sudo iptables -t nat -L -n -v 
That makes that my interfaces file now looks like this:

Code: Select all

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug enp6s0
iface enp6s0 inet static
  address 192.168.2.5
  netmask 255.255.255.0

# This is an autoconfigured IPv6 interface
iface enp6s0 inet6 auto

# LAN interfaces
allow-hotplug enp2s0
iface enp1s0 inet manual

allow-hotplug enp3s0
iface enp1s0 inet manual

allow-hotplug enp4s0
iface enp1s0 inet manual

allow-hotplug enp5s0
iface enp1s0 inet manual

# LAN Bridge
auto lanbr
iface lanbr inet manual
  pre-up ip link add veth-p6 type veth peer name veth-lanbr
  pre-up ip addr add 192.168.1.5/24 dev veth-p6
  pre-up ip link set veth-p6 up
  pre-up ip link set veth-lanbr up
  pre-up ip route add default via 192.168.1.1 dev veth-p6
  pre-up iptables -t nat -A POSTROUTING -o veth-p6 -j MASQUERADE
  bridge_ports enp2s0 enp3s0 enp4s0 enp5s0 veth-lanbr
  bridge_waitport 0    # no delay before a port becomes available
  bridge_fd 0          # no forwarding delay
  bridge_maxwait 0
  bridge_stp on

# WAN interface
allow-hotplug enp1s0
iface enp1s0 inet manual

# WAN bridge
auto wanbr
iface wanbr inet dhcp
  bridge_ports enp1s0
  bridge_waitport 0    # no delay before a port becomes available
  bridge_fd 0          # no forwarding delay
  bridge_maxwait 0
Many thanks for being a sounding board. :wink: :)

Post Reply