Pre-up doesn't work

Kernels & Hardware, configuring network, installing services

Pre-up doesn't work

Postby VHSt » 2020-09-30 15:28

Hi everyone,

I was following a recipe (https://blog.souvlaki.cf/posts/250420_homerouter/) and no matter what I always end up blocked at the same position: the "pre-up ip" commands are not accepted.
e.g.
Code: Select all
pre-up ip route add default via 10.10.10.1 dev veth0

and also
Code: Select all
pre-up iptables -t nat -A POSTROUTING -o veth0 -j MASQUERADE

They error (pre-up: command not found)
I've googled it, but cannot find any answer to this problem. When I add it to the /etc/network/interfaces file, and reboot, I don't find any error message (dmesg) but the instructions are not applied either.
In the end, the lanbr cannot be used to start my vm.
To me this is a chicken-vs-egg problem I can't get around while pre-up isn't accepted.
Any help is greatly appreciated. Let me know what you need from my system and I'll reply asap.

Thank you.
VHSt
 
Posts: 6
Joined: 2020-09-30 14:49

Re: Pre-up doesn't work

Postby sgosnell » 2020-09-30 18:16

Google NAT rules. The tutorial says that you should add those lines to a NAT rule.
Take my advice, I'm not using it.
sgosnell
 
Posts: 905
Joined: 2011-03-14 01:49

Re: Pre-up doesn't work

Postby VHSt » 2020-09-30 19:35

sgosnell wrote:The tutorial says that you should add those lines to a NAT rule


ok, what tutorial are you referencing then? I've googled a lot and came accross plenty of tutorials, also on NAT rules.
None really helped me further with this.

Thanks
VHSt
 
Posts: 6
Joined: 2020-09-30 14:49

Re: Pre-up doesn't work

Postby sgosnell » 2020-09-30 21:56

The one you linked. https://blog.souvlaki.cf/posts/250420_homerouter/
As the management subnet and the LAN subnet are different, we will also configure a NAT rule on veth0.

pre-up ip route add default via 10.10.10.1 dev veth0
pre-up iptables -t nat -A POSTROUTING -o veth0 -j MASQUERADE
Take my advice, I'm not using it.
sgosnell
 
Posts: 905
Joined: 2011-03-14 01:49

Re: Pre-up doesn't work

Postby VHSt » 2020-10-02 07:19

hmmm, sorry, I spent time loooking more things up, but I still don't understand you I'm afraid.

As soon as I activate these lines in /etc/network/interfaces, the lanbr no longer gets created.
If it doesn't work by entering them in this file nor gets it accepted if issuead as a command, how else should I get this to work?

Thank you,

Steven.
VHSt
 
Posts: 6
Joined: 2020-09-30 14:49

Re: Pre-up doesn't work

Postby sgosnell » 2020-10-02 14:59

I'm no NAT expert, nor do I care to be. There is plenty of information about NAT and configuring its rules available on the internet.
Take my advice, I'm not using it.
sgosnell
 
Posts: 905
Joined: 2011-03-14 01:49

Re: Pre-up doesn't work

Postby p.H » 2020-10-03 11:47

VHSt wrote:They error (pre-up: command not found)

How exactly do you get this error ?
"pre-up" is not a command. It is an option used in /etc/network/interfaces "iface" stanzas.
Note that commands in such options are run before the interface is configured and up but adding a route requires that the interface is configured enough to accept the route (e.g. the route gateway must be reachable).

Please post the full contents of /etc/network/interfaces.

VHSt wrote:sorry, I spent time loooking more things up, but I still don't understand you

There is no reason for being sorry. "add those lines to a NAT rule" just makes no sense.

sgosnell wrote:I'm no NAT expert, nor do I care to be

Obviously not.
p.H
 
Posts: 1514
Joined: 2017-09-17 07:12

Re: Pre-up doesn't work

Postby VHSt » 2020-10-05 07:55

Hi p.H

Here's the content you requested
It should match closely to what was written in that link of my first post.

Code: Select all
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug enp6s0
iface enp6s0 inet static
  address 192.168.2.5
  netmask 255.255.255.0

# This is an autoconfigured IPv6 interface
iface enp6s0 inet6 auto

# WAN interface
allow-hotplug enp1s0
iface enp1s0 inet manual

# WAN bridge
auto wanbr
iface wanbr inet dhcp
  bridge_ports enp1s0
  bridge_waitport 0    # no delay before a port becomes available
  bridge_fd 0          # no forwarding delay
  bridge_maxwait 0

# LAN interfaces
allow-hotplug enp2s0
iface enp1s0 inet manual

allow-hotplug enp3s0
iface enp1s0 inet manual

allow-hotplug enp4s0
iface enp1s0 inet manual

allow-hotplug enp5s0
iface enp1s0 inet manual

# LAN Bridge
auto lanbr
iface lanbr inet manual
  pre-up ip link add veth-p6 type veth peer name veth-lanbr
  pre-up ip addr add 192.168.1.5/24 dev veth-p6
  pre-up ip link set veth-p6 up
  pre-up ip link set veth-lanbr up
  post-up ip route add default via 192.168.1.1 dev veth-p6
  post-up iptables -t nat -A POSTROUTING -o veth-p6 -j MASQUERADE
  bridge_ports enp2s0 enp3s0 enp4s0 enp5s0 veth-lanbr
  bridge_waitport 0    # no delay before a port becomes available
  bridge_fd 0          # no forwarding delay
  bridge_maxwait 0
  bridge_stp on

What you wrote makes sense but I was wondering:
* The gateway 192.168.1.1 can't ever exist before startup of the host and it's networking since it runs as a vm under this host using this lanbr bridge.
Does the existence of the ip-address 192.168.1.5/24 (the veth-pair) not warrant enough the route creation to 192.168.1.1?
I suppose the route line is written here because of the pre-up reflecting on the lanbr and the other pre-ups entries (veth-pair etc).
* but why pre-up? I tried using post-up (in the code above), since at least it doesn't break the lanbr-creation but nor the route nor the NAT-rule are created in the end.

Thank you already for your insights.

Steven
VHSt
 
Posts: 6
Joined: 2020-09-30 14:49

Re: Pre-up doesn't work

Postby VHSt » 2020-10-05 08:09

small edit: the iptables can be entered as a command. So after startup finished, I could login and add those two mising lines manually.
- Adding the default route fails because there's already a default route which I have to delete first. It seems not t overwrite it with the new data.
- after issuing the iptables as a command, then trying to list it using
Code: Select all
iptables -L
I still don't see it.
Knowing that, I might have been wrong when I said that it didn't work with pre-up and... I have again more to look into.

I'll let it know if I find out more.
VHSt
 
Posts: 6
Joined: 2020-09-30 14:49

Re: Pre-up doesn't work

Postby VHSt » 2020-10-05 08:37

Hi all,

I got it working :D
I assume, the pre-up was a red harring to me.
Changes made:
I wrote the lanbr creation before the wanbr to avoid the creation of another default route earlier than the one I want to have.
listing the nat rule was found by entering
Code: Select all
sudo iptables -t nat -L -n -v

That makes that my interfaces file now looks like this:
Code: Select all
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug enp6s0
iface enp6s0 inet static
  address 192.168.2.5
  netmask 255.255.255.0

# This is an autoconfigured IPv6 interface
iface enp6s0 inet6 auto

# LAN interfaces
allow-hotplug enp2s0
iface enp1s0 inet manual

allow-hotplug enp3s0
iface enp1s0 inet manual

allow-hotplug enp4s0
iface enp1s0 inet manual

allow-hotplug enp5s0
iface enp1s0 inet manual

# LAN Bridge
auto lanbr
iface lanbr inet manual
  pre-up ip link add veth-p6 type veth peer name veth-lanbr
  pre-up ip addr add 192.168.1.5/24 dev veth-p6
  pre-up ip link set veth-p6 up
  pre-up ip link set veth-lanbr up
  pre-up ip route add default via 192.168.1.1 dev veth-p6
  pre-up iptables -t nat -A POSTROUTING -o veth-p6 -j MASQUERADE
  bridge_ports enp2s0 enp3s0 enp4s0 enp5s0 veth-lanbr
  bridge_waitport 0    # no delay before a port becomes available
  bridge_fd 0          # no forwarding delay
  bridge_maxwait 0
  bridge_stp on

# WAN interface
allow-hotplug enp1s0
iface enp1s0 inet manual

# WAN bridge
auto wanbr
iface wanbr inet dhcp
  bridge_ports enp1s0
  bridge_waitport 0    # no delay before a port becomes available
  bridge_fd 0          # no forwarding delay
  bridge_maxwait 0

Many thanks for being a sounding board. :wink: :)
VHSt
 
Posts: 6
Joined: 2020-09-30 14:49


Return to System configuration

Who is online

Users browsing this forum: No registered users and 11 guests

fashionable