old-www/HOWTO/Cipe+Masq-8.html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
 <META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9">
 <TITLE>The Linux Cipe+Masquerading mini-HOWTO: Putting it all together</TITLE>
 <LINK HREF="Cipe+Masq-9.html" REL=next>
 <LINK HREF="Cipe+Masq-7.html" REL=previous>
 <LINK HREF="Cipe+Masq.html#toc8" REL=contents>
</HEAD>
<BODY>
<A HREF="Cipe+Masq-9.html">Next</A>
<A HREF="Cipe+Masq-7.html">Previous</A>
<A HREF="Cipe+Masq.html#toc8">Contents</A>
<HR>
<H2><A NAME="s8">8. Putting it all together</A></H2>

<P>This is an example rc.local script to start everything when your system
boots.  It will add spoofing protection in the kernel if you are using a
2.2 kernel, setup the masquerading firewall policies, and start the cipe
interface(s). 
<P>
<BLOCKQUOTE><CODE>
<HR>
<PRE>

#!/bin/bash 
#4/4/99 
#an example rc.local script 
#Send questions or comments to acj@home.com 

echo 

#Set up spoof protection in kernel -- from IPChains HOWTO by Paul Russell 

#this is only for the newer 2.1/2.2 kernels 

#if [ -e /proc/sys/net/ipv4/conf/all/rp_filter ]; then 
#   echo -n "Setting up IP spoofing protection..." 
#   for f in /proc/sys/net/ipv4/conf/*/rp_filter; do 
#       echo 1 > $f 
#   done 
#   echo "done." 
#else 
#   echo PROBLEMS SETTING UP IP SPOOFING PROTECTION.  BE WORRIED. 
#   echo "CONTROL-D will exit from this shell and continue system startup." 
#   echo 
#   # Start a single user shell on the console 
#   /sbin/sulogin $CONSOLE 
#fi 

echo 

#Setup firewall policies 
if [ -x /etc/rc.d/rc.firewall ]; then 
        echo Setting up firewall packet filtering policies. 
        echo 
        . /etc/rc.d/rc.firewall 
fi 

#Start cipe interfaces 
if [ -x /etc/rc.d/rc.cipe ]; then 
        echo Starting VPN interfaces. 
        . /etc/rc.d/rc.cipe 
fi 

exit 0 
</PRE>
<HR>
</CODE></BLOCKQUOTE>
<P>
<P>
<HR>
<A HREF="Cipe+Masq-9.html">Next</A>
<A HREF="Cipe+Masq-7.html">Previous</A>
<A HREF="Cipe+Masq.html#toc8">Contents</A>
</BODY>
</HTML>