On Mon, 2 Mar 1998, Ian Perry wrote:
> I am trying to modify a route table dependant on which user logs in through
> a dial-up connection.
> viz: route add 192.168.1.1 eth0
>
> I have already got
>
> route add -net 192.168.0.0 netmask 255.255.0.0 lo
> to stop other users getting to the local network (other than what they are
> supposed to)
this is what the /etc/ppp/ip-up script is for.
e.g.
---cut here---
#!/bin/sh
#
# $Id: ip-up,v 1.1 1997/12/16 11:37:26 phil Exp $
#
# This script is run by the pppd after the link is established.
# It should be used to add routes, set IP address, run the mailq
# etc.
#
# This script is called with the following arguments:
# Arg Name Example
# $1 Interface name ppp0
# $2 The tty ttyS1
# $3 The link speed 38400
# $4 Local IP number 12.34.56.78
# $5 Peer IP number 12.34.56.99
case "$5" in
192.168.0.1) route add ..blah... ;;
192.168.0.2) ipfwadm -I ...... ;;
192.168.0.3) blah blah blah
blah line 2
blah line 3 ;;
esac
---cut here---
this example executes the "route add...." command if (and only if) the
remote IP address is 192.168.0.1.
it also has demonstrates a special ipfwadm (firewall/packet filter)
rule for 192.168.0.2. e.g. say you have a service running on one
of your machines which your users have to pay extra to get access
to...actually, you'd probably do this based on user name rather than IP
address - you could use $2 (the tty) to lookup the user name. you'd use
/etc/ppp/ip-down to delete the ipfwadm rule when the interface died.
the third case shows that multiple script lines can be executed for any
case - ";;" is used to end the case.
> I have set up the user's login shell to run the file to add the route and
> ip-down to remove the route.
this wont work.
> I get the error message:
>
> SIOCADDRT : Operation not permitted.
>
> I gather this is because the user is not root.
yep.
> Is there a way to safely change the routing table dependant on who logs in
> ?
>
> Any help would be appreciated.
/etc/ppp/ip-up is executed whenever a ppp interface goes up, and
/etc/ppp/ip-down is executed whenever a ppp interface goes down. These
files are often shell scripts, but they don't have to be....write them
in perl or C or whatever you like.
the debian ppp package comes with a sample script (similar to the
example above) which doesn't do anything.
craig
--
craig sanders
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] .
Trouble? e-mail to [EMAIL PROTECTED] .
