extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-25 17:13:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

Rename lsm->foolsm in MultiISP article

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2016-10-07 08:01:11 -07:00
parent b5e7e41708
commit 0bf5ca7e0c
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
1 changed files with 62 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

122
docs/MultiISP.xml
View File

@ -766,7 +766,7 @@ fi</programlisting>
provider interfaces as <emphasis role="bold">optional</emphasis> (<ulink provider interfaces as <emphasis role="bold">optional</emphasis> (<ulink
url="manpages/shorewall-interfaces.html">shorewall-interfaces(5)</ulink>) url="manpages/shorewall-interfaces.html">shorewall-interfaces(5)</ulink>)
then <link linkend="LinkMonitor">install and configure then <link linkend="LinkMonitor">install and configure
LSM</link>.</para> FOOLSM</link>.</para>
<para><ulink url="Shorewall-init.html">Shorewall-init</ulink> provides <para><ulink url="Shorewall-init.html">Shorewall-init</ulink> provides
for handling links that go hard down and are later brought back for handling links that go hard down and are later brought back
@ -926,7 +926,7 @@ eth1 0.0.0.0/0 130.252.99.27</programlisting>
</section> </section>
<section id="Example2"> <section id="Example2">
<title id="Example99"> Example using USE_DEFAULT_RT=Yes</title> <title id="Example99">Example using USE_DEFAULT_RT=Yes</title>
<para>This section shows the differences in configuring the above <para>This section shows the differences in configuring the above
example with USE_DEFAULT_RT=Yes. The changes are confined to the example with USE_DEFAULT_RT=Yes. The changes are confined to the
@ -1937,8 +1937,8 @@ if [ $2 != down ]; then
[ -f /var/lib/shorewall/eth0.info ] &amp;&amp; . /var/lib/shorewall/eth0.info [ -f /var/lib/shorewall/eth0.info ] &amp;&amp; . /var/lib/shorewall/eth0.info
if [ "$GATEWAYS" != "$ETH0_GATEWAY" -o "$IPADDR" != "$ETH0_ADDRESS" ]; then if [ "$GATEWAYS" != "$ETH0_GATEWAY" -o "$IPADDR" != "$ETH0_ADDRESS" ]; then
logger -p daemon.info "eth0 IP configuration changed - restarting lsm and Shorewall" logger -p daemon.info "eth0 IP configuration changed - restarting foolsm and Shorewall"
killall lsm killall foolsm
/sbin/shorewall restart /sbin/shorewall restart
fi fi
fi fi
@ -1953,9 +1953,9 @@ fi
</listitem> </listitem>
<listitem> <listitem>
<para>It assumes the use of <link linkend="lsm">LSM</link>; If <para>It assumes the use of <link linkend="lsm">FOOLSM</link>;
you aren't using lSM, you can change the log message and remove If you aren't using foolsm, you can change the log message and
the 'killall lsm'</para> remove the 'killall foolsm'</para>
</listitem> </listitem>
<listitem> <listitem>
@ -2090,9 +2090,9 @@ ComcastC 2 - - eth0 detect loose,fallback,load=0.33
<section id="LinkMonitor"> <section id="LinkMonitor">
<title>Gateway Monitoring and Failover</title> <title>Gateway Monitoring and Failover</title>
<para>There is an option (LSM) available for monitoring the status of <para>There is an option (FOOLSM) available for monitoring the status of
provider links and taking action when a failure occurs. LSM assumes that provider links and taking action when a failure occurs. FOOLSM assumes
each provider has a unique nexthop gateway.</para> that each provider has a unique nexthop gateway.</para>
<para>You specify the <option>optional</option> option in <para>You specify the <option>optional</option> option in
<filename>/etc/shorewall/interfaces</filename>:</para> <filename>/etc/shorewall/interfaces</filename>:</para>
@ -2102,7 +2102,7 @@ net eth0 detect <emphasis role="bold">optional</emphasis>
net eth1 detect <emphasis role="bold">optional</emphasis></programlisting> net eth1 detect <emphasis role="bold">optional</emphasis></programlisting>
<section id="lsm"> <section id="lsm">
<title>Link Status Monitor (LSM)</title> <title>Link Status Monitor (FOOLSM)</title>
<para><ulink url="http://lsm.foobar.fi/">Link Status Monitor</ulink> <para><ulink url="http://lsm.foobar.fi/">Link Status Monitor</ulink>
was written by Mika Ilmaranta &lt;ilmis at nullnet.fi&gt; and performs was written by Mika Ilmaranta &lt;ilmis at nullnet.fi&gt; and performs
@ -2116,19 +2116,25 @@ net eth1 detect <emphasis role="bold">optional</emphasis><
file</ulink>) before installing LSM.</para> file</ulink>) before installing LSM.</para>
</important> </important>
<para>Like many Open Source products, LSM is poorly documented. It's <important>
main configuration file is normally kept in <para>To avoid an achronym clash with <emphasis>Linux Security
<filename>/etc/lsm/lsm.conf</filename>, but the file's name is passed Module</emphasis>, the Link Status Monitor is now called
as an argument to the lsm program so you can name it anything you <emphasis>foolsm</emphasis>.</para>
want.</para> </important>
<para>The sample <filename>lsm.conf</filename> included with the <para>Like many Open Source products, FOOLSM is poorly documented.
It's main configuration file is normally kept in
<filename>/etc/foolsm/foolsm.conf</filename>, but the file's name is
passed as an argument to the foolsm program so you can name it
anything you want.</para>
<para>The sample <filename>foolsm.conf</filename> included with the
product shows some of the possibilities for configuration. One feature product shows some of the possibilities for configuration. One feature
that is not mentioned in the sample is that an "include" directive is that is not mentioned in the sample is that an "include" directive is
supported. This allows additional files to be sourced in from the main supported. This allows additional files to be sourced in from the main
configuration file.</para> configuration file.</para>
<para>LSM monitors the status of the links defined in its <para>FOOLSM monitors the status of the links defined in its
configuration file and runs a user-provided script when the status of configuration file and runs a user-provided script when the status of
a link changes. The script name is specified in the a link changes. The script name is specified in the
<firstterm>eventscript</firstterm> option in the configuration file. <firstterm>eventscript</firstterm> option in the configuration file.
@ -2175,33 +2181,33 @@ net eth1 detect <emphasis role="bold">optional</emphasis><
<para>It is the responsibility of the script to perform any action <para>It is the responsibility of the script to perform any action
needed in reaction to the connection state change. The default script needed in reaction to the connection state change. The default script
supplied with LSM composes an email and sends it to $5.</para> supplied with FOOLSM composes an email and sends it to $5.</para>
<para>I personally use LSM here at shorewall.net (configuration is <para>I personally use FOOLSM here at shorewall.net (configuration is
described <link linkend="Complete">below</link>). I have set things up described <link linkend="Complete">below</link>). I have set things up
so that:</para> so that:</para>
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para>Shorewall [re]starts lsm during processing of the <para>Shorewall [re]starts foolsm during processing of the
<command>start</command> and <command>restore</command> commands. <command>start</command> and <command>restore</command> commands.
I don't have Shorewall restart lsm during Shorewall I don't have Shorewall restart foolsm during Shorewall
<command>restart</command> because I restart Shorewall much more <command>restart</command> because I restart Shorewall much more
often than the average user is likely to do.</para> often than the average user is likely to do.</para>
</listitem> </listitem>
<listitem> <listitem>
<para>Shorewall starts lsm because I have a dynamic IP address <para>Shorewall starts foolsm because I have a dynamic IP address
from one of my providers (Comcast); Shorewall detects the default from one of my providers (Comcast); Shorewall detects the default
gateway to that provider and creates a secondary configuration gateway to that provider and creates a secondary configuration
file (<filename>/etc/lsm/shorewall.conf</filename>) that contains file (<filename>/etc/foolsm/shorewall.conf</filename>) that
the link configurations. That file is included by contains the link configurations. That file is included by
<filename>/etc/lsm/lsm.conf</filename>.</para> <filename>/etc/foolsm/foolsm.conf</filename>.</para>
</listitem> </listitem>
<listitem> <listitem>
<para>The script run by LSM during state change <para>The script run by FOOLSM during state change
(<filename>/etc/lsm/script) </filename>writes a<filename> (<filename>/etc/foolsm/script) </filename>writes a<filename>
${VARDIR}/xxx.status</filename> file when the status of an ${VARDIR}/xxx.status</filename> file when the status of an
interface changes. Those files are read by the interface changes. Those files are read by the
<filename>isusable</filename> extension script (see below).</para> <filename>isusable</filename> extension script (see below).</para>
@ -2224,7 +2230,7 @@ COM_IF=eth1</programlisting>
<programlisting>local status=0 <programlisting>local status=0
# #
# Read the status file (if any) created by /etc/lsm/script # Read the status file (if any) created by /etc/foolsm/script
# #
[ -f ${VARDIR}/${1}.status ] &amp;&amp; status=$(cat ${VARDIR}/${1}.status) [ -f ${VARDIR}/${1}.status ] &amp;&amp; status=$(cat ${VARDIR}/${1}.status)
@ -2233,22 +2239,22 @@ return $status</programlisting>
<para><filename>/etc/shorewall/lib.private</filename>:</para> <para><filename>/etc/shorewall/lib.private</filename>:</para>
<programlisting>############################################################################### <programlisting>###############################################################################
# Create /etc/lsm/shorewall.conf # Create /etc/foolsm/shorewall.conf
# Remove the current interface status files # Remove the current interface status files
# Start lsm # Start foolsm
############################################################################### ###############################################################################
start_lsm() { start_foolsm() {
# #
# Kill any existing lsm process(es) # Kill any existing foolsm process(es)
# #
killall lsm 2&gt; /dev/null killall foolsm 2&gt; /dev/null
# #
# Create the Shorewall-specific part of the LSM configuration. This file is # Create the Shorewall-specific part of the FOOLSM configuration. This file is
# included by /etc/lsm/lsm.conf # included by /etc/foolsm/foolsm.conf
# #
# Avvanta has a static gateway while Comcast's is dynamic # Avvanta has a static gateway while Comcast's is dynamic
# #
cat &lt;&lt;EOF &gt; /etc/lsm/shorewall.conf cat &lt;&lt;EOF &gt; /etc/foolsm/shorewall.conf
connection { connection {
name=Avvanta name=Avvanta
checkip=206.124.146.254 checkip=206.124.146.254
@ -2264,14 +2270,9 @@ connection {
} }
EOF EOF
# #
# Since LSM assumes that interfaces start in the 'up' state, remove any # Run FOOLSM -- by default, it forks into the background
# existing status files that might have an interface in the down state
# #
rm -f /var/lib/shorewall/*.status /usr/sbin/foolsm -c /etc/foolsm/foolsm.conf &gt;&gt; /var/log/foolsm
#
# Run LSM -- by default, it forks into the background
#
/usr/sbin/lsm -c /etc/lsm/lsm.conf &gt;&gt; /var/log/lsm
}</programlisting> }</programlisting>
<para>eth0 has a dynamic IP address so I need to use the <para>eth0 has a dynamic IP address so I need to use the
@ -2286,22 +2287,22 @@ EOF
<para><filename>/etc/shorewall/started</filename>:</para> <para><filename>/etc/shorewall/started</filename>:</para>
<programlisting>################################################################################## <programlisting>##################################################################################
# [re]start lsm if this is a 'start' command or if lsm isn't running # [re]start foolsm if this is a 'start' command or if foolsm isn't running
################################################################################## ##################################################################################
if [ "$COMMAND" = start -o -z "$(ps ax | grep 'lsm ' | grep -v 'grep ' )" ]; then if [ "$COMMAND" = start -o -z "$(ps ax | grep 'foolsm ' | grep -v 'grep ' )" ]; then
start_lsm start_foolsm
fi</programlisting> fi</programlisting>
<para><filename>/etc/shorewall/restored</filename>:</para> <para><filename>/etc/shorewall/restored</filename>:</para>
<programlisting>################################################################################## <programlisting>##################################################################################
# Start lsm if it isn't running # Start foolsm if it isn't running
################################################################################## ##################################################################################
if [ -z "$(ps ax | grep 'lsm ' | grep -v 'grep ' )" ]; then if [ -z "$(ps ax | grep 'foolsm ' | grep -v 'grep ' )" ]; then
start_lsm start_foolsm
fi</programlisting> fi</programlisting>
<para><filename>/etc/lsm/lsm.conf</filename>:</para> <para><filename>/etc/foolsm/foolsm.conf</filename>:</para>
<programlisting># <programlisting>#
# Defaults for the connection entries # Defaults for the connection entries
@ -2309,7 +2310,7 @@ fi</programlisting>
defaults { defaults {
name=defaults name=defaults
checkip=127.0.0.1 checkip=127.0.0.1
eventscript=/etc/lsm/script eventscript=/etc/foolsm/script
max_packet_loss=20 max_packet_loss=20
max_successive_pkts_lost=7 max_successive_pkts_lost=7
min_packet_loss=5 min_packet_loss=5
@ -2322,10 +2323,11 @@ defaults {
ttl=0 ttl=0
} }
include /etc/lsm/shorewall.conf</programlisting> include /etc/foolsm/shorewall.conf</programlisting>
<para><filename>/etc/lsm/script</filename> (Shorewall 4.4.23 and later <para><filename>/etc/foolsm/script</filename> (Shorewall 4.4.23 and
- note that this script must be executable by root)<programlisting>#!/bin/sh later - note that this script must be executable by
root)<programlisting>#!/bin/sh
# #
# (C) 2009 Mika Ilmaranta &lt;ilmis@nullnet.fi&gt; # (C) 2009 Mika Ilmaranta &lt;ilmis@nullnet.fi&gt;
# (C) 2009 Tom Eastep &lt;teastep@shorewall.net&gt; # (C) 2009 Tom Eastep &lt;teastep@shorewall.net&gt;
@ -2382,7 +2384,7 @@ cons_wait = ${CONS_WAIT} consecutive packets waiting for reply
cons_miss = ${CONS_MISS} consecutive packets that have timed out cons_miss = ${CONS_MISS} consecutive packets that have timed out
avg_rtt = ${AVG_RTT} average rtt, notice that waiting and timed out packets have rtt = 0 when calculating this avg_rtt = ${AVG_RTT} average rtt, notice that waiting and timed out packets have rtt = 0 when calculating this
Your LSM Daemon Your FOOLSM Daemon
EOM EOM
@ -2394,7 +2396,7 @@ else
${VARDIR}/firewall disable ${DEVICE} ${VARDIR}/firewall disable ${DEVICE}
fi fi
$TOOL show routing &gt;&gt; /var/log/lsm $TOOL show routing &gt;&gt; /var/log/foolsm
exit 0 exit 0
@ -2457,7 +2459,7 @@ cons_wait = ${CONS_WAIT} consecutive packets waiting for reply
cons_miss = ${CONS_MISS} consecutive packets that have timed out cons_miss = ${CONS_MISS} consecutive packets that have timed out
avg_rtt = ${AVG_RTT} average rtt, notice that waiting and timed out packets have rtt = 0 when calculating this avg_rtt = ${AVG_RTT} average rtt, notice that waiting and timed out packets have rtt = 0 when calculating this
Your LSM Daemon Your FOOLSM Daemon
EOM EOM
@ -2466,9 +2468,9 @@ EOM
# [ ${STATE} = up ] &amp;&amp; state=0 || state=1 # [ ${STATE} = up ] &amp;&amp; state=0 || state=1
# echo $state &gt; ${VARDIR}/${DEVICE}.status # echo $state &gt; ${VARDIR}/${DEVICE}.status
<emphasis role="bold">$TOOL restart -f &gt;&gt; /var/log/lsm 2&gt;&amp;1</emphasis> <emphasis role="bold">$TOOL restart -f &gt;&gt; /var/log/foolsm 2&gt;&amp;1</emphasis>
$TOOL show routing &gt;&gt; /var/log/lsm $TOOL show routing &gt;&gt; /var/log/foolsm
exit 0 exit 0