defaultroute revision 49122
125184Sjkh#!/bin/sh - 225184Sjkh# 349122Sbrian# $Id: rc.network,v 1.51 1999/07/26 10:49:31 brian Exp $ 425184Sjkh# From: @(#)netstart 5.9 (Berkeley) 3/30/91 525184Sjkh 625184Sjkh# Note that almost all the user-configurable behavior is no longer in 725184Sjkh# this file, but rather in /etc/rc.conf. Please check that file 825184Sjkh# first before contemplating any changes here. If you do need to change 925184Sjkh# this file for some reason, we would like to know about it. 1025184Sjkh 1125184Sjkh# First pass startup stuff. 1225184Sjkh 1325184Sjkhnetwork_pass1() { 1425184Sjkh echo -n 'Doing initial network setup:' 1525184Sjkh # Set the host name if it is not already set 1625184Sjkh if [ -z "`hostname -s`" ] ; then 1725184Sjkh hostname $hostname 1825184Sjkh echo -n ' hostname' 1925184Sjkh fi 2025184Sjkh 2125184Sjkh # Set the domainname if we're using NIS 2225184Sjkh if [ -n "$nisdomainname" -a "x$nisdomainname" != "xNO" ] ; then 2325184Sjkh domainname $nisdomainname 2425184Sjkh echo -n ' domain' 2525184Sjkh fi 2625184Sjkh echo '.' 2725184Sjkh 2840006Sphk # Initial ATM interface configuration 2940006Sphk if [ "X${atm_enable}" = X"YES" -a -f /etc/rc.atm ]; then 3040006Sphk . /etc/rc.atm 3140006Sphk atm_pass1 3240006Sphk fi 3340006Sphk 3442621Shm # ISDN subsystem startup 3542621Shm if [ "X${isdn_enable}" = X"YES" -a -f /etc/rc.isdn ]; then 3642621Shm . /etc/rc.isdn 3742621Shm fi 3842621Shm 3942627Sjoerg # Special options for sppp(4) interfaces go here. These need 4042627Sjoerg # to go _before_ the general ifconfig section, since in the case 4142627Sjoerg # of hardwired (no link1 flag) but required authentication, you 4242627Sjoerg # cannot pass auth parameters down to the already running interface. 4342627Sjoerg for ifn in ${sppp_interfaces}; do 4442627Sjoerg eval spppcontrol_args=\$spppconfig_${ifn} 4542627Sjoerg if [ -n "${spppcontrol_args}" ] ; then 4642627Sjoerg # The auth secrets might contain spaces; in order 4742627Sjoerg # to retain the quotation, we need to eval them 4842627Sjoerg # here. 4942627Sjoerg eval spppcontrol ${ifn} ${spppcontrol_args} 5042627Sjoerg fi 5142627Sjoerg done 5242627Sjoerg 5325184Sjkh # Set up all the network interfaces, calling startup scripts if needed 5448687Speter if [ "x${network_interfaces}" = "xauto" ]; then 5548687Speter network_interfaces="`ifconfig -l`" 5648687Speter fi 5748687Speter for ifn in ${network_interfaces}; do 5848662Speter showstat=false 5925184Sjkh if [ -e /etc/start_if.${ifn} ]; then 6033682Sbrian . /etc/start_if.${ifn} 6148662Speter showstat=true 6225184Sjkh fi 6325184Sjkh # Do the primary ifconfig if specified 6425184Sjkh eval ifconfig_args=\$ifconfig_${ifn} 6525184Sjkh if [ -n "${ifconfig_args}" ] ; then 6648842Sjkh # See if we are using DHCP 6748842Sjkh if [ X"${ifconfig_args}" = X"DHCP" ]; then 6848842Sjkh ${dhcp_program} ${dhcp_flags} ${ifn} 6948842Sjkh else 7048842Sjkh ifconfig ${ifn} ${ifconfig_args} 7148842Sjkh fi 7248662Speter showstat=true 7325184Sjkh fi 7425184Sjkh # Check to see if aliases need to be added 7525184Sjkh alias=0 7625184Sjkh while : 7725184Sjkh do 7825184Sjkh eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} 7925184Sjkh if [ -n "${ifconfig_args}" ]; then 8025184Sjkh ifconfig ${ifn} ${ifconfig_args} alias 8148662Speter showstat=true 8225184Sjkh alias=`expr ${alias} + 1` 8325184Sjkh else 8425184Sjkh break; 8525184Sjkh fi 8625184Sjkh done 8725184Sjkh # Do ipx address if specified 8825184Sjkh eval ifconfig_args=\$ifconfig_${ifn}_ipx 8925184Sjkh if [ -n "${ifconfig_args}" ]; then 9025184Sjkh ifconfig ${ifn} ${ifconfig_args} 9148662Speter showstat=true 9225184Sjkh fi 9348662Speter if [ "${showstat}" = "true" ] 9448662Speter then 9548662Speter ifconfig ${ifn} 9648662Speter fi 9725184Sjkh done 9829300Sdanny 9949122Sbrian # Warm up user ppp if required, must happen before natd. 10049122Sbrian if [ "X$ppp_enable" = X"YES" ]; then 10149122Sbrian # Establish ppp mode. 10249122Sbrian if [ "X$ppp_mode" != X"ddial" -a "X$ppp_mode" != X"direct" \ 10349122Sbrian -a "X$ppp_mode" != X"dedicated" ]; then \ 10449122Sbrian ppp_mode="auto"; 10549122Sbrian fi 10649122Sbrian ppp_command="-${ppp_mode} "; 10749122Sbrian 10849122Sbrian # Switch on alias mode? 10949122Sbrian if [ "X$ppp_alias" = X"YES" ]; then 11049122Sbrian ppp_command="${ppp_command} -alias"; 11149122Sbrian fi 11249122Sbrian 11349122Sbrian echo -n 'Starting ppp: '; ppp ${ppp_command} ${ppp_profile} 11449122Sbrian fi 11549122Sbrian 11629300Sdanny # Initialize IP filtering using ipfw 11729300Sdanny echo "" 11829300Sdanny /sbin/ipfw -q flush > /dev/null 2>&1 11932382Salex if [ $? = 0 ] ; then 12032382Salex firewall_in_kernel=1 12132382Salex else 12229300Sdanny firewall_in_kernel=0 12329300Sdanny fi 12429300Sdanny 12529300Sdanny if [ $firewall_in_kernel = 0 -a "x$firewall_enable" = "xYES" ] ; then 12641077Speter if kldload ipfw; then 12729300Sdanny firewall_in_kernel=1 # module loaded successfully 12829300Sdanny echo "Kernel firewall module loaded." 12929300Sdanny else 13029300Sdanny echo "Warning: firewall kernel module failed to load." 13129300Sdanny fi 13229300Sdanny fi 13329300Sdanny 13429300Sdanny # Load the filters if required 13529300Sdanny if [ $firewall_in_kernel = 1 ]; then 13645542Sdes if [ -z "${firewall_script}" ] ; then 13745542Sdes firewall_script="/etc/rc.firewall" 13845542Sdes fi 13945542Sdes if [ -f ${firewall_script} -a X"$firewall_enable" = X"YES" ]; then 14045542Sdes . ${firewall_script} 14145622Sbrian echo -n 'Firewall rules loaded, starting divert daemons:' 14244992Sbrian 14344992Sbrian # Network Address Translation daemon 14444992Sbrian if [ X"${natd_enable}" = X"YES" -a -n "${natd_interface}" ]; then 14544992Sbrian if echo ${natd_interface} | \ 14644992Sbrian grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then 14744992Sbrian natd_ifarg="-a ${natd_interface}" 14844992Sbrian else 14944992Sbrian natd_ifarg="-n ${natd_interface}" 15044992Sbrian fi 15144992Sbrian echo -n ' natd'; ${natd_program} ${natd_flags} ${natd_ifarg} 15244992Sbrian fi 15344992Sbrian echo '.' 15429300Sdanny else 15533337Salex IPFW_DEFAULT=`ipfw l 65535` 15633337Salex if [ "$IPFW_DEFAULT" = "65535 deny ip from any to any" ]; then 15733149Salex echo -n "Warning: kernel has firewall functionality, " 15833149Salex echo "but firewall rules are not enabled." 15933149Salex echo " All ip services are disabled." 16033149Salex fi 16129300Sdanny fi 16225184Sjkh fi 16325184Sjkh 16440006Sphk # Additional ATM interface configuration 16540006Sphk if [ -n "${atm_pass1_done}" ]; then 16640006Sphk atm_pass2 16740006Sphk fi 16840006Sphk 16929300Sdanny # Configure routing 17029300Sdanny 17125184Sjkh if [ "x$defaultrouter" != "xNO" ] ; then 17225184Sjkh static_routes="default ${static_routes}" 17325184Sjkh route_default="default ${defaultrouter}" 17425184Sjkh fi 17525184Sjkh 17625184Sjkh # Set up any static routes. This should be done before router discovery. 17725184Sjkh if [ "x${static_routes}" != "x" ]; then 17825184Sjkh for i in ${static_routes}; do 17925184Sjkh eval route_args=\$route_${i} 18025184Sjkh route add ${route_args} 18125184Sjkh done 18225184Sjkh fi 18325184Sjkh 18425184Sjkh echo -n 'Additional routing options:' 18527218Spst if [ -n "$tcp_extensions" -a "x$tcp_extensions" != "xYES" ] ; then 18627218Spst echo -n ' tcp extensions=NO' 18747755Sbde sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 18827218Spst fi 18927218Spst 19045096Simp if [ -n "$log_in_vain" -a "x$log_in_vain" != "xNO" ] ; then 19145096Simp echo -n ' log_in_vain=YES' 19247755Sbde sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null 19347755Sbde sysctl -w net.inet.udp.log_in_vain=1 >/dev/null 19445096Simp fi 19545096Simp 19639267Sjkoshy if [ X"$icmp_bmcastecho" = X"YES" ]; then 19739267Sjkoshy echo -n ' broadcast ping responses=YES' 19847755Sbde sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 19939267Sjkoshy fi 20039267Sjkoshy 20125184Sjkh if [ "X$gateway_enable" = X"YES" ]; then 20225365Sjkh echo -n ' IP gateway=YES' 20347755Sbde sysctl -w net.inet.ip.forwarding=1 >/dev/null 20425184Sjkh fi 20525184Sjkh 20633439Sguido if [ "X$forward_sourceroute" = X"YES" ]; then 20733439Sguido echo -n ' do source routing=YES' 20847755Sbde sysctl -w net.inet.ip.sourceroute=1 >/dev/null 20933439Sguido fi 21033439Sguido 21133439Sguido if [ "X$accept_sourceroute" = X"YES" ]; then 21233439Sguido echo -n ' accept source routing=YES' 21347755Sbde sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null 21433439Sguido fi 21533439Sguido 21647752Sphk if [ "X$tcp_keepalive" = X"YES" ]; then 21747752Sphk echo -n ' TCP keepalive=YES' 21847755Sbde sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null 21947752Sphk fi 22047752Sphk 22125184Sjkh if [ "X$ipxgateway_enable" = X"YES" ]; then 22225365Sjkh echo -n ' IPX gateway=YES' 22347755Sbde sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null 22425184Sjkh fi 22525184Sjkh 22636174Sjkh if [ "X$arpproxy_all" = X"YES" ]; then 22747755Sbde echo -n ' ARP proxyall=YES' 22847755Sbde sysctl -w net.link.ether.inet.proxyall=1 >/dev/null 22936174Sjkh fi 23036174Sjkh echo '.' 23136174Sjkh 23236174Sjkh echo -n 'routing daemons:' 23336174Sjkh if [ "X$router_enable" = X"YES" ]; then 23436174Sjkh echo -n " ${router}"; ${router} ${router_flags} 23536174Sjkh fi 23636174Sjkh 23725184Sjkh if [ "X$ipxrouted_enable" = X"YES" ]; then 23836174Sjkh echo -n ' IPXrouted' 23925184Sjkh IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 24025184Sjkh fi 24125765Sjkh 24236174Sjkh if [ "X${mrouted_enable}" = X"YES" ]; then 24336174Sjkh echo -n ' mrouted'; mrouted ${mrouted_flags} 24425765Sjkh fi 24536174Sjkh 24634395Sjkh if [ "X$rarpd_enable" = X"YES" ]; then 24734395Sjkh echo -n ' rarpd'; rarpd ${rarpd_flags} 24834395Sjkh fi 24925184Sjkh echo '.' 25025184Sjkh network_pass1_done=YES # Let future generations know we made it. 25125184Sjkh} 25225184Sjkh 25325184Sjkhnetwork_pass2() { 25425184Sjkh echo -n 'Doing additional network setup:' 25525184Sjkh if [ "X${named_enable}" = X"YES" ]; then 25632949Swollman echo -n ' named'; ${named_program-"named"} ${named_flags} 25725184Sjkh fi 25825184Sjkh 25931472Sobrien if [ "X${ntpdate_enable}" = X"YES" ]; then 26035787Sandreas echo -n ' ntpdate'; ${ntpdate_program} ${ntpdate_flags} >/dev/null 2>&1 26131472Sobrien fi 26225184Sjkh 26331472Sobrien if [ "X${xntpd_enable}" = X"YES" ]; then 26435787Sandreas echo -n ' xntpd'; ${xntpd_program} ${xntpd_flags} 26525184Sjkh fi 26625184Sjkh 26725184Sjkh if [ "X${timed_enable}" = X"YES" ]; then 26825184Sjkh echo -n ' timed'; timed ${timed_flags} 26925184Sjkh fi 27025184Sjkh 27125184Sjkh if [ "X${portmap_enable}" = X"YES" ]; then 27244668Sjfitz echo -n ' portmap'; ${portmap_program} ${portmap_flags} 27325184Sjkh fi 27425184Sjkh 27525184Sjkh # Start ypserv if we're an NIS server. 27625184Sjkh # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. 27725184Sjkh if [ "X${nis_server_enable}" = X"YES" ]; then 27825184Sjkh echo -n ' ypserv'; ypserv ${nis_server_flags} 27925184Sjkh 28025184Sjkh if [ "X${nis_ypxfrd_enable}" = X"YES" ]; then 28125184Sjkh echo -n ' rpc.ypxfrd'; rpc.ypxfrd ${nis_ypxfrd_flags} 28225184Sjkh fi 28325184Sjkh 28425184Sjkh if [ "X${nis_yppasswdd_enable}" = X"YES" ]; then 28525184Sjkh echo -n ' rpc.yppasswdd'; rpc.yppasswdd ${nis_yppasswdd_flags} 28625184Sjkh fi 28725184Sjkh fi 28825184Sjkh 28925184Sjkh # Start ypbind if we're an NIS client 29025184Sjkh if [ "X${nis_client_enable}" = X"YES" ]; then 29125184Sjkh echo -n ' ypbind'; ypbind ${nis_client_flags} 29225184Sjkh if [ "X${nis_ypset_enable}" = X"YES" ]; then 29325184Sjkh echo -n ' ypset'; ypset ${nis_ypset_flags} 29425184Sjkh fi 29525184Sjkh fi 29625184Sjkh 29735149Smarkm # Start keyserv if we are running Secure RPC 29835149Smarkm if [ "X${keyserv_enable}" = X"YES" ]; then 29935149Smarkm echo -n ' keyserv'; keyserv ${keyserv_flags} 30035149Smarkm fi 30135149Smarkm # Start ypupdated if we are running Secure RPC and we are NIS master 30235149Smarkm if [ "X$rpc_ypupdated_enable" = X"YES" ]; then 30335149Smarkm echo -n ' rpc.ypupdated'; rpc.ypupdated 30435149Smarkm fi 30535149Smarkm 30640006Sphk # Start ATM daemons 30740006Sphk if [ -n "${atm_pass2_done}" ]; then 30840006Sphk atm_pass3 30940006Sphk fi 31040006Sphk 31125184Sjkh echo '.' 31225184Sjkh network_pass2_done=YES 31325184Sjkh} 31425184Sjkh 31525184Sjkhnetwork_pass3() { 31625184Sjkh echo -n 'Starting final network daemons:' 31725184Sjkh 31825184Sjkh if [ "X${nfs_server_enable}" = X"YES" -a -r /etc/exports ]; then 31925184Sjkh echo -n ' mountd' 32025184Sjkh if [ "X${weak_mountd_authentication}" = X"YES" ]; then 32125184Sjkh mountd_flags="-n" 32225184Sjkh fi 32325184Sjkh mountd ${mountd_flags} 32425184Sjkh if [ "X${nfs_reserved_port_only}" = X"YES" ]; then 32547755Sbde echo -n ' NFS on reserved port only=YES' 32647755Sbde sysctl -w vfs.nfs.nfs_privport=1 >/dev/null 32725184Sjkh fi 32825916Sjkh echo -n ' nfsd'; nfsd ${nfs_server_flags} 32925184Sjkh if [ "X$rpc_lockd_enable" = X"YES" ]; then 33025184Sjkh echo -n ' rpc.lockd'; rpc.lockd 33125184Sjkh fi 33225184Sjkh if [ "X$rpc_statd_enable" = X"YES" ]; then 33325184Sjkh echo -n ' rpc.statd'; rpc.statd 33425184Sjkh fi 33525184Sjkh fi 33625184Sjkh 33725184Sjkh if [ "X${nfs_client_enable}" = X"YES" ]; then 33825916Sjkh echo -n ' nfsiod'; nfsiod ${nfs_client_flags} 33941371Sjkoshy if [ "X${nfs_access_cache}" != X ]; then 34047755Sbde echo -n " NFS access cache time=${nfs_access_cache}" 34141371Sjkoshy sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} \ 34247755Sbde >/dev/null 34341185Smsmith fi 34425184Sjkh fi 34525184Sjkh 34625184Sjkh if [ "X${amd_enable}" = X"YES" ]; then 34725184Sjkh echo -n ' amd' 34835459Sphk if [ "X${amd_map_program}" != X"NO" ]; then 34939380Scracauer amd_flags="${amd_flags} `eval ${amd_map_program}`" 35035459Sphk fi 35147838Sbrian if [ -n "$amd_flags" ] 35247838Sbrian then 35347838Sbrian amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null 35447838Sbrian else 35547838Sbrian amd 2> /dev/null 35647838Sbrian fi 35725184Sjkh fi 35825184Sjkh 35925184Sjkh if [ "X${rwhod_enable}" = X"YES" ]; then 36042270Sjkh echo -n ' rwhod'; rwhod ${rwhod_flags} 36125184Sjkh fi 36225184Sjkh 36325184Sjkh # Kerberos runs ONLY on the Kerberos server machine 36425184Sjkh if [ "X${kerberos_server_enable}" = X"YES" ]; then 36531033Ssef if [ "X${kerberos_stash}" = "XYES" ]; then 36631033Ssef stash_flag=-n 36731033Ssef else 36831033Ssef stash_flag= 36931033Ssef fi 37031033Ssef echo -n ' kerberos'; \ 37138316Sphk kerberos ${stash_flag} >> /var/log/kerberos.log & 37231033Ssef if [ "X${kadmind_server_enable}" = "XYES" ]; then 37331033Ssef echo -n ' kadmind'; \ 37438316Sphk (sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) & 37531033Ssef fi 37631033Ssef unset stash_flag 37725184Sjkh fi 37825184Sjkh 37925184Sjkh echo '.' 38025184Sjkh network_pass3_done=YES 38125184Sjkh} 382