defaultroute revision 49122 
125184Sjkh#!/bin/sh -
225184Sjkh#
349122Sbrian#	$Id: rc.network,v 1.51 1999/07/26 10:49:31 brian Exp $
425184Sjkh#	From: @(#)netstart	5.9 (Berkeley) 3/30/91
525184Sjkh
625184Sjkh# Note that almost all the user-configurable behavior is no longer in
725184Sjkh# this file, but rather in /etc/rc.conf.  Please check that file
825184Sjkh# first before contemplating any changes here.  If you do need to change
925184Sjkh# this file for some reason, we would like to know about it.
1025184Sjkh
1125184Sjkh# First pass startup stuff.
1225184Sjkh
1325184Sjkhnetwork_pass1() {
1425184Sjkh    echo -n 'Doing initial network setup:'
1525184Sjkh    # Set the host name if it is not already set
1625184Sjkh    if [ -z "`hostname -s`" ] ; then
1725184Sjkh	    hostname $hostname
1825184Sjkh	    echo -n ' hostname'
1925184Sjkh    fi
2025184Sjkh
2125184Sjkh    # Set the domainname if we're using NIS
2225184Sjkh    if [ -n "$nisdomainname" -a "x$nisdomainname" != "xNO" ] ; then
2325184Sjkh	    domainname $nisdomainname
2425184Sjkh	    echo -n ' domain'
2525184Sjkh    fi
2625184Sjkh    echo '.'
2725184Sjkh
2840006Sphk    # Initial ATM interface configuration
2940006Sphk    if [ "X${atm_enable}" = X"YES" -a -f /etc/rc.atm ]; then
3040006Sphk	    . /etc/rc.atm
3140006Sphk	    atm_pass1
3240006Sphk    fi
3340006Sphk
3442621Shm    # ISDN subsystem startup
3542621Shm    if [ "X${isdn_enable}" = X"YES" -a -f /etc/rc.isdn ]; then
3642621Shm	    . /etc/rc.isdn
3742621Shm    fi
3842621Shm
3942627Sjoerg    # Special options for sppp(4) interfaces go here.  These need
4042627Sjoerg    # to go _before_ the general ifconfig section, since in the case
4142627Sjoerg    # of hardwired (no link1 flag) but required authentication, you
4242627Sjoerg    # cannot pass auth parameters down to the already running interface.
4342627Sjoerg    for ifn in ${sppp_interfaces}; do
4442627Sjoerg	    eval spppcontrol_args=\$spppconfig_${ifn}
4542627Sjoerg	    if [ -n "${spppcontrol_args}" ] ; then
4642627Sjoerg		    # The auth secrets might contain spaces; in order
4742627Sjoerg		    # to retain the quotation, we need to eval them
4842627Sjoerg		    # here.
4942627Sjoerg		    eval spppcontrol ${ifn} ${spppcontrol_args}
5042627Sjoerg	    fi
5142627Sjoerg    done
5242627Sjoerg
5325184Sjkh    # Set up all the network interfaces, calling startup scripts if needed
5448687Speter    if [ "x${network_interfaces}" = "xauto" ]; then
5548687Speter	    network_interfaces="`ifconfig -l`"
5648687Speter    fi
5748687Speter    for ifn in ${network_interfaces}; do
5848662Speter	    showstat=false
5925184Sjkh	    if [ -e /etc/start_if.${ifn} ]; then
6033682Sbrian		    . /etc/start_if.${ifn}
6148662Speter		    showstat=true
6225184Sjkh	    fi
6325184Sjkh	    # Do the primary ifconfig if specified
6425184Sjkh	    eval ifconfig_args=\$ifconfig_${ifn}
6525184Sjkh	    if [ -n "${ifconfig_args}" ] ; then
6648842Sjkh		    # See if we are using DHCP
6748842Sjkh		    if [ X"${ifconfig_args}" = X"DHCP" ]; then
6848842Sjkh			     ${dhcp_program} ${dhcp_flags} ${ifn}
6948842Sjkh		    else
7048842Sjkh			     ifconfig ${ifn} ${ifconfig_args}
7148842Sjkh		    fi
7248662Speter		    showstat=true
7325184Sjkh	    fi
7425184Sjkh	    # Check to see if aliases need to be added
7525184Sjkh	    alias=0
7625184Sjkh	    while :
7725184Sjkh	    do
7825184Sjkh		    eval ifconfig_args=\$ifconfig_${ifn}_alias${alias}
7925184Sjkh		    if [ -n "${ifconfig_args}" ]; then
8025184Sjkh			    ifconfig ${ifn} ${ifconfig_args} alias
8148662Speter			    showstat=true
8225184Sjkh			    alias=`expr ${alias} + 1`
8325184Sjkh		    else
8425184Sjkh			    break;
8525184Sjkh		    fi
8625184Sjkh	    done
8725184Sjkh	    # Do ipx address if specified
8825184Sjkh	    eval ifconfig_args=\$ifconfig_${ifn}_ipx
8925184Sjkh	    if [ -n "${ifconfig_args}" ]; then
9025184Sjkh		    ifconfig ${ifn} ${ifconfig_args}
9148662Speter		    showstat=true
9225184Sjkh	    fi
9348662Speter	    if [ "${showstat}" = "true" ]
9448662Speter	    then
9548662Speter		    ifconfig ${ifn}
9648662Speter	    fi
9725184Sjkh    done
9829300Sdanny
9949122Sbrian    # Warm up user ppp if required, must happen before natd.
10049122Sbrian    if [ "X$ppp_enable" = X"YES" ]; then
10149122Sbrian	    # Establish ppp mode.
10249122Sbrian	    if [ "X$ppp_mode" != X"ddial" -a "X$ppp_mode" != X"direct" \
10349122Sbrian		-a "X$ppp_mode" != X"dedicated" ]; then \
10449122Sbrian	        ppp_mode="auto";
10549122Sbrian	    fi
10649122Sbrian	    ppp_command="-${ppp_mode} ";
10749122Sbrian
10849122Sbrian	    # Switch on alias mode?
10949122Sbrian	    if [ "X$ppp_alias" = X"YES" ]; then
11049122Sbrian		ppp_command="${ppp_command} -alias";
11149122Sbrian	    fi
11249122Sbrian
11349122Sbrian	    echo -n 'Starting ppp: '; ppp ${ppp_command} ${ppp_profile}
11449122Sbrian    fi
11549122Sbrian
11629300Sdanny    # Initialize IP filtering using ipfw
11729300Sdanny    echo ""
11829300Sdanny    /sbin/ipfw -q flush > /dev/null 2>&1
11932382Salex    if [ $? = 0 ] ; then
12032382Salex	firewall_in_kernel=1
12132382Salex    else 
12229300Sdanny	firewall_in_kernel=0
12329300Sdanny    fi
12429300Sdanny
12529300Sdanny    if [ $firewall_in_kernel = 0 -a "x$firewall_enable"  = "xYES" ] ; then
12641077Speter	if kldload ipfw; then
12729300Sdanny		firewall_in_kernel=1		# module loaded successfully
12829300Sdanny		echo "Kernel firewall module loaded."
12929300Sdanny	else
13029300Sdanny		echo "Warning: firewall kernel module failed to load."
13129300Sdanny	fi
13229300Sdanny    fi
13329300Sdanny
13429300Sdanny    # Load the filters if required
13529300Sdanny    if [ $firewall_in_kernel = 1 ]; then
13645542Sdes	if [ -z "${firewall_script}" ] ; then
13745542Sdes	    firewall_script="/etc/rc.firewall"
13845542Sdes	fi
13945542Sdes	if [ -f ${firewall_script} -a X"$firewall_enable" = X"YES" ]; then
14045542Sdes	    . ${firewall_script}
14145622Sbrian	    echo -n 'Firewall rules loaded, starting divert daemons:'
14244992Sbrian
14344992Sbrian	    # Network Address Translation daemon
14444992Sbrian	    if [ X"${natd_enable}" = X"YES" -a -n "${natd_interface}" ]; then
14544992Sbrian		if echo ${natd_interface} | \
14644992Sbrian		    grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then
14744992Sbrian		    natd_ifarg="-a ${natd_interface}"
14844992Sbrian		else
14944992Sbrian		    natd_ifarg="-n ${natd_interface}"
15044992Sbrian		fi
15144992Sbrian		echo -n ' natd'; ${natd_program} ${natd_flags} ${natd_ifarg}
15244992Sbrian	    fi
15344992Sbrian	    echo '.'
15429300Sdanny	else
15533337Salex	    IPFW_DEFAULT=`ipfw l 65535`
15633337Salex	    if [ "$IPFW_DEFAULT" = "65535 deny ip from any to any" ]; then
15733149Salex		echo -n "Warning: kernel has firewall functionality, "
15833149Salex		echo "but firewall rules are not enabled."
15933149Salex		echo "         All ip services are disabled."
16033149Salex	    fi
16129300Sdanny	fi
16225184Sjkh    fi
16325184Sjkh
16440006Sphk    # Additional ATM interface configuration
16540006Sphk    if [ -n "${atm_pass1_done}" ]; then
16640006Sphk	    atm_pass2
16740006Sphk    fi
16840006Sphk
16929300Sdanny    # Configure routing
17029300Sdanny
17125184Sjkh    if [ "x$defaultrouter" != "xNO" ] ; then
17225184Sjkh	    static_routes="default ${static_routes}"
17325184Sjkh	    route_default="default ${defaultrouter}"
17425184Sjkh    fi
17525184Sjkh    
17625184Sjkh    # Set up any static routes.  This should be done before router discovery.
17725184Sjkh    if [ "x${static_routes}" != "x" ]; then
17825184Sjkh	    for i in ${static_routes}; do
17925184Sjkh		    eval route_args=\$route_${i}
18025184Sjkh		    route add ${route_args}
18125184Sjkh	    done
18225184Sjkh    fi
18325184Sjkh
18425184Sjkh    echo -n 'Additional routing options:'
18527218Spst    if [ -n "$tcp_extensions" -a "x$tcp_extensions" != "xYES" ] ; then
18627218Spst	    echo -n ' tcp extensions=NO'
18747755Sbde	    sysctl -w net.inet.tcp.rfc1323=0 >/dev/null
18827218Spst    fi
18927218Spst
19045096Simp    if [ -n "$log_in_vain" -a "x$log_in_vain" != "xNO" ] ; then
19145096Simp	    echo -n ' log_in_vain=YES'
19247755Sbde	    sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null
19347755Sbde	    sysctl -w net.inet.udp.log_in_vain=1 >/dev/null
19445096Simp    fi
19545096Simp
19639267Sjkoshy    if [ X"$icmp_bmcastecho" = X"YES" ]; then
19739267Sjkoshy	    echo -n ' broadcast ping responses=YES'
19847755Sbde	    sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null
19939267Sjkoshy    fi
20039267Sjkoshy
20125184Sjkh    if [ "X$gateway_enable" = X"YES" ]; then
20225365Sjkh	    echo -n ' IP gateway=YES'
20347755Sbde	    sysctl -w net.inet.ip.forwarding=1 >/dev/null
20425184Sjkh    fi
20525184Sjkh    
20633439Sguido    if [ "X$forward_sourceroute" = X"YES" ]; then
20733439Sguido	    echo -n ' do source routing=YES'
20847755Sbde	    sysctl -w net.inet.ip.sourceroute=1 >/dev/null
20933439Sguido    fi
21033439Sguido
21133439Sguido    if [ "X$accept_sourceroute" = X"YES" ]; then
21233439Sguido	    echo -n ' accept source routing=YES'
21347755Sbde	    sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null
21433439Sguido    fi
21533439Sguido
21647752Sphk    if [ "X$tcp_keepalive" = X"YES" ]; then
21747752Sphk	    echo -n ' TCP keepalive=YES'
21847755Sbde	    sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null
21947752Sphk    fi
22047752Sphk
22125184Sjkh    if [ "X$ipxgateway_enable" = X"YES" ]; then
22225365Sjkh	    echo -n ' IPX gateway=YES'
22347755Sbde	    sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null
22425184Sjkh    fi
22525184Sjkh    
22636174Sjkh    if [ "X$arpproxy_all" = X"YES" ]; then
22747755Sbde	    echo -n ' ARP proxyall=YES'
22847755Sbde	    sysctl -w net.link.ether.inet.proxyall=1 >/dev/null
22936174Sjkh    fi
23036174Sjkh    echo '.'
23136174Sjkh
23236174Sjkh    echo -n 'routing daemons:'
23336174Sjkh    if [ "X$router_enable" = X"YES" ]; then
23436174Sjkh	    echo -n " ${router}";	${router} ${router_flags}
23536174Sjkh    fi
23636174Sjkh    
23725184Sjkh    if [ "X$ipxrouted_enable" = X"YES" ]; then
23836174Sjkh	    echo -n ' IPXrouted'
23925184Sjkh	    IPXrouted ${ipxrouted_flags} > /dev/null 2>&1
24025184Sjkh    fi
24125765Sjkh    
24236174Sjkh    if [ "X${mrouted_enable}" = X"YES" ]; then
24336174Sjkh	    echo -n ' mrouted'; mrouted ${mrouted_flags}
24425765Sjkh    fi
24536174Sjkh
24634395Sjkh    if [ "X$rarpd_enable" = X"YES" ]; then
24734395Sjkh	    echo -n ' rarpd';     rarpd ${rarpd_flags}
24834395Sjkh    fi
24925184Sjkh    echo '.'
25025184Sjkh    network_pass1_done=YES	# Let future generations know we made it.
25125184Sjkh}
25225184Sjkh
25325184Sjkhnetwork_pass2() {
25425184Sjkh    echo -n 'Doing additional network setup:'
25525184Sjkh    if [ "X${named_enable}" = X"YES" ]; then
25632949Swollman	    echo -n ' named';		${named_program-"named"} ${named_flags}
25725184Sjkh    fi
25825184Sjkh
25931472Sobrien    if [ "X${ntpdate_enable}" = X"YES" ]; then
26035787Sandreas	    echo -n ' ntpdate';	${ntpdate_program} ${ntpdate_flags} >/dev/null 2>&1
26131472Sobrien    fi
26225184Sjkh
26331472Sobrien    if [ "X${xntpd_enable}" = X"YES" ]; then
26435787Sandreas	    echo -n ' xntpd';	${xntpd_program} ${xntpd_flags}
26525184Sjkh    fi
26625184Sjkh
26725184Sjkh    if [ "X${timed_enable}" = X"YES" ]; then
26825184Sjkh	    echo -n ' timed';		timed ${timed_flags}
26925184Sjkh    fi
27025184Sjkh
27125184Sjkh    if [ "X${portmap_enable}" = X"YES" ]; then
27244668Sjfitz	    echo -n ' portmap';		${portmap_program} ${portmap_flags}
27325184Sjkh    fi
27425184Sjkh
27525184Sjkh    # Start ypserv if we're an NIS server.
27625184Sjkh    # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server.
27725184Sjkh    if [ "X${nis_server_enable}" = X"YES" ]; then
27825184Sjkh	    echo -n ' ypserv'; ypserv ${nis_server_flags}
27925184Sjkh	    
28025184Sjkh	    if [ "X${nis_ypxfrd_enable}" = X"YES" ]; then
28125184Sjkh		    echo -n ' rpc.ypxfrd'; rpc.ypxfrd ${nis_ypxfrd_flags}
28225184Sjkh	    fi
28325184Sjkh	    
28425184Sjkh	    if [ "X${nis_yppasswdd_enable}" = X"YES" ]; then
28525184Sjkh		    echo -n ' rpc.yppasswdd'; rpc.yppasswdd ${nis_yppasswdd_flags}
28625184Sjkh	    fi
28725184Sjkh    fi
28825184Sjkh
28925184Sjkh    # Start ypbind if we're an NIS client
29025184Sjkh    if [ "X${nis_client_enable}" = X"YES" ]; then
29125184Sjkh	    echo -n ' ypbind'; ypbind ${nis_client_flags}
29225184Sjkh	    if [ "X${nis_ypset_enable}" = X"YES" ]; then
29325184Sjkh		    echo -n ' ypset'; ypset ${nis_ypset_flags}
29425184Sjkh	    fi
29525184Sjkh    fi
29625184Sjkh
29735149Smarkm    # Start keyserv if we are running Secure RPC
29835149Smarkm    if [ "X${keyserv_enable}" = X"YES" ]; then
29935149Smarkm	    echo -n ' keyserv';		keyserv ${keyserv_flags}
30035149Smarkm    fi
30135149Smarkm    # Start ypupdated if we are running Secure RPC and we are NIS master
30235149Smarkm    if [ "X$rpc_ypupdated_enable" = X"YES" ]; then
30335149Smarkm	    echo -n ' rpc.ypupdated';	rpc.ypupdated
30435149Smarkm    fi
30535149Smarkm
30640006Sphk    # Start ATM daemons
30740006Sphk    if [ -n "${atm_pass2_done}" ]; then
30840006Sphk	    atm_pass3
30940006Sphk    fi
31040006Sphk
31125184Sjkh    echo '.'
31225184Sjkh    network_pass2_done=YES
31325184Sjkh}
31425184Sjkh
31525184Sjkhnetwork_pass3() {
31625184Sjkh    echo -n 'Starting final network daemons:'
31725184Sjkh
31825184Sjkh    if [ "X${nfs_server_enable}" = X"YES" -a -r /etc/exports ]; then
31925184Sjkh	    echo -n ' mountd'
32025184Sjkh	    if [ "X${weak_mountd_authentication}" = X"YES" ]; then
32125184Sjkh		    mountd_flags="-n"
32225184Sjkh	    fi
32325184Sjkh	    mountd ${mountd_flags}
32425184Sjkh	    if [ "X${nfs_reserved_port_only}" = X"YES" ]; then
32547755Sbde		    echo -n ' NFS on reserved port only=YES'
32647755Sbde		    sysctl -w vfs.nfs.nfs_privport=1 >/dev/null
32725184Sjkh	    fi
32825916Sjkh	    echo -n ' nfsd';		nfsd ${nfs_server_flags}
32925184Sjkh	    if [ "X$rpc_lockd_enable" = X"YES" ]; then
33025184Sjkh		echo -n ' rpc.lockd';		rpc.lockd
33125184Sjkh	    fi
33225184Sjkh	    if [ "X$rpc_statd_enable" = X"YES" ]; then
33325184Sjkh		echo -n ' rpc.statd';		rpc.statd
33425184Sjkh	    fi
33525184Sjkh    fi
33625184Sjkh    
33725184Sjkh    if [ "X${nfs_client_enable}" = X"YES" ]; then
33825916Sjkh	    echo -n ' nfsiod';		nfsiod ${nfs_client_flags}
33941371Sjkoshy	    if [ "X${nfs_access_cache}" != X ]; then
34047755Sbde		echo -n " NFS access cache time=${nfs_access_cache}"
34141371Sjkoshy		sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} \
34247755Sbde		    >/dev/null
34341185Smsmith	    fi
34425184Sjkh    fi
34525184Sjkh
34625184Sjkh    if [ "X${amd_enable}" = X"YES" ]; then
34725184Sjkh	    echo -n ' amd'
34835459Sphk	    if [ "X${amd_map_program}" != X"NO" ]; then
34939380Scracauer		amd_flags="${amd_flags} `eval ${amd_map_program}`"
35035459Sphk	    fi
35147838Sbrian	    if [ -n "$amd_flags" ]
35247838Sbrian	    then
35347838Sbrian	      amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null
35447838Sbrian	    else
35547838Sbrian	      amd 2> /dev/null
35647838Sbrian	    fi
35725184Sjkh    fi
35825184Sjkh
35925184Sjkh    if [ "X${rwhod_enable}" = X"YES" ]; then
36042270Sjkh	    echo -n ' rwhod';	rwhod ${rwhod_flags}
36125184Sjkh    fi
36225184Sjkh
36325184Sjkh    # Kerberos runs ONLY on the Kerberos server machine
36425184Sjkh    if [ "X${kerberos_server_enable}" = X"YES" ]; then
36531033Ssef	    if [ "X${kerberos_stash}" = "XYES" ]; then
36631033Ssef		stash_flag=-n
36731033Ssef	    else
36831033Ssef		stash_flag=
36931033Ssef	    fi
37031033Ssef	    echo -n ' kerberos'; \
37138316Sphk		kerberos ${stash_flag} >> /var/log/kerberos.log &
37231033Ssef	    if [ "X${kadmind_server_enable}" = "XYES" ]; then
37331033Ssef		echo -n ' kadmind'; \
37438316Sphk		(sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) &
37531033Ssef	    fi
37631033Ssef	    unset stash_flag
37725184Sjkh    fi
37825184Sjkh    
37925184Sjkh    echo '.'
38025184Sjkh    network_pass3_done=YES
38125184Sjkh}
382