defaultroute revision 49122 
1264790Sbapt#!/bin/sh -
2264790Sbapt#
3264790Sbapt#	$Id: rc.network,v 1.51 1999/07/26 10:49:31 brian Exp $
4264790Sbapt#	From: @(#)netstart	5.9 (Berkeley) 3/30/91
5264790Sbapt
6264790Sbapt# Note that almost all the user-configurable behavior is no longer in
7264790Sbapt# this file, but rather in /etc/rc.conf.  Please check that file
8264790Sbapt# first before contemplating any changes here.  If you do need to change
9264790Sbapt# this file for some reason, we would like to know about it.
10264790Sbapt
11264790Sbapt# First pass startup stuff.
12264790Sbapt
13264790Sbaptnetwork_pass1() {
14264790Sbapt    echo -n 'Doing initial network setup:'
15264790Sbapt    # Set the host name if it is not already set
16264790Sbapt    if [ -z "`hostname -s`" ] ; then
17264790Sbapt	    hostname $hostname
18264790Sbapt	    echo -n ' hostname'
19264790Sbapt    fi
20264790Sbapt
21264790Sbapt    # Set the domainname if we're using NIS
22264790Sbapt    if [ -n "$nisdomainname" -a "x$nisdomainname" != "xNO" ] ; then
23264790Sbapt	    domainname $nisdomainname
24264790Sbapt	    echo -n ' domain'
25264790Sbapt    fi
26264790Sbapt    echo '.'
27264790Sbapt
28264790Sbapt    # Initial ATM interface configuration
29264790Sbapt    if [ "X${atm_enable}" = X"YES" -a -f /etc/rc.atm ]; then
30264790Sbapt	    . /etc/rc.atm
31264790Sbapt	    atm_pass1
32264790Sbapt    fi
33264790Sbapt
34264790Sbapt    # ISDN subsystem startup
35264790Sbapt    if [ "X${isdn_enable}" = X"YES" -a -f /etc/rc.isdn ]; then
36264790Sbapt	    . /etc/rc.isdn
37264790Sbapt    fi
38264790Sbapt
39264790Sbapt    # Special options for sppp(4) interfaces go here.  These need
40264790Sbapt    # to go _before_ the general ifconfig section, since in the case
41264790Sbapt    # of hardwired (no link1 flag) but required authentication, you
42264790Sbapt    # cannot pass auth parameters down to the already running interface.
43264790Sbapt    for ifn in ${sppp_interfaces}; do
44264790Sbapt	    eval spppcontrol_args=\$spppconfig_${ifn}
45264790Sbapt	    if [ -n "${spppcontrol_args}" ] ; then
46264790Sbapt		    # The auth secrets might contain spaces; in order
47264790Sbapt		    # to retain the quotation, we need to eval them
48264790Sbapt		    # here.
49264790Sbapt		    eval spppcontrol ${ifn} ${spppcontrol_args}
50264790Sbapt	    fi
51264790Sbapt    done
52264790Sbapt
53264790Sbapt    # Set up all the network interfaces, calling startup scripts if needed
54264790Sbapt    if [ "x${network_interfaces}" = "xauto" ]; then
55264790Sbapt	    network_interfaces="`ifconfig -l`"
56264790Sbapt    fi
57264790Sbapt    for ifn in ${network_interfaces}; do
58264790Sbapt	    showstat=false
59264790Sbapt	    if [ -e /etc/start_if.${ifn} ]; then
60264790Sbapt		    . /etc/start_if.${ifn}
61264790Sbapt		    showstat=true
62264790Sbapt	    fi
63264790Sbapt	    # Do the primary ifconfig if specified
64264790Sbapt	    eval ifconfig_args=\$ifconfig_${ifn}
65264790Sbapt	    if [ -n "${ifconfig_args}" ] ; then
66264790Sbapt		    # See if we are using DHCP
67264790Sbapt		    if [ X"${ifconfig_args}" = X"DHCP" ]; then
68264790Sbapt			     ${dhcp_program} ${dhcp_flags} ${ifn}
69264790Sbapt		    else
70264790Sbapt			     ifconfig ${ifn} ${ifconfig_args}
71264790Sbapt		    fi
72264790Sbapt		    showstat=true
73264790Sbapt	    fi
74264790Sbapt	    # Check to see if aliases need to be added
75264790Sbapt	    alias=0
76264790Sbapt	    while :
77264790Sbapt	    do
78264790Sbapt		    eval ifconfig_args=\$ifconfig_${ifn}_alias${alias}
79264790Sbapt		    if [ -n "${ifconfig_args}" ]; then
80264790Sbapt			    ifconfig ${ifn} ${ifconfig_args} alias
81264790Sbapt			    showstat=true
82264790Sbapt			    alias=`expr ${alias} + 1`
83264790Sbapt		    else
84264790Sbapt			    break;
85264790Sbapt		    fi
86264790Sbapt	    done
87264790Sbapt	    # Do ipx address if specified
88264790Sbapt	    eval ifconfig_args=\$ifconfig_${ifn}_ipx
89264790Sbapt	    if [ -n "${ifconfig_args}" ]; then
90264790Sbapt		    ifconfig ${ifn} ${ifconfig_args}
91264790Sbapt		    showstat=true
92264790Sbapt	    fi
93264790Sbapt	    if [ "${showstat}" = "true" ]
94264790Sbapt	    then
95264790Sbapt		    ifconfig ${ifn}
96264790Sbapt	    fi
97264790Sbapt    done
98264790Sbapt
99264790Sbapt    # Warm up user ppp if required, must happen before natd.
100264790Sbapt    if [ "X$ppp_enable" = X"YES" ]; then
101264790Sbapt	    # Establish ppp mode.
102264790Sbapt	    if [ "X$ppp_mode" != X"ddial" -a "X$ppp_mode" != X"direct" \
103264790Sbapt		-a "X$ppp_mode" != X"dedicated" ]; then \
104264790Sbapt	        ppp_mode="auto";
105264790Sbapt	    fi
106264790Sbapt	    ppp_command="-${ppp_mode} ";
107264790Sbapt
108264790Sbapt	    # Switch on alias mode?
109264790Sbapt	    if [ "X$ppp_alias" = X"YES" ]; then
110264790Sbapt		ppp_command="${ppp_command} -alias";
111264790Sbapt	    fi
112264790Sbapt
113264790Sbapt	    echo -n 'Starting ppp: '; ppp ${ppp_command} ${ppp_profile}
114264790Sbapt    fi
115264790Sbapt
116264790Sbapt    # Initialize IP filtering using ipfw
117264790Sbapt    echo ""
118264790Sbapt    /sbin/ipfw -q flush > /dev/null 2>&1
119264790Sbapt    if [ $? = 0 ] ; then
120264790Sbapt	firewall_in_kernel=1
121264790Sbapt    else 
122264790Sbapt	firewall_in_kernel=0
123264790Sbapt    fi
124264790Sbapt
125264790Sbapt    if [ $firewall_in_kernel = 0 -a "x$firewall_enable"  = "xYES" ] ; then
126264790Sbapt	if kldload ipfw; then
127264790Sbapt		firewall_in_kernel=1		# module loaded successfully
128264790Sbapt		echo "Kernel firewall module loaded."
129264790Sbapt	else
130264790Sbapt		echo "Warning: firewall kernel module failed to load."
131264790Sbapt	fi
132264790Sbapt    fi
133264790Sbapt
134264790Sbapt    # Load the filters if required
135264790Sbapt    if [ $firewall_in_kernel = 1 ]; then
136264790Sbapt	if [ -z "${firewall_script}" ] ; then
137264790Sbapt	    firewall_script="/etc/rc.firewall"
138264790Sbapt	fi
139264790Sbapt	if [ -f ${firewall_script} -a X"$firewall_enable" = X"YES" ]; then
140264790Sbapt	    . ${firewall_script}
141264790Sbapt	    echo -n 'Firewall rules loaded, starting divert daemons:'
142264790Sbapt
143264790Sbapt	    # Network Address Translation daemon
144264790Sbapt	    if [ X"${natd_enable}" = X"YES" -a -n "${natd_interface}" ]; then
145264790Sbapt		if echo ${natd_interface} | \
146264790Sbapt		    grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then
147264790Sbapt		    natd_ifarg="-a ${natd_interface}"
148264790Sbapt		else
149264790Sbapt		    natd_ifarg="-n ${natd_interface}"
150264790Sbapt		fi
151264790Sbapt		echo -n ' natd'; ${natd_program} ${natd_flags} ${natd_ifarg}
152264790Sbapt	    fi
153264790Sbapt	    echo '.'
154264790Sbapt	else
155264790Sbapt	    IPFW_DEFAULT=`ipfw l 65535`
156264790Sbapt	    if [ "$IPFW_DEFAULT" = "65535 deny ip from any to any" ]; then
157264790Sbapt		echo -n "Warning: kernel has firewall functionality, "
158264790Sbapt		echo "but firewall rules are not enabled."
159264790Sbapt		echo "         All ip services are disabled."
160264790Sbapt	    fi
161264790Sbapt	fi
162264790Sbapt    fi
163264790Sbapt
164264790Sbapt    # Additional ATM interface configuration
165264790Sbapt    if [ -n "${atm_pass1_done}" ]; then
166264790Sbapt	    atm_pass2
167264790Sbapt    fi
168264790Sbapt
169264790Sbapt    # Configure routing
170264790Sbapt
171264790Sbapt    if [ "x$defaultrouter" != "xNO" ] ; then
172264790Sbapt	    static_routes="default ${static_routes}"
173264790Sbapt	    route_default="default ${defaultrouter}"
174264790Sbapt    fi
175264790Sbapt    
176264790Sbapt    # Set up any static routes.  This should be done before router discovery.
177264790Sbapt    if [ "x${static_routes}" != "x" ]; then
178264790Sbapt	    for i in ${static_routes}; do
179264790Sbapt		    eval route_args=\$route_${i}
180264790Sbapt		    route add ${route_args}
181264790Sbapt	    done
182264790Sbapt    fi
183264790Sbapt
184264790Sbapt    echo -n 'Additional routing options:'
185264790Sbapt    if [ -n "$tcp_extensions" -a "x$tcp_extensions" != "xYES" ] ; then
186264790Sbapt	    echo -n ' tcp extensions=NO'
187264790Sbapt	    sysctl -w net.inet.tcp.rfc1323=0 >/dev/null
188264790Sbapt    fi
189264790Sbapt
190264790Sbapt    if [ -n "$log_in_vain" -a "x$log_in_vain" != "xNO" ] ; then
191264790Sbapt	    echo -n ' log_in_vain=YES'
192264790Sbapt	    sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null
193264790Sbapt	    sysctl -w net.inet.udp.log_in_vain=1 >/dev/null
194264790Sbapt    fi
195264790Sbapt
196264790Sbapt    if [ X"$icmp_bmcastecho" = X"YES" ]; then
197264790Sbapt	    echo -n ' broadcast ping responses=YES'
198264790Sbapt	    sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null
199264790Sbapt    fi
200264790Sbapt
201264790Sbapt    if [ "X$gateway_enable" = X"YES" ]; then
202264790Sbapt	    echo -n ' IP gateway=YES'
203264790Sbapt	    sysctl -w net.inet.ip.forwarding=1 >/dev/null
204264790Sbapt    fi
205264790Sbapt    
206264790Sbapt    if [ "X$forward_sourceroute" = X"YES" ]; then
207264790Sbapt	    echo -n ' do source routing=YES'
208264790Sbapt	    sysctl -w net.inet.ip.sourceroute=1 >/dev/null
209264790Sbapt    fi
210264790Sbapt
211264790Sbapt    if [ "X$accept_sourceroute" = X"YES" ]; then
212264790Sbapt	    echo -n ' accept source routing=YES'
213264790Sbapt	    sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null
214264790Sbapt    fi
215264790Sbapt
216264790Sbapt    if [ "X$tcp_keepalive" = X"YES" ]; then
217264790Sbapt	    echo -n ' TCP keepalive=YES'
218264790Sbapt	    sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null
219264790Sbapt    fi
220264790Sbapt
221264790Sbapt    if [ "X$ipxgateway_enable" = X"YES" ]; then
222264790Sbapt	    echo -n ' IPX gateway=YES'
223264790Sbapt	    sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null
224264790Sbapt    fi
225264790Sbapt    
226264790Sbapt    if [ "X$arpproxy_all" = X"YES" ]; then
227264790Sbapt	    echo -n ' ARP proxyall=YES'
228264790Sbapt	    sysctl -w net.link.ether.inet.proxyall=1 >/dev/null
229264790Sbapt    fi
230264790Sbapt    echo '.'
231264790Sbapt
232264790Sbapt    echo -n 'routing daemons:'
233264790Sbapt    if [ "X$router_enable" = X"YES" ]; then
234264790Sbapt	    echo -n " ${router}";	${router} ${router_flags}
235264790Sbapt    fi
236264790Sbapt    
237264790Sbapt    if [ "X$ipxrouted_enable" = X"YES" ]; then
238264790Sbapt	    echo -n ' IPXrouted'
239264790Sbapt	    IPXrouted ${ipxrouted_flags} > /dev/null 2>&1
240264790Sbapt    fi
241264790Sbapt    
242264790Sbapt    if [ "X${mrouted_enable}" = X"YES" ]; then
243264790Sbapt	    echo -n ' mrouted'; mrouted ${mrouted_flags}
244264790Sbapt    fi
245264790Sbapt
246264790Sbapt    if [ "X$rarpd_enable" = X"YES" ]; then
247264790Sbapt	    echo -n ' rarpd';     rarpd ${rarpd_flags}
248264790Sbapt    fi
249264790Sbapt    echo '.'
250264790Sbapt    network_pass1_done=YES	# Let future generations know we made it.
251264790Sbapt}
252264790Sbapt
253264790Sbaptnetwork_pass2() {
254264790Sbapt    echo -n 'Doing additional network setup:'
255264790Sbapt    if [ "X${named_enable}" = X"YES" ]; then
256264790Sbapt	    echo -n ' named';		${named_program-"named"} ${named_flags}
257264790Sbapt    fi
258264790Sbapt
259264790Sbapt    if [ "X${ntpdate_enable}" = X"YES" ]; then
260264790Sbapt	    echo -n ' ntpdate';	${ntpdate_program} ${ntpdate_flags} >/dev/null 2>&1
261264790Sbapt    fi
262264790Sbapt
263264790Sbapt    if [ "X${xntpd_enable}" = X"YES" ]; then
264264790Sbapt	    echo -n ' xntpd';	${xntpd_program} ${xntpd_flags}
265264790Sbapt    fi
266264790Sbapt
267264790Sbapt    if [ "X${timed_enable}" = X"YES" ]; then
268264790Sbapt	    echo -n ' timed';		timed ${timed_flags}
269264790Sbapt    fi
270264790Sbapt
271264790Sbapt    if [ "X${portmap_enable}" = X"YES" ]; then
272264790Sbapt	    echo -n ' portmap';		${portmap_program} ${portmap_flags}
273264790Sbapt    fi
274264790Sbapt
275264790Sbapt    # Start ypserv if we're an NIS server.
276264790Sbapt    # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server.
277264790Sbapt    if [ "X${nis_server_enable}" = X"YES" ]; then
278264790Sbapt	    echo -n ' ypserv'; ypserv ${nis_server_flags}
279264790Sbapt	    
280264790Sbapt	    if [ "X${nis_ypxfrd_enable}" = X"YES" ]; then
281264790Sbapt		    echo -n ' rpc.ypxfrd'; rpc.ypxfrd ${nis_ypxfrd_flags}
282264790Sbapt	    fi
283264790Sbapt	    
284264790Sbapt	    if [ "X${nis_yppasswdd_enable}" = X"YES" ]; then
285264790Sbapt		    echo -n ' rpc.yppasswdd'; rpc.yppasswdd ${nis_yppasswdd_flags}
286264790Sbapt	    fi
287264790Sbapt    fi
288264790Sbapt
289264790Sbapt    # Start ypbind if we're an NIS client
290264790Sbapt    if [ "X${nis_client_enable}" = X"YES" ]; then
291264790Sbapt	    echo -n ' ypbind'; ypbind ${nis_client_flags}
292264790Sbapt	    if [ "X${nis_ypset_enable}" = X"YES" ]; then
293264790Sbapt		    echo -n ' ypset'; ypset ${nis_ypset_flags}
294264790Sbapt	    fi
295264790Sbapt    fi
296264790Sbapt
297264790Sbapt    # Start keyserv if we are running Secure RPC
298264790Sbapt    if [ "X${keyserv_enable}" = X"YES" ]; then
299264790Sbapt	    echo -n ' keyserv';		keyserv ${keyserv_flags}
300264790Sbapt    fi
301264790Sbapt    # Start ypupdated if we are running Secure RPC and we are NIS master
302264790Sbapt    if [ "X$rpc_ypupdated_enable" = X"YES" ]; then
303264790Sbapt	    echo -n ' rpc.ypupdated';	rpc.ypupdated
304264790Sbapt    fi
305264790Sbapt
306264790Sbapt    # Start ATM daemons
307264790Sbapt    if [ -n "${atm_pass2_done}" ]; then
308264790Sbapt	    atm_pass3
309264790Sbapt    fi
310264790Sbapt
311264790Sbapt    echo '.'
312264790Sbapt    network_pass2_done=YES
313264790Sbapt}
314264790Sbapt
315264790Sbaptnetwork_pass3() {
316264790Sbapt    echo -n 'Starting final network daemons:'
317264790Sbapt
318264790Sbapt    if [ "X${nfs_server_enable}" = X"YES" -a -r /etc/exports ]; then
319264790Sbapt	    echo -n ' mountd'
320264790Sbapt	    if [ "X${weak_mountd_authentication}" = X"YES" ]; then
321264790Sbapt		    mountd_flags="-n"
322264790Sbapt	    fi
323264790Sbapt	    mountd ${mountd_flags}
324264790Sbapt	    if [ "X${nfs_reserved_port_only}" = X"YES" ]; then
325264790Sbapt		    echo -n ' NFS on reserved port only=YES'
326264790Sbapt		    sysctl -w vfs.nfs.nfs_privport=1 >/dev/null
327264790Sbapt	    fi
328264790Sbapt	    echo -n ' nfsd';		nfsd ${nfs_server_flags}
329264790Sbapt	    if [ "X$rpc_lockd_enable" = X"YES" ]; then
330264790Sbapt		echo -n ' rpc.lockd';		rpc.lockd
331264790Sbapt	    fi
332264790Sbapt	    if [ "X$rpc_statd_enable" = X"YES" ]; then
333264790Sbapt		echo -n ' rpc.statd';		rpc.statd
334264790Sbapt	    fi
335264790Sbapt    fi
336264790Sbapt    
337264790Sbapt    if [ "X${nfs_client_enable}" = X"YES" ]; then
338264790Sbapt	    echo -n ' nfsiod';		nfsiod ${nfs_client_flags}
339264790Sbapt	    if [ "X${nfs_access_cache}" != X ]; then
340264790Sbapt		echo -n " NFS access cache time=${nfs_access_cache}"
341264790Sbapt		sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} \
342264790Sbapt		    >/dev/null
343264790Sbapt	    fi
344264790Sbapt    fi
345264790Sbapt
346264790Sbapt    if [ "X${amd_enable}" = X"YES" ]; then
347264790Sbapt	    echo -n ' amd'
348264790Sbapt	    if [ "X${amd_map_program}" != X"NO" ]; then
349264790Sbapt		amd_flags="${amd_flags} `eval ${amd_map_program}`"
350264790Sbapt	    fi
351264790Sbapt	    if [ -n "$amd_flags" ]
352264790Sbapt	    then
353264790Sbapt	      amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null
354264790Sbapt	    else
355264790Sbapt	      amd 2> /dev/null
356264790Sbapt	    fi
357264790Sbapt    fi
358264790Sbapt
359264790Sbapt    if [ "X${rwhod_enable}" = X"YES" ]; then
360264790Sbapt	    echo -n ' rwhod';	rwhod ${rwhod_flags}
361264790Sbapt    fi
362264790Sbapt
363264790Sbapt    # Kerberos runs ONLY on the Kerberos server machine
364264790Sbapt    if [ "X${kerberos_server_enable}" = X"YES" ]; then
365264790Sbapt	    if [ "X${kerberos_stash}" = "XYES" ]; then
366264790Sbapt		stash_flag=-n
367264790Sbapt	    else
368264790Sbapt		stash_flag=
369264790Sbapt	    fi
370264790Sbapt	    echo -n ' kerberos'; \
371264790Sbapt		kerberos ${stash_flag} >> /var/log/kerberos.log &
372264790Sbapt	    if [ "X${kadmind_server_enable}" = "XYES" ]; then
373264790Sbapt		echo -n ' kadmind'; \
374264790Sbapt		(sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) &
375264790Sbapt	    fi
376264790Sbapt	    unset stash_flag
377264790Sbapt    fi
378264790Sbapt    
379264790Sbapt    echo '.'
380264790Sbapt    network_pass3_done=YES
381264790Sbapt}
382264790Sbapt