defaultroute revision 49122
1264790Sbapt#!/bin/sh - 2264790Sbapt# 3264790Sbapt# $Id: rc.network,v 1.51 1999/07/26 10:49:31 brian Exp $ 4264790Sbapt# From: @(#)netstart 5.9 (Berkeley) 3/30/91 5264790Sbapt 6264790Sbapt# Note that almost all the user-configurable behavior is no longer in 7264790Sbapt# this file, but rather in /etc/rc.conf. Please check that file 8264790Sbapt# first before contemplating any changes here. If you do need to change 9264790Sbapt# this file for some reason, we would like to know about it. 10264790Sbapt 11264790Sbapt# First pass startup stuff. 12264790Sbapt 13264790Sbaptnetwork_pass1() { 14264790Sbapt echo -n 'Doing initial network setup:' 15264790Sbapt # Set the host name if it is not already set 16264790Sbapt if [ -z "`hostname -s`" ] ; then 17264790Sbapt hostname $hostname 18264790Sbapt echo -n ' hostname' 19264790Sbapt fi 20264790Sbapt 21264790Sbapt # Set the domainname if we're using NIS 22264790Sbapt if [ -n "$nisdomainname" -a "x$nisdomainname" != "xNO" ] ; then 23264790Sbapt domainname $nisdomainname 24264790Sbapt echo -n ' domain' 25264790Sbapt fi 26264790Sbapt echo '.' 27264790Sbapt 28264790Sbapt # Initial ATM interface configuration 29264790Sbapt if [ "X${atm_enable}" = X"YES" -a -f /etc/rc.atm ]; then 30264790Sbapt . /etc/rc.atm 31264790Sbapt atm_pass1 32264790Sbapt fi 33264790Sbapt 34264790Sbapt # ISDN subsystem startup 35264790Sbapt if [ "X${isdn_enable}" = X"YES" -a -f /etc/rc.isdn ]; then 36264790Sbapt . /etc/rc.isdn 37264790Sbapt fi 38264790Sbapt 39264790Sbapt # Special options for sppp(4) interfaces go here. These need 40264790Sbapt # to go _before_ the general ifconfig section, since in the case 41264790Sbapt # of hardwired (no link1 flag) but required authentication, you 42264790Sbapt # cannot pass auth parameters down to the already running interface. 43264790Sbapt for ifn in ${sppp_interfaces}; do 44264790Sbapt eval spppcontrol_args=\$spppconfig_${ifn} 45264790Sbapt if [ -n "${spppcontrol_args}" ] ; then 46264790Sbapt # The auth secrets might contain spaces; in order 47264790Sbapt # to retain the quotation, we need to eval them 48264790Sbapt # here. 49264790Sbapt eval spppcontrol ${ifn} ${spppcontrol_args} 50264790Sbapt fi 51264790Sbapt done 52264790Sbapt 53264790Sbapt # Set up all the network interfaces, calling startup scripts if needed 54264790Sbapt if [ "x${network_interfaces}" = "xauto" ]; then 55264790Sbapt network_interfaces="`ifconfig -l`" 56264790Sbapt fi 57264790Sbapt for ifn in ${network_interfaces}; do 58264790Sbapt showstat=false 59264790Sbapt if [ -e /etc/start_if.${ifn} ]; then 60264790Sbapt . /etc/start_if.${ifn} 61264790Sbapt showstat=true 62264790Sbapt fi 63264790Sbapt # Do the primary ifconfig if specified 64264790Sbapt eval ifconfig_args=\$ifconfig_${ifn} 65264790Sbapt if [ -n "${ifconfig_args}" ] ; then 66264790Sbapt # See if we are using DHCP 67264790Sbapt if [ X"${ifconfig_args}" = X"DHCP" ]; then 68264790Sbapt ${dhcp_program} ${dhcp_flags} ${ifn} 69264790Sbapt else 70264790Sbapt ifconfig ${ifn} ${ifconfig_args} 71264790Sbapt fi 72264790Sbapt showstat=true 73264790Sbapt fi 74264790Sbapt # Check to see if aliases need to be added 75264790Sbapt alias=0 76264790Sbapt while : 77264790Sbapt do 78264790Sbapt eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} 79264790Sbapt if [ -n "${ifconfig_args}" ]; then 80264790Sbapt ifconfig ${ifn} ${ifconfig_args} alias 81264790Sbapt showstat=true 82264790Sbapt alias=`expr ${alias} + 1` 83264790Sbapt else 84264790Sbapt break; 85264790Sbapt fi 86264790Sbapt done 87264790Sbapt # Do ipx address if specified 88264790Sbapt eval ifconfig_args=\$ifconfig_${ifn}_ipx 89264790Sbapt if [ -n "${ifconfig_args}" ]; then 90264790Sbapt ifconfig ${ifn} ${ifconfig_args} 91264790Sbapt showstat=true 92264790Sbapt fi 93264790Sbapt if [ "${showstat}" = "true" ] 94264790Sbapt then 95264790Sbapt ifconfig ${ifn} 96264790Sbapt fi 97264790Sbapt done 98264790Sbapt 99264790Sbapt # Warm up user ppp if required, must happen before natd. 100264790Sbapt if [ "X$ppp_enable" = X"YES" ]; then 101264790Sbapt # Establish ppp mode. 102264790Sbapt if [ "X$ppp_mode" != X"ddial" -a "X$ppp_mode" != X"direct" \ 103264790Sbapt -a "X$ppp_mode" != X"dedicated" ]; then \ 104264790Sbapt ppp_mode="auto"; 105264790Sbapt fi 106264790Sbapt ppp_command="-${ppp_mode} "; 107264790Sbapt 108264790Sbapt # Switch on alias mode? 109264790Sbapt if [ "X$ppp_alias" = X"YES" ]; then 110264790Sbapt ppp_command="${ppp_command} -alias"; 111264790Sbapt fi 112264790Sbapt 113264790Sbapt echo -n 'Starting ppp: '; ppp ${ppp_command} ${ppp_profile} 114264790Sbapt fi 115264790Sbapt 116264790Sbapt # Initialize IP filtering using ipfw 117264790Sbapt echo "" 118264790Sbapt /sbin/ipfw -q flush > /dev/null 2>&1 119264790Sbapt if [ $? = 0 ] ; then 120264790Sbapt firewall_in_kernel=1 121264790Sbapt else 122264790Sbapt firewall_in_kernel=0 123264790Sbapt fi 124264790Sbapt 125264790Sbapt if [ $firewall_in_kernel = 0 -a "x$firewall_enable" = "xYES" ] ; then 126264790Sbapt if kldload ipfw; then 127264790Sbapt firewall_in_kernel=1 # module loaded successfully 128264790Sbapt echo "Kernel firewall module loaded." 129264790Sbapt else 130264790Sbapt echo "Warning: firewall kernel module failed to load." 131264790Sbapt fi 132264790Sbapt fi 133264790Sbapt 134264790Sbapt # Load the filters if required 135264790Sbapt if [ $firewall_in_kernel = 1 ]; then 136264790Sbapt if [ -z "${firewall_script}" ] ; then 137264790Sbapt firewall_script="/etc/rc.firewall" 138264790Sbapt fi 139264790Sbapt if [ -f ${firewall_script} -a X"$firewall_enable" = X"YES" ]; then 140264790Sbapt . ${firewall_script} 141264790Sbapt echo -n 'Firewall rules loaded, starting divert daemons:' 142264790Sbapt 143264790Sbapt # Network Address Translation daemon 144264790Sbapt if [ X"${natd_enable}" = X"YES" -a -n "${natd_interface}" ]; then 145264790Sbapt if echo ${natd_interface} | \ 146264790Sbapt grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then 147264790Sbapt natd_ifarg="-a ${natd_interface}" 148264790Sbapt else 149264790Sbapt natd_ifarg="-n ${natd_interface}" 150264790Sbapt fi 151264790Sbapt echo -n ' natd'; ${natd_program} ${natd_flags} ${natd_ifarg} 152264790Sbapt fi 153264790Sbapt echo '.' 154264790Sbapt else 155264790Sbapt IPFW_DEFAULT=`ipfw l 65535` 156264790Sbapt if [ "$IPFW_DEFAULT" = "65535 deny ip from any to any" ]; then 157264790Sbapt echo -n "Warning: kernel has firewall functionality, " 158264790Sbapt echo "but firewall rules are not enabled." 159264790Sbapt echo " All ip services are disabled." 160264790Sbapt fi 161264790Sbapt fi 162264790Sbapt fi 163264790Sbapt 164264790Sbapt # Additional ATM interface configuration 165264790Sbapt if [ -n "${atm_pass1_done}" ]; then 166264790Sbapt atm_pass2 167264790Sbapt fi 168264790Sbapt 169264790Sbapt # Configure routing 170264790Sbapt 171264790Sbapt if [ "x$defaultrouter" != "xNO" ] ; then 172264790Sbapt static_routes="default ${static_routes}" 173264790Sbapt route_default="default ${defaultrouter}" 174264790Sbapt fi 175264790Sbapt 176264790Sbapt # Set up any static routes. This should be done before router discovery. 177264790Sbapt if [ "x${static_routes}" != "x" ]; then 178264790Sbapt for i in ${static_routes}; do 179264790Sbapt eval route_args=\$route_${i} 180264790Sbapt route add ${route_args} 181264790Sbapt done 182264790Sbapt fi 183264790Sbapt 184264790Sbapt echo -n 'Additional routing options:' 185264790Sbapt if [ -n "$tcp_extensions" -a "x$tcp_extensions" != "xYES" ] ; then 186264790Sbapt echo -n ' tcp extensions=NO' 187264790Sbapt sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 188264790Sbapt fi 189264790Sbapt 190264790Sbapt if [ -n "$log_in_vain" -a "x$log_in_vain" != "xNO" ] ; then 191264790Sbapt echo -n ' log_in_vain=YES' 192264790Sbapt sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null 193264790Sbapt sysctl -w net.inet.udp.log_in_vain=1 >/dev/null 194264790Sbapt fi 195264790Sbapt 196264790Sbapt if [ X"$icmp_bmcastecho" = X"YES" ]; then 197264790Sbapt echo -n ' broadcast ping responses=YES' 198264790Sbapt sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 199264790Sbapt fi 200264790Sbapt 201264790Sbapt if [ "X$gateway_enable" = X"YES" ]; then 202264790Sbapt echo -n ' IP gateway=YES' 203264790Sbapt sysctl -w net.inet.ip.forwarding=1 >/dev/null 204264790Sbapt fi 205264790Sbapt 206264790Sbapt if [ "X$forward_sourceroute" = X"YES" ]; then 207264790Sbapt echo -n ' do source routing=YES' 208264790Sbapt sysctl -w net.inet.ip.sourceroute=1 >/dev/null 209264790Sbapt fi 210264790Sbapt 211264790Sbapt if [ "X$accept_sourceroute" = X"YES" ]; then 212264790Sbapt echo -n ' accept source routing=YES' 213264790Sbapt sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null 214264790Sbapt fi 215264790Sbapt 216264790Sbapt if [ "X$tcp_keepalive" = X"YES" ]; then 217264790Sbapt echo -n ' TCP keepalive=YES' 218264790Sbapt sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null 219264790Sbapt fi 220264790Sbapt 221264790Sbapt if [ "X$ipxgateway_enable" = X"YES" ]; then 222264790Sbapt echo -n ' IPX gateway=YES' 223264790Sbapt sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null 224264790Sbapt fi 225264790Sbapt 226264790Sbapt if [ "X$arpproxy_all" = X"YES" ]; then 227264790Sbapt echo -n ' ARP proxyall=YES' 228264790Sbapt sysctl -w net.link.ether.inet.proxyall=1 >/dev/null 229264790Sbapt fi 230264790Sbapt echo '.' 231264790Sbapt 232264790Sbapt echo -n 'routing daemons:' 233264790Sbapt if [ "X$router_enable" = X"YES" ]; then 234264790Sbapt echo -n " ${router}"; ${router} ${router_flags} 235264790Sbapt fi 236264790Sbapt 237264790Sbapt if [ "X$ipxrouted_enable" = X"YES" ]; then 238264790Sbapt echo -n ' IPXrouted' 239264790Sbapt IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 240264790Sbapt fi 241264790Sbapt 242264790Sbapt if [ "X${mrouted_enable}" = X"YES" ]; then 243264790Sbapt echo -n ' mrouted'; mrouted ${mrouted_flags} 244264790Sbapt fi 245264790Sbapt 246264790Sbapt if [ "X$rarpd_enable" = X"YES" ]; then 247264790Sbapt echo -n ' rarpd'; rarpd ${rarpd_flags} 248264790Sbapt fi 249264790Sbapt echo '.' 250264790Sbapt network_pass1_done=YES # Let future generations know we made it. 251264790Sbapt} 252264790Sbapt 253264790Sbaptnetwork_pass2() { 254264790Sbapt echo -n 'Doing additional network setup:' 255264790Sbapt if [ "X${named_enable}" = X"YES" ]; then 256264790Sbapt echo -n ' named'; ${named_program-"named"} ${named_flags} 257264790Sbapt fi 258264790Sbapt 259264790Sbapt if [ "X${ntpdate_enable}" = X"YES" ]; then 260264790Sbapt echo -n ' ntpdate'; ${ntpdate_program} ${ntpdate_flags} >/dev/null 2>&1 261264790Sbapt fi 262264790Sbapt 263264790Sbapt if [ "X${xntpd_enable}" = X"YES" ]; then 264264790Sbapt echo -n ' xntpd'; ${xntpd_program} ${xntpd_flags} 265264790Sbapt fi 266264790Sbapt 267264790Sbapt if [ "X${timed_enable}" = X"YES" ]; then 268264790Sbapt echo -n ' timed'; timed ${timed_flags} 269264790Sbapt fi 270264790Sbapt 271264790Sbapt if [ "X${portmap_enable}" = X"YES" ]; then 272264790Sbapt echo -n ' portmap'; ${portmap_program} ${portmap_flags} 273264790Sbapt fi 274264790Sbapt 275264790Sbapt # Start ypserv if we're an NIS server. 276264790Sbapt # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. 277264790Sbapt if [ "X${nis_server_enable}" = X"YES" ]; then 278264790Sbapt echo -n ' ypserv'; ypserv ${nis_server_flags} 279264790Sbapt 280264790Sbapt if [ "X${nis_ypxfrd_enable}" = X"YES" ]; then 281264790Sbapt echo -n ' rpc.ypxfrd'; rpc.ypxfrd ${nis_ypxfrd_flags} 282264790Sbapt fi 283264790Sbapt 284264790Sbapt if [ "X${nis_yppasswdd_enable}" = X"YES" ]; then 285264790Sbapt echo -n ' rpc.yppasswdd'; rpc.yppasswdd ${nis_yppasswdd_flags} 286264790Sbapt fi 287264790Sbapt fi 288264790Sbapt 289264790Sbapt # Start ypbind if we're an NIS client 290264790Sbapt if [ "X${nis_client_enable}" = X"YES" ]; then 291264790Sbapt echo -n ' ypbind'; ypbind ${nis_client_flags} 292264790Sbapt if [ "X${nis_ypset_enable}" = X"YES" ]; then 293264790Sbapt echo -n ' ypset'; ypset ${nis_ypset_flags} 294264790Sbapt fi 295264790Sbapt fi 296264790Sbapt 297264790Sbapt # Start keyserv if we are running Secure RPC 298264790Sbapt if [ "X${keyserv_enable}" = X"YES" ]; then 299264790Sbapt echo -n ' keyserv'; keyserv ${keyserv_flags} 300264790Sbapt fi 301264790Sbapt # Start ypupdated if we are running Secure RPC and we are NIS master 302264790Sbapt if [ "X$rpc_ypupdated_enable" = X"YES" ]; then 303264790Sbapt echo -n ' rpc.ypupdated'; rpc.ypupdated 304264790Sbapt fi 305264790Sbapt 306264790Sbapt # Start ATM daemons 307264790Sbapt if [ -n "${atm_pass2_done}" ]; then 308264790Sbapt atm_pass3 309264790Sbapt fi 310264790Sbapt 311264790Sbapt echo '.' 312264790Sbapt network_pass2_done=YES 313264790Sbapt} 314264790Sbapt 315264790Sbaptnetwork_pass3() { 316264790Sbapt echo -n 'Starting final network daemons:' 317264790Sbapt 318264790Sbapt if [ "X${nfs_server_enable}" = X"YES" -a -r /etc/exports ]; then 319264790Sbapt echo -n ' mountd' 320264790Sbapt if [ "X${weak_mountd_authentication}" = X"YES" ]; then 321264790Sbapt mountd_flags="-n" 322264790Sbapt fi 323264790Sbapt mountd ${mountd_flags} 324264790Sbapt if [ "X${nfs_reserved_port_only}" = X"YES" ]; then 325264790Sbapt echo -n ' NFS on reserved port only=YES' 326264790Sbapt sysctl -w vfs.nfs.nfs_privport=1 >/dev/null 327264790Sbapt fi 328264790Sbapt echo -n ' nfsd'; nfsd ${nfs_server_flags} 329264790Sbapt if [ "X$rpc_lockd_enable" = X"YES" ]; then 330264790Sbapt echo -n ' rpc.lockd'; rpc.lockd 331264790Sbapt fi 332264790Sbapt if [ "X$rpc_statd_enable" = X"YES" ]; then 333264790Sbapt echo -n ' rpc.statd'; rpc.statd 334264790Sbapt fi 335264790Sbapt fi 336264790Sbapt 337264790Sbapt if [ "X${nfs_client_enable}" = X"YES" ]; then 338264790Sbapt echo -n ' nfsiod'; nfsiod ${nfs_client_flags} 339264790Sbapt if [ "X${nfs_access_cache}" != X ]; then 340264790Sbapt echo -n " NFS access cache time=${nfs_access_cache}" 341264790Sbapt sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} \ 342264790Sbapt >/dev/null 343264790Sbapt fi 344264790Sbapt fi 345264790Sbapt 346264790Sbapt if [ "X${amd_enable}" = X"YES" ]; then 347264790Sbapt echo -n ' amd' 348264790Sbapt if [ "X${amd_map_program}" != X"NO" ]; then 349264790Sbapt amd_flags="${amd_flags} `eval ${amd_map_program}`" 350264790Sbapt fi 351264790Sbapt if [ -n "$amd_flags" ] 352264790Sbapt then 353264790Sbapt amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null 354264790Sbapt else 355264790Sbapt amd 2> /dev/null 356264790Sbapt fi 357264790Sbapt fi 358264790Sbapt 359264790Sbapt if [ "X${rwhod_enable}" = X"YES" ]; then 360264790Sbapt echo -n ' rwhod'; rwhod ${rwhod_flags} 361264790Sbapt fi 362264790Sbapt 363264790Sbapt # Kerberos runs ONLY on the Kerberos server machine 364264790Sbapt if [ "X${kerberos_server_enable}" = X"YES" ]; then 365264790Sbapt if [ "X${kerberos_stash}" = "XYES" ]; then 366264790Sbapt stash_flag=-n 367264790Sbapt else 368264790Sbapt stash_flag= 369264790Sbapt fi 370264790Sbapt echo -n ' kerberos'; \ 371264790Sbapt kerberos ${stash_flag} >> /var/log/kerberos.log & 372264790Sbapt if [ "X${kadmind_server_enable}" = "XYES" ]; then 373264790Sbapt echo -n ' kadmind'; \ 374264790Sbapt (sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) & 375264790Sbapt fi 376264790Sbapt unset stash_flag 377264790Sbapt fi 378264790Sbapt 379264790Sbapt echo '.' 380264790Sbapt network_pass3_done=YES 381264790Sbapt} 382264790Sbapt