defaultroute revision 44668
1141586Simp#!/bin/sh - 2141586Simp# 3141586Simp# $Id: rc.network,v 1.39 1999/01/13 17:32:37 joerg Exp $ 4141586Simp# From: @(#)netstart 5.9 (Berkeley) 3/30/91 5141586Simp 6141586Simp# Note that almost all the user-configurable behavior is no longer in 7141586Simp# this file, but rather in /etc/rc.conf. Please check that file 8141586Simp# first before contemplating any changes here. If you do need to change 9141586Simp# this file for some reason, we would like to know about it. 10141586Simp 11141586Simp# First pass startup stuff. 12141586Simp 13141586Simpnetwork_pass1() { 14141586Simp echo -n 'Doing initial network setup:' 15141586Simp # Set the host name if it is not already set 16141586Simp if [ -z "`hostname -s`" ] ; then 17141586Simp hostname $hostname 18141586Simp echo -n ' hostname' 19141586Simp fi 20141586Simp 21141586Simp # Set the domainname if we're using NIS 22141586Simp if [ -n "$nisdomainname" -a "x$nisdomainname" != "xNO" ] ; then 23141586Simp domainname $nisdomainname 24141586Simp echo -n ' domain' 25141586Simp fi 26141586Simp echo '.' 27141586Simp 28141586Simp # Initial ATM interface configuration 29141586Simp if [ "X${atm_enable}" = X"YES" -a -f /etc/rc.atm ]; then 30141586Simp . /etc/rc.atm 31141586Simp atm_pass1 32141586Simp fi 33141586Simp 34141586Simp # ISDN subsystem startup 35141586Simp if [ "X${isdn_enable}" = X"YES" -a -f /etc/rc.isdn ]; then 36141586Simp . /etc/rc.isdn 37141586Simp fi 38141586Simp 39141586Simp # Special options for sppp(4) interfaces go here. These need 40141586Simp # to go _before_ the general ifconfig section, since in the case 41141586Simp # of hardwired (no link1 flag) but required authentication, you 42141586Simp # cannot pass auth parameters down to the already running interface. 43141586Simp for ifn in ${sppp_interfaces}; do 44141586Simp eval spppcontrol_args=\$spppconfig_${ifn} 45141586Simp if [ -n "${spppcontrol_args}" ] ; then 46141586Simp # The auth secrets might contain spaces; in order 47141586Simp # to retain the quotation, we need to eval them 48141586Simp # here. 49141586Simp eval spppcontrol ${ifn} ${spppcontrol_args} 50141586Simp fi 51141586Simp done 52141586Simp 53141586Simp # Set up all the network interfaces, calling startup scripts if needed 54141586Simp for ifn in ${network_interfaces}; do 55141586Simp if [ -e /etc/start_if.${ifn} ]; then 56141586Simp . /etc/start_if.${ifn} 57141586Simp fi 58141586Simp # Do the primary ifconfig if specified 59141586Simp eval ifconfig_args=\$ifconfig_${ifn} 60141586Simp if [ -n "${ifconfig_args}" ] ; then 61141586Simp ifconfig ${ifn} ${ifconfig_args} 62141586Simp fi 63141586Simp # Check to see if aliases need to be added 64141586Simp alias=0 65141586Simp while : 66141586Simp do 67141586Simp eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} 68141586Simp if [ -n "${ifconfig_args}" ]; then 69141586Simp ifconfig ${ifn} ${ifconfig_args} alias 70141586Simp alias=`expr ${alias} + 1` 71141586Simp else 72141586Simp break; 73141586Simp fi 74141586Simp done 75141586Simp # Do ipx address if specified 76141586Simp eval ifconfig_args=\$ifconfig_${ifn}_ipx 77141586Simp if [ -n "${ifconfig_args}" ]; then 78141586Simp ifconfig ${ifn} ${ifconfig_args} 79141586Simp fi 80141586Simp ifconfig ${ifn} 81141586Simp done 82141586Simp 83141586Simp # Initialize IP filtering using ipfw 84141586Simp echo "" 85141586Simp /sbin/ipfw -q flush > /dev/null 2>&1 86141586Simp if [ $? = 0 ] ; then 87141586Simp firewall_in_kernel=1 88141586Simp else 89141586Simp firewall_in_kernel=0 90141586Simp fi 91141586Simp 92141586Simp if [ $firewall_in_kernel = 0 -a "x$firewall_enable" = "xYES" ] ; then 93141586Simp if kldload ipfw; then 94141586Simp firewall_in_kernel=1 # module loaded successfully 95141586Simp echo "Kernel firewall module loaded." 96141586Simp else 97141586Simp echo "Warning: firewall kernel module failed to load." 98141586Simp fi 99141586Simp fi 100141586Simp 101141586Simp # Load the filters if required 102141586Simp if [ $firewall_in_kernel = 1 ]; then 103141586Simp if [ -n "$firewall_enable" -a -f /etc/rc.firewall -a \ 104141586Simp "x$firewall_enable" = "xYES" ] ; then 105141586Simp . /etc/rc.firewall 106141586Simp echo "Firewall rules loaded." 107141586Simp else 108141586Simp IPFW_DEFAULT=`ipfw l 65535` 109141586Simp if [ "$IPFW_DEFAULT" = "65535 deny ip from any to any" ]; then 110141586Simp echo -n "Warning: kernel has firewall functionality, " 111141586Simp echo "but firewall rules are not enabled." 112141586Simp echo " All ip services are disabled." 113141586Simp fi 114141586Simp fi 115141586Simp fi 116141586Simp 117141586Simp # Additional ATM interface configuration 118141586Simp if [ -n "${atm_pass1_done}" ]; then 119141586Simp atm_pass2 120141586Simp fi 121141586Simp 122141586Simp # Configure routing 123141586Simp 124141586Simp if [ "x$defaultrouter" != "xNO" ] ; then 125141586Simp static_routes="default ${static_routes}" 126141586Simp route_default="default ${defaultrouter}" 127141586Simp fi 128141586Simp 129141586Simp # Set up any static routes. This should be done before router discovery. 130141586Simp if [ "x${static_routes}" != "x" ]; then 131141586Simp for i in ${static_routes}; do 132141586Simp eval route_args=\$route_${i} 133141586Simp route add ${route_args} 134141586Simp done 135141586Simp fi 136141586Simp 137141586Simp echo -n 'Additional routing options:' 138141586Simp if [ -n "$tcp_extensions" -a "x$tcp_extensions" != "xYES" ] ; then 139141586Simp echo -n ' tcp extensions=NO' 140141586Simp sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 2>&1 141141586Simp fi 142141586Simp 143141586Simp if [ X"$icmp_bmcastecho" = X"YES" ]; then 144141586Simp echo -n ' broadcast ping responses=YES' 145141586Simp sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 2>&1 146141586Simp fi 147141586Simp 148141586Simp if [ "X$gateway_enable" = X"YES" ]; then 149141586Simp echo -n ' IP gateway=YES' 150141586Simp sysctl -w net.inet.ip.forwarding=1 >/dev/null 2>&1 151141586Simp fi 152141586Simp 153141586Simp if [ "X$forward_sourceroute" = X"YES" ]; then 154141586Simp echo -n ' do source routing=YES' 155141586Simp sysctl -w net.inet.ip.sourceroute=1 >/dev/null 2>&1 156141586Simp fi 157141586Simp 158141586Simp if [ "X$accept_sourceroute" = X"YES" ]; then 159141586Simp echo -n ' accept source routing=YES' 160141586Simp sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null 2>&1 161141586Simp fi 162141586Simp 163141586Simp if [ "X$ipxgateway_enable" = X"YES" ]; then 164141586Simp echo -n ' IPX gateway=YES' 165141586Simp sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null 2>&1 166141586Simp fi 167141586Simp 168141586Simp if [ "X$arpproxy_all" = X"YES" ]; then 169141586Simp echo -n ' enabling ARP_PROXY_ALL: ' 170141586Simp sysctl -w net.link.ether.inet.proxyall=1 2>&1 171141586Simp fi 172141586Simp echo '.' 173141586Simp 174141586Simp echo -n 'routing daemons:' 175141586Simp if [ "X$router_enable" = X"YES" ]; then 176141586Simp echo -n " ${router}"; ${router} ${router_flags} 177141586Simp fi 178141586Simp 179141586Simp if [ "X$ipxrouted_enable" = X"YES" ]; then 180141586Simp echo -n ' IPXrouted' 181141586Simp IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 182141586Simp fi 183141586Simp 184141586Simp if [ "X${mrouted_enable}" = X"YES" ]; then 185141586Simp echo -n ' mrouted'; mrouted ${mrouted_flags} 186141586Simp fi 187141586Simp 188141586Simp if [ "X$rarpd_enable" = X"YES" ]; then 189141586Simp echo -n ' rarpd'; rarpd ${rarpd_flags} 190141586Simp fi 191141586Simp echo '.' 192141586Simp network_pass1_done=YES # Let future generations know we made it. 193141586Simp} 194141586Simp 195141586Simpnetwork_pass2() { 196141586Simp echo -n 'Doing additional network setup:' 197141586Simp if [ "X${named_enable}" = X"YES" ]; then 198141586Simp echo -n ' named'; ${named_program-"named"} ${named_flags} 199141586Simp fi 200141586Simp 201141586Simp if [ "X${ntpdate_enable}" = X"YES" ]; then 202141586Simp echo -n ' ntpdate'; ${ntpdate_program} ${ntpdate_flags} >/dev/null 2>&1 203141586Simp fi 204141586Simp 205141586Simp if [ "X${xntpd_enable}" = X"YES" ]; then 206141586Simp echo -n ' xntpd'; ${xntpd_program} ${xntpd_flags} 207141586Simp fi 208141586Simp 209141586Simp if [ "X${timed_enable}" = X"YES" ]; then 210141586Simp echo -n ' timed'; timed ${timed_flags} 211141586Simp fi 212141586Simp 213141586Simp if [ "X${portmap_enable}" = X"YES" ]; then 214141586Simp echo -n ' portmap'; ${portmap_program} ${portmap_flags} 215141586Simp fi 216141586Simp 217141586Simp # Start ypserv if we're an NIS server. 218141586Simp # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. 219141586Simp if [ "X${nis_server_enable}" = X"YES" ]; then 220141586Simp echo -n ' ypserv'; ypserv ${nis_server_flags} 221141586Simp 222141586Simp if [ "X${nis_ypxfrd_enable}" = X"YES" ]; then 223141586Simp echo -n ' rpc.ypxfrd'; rpc.ypxfrd ${nis_ypxfrd_flags} 224141586Simp fi 225141586Simp 226141586Simp if [ "X${nis_yppasswdd_enable}" = X"YES" ]; then 227141586Simp echo -n ' rpc.yppasswdd'; rpc.yppasswdd ${nis_yppasswdd_flags} 228141586Simp fi 229141586Simp fi 230141586Simp 231141586Simp # Start ypbind if we're an NIS client 232141586Simp if [ "X${nis_client_enable}" = X"YES" ]; then 233141586Simp echo -n ' ypbind'; ypbind ${nis_client_flags} 234141586Simp if [ "X${nis_ypset_enable}" = X"YES" ]; then 235141586Simp echo -n ' ypset'; ypset ${nis_ypset_flags} 236141586Simp fi 237141586Simp fi 238141586Simp 239141586Simp # Start keyserv if we are running Secure RPC 240141586Simp if [ "X${keyserv_enable}" = X"YES" ]; then 241141586Simp echo -n ' keyserv'; keyserv ${keyserv_flags} 242141586Simp fi 243141586Simp # Start ypupdated if we are running Secure RPC and we are NIS master 244141586Simp if [ "X$rpc_ypupdated_enable" = X"YES" ]; then 245141586Simp echo -n ' rpc.ypupdated'; rpc.ypupdated 246141586Simp fi 247141586Simp 248141586Simp # Start ATM daemons 249141586Simp if [ -n "${atm_pass2_done}" ]; then 250141586Simp atm_pass3 251141586Simp fi 252141586Simp 253141586Simp echo '.' 254141586Simp network_pass2_done=YES 255141586Simp} 256141586Simp 257141586Simpnetwork_pass3() { 258141586Simp echo -n 'Starting final network daemons:' 259141586Simp 260141586Simp if [ "X${nfs_server_enable}" = X"YES" -a -r /etc/exports ]; then 261141586Simp echo -n ' mountd' 262141586Simp if [ "X${weak_mountd_authentication}" = X"YES" ]; then 263141586Simp mountd_flags="-n" 264141586Simp fi 265141586Simp mountd ${mountd_flags} 266141586Simp if [ "X${nfs_reserved_port_only}" = X"YES" ]; then 267141586Simp sysctl -w vfs.nfs.nfs_privport=1 >/dev/null 2>&1 268141586Simp fi 269141586Simp echo -n ' nfsd'; nfsd ${nfs_server_flags} 270141586Simp if [ "X$rpc_lockd_enable" = X"YES" ]; then 271141586Simp echo -n ' rpc.lockd'; rpc.lockd 272141586Simp fi 273141586Simp if [ "X$rpc_statd_enable" = X"YES" ]; then 274141586Simp echo -n ' rpc.statd'; rpc.statd 275141586Simp fi 276141586Simp fi 277141586Simp 278141586Simp if [ "X${nfs_client_enable}" = X"YES" ]; then 279141586Simp echo -n ' nfsiod'; nfsiod ${nfs_client_flags} 280141586Simp if [ "X${nfs_access_cache}" != X ]; then 281141586Simp sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} \ 282141586Simp >/dev/null 2>&1 283141586Simp fi 284141586Simp fi 285141586Simp 286141586Simp if [ "X${amd_enable}" = X"YES" ]; then 287141586Simp echo -n ' amd' 288141586Simp if [ "X${amd_map_program}" != X"NO" ]; then 289141586Simp amd_flags="${amd_flags} `eval ${amd_map_program}`" 290141586Simp fi 291141586Simp amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null 292141586Simp fi 293141586Simp 294141586Simp if [ "X${rwhod_enable}" = X"YES" ]; then 295141586Simp echo -n ' rwhod'; rwhod ${rwhod_flags} 296141586Simp fi 297141586Simp 298141586Simp # Kerberos runs ONLY on the Kerberos server machine 299141586Simp if [ "X${kerberos_server_enable}" = X"YES" ]; then 300141586Simp if [ "X${kerberos_stash}" = "XYES" ]; then 301141586Simp stash_flag=-n 302141586Simp else 303141586Simp stash_flag= 304141586Simp fi 305141586Simp echo -n ' kerberos'; \ 306141586Simp kerberos ${stash_flag} >> /var/log/kerberos.log & 307141586Simp if [ "X${kadmind_server_enable}" = "XYES" ]; then 308141586Simp echo -n ' kadmind'; \ 309141586Simp (sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) & 310141586Simp fi 311141586Simp unset stash_flag 312141586Simp fi 313141586Simp 314141586Simp # Network Address Translation daemon 315141586Simp if [ "X${natd_enable}" = X"YES" -a X"${natd_interface}" != X"" \ 316141586Simp -a X"${firewall_enable}" = X"YES" ]; then 317141586Simp if echo ${natd_interface} | \ 318141586Simp grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then 319141586Simp natd_ifarg="-a ${natd_interface}" 320141586Simp else 321141586Simp natd_ifarg="-n ${natd_interface}" 322141586Simp fi 323141586Simp echo -n ' natd'; natd ${natd_flags} ${natd_ifarg} 324141586Simp fi 325141586Simp 326141586Simp echo '.' 327141586Simp network_pass3_done=YES 328141586Simp} 329141586Simp