ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

ETH_DEVICE_SKIP doesn't work with VLAN devices

https://mail.forum.configserver.com/viewtopic.php?t=9151

Page 1 of 1

ETH_DEVICE_SKIP doesn't work with VLAN devices

Posted: 12 Jan 2016, 15:13
by vegar_nilsen
Hi,

we're mounting a backup drive over NFS on a private network. This network is connected through a separate VLAN on a failover bond with two interfaces. When I add bond0.821 to csf.conf:ETH_DEVICE_SKIP I get this error message on "csf -r":

Code: Select all

*WARNING* ETH_DEVICE_SKIP device [bond0.821] not listed in ifconfig

*WARNING* RESTRICT_SYSLOG is disabled. See SECURITY WARNING in /etc/csf/csf.conf.
root@host03 [/etc/csf]# less /usr/sbin/csf 
root@host03 [/etc/csf]# ifconfig bond0.821
bond0.821 Link encap:Ethernet  HWaddr 00:25:90:FC:6F:3C  
          inet addr:10.9.12.102  Bcast:10.9.12.255  Mask:255.255.255.0
          inet6 addr: fe80::225:90ff:fefc:6f3c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1659 errors:0 dropped:0 overruns:0 frame:0
          TX packets:15 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:76798 (74.9 KiB)  TX bytes:1082 (1.0 KiB)
To get around this I commented out the device name check in /usr/sbin/csf, like this:

Code: Select all

                foreach my $device (split(/\,/,$config{ETH_DEVICE_SKIP})) {
                        #if ($ifaces{$device}) {
                                &syscommand(__LINE__,"$config{IPTABLES} $verbose -I INPUT  -i $device -j $acce
pt");
                                &syscommand(__LINE__,"$config{IPTABLES} $verbose -I OUTPUT -o $device -j $acce
pt");
                                if ($config{IPV6}) {
                                        &syscommand(__LINE__,"$config{IP6TABLES} $verbose -I INPUT  -i $device
 -j $accept");
                                        &syscommand(__LINE__,"$config{IP6TABLES} $verbose -I OUTPUT -o $device
 -j $accept");
                                }
                        #} else {
                                #$warning .= "*WARNING* ETH_DEVICE_SKIP device [$device] not listed in ifconfig\n";
                        #}
                }
After I did this and ran "csf -r" I got the expected result:

Code: Select all

ACCEPT  all opt -- in bond0.821 out *  0.0.0.0/0  -> 0.0.0.0/0  
ACCEPT  all opt -- in * out bond0.821  0.0.0.0/0  -> 0.0.0.0/0  
ACCEPT  all opt    in bond0.821 out *  ::/0  -> ::/0  
ACCEPT  all opt    in * out bond0.821  ::/0  -> ::/0

Re: ETH_DEVICE_SKIP doesn't work with VLAN devices

Posted: 12 Jan 2016, 15:56
by ForumAdmin
The scripts will not like the full stop (.) in the device name which is causing the problem. We'll look into catering for that in the next release.

Re: ETH_DEVICE_SKIP doesn't work with VLAN devices

Posted: 12 Jan 2016, 16:14
by vegar_nilsen
ForumAdmin wrote:The scripts will not like the full stop (.) in the device name which is causing the problem. We'll look into catering for that in the next release.
Thanks, that would be great.

Re: ETH_DEVICE_SKIP doesn't work with VLAN devices

Posted: 14 Jan 2016, 22:06
by ForumAdmin
This should hopefully have been addresses in v8.09 which we have just released:
http://blog.configserver.com
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited