I have recently installed fc12 on a new hard drive in a vain attempt to upgrade my existing linux box from fc4 and I have had a few rather puzzling moments with this so far. And I am only at the beginning. I have installed fedora core 4 and 8 (and redhat 7.3 and 9 before that) on previous occasions, but don't remember things being as frustrating. I am experiencing tons of 'fun' this time around, and so is the remaining hair on my head... :-(
The installation went over smoothly, without any problems. I have two ethernet cards on my box. eth0 is my internal interface (192.168.2.1) and eth1 is the interface connected to a DSL modem and my provider. I have manually installed rp-pppoe from the fc12 dvd using (as root):
yum install rp-pppoe-3.10-6.fc12.i686.rpm
and then did
I passed all the required values when asked.
Login name: my ISP provided login
Ethernet interface: eth1
DNS info: none (ISP provided)
password: my password
firewalling: 2 (masquerade)
start at boot time: yes
After this, I do either ifup ppp0 or pppoe-start, and voila, I am connected:
[root@localhost ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:13:20:8F:6E:35
inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::213:20ff:fe8f:6e35/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:15157 errors:0 dropped:0 overruns:0 frame:0
TX packets:355 errors:0 dropped:0 overruns:0 carrier:0
RX bytes:1126787 (1.0 MiB) TX bytes:59762 (58.3 KiB)
eth1 Link encap:Ethernet HWaddr 00:50:BA:A8:31:BF
inet6 addr: fe80::250:baff:fea8:31bf/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:10235 errors:0 dropped:0 overruns:0 frame:0
TX packets:23589 errors:0 dropped:0 overruns:0 carrier:0
RX bytes:7570516 (7.2 MiB) TX bytes:2962782 (2.8 MiB)
Interrupt:17 Base address:0xaf80
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2026 errors:0 dropped:0 overruns:0 frame:0
TX packets:2026 errors:0 dropped:0 overruns:0 carrier:0
RX bytes:85832 (83.8 KiB) TX bytes:85832 (83.8 KiB)
ppp0 Link encap:Point-to-Point Protocol
inet addr:xxx.xxx.xxx.xxx P-t-P:xxx.xxx.xxx.xxx Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:9828 errors:0 dropped:0 overruns:0 frame:0
TX packets:23185 errors:0 dropped:0 overruns:0 carrier:0
RX bytes:7329714 (6.9 MiB) TX bytes:2440226 (2.3 MiB)
Now the first puzzling moment is about rp-pppoe and the ppp0 interface. I have spent a day and a half unsuccessfully trying to get it to come up with the system, which I thought would be a given by answering 'yes' to the start at boot time option during pppoe-setup. No matter what I did, it simply stays down. I have played around with userctrl set to yes so that any user can bring the ppp0 up or down (and I know this is not smartest setting one can make, but nonetheless...). With that setting, I would issue:
pppoe-start (or adsl-start)
and get an immediate prompt back, and no ppp connection. I can bring this up only as root. So my question is, out of the box, this simply doesn't work? Like, what the hell? Is this a case of -- oh, do this and it will work like a charm (and if it is, what is that little thing I need to do?), or is the setup from rp-pppoe-3.10-6.fc12.i686.rpm just not configured to work properly with fc12? What gives..?
[root@localhost network-scripts]# cat ifcfg-ppp0
USER=My ISP logon
The last line implies that this interface will be controlled by the network manager. The network manager starts up however, but ppp0 is not playing ball.
Now the second puzzling moment gets even more interesting, to me at least. By default, fc12 comes with iptables and ip6tables installed as active services on runlevel 5. Not entirely sure about what to make of the v6 iptables running, but the ppp0 interface set up by pppoe-setup makes use of only iptables, i.e. v4. Additionally, during setup, pppoe-setup asked about firewalling. Since I have an internal network (that I had masqueraded in the previous iteration of iptables and fc4), I selected option 2 -- MASQUERADE. Now, this comes with a script called firewall-masq in /etc/ppp. That script exists only in that directory, and did not get copied anywhere by the setup. Should it have? How do the existing iptables and ip6tables get along with firewall-masq? Silly question perhaps, since the latter does not get invoked? Or does it? My understanding is only on or the other should be used, otherwise, iptables chains and targets may get overwritten by the two scripts being used simultaneously.
My previous installation with fc4 made use of the iptables firewall I found here:
I would assume if I wanted to use that, I would need to:
chkconfig --del iptables ip6tables
to remove the currently installed iptables script, and would essentially disregard to firewall-masq I mentioned above? Is there a better iptables based script for a Linux DSL firewall box with two interfaces?
And finally my last puzzling piece is about SELinux, and I am going to go out on a limb and guess I am not very lonely in that group. I find this thing really annoying. If this is meant to get Linux to be more adopted because it's safer and easier to install, it just ain't doing the job. Again, I may be a 'little' frustrated at this point, but I can't help thinking that this is a venomous nasty pig taking it's toll. I mean, do I really need or want SELinux? On fc4 that thing had the PERMISSIVE setting by default. This has now grown into ENFORCED. What risk would I be running if I simply disabled this and relabled everything on the next boot? The last time I had encountered SELinux fun was with fc8, and then it took me a looong while to figure out I needed to set a freaking boolean in order for my actually correct samba configuration to start working. Could it be that the pppoe-setup script doesn't succeed in setting ppp0 to come up on boot because of SELinux? Or is it just rp-pppoe (or me) and there is nothing wrong with SELinux, because it's one of those things that's just good for you in spite of tasting like pure unadulterated crap.
And finally, a) thanks for reading this far, and b) I have also poured over a large number of HOWTOs, and other resources I came across, but didn't find answers to my questions, which I guess is why I am posting here.
In other words, please help if you can. It will be *much* appreciated!