DaHai8
Posts: 55
Joined: Fri Jul 31, 2015 9:21 am

pre-up not running script

Tue Dec 22, 2015 1:08 pm

I this a script to open the firewall for OpenVPN:

Code: Select all

#!/bin/sh
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to-source 10.254.22.184
I have it in my /etc/network/interfaces file like so:

Code: Select all

auto lo
iface lo inet loopback

iface eth0 inet manual
  pre-up /etc/open_vpn_firewall.sh
The script is set with

Code: Select all

chmod 700 /etc/open_vpn_firewall.sh
chown root /etc/open_vpn_firewall.sh
I reboot the Pi and connect with OpenVPN client just fine. BUT I can't access any web pages...unless I manually execute the open_vpn_firewall.sh script on the Pi through SSH. Then everything works!

Any ideas what could be wrong? Why this doesn't seem to execute on startup?

P.S. I'm running Jessie Lite with updates/upgrades


Thanks!

chesty
Posts: 9
Joined: Tue May 21, 2013 5:32 am

Re: pre-up not running script

Tue Dec 22, 2015 5:28 pm

I think manual means the ifup command doesn't handle the interface,
so pre-up doesn't get run.

I don't know what brings the interface up though, you have a choice of finding out how the interface is brought up, and see if that has any hooks, or change the interface to dhcp and auto

DaHai8
Posts: 55
Joined: Fri Jul 31, 2015 9:21 am

Re: pre-up not running script

Wed Dec 23, 2015 1:40 am

I tried auto and dhcp, still no joy :(

chesty
Posts: 9
Joined: Tue May 21, 2013 5:32 am

Re: pre-up not running script

Wed Dec 23, 2015 2:06 am

I don't know then.

this isn't the problem, but will make it more bullet proof if your dhcp ip changes

change
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to-source 10.254.22.184
to
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

paste your full interfaces file now

DaHai8
Posts: 55
Joined: Fri Jul 31, 2015 9:21 am

Re: pre-up not running script

Wed Dec 23, 2015 3:58 am

Thanks Chesty,

You're right, it didn't fix the problem, but it the 'MASQUERADE' does help with dhcp changes. :)

The thing that bugs me is that this used to work under Wheezy...

chesty
Posts: 9
Joined: Tue May 21, 2013 5:32 am

Re: pre-up not running script

Wed Dec 23, 2015 11:54 am

this works for me

auto wlan0
allow-hotplug wlan0
iface wlan0 inet dhcp
wpa-ssid blah
wpa-psk blah
pre-up iptables -I INPUT -j ACCEPT

I'm running debian not raspbian, but there's not much different.

Grez
Posts: 2
Joined: Sun Jan 03, 2016 5:46 pm

Re: pre-up not running script

Sun Jan 03, 2016 6:16 pm

I've got exactly the same problem and a new Jessie-lite build, and this is works fine on my other pi with a previous Jessie build.

Did you ever find out what the problem was?

Cheers
Grez..

Grez
Posts: 2
Joined: Sun Jan 03, 2016 5:46 pm

Re: pre-up not running script

Sun Jan 03, 2016 8:35 pm

OK I've figured it out, I needed to add the below into the interface file.

Code: Select all

auto eth0
So I now have the below in the interfaces file and this is working just fine.

Code: Select all

auto eth0
iface eth0 inet manual
  pre-up /etc/openvpnfirewall.sh
Cheers Grez..

mann
Posts: 11
Joined: Mon Jan 26, 2015 2:44 pm

Re: pre-up not running script

Thu Dec 01, 2016 8:26 pm

I had the same problem, auto eth0 solved it.

Someone care to explain this auto eth0 and why it didn't work before?

raygeeknyc
Posts: 2
Joined: Sat Sep 28, 2013 11:05 pm

Re: pre-up not running script

Sun Oct 08, 2017 9:49 pm

I've been wrestling with this mess for a while and found the following working solution

1) Run the script as a hook from dhcpcd, rather than if-up which is broken IMO in Raspbian Jessie
2) Run the aforementioned hook by a change to systemd configuration which, in Jessie is the mechanism in use, despite the presence of an old-style init.d script

so... what to do:
My script is /etc/dhcp/dhclient-enter-hooks.d/advertise
I cause dhcpcd to run the hooks by adding the "--script" option to the dhcpcd command run by systemd as found by...
$ pkg-config systemd --variable=systemdsystemunitdir
/lib/systemd/system
vi /lib/systemd/system/dhcpcd.service
[Service]
...
ExecStart - add "--script /sbin/dhclient-script" to the end of the command
$ systemctl daemon-reload
and...voila!

Return to “Troubleshooting”