0

I use netplan with 2 NICs, one for the LAN enp0s31f6 and one for the internet enp6s0.

Firstly I can't get systemctl to launch iptables successfully. It says it does in the logs - but when I check, iptables has no rules set up:

Apr 27 11:44:31 localhost systemd[1]: Starting iptables...
Apr 27 11:44:31 localhost iptables[1389]: Executing iptables firewall /etc/iptables/iptables.fw
Apr 27 11:44:31 localhost iptables[1389]: Activating firewall
Apr 27 11:44:31 localhost systemd[1]: Started Wait until snapd is fully seeded.
Apr 27 11:44:31 localhost root: Activating firewall
Apr 27 11:44:31 localhost systemd[1]: Started Authorization Manager.
Apr 27 11:44:31 localhost systemd[1]: Started Accounts Service.
Apr 27 11:44:31 localhost iptables[1389]: Interface ppp0 does not exist
Apr 27 11:44:31 localhost root: Interface ppp0 does not exist
Apr 27 11:44:31 localhost iptables[1389]: Finished executing iptables firewall /etc/iptables/iptables.fw
Apr 27 11:44:31 localhost systemd[1]: Started iptables.

There is also a 2 min pause on boot with the message "start job is running Wait for network to be configured", when it should be configured already.

The last problem is the networkctl output - it says one of the NICs is still "configuring" when I'd expect it to say it's done.

Judging by the answer to Ubuntu Server 18.04 waiting for Network at startup although the network is ok , I could just put a sticky plaster over the issue and make the NIC config in my 01-netcfg.yml optional.

I have to start iptables manually - I'm not sure why systemctl claims to run it but fails.

This is the networkctl list:

adam@gondolin:~$ networkctl list
IDX LINK             TYPE               OPERATIONAL SETUP     
  1 lo               loopback           carrier     unmanaged 
  2 enp6s0           ether              routable    configured
  3 enp0s31f6        ether              routable    configuring
  4 wlp7s0           wlan               off         unmanaged 
  5 ppp0             ppp                routable    unmanaged 

5 links listed.

.

adam@gondolin:~$ ifconfig -a
enp0s31f6: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.3  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::10  prefixlen 128  scopeid 0x20<link>
        inet6 fe80::e2d5:5eff:fe62:974c  prefixlen 64  scopeid 0x20<link>
        ether e0:d5:5e:62:97:4c  txqueuelen 1000  (Ethernet)
        RX packets 9728  bytes 924557 (924.5 KB)
        RX errors 0  dropped 59  overruns 0  frame 0
        TX packets 485  bytes 106008 (106.0 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 16  memory 0xf7500000-f7520000  

enp6s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.2.10  netmask 255.255.255.0  broadcast 192.168.2.255
        inet6 fe80::e2d5:5eff:fe62:974e  prefixlen 64  scopeid 0x20<link>
        ether e0:d5:5e:62:97:4e  txqueuelen 1000  (Ethernet)
        RX packets 5825  bytes 3847019 (3.8 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4960  bytes 652504 (652.5 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device memory 0xf7200000-f721ffff  

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 479  bytes 61492 (61.4 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 479  bytes 61492 (61.4 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ppp0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1472
        inet 81.156.25.53  netmask 255.255.255.255  destination 172.16.11.38
        ppp  txqueuelen 3  (Point-to-Point Protocol)
        RX packets 5504  bytes 3691409 (3.6 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4710  bytes 534007 (534.0 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlp7s0: flags=4098<BROADCAST,MULTICAST>  mtu 1500
        ether 00:e1:8c:75:39:d3  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

01-netcfg.yml:

network:
  version: 2
  renderer: networkd
  ethernets:
    enp6s0:
      dhcp4: yes
      dhcp6: yes
    enp0s31f6:
      addresses:
      - fe80::10/128
      - 192.168.0.3/24
      dhcp4: yes
      dhcp6: yes

and here's my iptables.service: 

adam@gondolin:~$ cat /etc/systemd/system/iptables.service

[Unit]
Description=iptables
StartLimitBurst=5
StartLimitIntervalSec=0
After=ppp.service
Wants=ppp.service

[Service]
ExecStart=/etc/iptables/iptables start
ExecStop=/etc/iptables/iptables stop
Type=oneshot
RemainAfterExit=true
StandardOutput=journal

[Install]
WantedBy=multi-user.target

and the ppp.service

adam@gondolin:~$ cat /etc/systemd/system/ppp.service
[Unit]
Description=PPPoE
#After=network.target

[Service]
Type=oneshot
RemainAfterExit=true
ExecStart=/usr/bin/pon provider
ExecStop=/usr/bin/poff -a
#Type=notify

[Install]
#WantedBy=multi-user.target
Adam
  • 1,101
  • I notice in your .yaml file that enp0s31f6 has both fixed addresses and dhcp configuration. Can't have it both ways. Your PPP connection has a MTU of 1472... are you sure that's the correct value? – heynnema Apr 27 '19 at 22:52
  • 1
    Stupid me! I had configured it like that because it serves DHCP grants from dhcpd over that NIC. So setting it to dhcp: no has fixed the Wait for... at boot, and the "configuring" status in networkctl list – Adam Apr 28 '19 at 16:00
  • Your last comment was unclear. – heynnema Apr 28 '19 at 17:47
  • it's actually entirely possible to have both static and dhcp addresses, but it's apparent that this wasn't what you wanted here. – slangasek Apr 28 '19 at 18:36
  • @heynnema that error you spotted in the enp0s31f6 config caused the boot Wait for... issue, and the configuring status for it in networkctl list. Thanks. I will check the MTU value for viability later when I've fixed iptables – Adam Apr 28 '19 at 20:08
  • To make the 2 minute boot delay go away, add "optional: true" to the enp0s31f6 stanza in your .yaml file. – heynnema Apr 28 '19 at 20:11
  • unnecessary. setting dhcp: no was enough. – Adam Apr 28 '19 at 21:02

1 Answers1

0

Because you have defined your ppp service as Type=oneshot, other services which depend on it are started immediately, so there is a race between your ppp link being up and iptables running.

I don't offhand know a way to construct a systemd service for ppp that waits for the link to be up before proceeding with dependent services.

slangasek
  • 5,562
  • I redefined my ppp service as Type=forking but I have discovered that the iptables service is failing even when I run it myself manually, incomprehensibly saying iptables[1211]: Interface ppp0 does not exist but that is hard-coded in the iptables script, which succeeds when I run it as sudo /etc/iptables/iptables start (my own scripts) – Adam Apr 28 '19 at 21:43
  • Actually that error message is mine! This statement at start of my script passes when I run it from the shell: ip link show ppp0 but it fails when executed by systemctl. – Adam Apr 29 '19 at 08:49