Move effortlessly from network to network via scripts

(While I'm an experienced PC user, I've only started using Linux in the
last two weeks (Ubuntu to be exact), so forgive me if I'm making some
school-boy errors here)

I have a laptop that I connect to many different networks. I've been
trying to write simple scripts so that I can effortlessly set my network
settings as I move from network to network. The scripts don't work
however, and I don't know why. Maybe one of you can tell me what I'm
doing wrong. First of all, I created a file called "VPN at work" and put
the following in it:

ifconfig eth0 down
cp "resolv_VPN at work" /etc/resolv.conf
ifconfig eth0 arp -promisc netmask 255.255.255.0 10.0.1.5 up

In the same folder, I have a file called "resolv_VPN at work" which
contains the following:

nameserver 10.0.0.1
nameserver 10.0.0.2

When I run the script, it changes the network settings perfectly, but it
doesn't change the DNS servers for me. While it _does_ copy over the
resolv.conf, it doesn't apply the changes. How can I apply the changes?
Or if there's anything else I'm doing wrong then please let me know.

I come from Microsoft Windows so I'm not very knowledgeable on how the
Linux file system works with permissions and so forth. I followed a
tutorial online that told me I should write the script and then do the
following:

chmod +x scriptname

As far as I know, this marks the file as "executable". If anyone could
point me to a not-dumbed-down tutorial on how the Linux file system
works, I'd be appreciative.

It'd be handy if Linux had a command for setting DNS servers:

dns-set clear
dns-set 10.0.0.1
dns-set 10.0.0.2

Maybe something like that would be very easy to code as a script? I used
to write batch files in MS-DOS, and I'd have written them using "%1" to
get the command line arguments; is there something like that in Linux?

Tomás

On Wed, 14 Nov 2007 23:12:55 GMT, Tomás Ó hÉilidhe <(E-Mail Removed)> wrote:

> I have a laptop that I connect to many different networks. I've been
> trying to write simple scripts so that I can effortlessly set my network
> settings as I move from network to network.

You're working too hard. You should look in the Ubuntu archives for a
package called "ifscheme". It lets you set up several network "schemes"
in /etc/network/interfaces and you can switch between them with a simple
command.


--
-| Bob Hauck
-| "Reality has a well-known liberal bias." -- Stephen Colbert
-| http://www.haucks.org/

Bob Hauck:

>> I have a laptop that I connect to many different networks. I've been
>> trying to write simple scripts so that I can effortlessly set my
>> network settings as I move from network to network.
>
> You're working too hard. You should look in the Ubuntu archives for a
> package called "ifscheme". It lets you set up several network "schemes"
> in /etc/network/interfaces and you can switch between them with a simple
> command.


Thanks for the suggestion Bob. Only thing tho, I don't think ifscheme
allows for have different DNS servers for each connection :-(

Any other ideas?

--
Tomás Ó hÉilidhe

On Thu, 15 Nov 2007 17:38:32 GMT, Tomás Ó hÉilidhe <(E-Mail Removed)> wrote:

> Thanks for the suggestion Bob. Only thing tho, I don't think ifscheme
> allows for have different DNS servers for each connection :-(

It does if you install resolvconf as well 8-> Here's a snip from my
interfaces file to illustrate (I also use ifrename to ensure that my
wired ethernet is always named "eth").


iface eth-road inet dhcp

iface eth-home inet static
dns-nameservers 192.168.1.2
dns-search haucks.org
address 192.168.1.152
netmask 255.255.255.0
gateway 192.168.1.1

iface eth-codem7 inet static
dns-nameservers 192.168.19.12
dns-search drscodem.drs.master codem.com
address 192.168.10.152
netmask 255.255.255.0
gateway 192.168.10.1


--
-| Bob Hauck
-| "Reality has a well-known liberal bias." -- Stephen Colbert
-| http://www.haucks.org/

On Wed, 14 Nov 2007, in the Usenet newsgroup comp.os.linux.networking, in
article <XhL_i.23202$(E-Mail Removed)>, Tomás Ó hÉilidheÿÿ wrote:

>(While I'm an experienced PC user, I've only started using Linux in the
>last two weeks (Ubuntu to be exact), so forgive me if I'm making some
>school-boy errors here)

Don't worry about it - that's how you learn

>I have a laptop that I connect to many different networks. I've been
>trying to write simple scripts so that I can effortlessly set my
>network settings as I move from network to network.

There are many ways to do this. We usually don't use DHCP (one
possibility - it depends on access to a DHCP server on all nets that
are set up properly for "that" network), but our systems are usually
moved when powered off. Thus, we have a boot variable that selects
which of the network configuration files to use. A bit complex.
Another poster has suggested the package called "ifscheme".

>The scripts don't work however, and I don't know why. Maybe one of
>you can tell me what I'm doing wrong. First of all, I created a file
>called "VPN at work"

Suggestion: While spaces in a file name are legal (the only illegal
characters are the directory separator and newline), having such
spaces makes you jump through extra hoops - quoting the filename
EVERY time it's used. Using an underscore (_) as a word separator
might make life easier.

>and put the following in it:
>
>ifconfig eth0 down
>cp "resolv_VPN at work" /etc/resolv.conf
>ifconfig eth0 arp -promisc netmask 255.255.255.0 10.0.1.5 up

The 'arp' and '-promisc' should not be needed.

>In the same folder, I have a file called "resolv_VPN at work" which
>contains the following:
>
>nameserver 10.0.0.1
>nameserver 10.0.0.2

OK - I can see one problem.

>When I run the script, it changes the network settings perfectly, but
>it doesn't change the DNS servers for me. While it _does_ copy over the
>resolv.conf,

and that's all it takes - but...

>it doesn't apply the changes. How can I apply the changes? Or if there's
>anything else I'm doing wrong then please let me know.

Let's have a look at the output of '/sbin/route -n' which is going to
show the kernel routing table. I suspect what you will see is

[example ~]$ /sbin/route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.1.0 0.0.0.0 255.255.255.0 U 0 0 1 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
[example ~]$

and what this says is "there is a route to 10.0.1.0 - 10.0.1.255, and
they are directly connected to the eth0 interface". It also says "there
is a route to 127.0.0.0 - 127.255.255.255, and they are directly
connected to the lo interface". So a question - how to you get to those
DNS servers... they're on a different network, and "you can't get there
from here".

How to fix? You need to add a line to your script to add a route using
some gateway that will forward your packets to the network where the
name servers are located. The syntax depends on the layout of the
network. If FOR EXAMPLE there is a router on your network with the
address 10.0.1.254 and it knows how to forward packets to that other
network which is using a 255.255.255.0 mask, the syntax would be

/sbin/route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.1.254 eth0

and that would add a line to the routing table above that looks like

10.0.0.0 10.0.1.254 255.255.255.0 UG 0 0 1 eth0

Another possibility is that the router can forward packets to the
every other network in the 10.0.0.0 - 10.255.255.255 range. The syntax
would be the same EXCEPT that the netmask changes on this line to

/sbin/route add -net 10.0.0.0 netmask 255.0.0.0 gw 10.0.1.254 eth0

The way routing works is that the most definitive route is used. Thus
a packet to 10.0.1.53 would be sent locally even though this new route
covers all addresses beginning with 10.x.x.x.

A third possibility is that the router can forward packets to the
entire world. Only in this case should you use the "default" syntax
where the word 'default' means "if nothing else works, use this". The
command would be

/sbin/route add default gw 10.0.1.254 eth0

and the resulting routing table would look like

[example ~]$ /sbin/route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.1.0 0.0.0.0 255.255.255.0 U 0 0 1 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 10.0.1.254 0.0.0.0 UG 0 0 0 eth0
[example ~]$

>I come from Microsoft Windows so I'm not very knowledgeable on how the
>Linux file system works with permissions and so forth. I followed a
>tutorial online that told me I should write the script and then do the
>following:
>
>chmod +x scriptname
>
>As far as I know, this marks the file as "executable".

Yes - the permissions on the file would then look like

-rwxr-xr-x 1 root root 121 Nov 15 12:30 scriptname

>If anyone could point me to a not-dumbed-down tutorial on how the Linux
>file system works, I'd be appreciative.

Hmmm.... some documents at the Linux Documentation Project
http://tldp.org/guides.html would be

* Introduction to Linux - A Hands on Guide
* The Linux System Administrators' Guide
* The Linux Users' Guide

and a HOWTO that should be on your system (try /usr/share/HOWTO/)

71626 Apr 4 2004 Unix-and-Internet-Fundamentals-HOWTO

which is also at http://ibiblio.org/pub/linux/docs/HOWTO/ if you can't
find it on the system. There are around 450 HOWTOs and mini-howtos, as
well as 35 LDP guides.

>It'd be handy if Linux had a command for setting DNS servers:
>
>dns-set clear
>dns-set 10.0.0.1
>dns-set 10.0.0.2

Actually, your existing script is changing the /etc/resolv.conf file
and that's all that is needed to set/clear the name servers. I suspect
your problem is that you can't reach the name servers - routing issue.

>Maybe something like that would be very easy to code as a script? I used
>to write batch files in MS-DOS, and I'd have written them using "%1" to
>get the command line arguments; is there something like that in Linux?

31540 Jul 27 2000 Bash-Prog-Intro-HOWTO
* Bash Guide for Beginners
* Advanced Bash-Scripting Guide

and the man page for the shell ("man bash"). In the shell script, the
command line variables are "$0" (the command name), "$1" (the first
variable), "$2" (the second, and so on) and "$*" (the entire command
with all options/variables).

Slow down please - this stuff _can_ be horrible complicated if you are
jumping in with your eyes closed. The water is deep here. ;-)

Old guy

Moe Trin:

> Suggestion: While spaces in a file name are legal (the only illegal
> characters are the directory separator and newline), having such spaces
> makes you jump through extra hoops - quoting the filename EVERY time
> it's used. Using an underscore (_) as a word separator might make life
> easier.


Thanks for the suggestion, I've started using underscores in place of
spaces


<snip helpful explanation of routing tables>


Thanks for that. OK so now I've got five files as follows. Could you
please take a quick glance and see if everything seems fine?

[start resolv_Home]
nameserver 10.0.0.1
nameserver 10.0.0.2

[start resolv_Work]
nameserver 192.168.250
nameserver 192.168.251

[start Home]
ifconfig eth0 down
cp resolv_Home /etc/resolv.conf
/sbin/route add default gw 10.0.1.254 eth0
ifconfig eth0 arp -promisc netmask 255.255.255.0 10.0.1.8 up

[start Work]
ifconfig eth0 down
cp resolv_Work /etc/resolv.conf
/sbin/route add default gw 192.168.1.254 eth0
ifconfig eth0 arp -promisc netmask 255.255.255.0 192.168.1.4 up

[start DHCP]
ifconfig eth0 down
ifconfig eth0 arp -promisc up
dhclient eth0

I'll test out these scripts tomorrow (it's hitting midnight here in
Dublin), but can you tell at first glance if there's any reason why they
won't work perfectly?


<snip links to tutorials>


Thanks!


> Slow down please - this stuff _can_ be horrible complicated if you are
> jumping in with your eyes closed. The water is deep here. ;-)


Sorry mate, not a chance, I'm a foot-to-the-floor kind of guy :-D

Thanks Moe, you've been a great help.

--
Tomás

On Thu, 15 Nov 2007, in the Usenet newsgroup comp.os.linux.networking, in
article <aS4%i.23225$(E-Mail Removed)>, Tomás Ó hÉilidheÿÿ wrote:

>Moe Trin:

><snip helpful explanation of routing tables>
>
>Thanks for that. OK so now I've got five files as follows. Could you
>please take a quick glance and see if everything seems fine?
>
>[start resolv_Home]
>nameserver 10.0.0.1
>nameserver 10.0.0.2

Nothing obviously wrong, but are they on the same subnet? Same mask?

>[start resolv_Work]
>nameserver 192.168.250
>nameserver 192.168.251

REJECT! Not valid IP addresses.

>[start Home]
>ifconfig eth0 down
>cp resolv_Home /etc/resolv.conf
>/sbin/route add default gw 10.0.1.254 eth0
>ifconfig eth0 arp -promisc netmask 255.255.255.0 10.0.1.8 up

I'd reverse the order

cp resolv_Home /etc/resolv.conf
/sbin/ifconfig 10.0.1.8 netmask 255.255.255.0 eth0 up
/sbin/route add default gw 10.0.1.254 eth0

so that you bring up the interface, and then point out the host that
is on that interface that is to be used for packet forwarding. But
this assumes that there really is a router at 10.0.1.254 and that
it can forward packets to the world. If it doesn't exist, or can't
route to the world, there will be problems. Also, you're showing the
'arp' and '-promisc' options. Do you _know_ that these are needed for
some reason? Those _should_ be the default conditions for just about
every Ethernet network driver known to man.

>[start Work]
>ifconfig eth0 down
>cp resolv_Work /etc/resolv.conf
>/sbin/route add default gw 192.168.1.254 eth0
>ifconfig eth0 arp -promisc netmask 255.255.255.0 192.168.1.4 up

Same thing - reverse the order, and does 192.168.1.254 really exist
and can forward packets to the world?

>[start DHCP]
>ifconfig eth0 down
>ifconfig eth0 arp -promisc up
>dhclient eth0

Can't say there - I don't use DHCP.

>I'll test out these scripts tomorrow (it's hitting midnight here in
>Dublin), but can you tell at first glance if there's any reason why
>they won't work perfectly?

Above - and it's going on 2100 here in Arizona - ~600KM East of Los
Angeles, and I've not gotten to eat yet.

>> Slow down please - this stuff _can_ be horrible complicated if you
>> are jumping in with your eyes closed. The water is deep here. ;-)
>
>Sorry mate, not a chance, I'm a foot-to-the-floor kind of guy :-D

Hope the insurance is paid up ;-)

>Thanks Moe, you've been a great help.

You're quite welcome.

Old guy

Moe Trin:

> I'd reverse the order
>
> cp resolv_Home /etc/resolv.conf
> /sbin/ifconfig 10.0.1.8 netmask 255.255.255.0 eth0 up /sbin/route add
> default gw 10.0.1.254 eth0


You're quite right, it doesn't even work if you try to set the gw
when the interface is down, I've reversed the order and it works fine.


> Also, you're showing the 'arp' and
> '-promisc' options. Do you _know_ that these are needed for some reason?
> Those _should_ be the default conditions for just about every Ethernet
> network driver known to man.


I went through the manual for "ifconfig" and made an exhaustive list
of all the settings I wanted so that hypothetically I could change from
_any_ network configuration to _any other_ network configuration.

One more thing... is it OK to set the hostname as well? Such that I'd
have:

echo "Bringing down the interface..."
ifconfig eth0 down
echo "Setting the hostname..."
hostname My-Laptop
echo "Copying the resolv.conf file..."
cp resolv_Home /etc/resolv.conf
echo "Configuring and bringing up the interface..."
ifconfig eth0 arp -promisc netmask 255.255.255.0 10.0.1.4 up
echo "Setting the default gateway..."
/sbin/route add default gw 10.0.1.254 eth0
echo "Done."

I've heard something like you've to log out and log back in if you want
to change your network hostname? That right?

Thanks again for your help Moe. One other thing, I doctored all the IP
addresses before posting here (because some of them are public) so that's
why one or two of them looked a little dodgy! (Also I translated one or
two filenames from Irish to English)

--
Tomás Ó hÉilidhe

On Sat, 17 Nov 2007, in the Usenet newsgroup comp.os.linux.networking, in
article <_RA%i.23242$(E-Mail Removed)>, Tomás Ó hÉilidheÿÿ wrote:

>Moe Trin:

> You're quite right, it doesn't even work if you try to set the gw
>when the interface is down, I've reversed the order and it works fine.

Glad to hear it!

>> Also, you're showing the 'arp' and '-promisc' options. Do you _know_
>> that these are needed for some reason? Those _should_ be the default
>> conditions for just about every Ethernet network driver known to man.
>
> I went through the manual for "ifconfig" and made an exhaustive list
>of all the settings I wanted so that hypothetically I could change from
>_any_ network configuration to _any other_ network configuration.

Generally speaking there are only a few configurations - _MOST_ of
them based on Ethernet, or will accept Ethernet values. ARP is needed
for most, but where it is not needed (such as ppp), it's ignored if
set. -promisc is also a default - bypassing that is used only when
some tools like packet sniffers are used, to bypass the "this packet
isn't interesting" filter in in the driver. That would cost extra
CPU cycles, and raise a 'paranoia' flag if you were trying to use a
windoze-wannabe malware detector, but that's about it.

>One more thing... is it OK to set the hostname as well? Such that I'd
>have:
>
> echo "Bringing down the interface..."
>ifconfig eth0 down
> echo "Setting the hostname..."
>hostname My-Laptop
> echo "Copying the resolv.conf file..."

Not likely to be a good idea, as you also have to restart (or at least
-HUP) all processes that depend on the hostname. This specifically
includes 'X' so that means restarting it and your desktop. But this
could also apply to such things as the MTA (Mail Transport Agent, such
as sendmail or postfix) if it's running in daemon mode.

>I've heard something like you've to log out and log back in if you
>want to change your network hostname? That right?

I don't use a GUI login, but I believe you are correct. From a text
based login, I'd have to restart X (which is started _after_ I log in).
(However, this is ignoring any daemons that are running with a hostname.)
The concept here is a crude version of security. The X server knows the
hostname it's running on, and when you change that, you haven't changed
the hostname X is running under, but new applications would not have
permission to open on that "other" host. There are several ways around
this, but none of them are secure. In the relatively few cases where
we move systems from one network to another, we usually have them
powered down, so the system will actually boot with the "appropriate"
hostname.

>Thanks again for your help Moe. One other thing, I doctored all the IP
>addresses before posting here (because some of them are public) so that's
>why one or two of them looked a little dodgy!

OK - that is a reasonable precaution. RFC3330 lists a number of IP
ranges that can be used that way.

Old guy