Docs/SysAdmin/Networking/Netprofile
From Mandriva
One problem with laptops is that we move them from network to network. You may need one setup for work, another for home, and a third for when you are on the road using dial-up. One way to handle this is to use netprofiles. Netprofile lets you change your all your network settings with one command. (set-netprofile) You can also change profiles from the Mandriva Control Center.
The way netprofile manages profiles is to save a list of the services that are to be run in each profile, and to save a copy of all the files in /etc/netprofile/list is each profile. When you select a profile, it uses the saved files to replace the files in the normal directory tree.
You can specify the profile as part of your Lilo or Grub entry. If you have more then one profile, and you do not specify the profile as part of the boot menu entry, then you will be asked which profile you wish to use on boot-up.
Set-netprofile is called by mandrake_everytime as part of the boot process. Because mandrake_everytime is called by rc.sysinit, it is run before any of the services in /etc/rc.d/init.d are run. This is necessary because the profile selected may change what services are run.
Contents |
Drawbacks
Using netprofile does have a couple of drawbacks. If you:
- Edit any of the files it manages
- Add a service such as Postfix.
- Change what services are run using chkconfig.
You must run save-netprofile or set-netprofile before you shutdown the system or the changes will be lost. In the case of installing a service, the service will still be there, but it will not start. A service that is added in one profile will not be started in the other profiles unless you update the service list for the other profiles.
GUI Tools
You can manage netprofiles from MCC. If you look at the top toolbar, the third entry from the left is Profiles. Here you will find options to create a New profile, Delete a profile, or set the active profile from the list of profiles.
If you want to use MCC to create a new profile, follow these steps:
- Create a new profile. Profiles->New.
- Make the new profile active. Profiles-><profile>
- Make your network and service changes.
- Exit MCC.
CLI tools
There are several scripts designed to help you manage your netprofiles from the CLI.
- netprofile
- Sets the proper netprofile on boot-up.
- set-netprofile
- Change the active profile.
- save-netprofile
- Save the current profile.
- clone-netprofile
- Make a copy of a profile under a new name.
- add-to-netprofile
- Add a file to the netprofile selection.
- remove-from-netprofile
- Removes a file from the netprofile selection.
There is not a command to delete a netprofile.
Netprofile
- Format
- netprofile start|stop|restart
- Description
- Switch configuration file profile using either the PROFILE environment variable or the kernel command line. (looking for PROFILE=) This pseudo-service is run before every other.
As far as I can tell, this program is not used by Mandriva. I think it is here because it is part of the Netprofile package.
Set-Netprofile
- Format
- set-netprofile [profile]
- Description
- Switch configuration file profile using profile specified.
Set-netprofile can be run from the command line. It is also called by mandrake_everytime as part of the boot process. The order set-netprofile checks for a profile is:
- A profile specified in the set-netprofile command line.
- A profile specified in the kernel command line. (looking for PROFILE=)
- If more then one profile is defined, ask what profile to use.
If the new profile is the same as the active profile, then set-netprofile will exit without doing anything. You can not use set-netprofile to undo changes you have made to the system. You can restore the system by rebooting.
One side affect of using set-netprofile to change profiles is that it updates the saved version of the current profile before changing to the new profile. So any changes you have made to the current profile are saved.
Save-Netprofile
- Format
- save-netprofile [profile]
- Description
- Save the current profile.
Save-netprofile will save the current settings. The name of the profile is determined by:
- A profile specified in the save-netprofile command line.
- The current profile, if one is set.
- The default profile.
Seve-netprofile first deletes the matching profile, if there is one, and then creates a profile with the profile name determined above. If run without specifying a profile, it updates the current profile. (If you have not set a profile, it updates the default profile.)
Clone-Netprofile
- Format
- clone-netprofile <source profile> <dest profile>
- Description
- Create a new profile based on an existing profile.
Clone-netprofile checks to make sure you have specified both a source and destination profile, but that is about the only checking it does. If the source profile matches the current profile, it uses save-netprofile to save it under the new name. If the source profile is not the current one, it uses tar to copy the profile. It does not check to make sure the source profile exists, and it will gladly overwrite an existing profile. If your source profile does not exist, and your destination profile does, you will wipe out the existing profile. So do not reverse the order when cloning a profile.
Add-To-Netprofile
- Format
- add-to-netprofile [-f] <file> [<file>...]
- Description
- Add one or more files to the list of files managed by netprofile.
Add-to-netprofile lets you add files to the list of files that netprofile keeps for each profile. It will also add a copy of this file to each of the profiles.
The '-f' (force) option will update files already managed by netprofile. I am not sure how usefull this is. It puts the same copy in all the profiles. If you are using the same file for all the profiles, why include the file?
Remove-From-Netprofile
- Format
- remove-from-netprofile <file> [<file>...]
- Description
- Remove one or more files to the list of files managed by netprofile.
Remove-from-netprofile lets you remove files to the list of files that netprofile keeps for each profile. It will also removes this file to each of the profiles.
Manually managing netprofiles
Although you should use the tools provided to manage netprofiles, you can do it manually. The profiles are stored in the /etc/netprofile directory tree.
- /etc/netprofile/list
- The list of files managed by netprofile.
- /etc/netprofile/current
- This file has the name of the active profile.
- /etc/netprofile/profiles
- This directory is where the profiles are stored. Each profile has its own directory tree under the profile name. You can manually delete a profile by deleting the profile's directory tree. Do not delete the active profile!
- /etc/netprofile/profile/<profile>/files
- This directory is where the files the profile manages are. If you remove /etc/netprofile/profile/<profile>/files from the path, this is where the file will be copied to when the profile is active.
For example, if you set the default profile, the file is /etc/netprofile/profiles/default/files/etc/hosts will be copied to /etc/hosts, overwriting the current /etc/hosts file.
- /etc/netprofile/profile/<profile>/services
- This directory has a list of the services that will run when this profile is active. The names here match the names used by the service program and are in /etc/rc.d/init.d. You can not control the services managed by xinetd.
If you manually edit /etc/netprofile/list, you will need to update the files in the profiles as well. You can controll the services by adding or deleting the files in /etc/netprofile/profile/<profile>/services. The files are empty. Only the file name is used.
Renaming a profile
Mandriva lacks a graphical way to rename a profile. Here's a way to do it from the command line as root:
$ cd /etc/netprofile/profiles # see what profiles you have $ ls # For good measure, make sure the profile you are about to rename is the one in use # Skip this step if you aren't using the profile you want to rename $ set-netprofile other_profile_that_you_have # Finally, just use "mv" to rename the profile $ mv old_name new_name
Advanced Features and Examples
By default, netprofile manages network settings, and the services that are run in each profile. But you can make it do much more. To use the advances features, you are going to have to use netprofile CLI tools, and/or manually edit files.
Select profile using LILO
You can create lilo menu entries by editing /etc/lilo.conf. If your default entry looks like this:
image=/boot/vmlinuz
label="linux"
root=/dev/hda6
initrd=/boot/initrd.img
append="resume=/dev/hda9 devfs=nomount"
vga=788
read-only
Then you can create an entry for a profile called Wireless this way:
image=/boot/vmlinuz
label="Wireless"
root=/dev/hda6
initrd=/boot/initrd.img
append="resume=/dev/hda9 devfs=nomount PROFILE=Wireless"
vga=788
read-only
The label does not have to match the profile name. That is just the way I do things. You could have label="home" and PROFILE=Wireless, and it would still work.
Remember to run lilo after making changes.
Video Configuration
If you need to manage more then one video configuration, here is one way to do it.
- add-to-netprofile /etc/X11/xorg.conf
- save-netprofile <new profile>
- set-netprofile <new profile>
- Edit /etc/X11/xorg.conf or run drakx11 to update the video configuration.
- save-netprofile
Depending on the changes, you man need to shutdown and change monitors between saving the netprofile and running drakx11. Make sure you select <new profile> when you boot. The last save-netprofile is to make sure the profile is updated with the new /etc/X11/xorg.conf file.
Managing Shorewall
Depending on your setup, you may need to change your firewall rules when you change profile. For example, your wireless card may be part of the local network and in the "loc" zone when you are at home, but connected to the Internet and in the "net" zone when you are roaming. You could write complicated rules to handle this. But if you need a different wireless configuration when roaming like I do, then you may want to use netprofiles to handle this.
My wireless setup at home is configured with a specific ESSID and it will only make an encrypted connection with a specific key. So I am fairly safe from connecting to a different access point. Because I want to be able to share files and printers with other computers on the home network, the firewall is fairly open.
On the other hand, when I am on the road, I am normally have ESSID=any and the firewall blocks almost everything. I also have a profile for my brother's house that has a specific ESSID and key, and a firewall that is more restrictive then when I am at home, but not as restrictive as the one for the road.
To make this work, I needed to add some files to the list managed by netprofile:
- /etc/shorewall/interfaces
- /etc/shorewall/rules
- /etc/shorewall/tunnels
Your list may be longer or shorter, depending on how your firewall setup changes between configurations. If you do not want to track down the files that change, you could add the entire /etc/shorewall directory. But you have to do it the proper way.
Correct way:
# add-to-netprofile /etc/shorewall/*
Incorrect way:
# add-to-netprofile /etc/shorewall # add-to-netprofile /etc/shorewall
I like to keep the number of files netprofile has to manage as small as possible, so I did it this way:
# add-to-netprofile /etc/shorewall/interfaces /etc/shorewall/rules /etc/shorewall/tunnels
The end result is that my firewall changes when the network configuration does. One thing you want to be careful of when setting up firewall changes like this is to make sure you can only connect to the specified Access Point when your firewall is open. So you will want to disable any software that searches for Access Points for these profiles. (You can also configure Shorewall rules with the MAC address of the access point, but that is beyond the scope of this section.)
