|
Size: 10478
Comment:
|
Size: 10467
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 9: | Line 9: |
| Suggested``Prerequisite: ''DynamicFirewall'' | Related``Mod: ''DynamicFirewall'' |
ContentsBRTableOfContents(2) |
Roaming Profiles with NetworkManager
Skill: Intermidiate Complexity: Moderate EstTimeToComplete: 1.5 hours
RelatedMod: DynamicFirewall OptionalMod: AnonymizingNetworkMACAddresses
This guide is aimed at laptop/portable systems with a single wifi interface and a single wired interface. However, the methods are applicable to varied other system setups. I also recommend installing the DynamicFirewall to help secure and offer a layer of protection while you are roaming about. Optionally you may consider AnonymizingNetworkMACAddresses to afford some privacy.
Sometimes there are specific local settings depending on the network you've associated to. For example, when on the work network you have default printers, unique firewall rules or other applications with location specific settings that are substantially different for home network settings. This guide will illustrate a way to provide roaming profiles via NetworkManager.
NetworkManager is fantastic, if you let it completely manage the network. Laptop-net is fantastic at managing profiles. However things just don't work well using laptop-net and NetworkManager together.
So, rather than force laptop-net to accomodate NetworkManager's penchant for total control, I've devised some procedural additions that work within NetworkManager's methodology.
With the following configuration examples you can change most system settings, except static ip address management. I attempted to utilize the NetworkManager interface status system to force the static ip assignment but failed at every attempt. Accomodating for static addresses will hopefully be resolved in 0.7 of NetworkManager. There is a kludge to force static ip assignments after NetworkManager completes.
Regardless, the following examples illustrate ways to change profiles using NetworkManager alone. The examples emulate the behaviour of laptop-net. While not as complete as what laptop-net it as least cooperates with NetworkManager.
Attachments are provided containing the initial file heiarchy. Download the tarball archives and review prior to installation.
You will have to edit/add/remove the script files to make them fit your environment.
You will have to edit/add/remove the script files to make them fit your environment.
You will have to edit/add/remove the script files to make them fit your environment.
Commands in the guide assume you have sudo'ed root. i.e., sudo -i after each login.
Load TarBall Archives
Save the tarball: attachment:nmprofiles.tar.gz
cd / tar xvfzp nmprofiles.tar.gz
File Descriptions and Behavior
This set of files is for the static IP address assignment kludge described later on. Includes the firewall reload.
etc/network/ etc/network/interfaces_home-wired etc/network/force_work-wired etc/network/interfaces_work-wired etc/network/force_home-wired
This is the location and example file set for your roaming network profile scripts that move files, restart services and reload the firewall.
etc/nm-profiles/ etc/nm-profiles/home-wired/ etc/nm-profiles/home-wired/if-post-down.d/ etc/nm-profiles/home-wired/if-post-down.d/15firewall etc/nm-profiles/home-wired/files.d/ etc/nm-profiles/home-wired/files.d/etc/ etc/nm-profiles/home-wired/files.d/etc/cups/ etc/nm-profiles/home-wired/files.d/etc/cups/printers.conf etc/nm-profiles/home-wired/if-up.d/ etc/nm-profiles/home-wired/if-post-up.d/ etc/nm-profiles/home-wired/if-post-up.d/20initrestarts etc/nm-profiles/home-wired/if-post-up.d/10copyfiles etc/nm-profiles/home-wired/if-post-up.d/15firewall etc/nm-profiles/home-wired/if-down.d/ etc/nm-profiles/home-wired/if-pre-up.d/ etc/nm-profiles/home-wired/if-pre-down.d/ etc/nm-profiles/work-wifi/ etc/nm-profiles/work-wifi/if-post-down.d/ etc/nm-profiles/work-wifi/if-post-down.d/15firewall etc/nm-profiles/work-wifi/files.d/ etc/nm-profiles/work-wifi/files.d/etc/ etc/nm-profiles/work-wifi/files.d/etc/fwbuilder.fw etc/nm-profiles/work-wifi/files.d/etc/network/ etc/nm-profiles/work-wifi/files.d/etc/network/interfaces_work-wired etc/nm-profiles/work-wifi/files.d/etc/cups/ etc/nm-profiles/work-wifi/files.d/etc/cups/printers.conf etc/nm-profiles/work-wifi/files.d/etc/resolv.conf etc/nm-profiles/work-wifi/files.d/etc/hosts etc/nm-profiles/work-wifi/if-up.d/ etc/nm-profiles/work-wifi/if-post-up.d/ etc/nm-profiles/work-wifi/if-post-up.d/20initrestarts etc/nm-profiles/work-wifi/if-post-up.d/10copyfiles etc/nm-profiles/work-wifi/if-post-up.d/15firewall etc/nm-profiles/work-wifi/if-down.d/ etc/nm-profiles/work-wifi/if-pre-up.d/ etc/nm-profiles/work-wifi/if-pre-down.d/ etc/nm-profiles/work-wired/ etc/nm-profiles/work-wired/if-post-down.d/ etc/nm-profiles/work-wired/if-post-down.d/15firewall etc/nm-profiles/work-wired/files.d/ etc/nm-profiles/work-wired/files.d/etc/ etc/nm-profiles/work-wired/files.d/etc/fwbuilder.fw etc/nm-profiles/work-wired/files.d/etc/network/ etc/nm-profiles/work-wired/files.d/etc/network/interfaces_work-wired etc/nm-profiles/work-wired/files.d/etc/cups/ etc/nm-profiles/work-wired/files.d/etc/cups/printers.conf etc/nm-profiles/work-wired/files.d/etc/resolv.conf etc/nm-profiles/work-wired/files.d/etc/hosts etc/nm-profiles/work-wired/if-up.d/ etc/nm-profiles/work-wired/if-post-up.d/ etc/nm-profiles/work-wired/if-post-up.d/20initrestarts etc/nm-profiles/work-wired/if-post-up.d/10copyfiles etc/nm-profiles/work-wired/if-post-up.d/15firewall etc/nm-profiles/work-wired/if-down.d/ etc/nm-profiles/work-wired/if-pre-up.d/ etc/nm-profiles/work-wired/if-pre-down.d/ etc/nm-profiles/home-wifi/ etc/nm-profiles/home-wifi/if-post-down.d/ etc/nm-profiles/home-wifi/if-post-down.d/15firewall etc/nm-profiles/home-wifi/files.d/ etc/nm-profiles/home-wifi/files.d/etc/ etc/nm-profiles/home-wifi/files.d/etc/cups/ etc/nm-profiles/home-wifi/files.d/etc/cups/printers.conf etc/nm-profiles/home-wifi/if-up.d/ etc/nm-profiles/home-wifi/if-post-up.d/ etc/nm-profiles/home-wifi/if-post-up.d/20initrestarts etc/nm-profiles/home-wifi/if-post-up.d/10copyfiles etc/nm-profiles/home-wifi/if-post-up.d/15firewall etc/nm-profiles/home-wifi/if-down.d/ etc/nm-profiles/home-wifi/if-pre-up.d/ etc/nm-profiles/home-wifi/if-pre-down.d/
The nm-dispatcher and the dispatcher.d scripts work together. Files in dispatcher.d are called in alpha order. The 99* scripts have an include for code from nm-dispatcher. The 99* scripts are only executed if the interface name and ip addresses of the passed interface match.
etc/NetworkManager/ etc/NetworkManager/nm-dispatchworker etc/NetworkManager/dispatcher.d/ etc/NetworkManager/dispatcher.d/99home-wifi etc/NetworkManager/dispatcher.d/99home-wired etc/NetworkManager/dispatcher.d/99work-wifi etc/NetworkManager/dispatcher.d/99work-wired
Dispatcher Worker
To simplify your scripting a worker shell script is installed and called by the dispatcher scripts. The worker script gathers the current interface address assignment and matches the current interface name to determine when a location profile is matched.
The nm-dispatcher and the dispatcher.d scripts work together. Files in dispatcher.d are called in alpha order. The 99* scripts have an include for code from nm-dispatcher. The 99* scripts are only executed if the interface name and ip addresses of the passed interface match.
Device Order and if-*.d Files
The files in /etc/nm-profiles/<PROFILENAME>/if*.d are called from /etc/NetworkManager/dispatcher.d/99* scripts. The device state determines the group of scripts to call.
When a device is activated the call order is:
pre-up up post-up
When a device is deactivated the call order is:
pre-down down post-down
The files are called in alpha order. The script examples copy location specific files, reloads the firewall (refer to DynamicFirewall), and restarts services who's configuration files were altered.
Static IP Assignment Kludge
A home-wired and work-wired script are included to force a static ip assignment. I have not been able to force it using the NetworkManager methods. Once the network assignments are completed run the scripts to force the static ip assignment. Adjust to your needs.
Create GNOME Custom Application Launch
Right-click on the system bar and select Add to panel....
Select Custom Application Launcher.
When the dialoge window appears select Type: Application in Terminal
Provide a meaningfull Name: label.
Enter the Command: sudo -i /etc/network/<forceScriptName> where the script is one of:
force_work-wired force_home-wired
These scripts reconfigure the interfaces for a static ip address assignment using ifup. Once re-assignment is complete the firewall script is run to reload with the static ip address.
You will need to edit these files to reference your firewall script file.
* I didn't include forced static for wirless but you could certainly setup up such scripts.
Offline Profile
There isn't an offline profile per se. NetworkManager logic for deactivating interfaces will eventually get to post-down state. It is at this stage that you would encode scripts in if-post-down.d to reset the laptop to an offline mode.
If another interface will be brought up, then having reset from the downed interface will have been an un-neccessary step. However, this avoids any message passing about the profile state. So, any scripts to reset for an offline mode should reside in the if-post-down.d directory of each /etc/nm-profiles. (If the offline scripts are the same, you may want to place the scripts in a common area and manage them with symbolic links.)
Creative Commons License
Author: James B. Crocker
EMail: ubuntu@james.crocker.name
[http://i.creativecommons.org/l/by-sa/3.0/88x31.png]
This work is licensed under a [http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-Share Alike 3.0 License].