# Problem with netmount and net.eth0

## JuhazOne

Some others have had problems similar to this, but I haven't found anyone with exactly the same problem as I have.

At startup apache2 and pure-ftpd won't start because of a problem with netmount. When running "/etc/init.d/netmount start" I get the following message:

 *Quote:*   

>  * Bringing eth0 up...                                                                       [ ok ]
> 
>  *   Setting default gateway...                                                              [ ok ]
> 
> /sbin/runscript.sh: line 140: /proc/sys/net/ipv4/conf/eth0/rp_filter: Permission denied
> ...

 

The /sbin/runscript error has been there for some time now, so I don't think it has anything to do with the problem.

I suppose netmound needs net, but I think it's running. I'm writing this using Gentoo right now and I'm using IRC at the same time.

There's one but though... When I type "/etc/init.d/net.eth0 stop" I get

 *Quote:*   

>  * ERROR:  "net.eth0" has not yet been started.

 

Running "/etc/init.d/net.eth0 start" yields:

 *Quote:*   

>  * Bringing eth0 up...                                                                       [ ok ]
> 
>  *   Setting default gateway...                                                              [ ok ]
> 
> /sbin/runscript.sh: line 140: /proc/sys/net/ipv4/conf/eth0/rp_filter: Permission denied

 

Any ideas what I could do to fix this problem?[/quote]

----------

## Helena

When I had a similar problem some time ago I did not have network connectivity at all, and it was caused by introducing Ethernet over IEEE-1394 in the kernel. This caused my network card to become eth1. When I finally found that out, the solution was easy.

However, it seems that your problem is different. I still guess it has something to do with the error message. I assume any startup failure in the net.eth0 service causes that error.

From the name of the file it could be that it has to do with packet filtering. First check the file permissions:

```
Ajax root # ls -l /proc/sys/net/ipv4/conf/eth0

total 0

-rw-r--r--    1 root     root            0 Dec 15 17:35 accept_redirects

-rw-r--r--    1 root     root            0 Dec 15 17:35 accept_source_route

-rw-r--r--    1 root     root            0 Dec 15 17:35 arp_filter

-rw-r--r--    1 root     root            0 Dec 15 17:35 bootp_relay

-rw-r--r--    1 root     root            0 Dec 15 17:35 disable_policy

-rw-r--r--    1 root     root            0 Dec 15 17:35 disable_xfrm

-rw-r--r--    1 root     root            0 Dec 15 17:35 forwarding

-rw-r--r--    1 root     root            0 Dec 15 17:35 log_martians

-r--r--r--    1 root     root            0 Dec 15 17:35 mc_forwarding

-rw-r--r--    1 root     root            0 Dec 15 17:35 medium_id

-rw-r--r--    1 root     root            0 Dec 15 17:35 proxy_arp

-rw-r--r--    1 root     root            0 Dec 15 17:35 rp_filter

-rw-r--r--    1 root     root            0 Dec 15 17:35 secure_redirects

-rw-r--r--    1 root     root            0 Dec 15 17:35 send_redirects

-rw-r--r--    1 root     root            0 Dec 15 17:35 shared_media

-rw-r--r--    1 root     root            0 Dec 15 17:35 tag

```

I have not checked all intermediate directories.

If that's OK you could try disabling the relevant kernel option and recompile to see whether that solves the problem.

----------

## JuhazOne

My permissions in /proc/sys/net/ipv4/conf/eth0/ look pretty much the same as yours.

What option should I change in the kernel options?

----------

## Helena

First let me add that I really don't know whether this will solve your problem, not even that it has anything to do with it. What I am suggesting is purely based on guessing combined with some logic!

Where to find the option depend on on your kernel version. If it's 2.6 then go to Device drivers / Networking support /Networking options / Network packet filtering. If that is enabled you may want to disable it. If it's a 2.4 kernel I don't know the path right now but it's similar I guess.

----------

## curtis119

I think this is more related to your firewall. Check your config before you start re-compiling your kernel.

----------

## JuhazOne

 *curtis119 wrote:*   

> I think this is more related to your firewall. Check your config before you start re-compiling your kernel.

 

Related to my firewall? How? I haven't even been able to run my firewall script.

This problem occurred after rebooting... I guess I hadn't rebooted after updating my system (emerge -u world). I think this might have something to do with some package or init script...

By the way, I tried replacing my /etc/init.d/net.eth0 script with one that I found on this message board... with no luck.

----------

## curtis119

rp_filter is related to iptables and netfilter aka:firewall which is usually started at the same time as your eth connection. This is why I thought maybe it was your firewall. Try this:

The error you posted:

 * Bringing eth0 up... [ ok ]

* Setting default gateway... [ ok ]

/sbin/runscript.sh: line 140: /proc/sys/net/ipv4/conf/eth0/rp_filter: Permission denied

* ERROR: Problem starting needed services.

* "netmount" was not started.

This is from the net.eth0 script in /etc/init.d:

```
# Enabling rp_filter causes wacky packets to be auto-dropped by

        # the kernel.  Note that we only do this if it is not set via

        # /etc/sysctl.conf ...

        if [ -e /proc/sys/net/ipv4/conf/${IFACE}/rp_filter ] && \

           [ -z "$(egrep '^[^#]*rp_filter' /etc/sysctl.conf 2>/dev/null)" ]

        then

                echo 1 > /proc/sys/net/ipv4/conf/${IFACE}/rp_filter

        fi

```

try uncommenting the line pertaining to rp_filter in /etc/sysctl.conf

----------

## JuhazOne

 *curtis119 wrote:*   

> try uncommenting the line pertaining to rp_filter in /etc/sysctl.conf

 

Whoa! That actually worked! Thanks a lot.  :Very Happy: 

----------

## Helena

curtis119: I would like to learn from this. How could this happen? I have the line commented 

```
# /etc/sysctl.conf:

# $Header: /home/cvsroot/gentoo-src/rc-scripts/etc/sysctl.conf,v 1.3 2002/11/18 19:39:22 azarah Exp $

# Disables packet forwarding

#net.ipv4.ip_forward = 0

# Disables IP dynaddr

#net.ipv4.ip_dynaddr = 0

# Disable ECN

net.ipv4.tcp_ecn = 0

# Enables source route verification

#net.ipv4.conf.default.rp_filter = 1

# Disables the magic-sysrq key

#kernel.sysrq = 0

```

and no problems. Could you spend a few words on this or point to relevant docs?

----------

## curtis119

In the net.eth0 script the value:

 /proc/sys/net/ipv4/conf/${IFACE}/rp_filter

is being set with the effective permissions of the script which could be the culprit but I'm not sure. Either way the rp_filter isn't absolutely necessary. It only drops wacky packets earlier in the chain which saves a few (but not many) cpu cycles.

----------

## jenny

The mail reason why you get a Permission Denied for the file /proc/sys/net/ipv4/conf/eth0/rp_filter

 is that you have most likely set the following options when doing a build of the kernel and a menuconfig, xconfig or .....

GrSecurity > 

    FileSystem Protections > 

             ( Proc Restrictions )  <<---- is set on

This can also happen when you've selecected one of the pre-defined GrSecurity models,

such as High or Medium.

What you should do is enable the next option just

after the one mentioned above

      ( Restrict to User only ) 

by turning it on.

 :Idea:    This will solve your problem.   

But of course you need to choose the

" Customized " GrSecurity option instead

of the default low, med or high

Which takes quite a bit of reading to do

and you'll probably learn more about 

GrSecurity than you want to, 

Look at the Help for each option that

you do not understand and follow the recommendations.

But.....

   you'll begin to appreciate the intricacies 

   of using Linux

Hope this helps   :Rolling Eyes: 

Jenny

----------

