Run custom script on bootup (add static ARP) [resolved]

Started by namezero111111, March 19, 2018, 01:20:48 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 19, 2018, 01:20:48 PM Last Edit: March 20, 2018, 05:31:38 PM by namezero111111
Hi folks,

we are trying to run a custom script on bootup. I found a thread about this from 2015 (https://forum.opnsense.org/index.php?topic=274.0), is there a better (more friendly way by now).

We are trying to make a permanent ARP entry that survives a reboot:

Quotearp -S 172.16.16.9 11:54:33:A8:B2:6B

I found a way via creating /usr/local/etc/rc.syshook.d/95-staticarp.start (chmod 755) and adding the desired command.
However, this does not survive a link cycle...

Maybe there is a nicer way to do this in the first place that we are simply not aware of??

EDIT
It seems like adding a static ARP on DHCP works; is this ok even if DHCP server is disabled?
March 20, 2018, 07:16:46 AM #1
/usr/local/etc/rc.syshook.d/95-staticarp.start is correct and it *must* survive a reboot or something else is undoing your modification later.

Unsure about static ARP without DHCP. My guess would be no.


Cheers,
Franco
March 20, 2018, 07:59:02 AM #2
Thank you, yes it does survive a reboot (empirically determined), but not a link cycle.

Adding a static arp on DHCP survives both, even with DHCP disabled; but I wasn't sure if that's a feature supposed to be used this way.
March 20, 2018, 08:03:09 AM #3
Ah, you're right about the link cycle.

But regarding DHCP static entries: if it works why not :)


Cheers,
Franco
March 20, 2018, 08:04:36 AM #4
Using this for now; just wanted to see if this is designed like that so it won't just stop working one day without warning on a minor update :}
Was just curious what other scripts the DHCP option finagles with to make the link cycle work.
Will investigate this!

Thanks!
March 20, 2018, 08:07:19 AM #5
Ok, consider this a feature and defend it in case that would happen to stop working. But I doubt DHCP will receive a rework where this could potentially happen. :)


Thank you,
Franco
March 20, 2018, 05:31:22 PM #6
Well, the best way is through the DHCP after some further testing, because in rc.linkup there is a call to interfaces_staticarp_configure().

The DHCP can be "dummy-disabled" in this case with the following config:


  • Enable DHCP server on the LAN interface = true
  • Deny unknown clients = true
  • Range = Single IP in interface subnet (will not be used)

Note that Static ARP must not be true (checked)

Then, under DHCP Static Mappings for this interface. configure the static ARP entries.

The dummy range IP will never be used because the multicast MACs won't send DHCP requests and everyone else will be denied.

A bit hackish but should also survive upgrades.
March 20, 2018, 07:41:16 PM #7
Hi there,

Thanks for the analysis. I concur. :)

Does enabling the DHCP seem to be required though? Looking at interfaces_staticarp_configure() it doesn't seem to even check the service, only the interface enable itself.


Cheers,
Franco
March 20, 2018, 09:02:52 PM #8
Hi,

it seemed as though once the entry is there DHCP can be disabled. If it is not enabled at least once through, the ARP entry never appears.
I never investigated further why, but decided on the above solution since it seemed more resistant to possible changes through updates !
Print
Go Up Pages1
User actions