The officially official Devuan Forum!

You are not logged in.

#1 2018-11-23 19:26:01

Phoen7x
Member
Registered: 2018-11-23
Posts: 14  

Equivalent to Systemd Service Unit/Socket

Hello everybody,
I would like to realize the following service unit with SysV Init, or with a shell skript. Unfortunately, I could not find any help on the net. Is this possible at all?

First:

nano /etc/systemd/system/xmpp-port-redirection.service
[Unit]
Description=Port redirection rules for XMPP
After=network.target

[Service]
Type=oneshot
RemainAfterExit=true
ExecStart=/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 5223
ExecStop=/sbin/iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 5223

Second:
i would like to have something like a Systemd Socket for Erlang Port Mapper Daemon (epmd).

nano /etc/systemd/system/epmd.socket.d/listen-on-localhost.conf
[Socket]
ListenStream=127.0.0.1:4369

Is that possible with SysV Init?

Thank you. smile

Offline

#2 2018-11-23 21:12:53

ralph.ronnquist
Administrator
From: Battery Point, Tasmania, AUS
Registered: 2016-11-30
Posts: 1,251  

Re: Equivalent to Systemd Service Unit/Socket

The first facility is traditionally serviced by loading the  netfilter-persistent package.

The second facility is traditionally serviced by the openbsd-inetd package, which also has a number of "improved" variants on the scale from the minimalistic micro-inetd to the "gruesomely over-featured inetd replacement" rlinetd package.

Offline

#3 2018-11-23 23:42:22

Phoen7x
Member
Registered: 2018-11-23
Posts: 14  

Re: Equivalent to Systemd Service Unit/Socket

Thank you for your response.
When I write the first few lines in my firewall script, they are not executed. The second seems a bit more complicated?
Can you explain that in more detail?

Offline

#4 2018-11-24 04:40:03

ralph.ronnquist
Administrator
From: Battery Point, Tasmania, AUS
Registered: 2016-11-30
Posts: 1,251  

Re: Equivalent to Systemd Service Unit/Socket

When I write the first few lines in my firewall script, they are not executed.

What do you mean by that?
Which are your "first few lines in my firewall script"?
And where do you write them?
Are you confused about how to run the redirection rule by hand?

The second seems a bit more complicated

Which is "more complicated" than what here?

Isn't it that you want your machine set up such that a certain program runs upon tcp connection to a certain port, with that socket IO being standard input/output for the program? Since that notion is almost as old as me, there are more than a few ways available for it, including those packages, as well as direct approaches using nc or socat.

I think I would do this by adding a start-up script to start the port service when I log in to the desktop management system, with the particular port service I have chosen; probably using micro-inetd, which has this as its central use case. If I would find myself wanting similar but different set ups for several ports, I would probably eventually move over to be using openbsd-inetd instead. But I know folks that certainly would make other choices.

Offline

#5 2018-11-24 12:56:38

Phoen7x
Member
Registered: 2018-11-23
Posts: 14  

Re: Equivalent to Systemd Service Unit/Socket

ralph.ronnquist wrote:

What do you mean by that?

Oh sorry, i mean in the shell:

$ sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 5223

if i check with

$ sudo iptables -t nat -L

they were applied.
I write them into a skript in /etc/network/if-pre-up.d/ but after a reboot its flushed.

#!/bin/sh
set -e
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 5223

Which is "more complicated" than what here?

Excuse me, I've been working with Devuan for less time, so it's a bit more complicated than systemd. However, I really wanted to get rid of systemd!
My intention is only to secure my ejabberd server against empd.

Last edited by Phoen7x (2018-11-24 19:20:04)

Offline

#6 2018-11-28 23:11:01

Phoen7x
Member
Registered: 2018-11-23
Posts: 14  

Re: Equivalent to Systemd Service Unit/Socket

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 5223

i realized through iptables-persistent.

But for the Systemd Socket for Erlang Port Mapper Daemon (epmd) a haven't got a solution. sad

Offline

#7 2018-12-01 07:46:34

KatolaZ
Member
Registered: 2017-03-11
Posts: 79  

Re: Equivalent to Systemd Service Unit/Socket

Hi Phoen7x,

why do you need socket activation for epmd at all? AFAIK, the portmapper is started automatically as soon as you run "erl" for any node to be distributed, and shared by all the erlang nodes running on the same machine. It they have changed anything recently and this is not the case any more (which I strongly doubt, knowing how conservative Erlang is and how wary Erlang developers are of not breaking stuff that works for any reason), then you could just start epmd at boot, and leave it there. I don't remember if epmd supports inetd, though, just in case you really want it to be activated only on demand (but I would be surprised if it didn't).

HTH

KatolaZ

Offline

Board footer