I exchanged a few emails with Urs and it seems we got to the bottom of this.
On Tue, Oct 08, 2002 at 11:30:27AM +0200, martin f krafft wrote: > also sprach Urs Martini <[EMAIL PROTECTED]> [2002.10.08.0129 +0200]: > > I got a problem with my new set up firewall: it "crashes" after some time! > > What's "crashes"? What does it do? The machine did not actually crash, but got into a situation where pretty much no traffic was allowed through. > > Now before I get into details - is there anyone who's willing > > to help myself fixing that problem _personally_? > > Why? I''ll help you, but I won't take it off the list. Well, I did take it off the list, with the intention of posting a resolution here, once we got to that. That's what I'm doing now. Urs has a 2.2kernel/ipchains masquerading firewall connecting his home LAN to the world over a DSL line (with pppoe). Now his provider disconnects every pppoe session that's longer than 24 hours, most likely to discourage people from running their own (web) servers and such. Of course, upon reestablishing the link, the box gets a different IP address (that was the whole point of disc'ing the line). The script Urs had did not take into account a change of the local IP address. Firewall config is stored in a /path/rc.firewall file, which takes the usual start|stop arguments. I suggested that it be called with start from an /etc/ppp/ip-up.d/ script, and with stop from a .../ip-down.d/ one. As the local (public) IP address is "computed" in each (start) run of the script, the fw/masq rules are now following the dynamic IP assignment. Apparently this works. Regards to all, Andrei
