Seems overly complex to me. You should run dhclient to get a IP address from you ISP for one NIC card. Set the other NIC card for your private LAN IP address (say 192.168.0.1). Run dhcpd to serve out private IP addresses for the other computers. Run a DNS server on your box so you don't need the ISP's name servers. One ipchains rule is all you need to setup IP masquerading and it doesn't require the IP address of the dhclient NIC. Just use 0.0.0.0/0.0.0.0 for the internet and 192.168.0.0/24 for the private LAN. Or am I missing something here? Bill PS You can prohibit dhclient from changing your resolv.conf by using: supersede domain-name "my.domain"; supersede domain-name-servers 192.168.0.1; in the /etc/dhclient.conf file. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of JASON SNYDER > Sent: Thursday, October 19, 2000 3:30 PM > To: [EMAIL PROTECTED] > Subject: [expert] Masq f/w and DHCPd on dynamic Internet address > > > A year and some change ago I scrounged together a computer, put mdk on > it, and set it up as a masquerade firewall and DHCPd server > for my cable > modem at home. I have a script that is run at boot (and is > set up to be > rerun at any time) to set up all of my ipchain rules and load kernel > modules (like for ftp and such) and of course DHCPd has its config > file. (The ipchains script has global [script] variables to store IP > address for interfaces, store interface is which and stuff like that.) > > A couple of my friends saw what I did and realized that they needed > something like that, so I set up computers for them. The problem is > that my address never changes, so everything is always happy > for me, but > their addresses are dynamic and keep on changing. The current mdk 7.1 > seems to be able keep rolling along when the IP address and default > gateway change, but problems arise when the cable modem > providers change > the DNS servers and also in the rare instance that a machine gets > rebooted. (Linux has been a solid performer, but there are others > factors that come into play. One household got switched to a > different > network and was issued a new cable modem along with that and things > chugged along ok until a month or so down the road when the > computer was > rebooted.) > > A possible solution that I thought of, but haven't tried yet > would be to > do the following: Write a script to update the ipchains and dhcpd > config file when addresses change then have the script reload > dhcpd and > rerun the ipchains config file. Set up an hourly cron job to run this > update script. > 1. First have the script archive any pre-existing Sed scripts > to update > dhcpd and ipchains. Also have it look for a saved copy of resolv.conf > and archive the saved resolve.conf file if present. > 2. Have the update script run ifconfig and an Awk script to pull the > Internet IP address out of the ifconfig output and generate a > Sed script > to update the ipchains and dhcpd config files. Also make a new saved > copy of resolv.conf > 3. Run diff on the new and archived resolv.conf files. If the new one > is different, then run an Awk script to append Sed commands to the Sed > script to update the dhcpd config file. (Do nothing if there is no > archived file.) > 4. Then, if there are archived Sed scripts, run diff to check for > differences between the new and archived scripts. If there is a > difference, run the new Sed script and rerun the ipchains config or > reload dhcpd. (Do nothing if there is no archived file. > > This seems like a cluggy way to do things. Is there a more > elegant way > to keep ipchains and dhcpd information up to date? I would especially > like to do something that would be triggered to update everything > necessary the moment that dhcpcd got new IP information from the ISP. > > >
Keep in touch with http://mandrakeforum.com: Subscribe the "[EMAIL PROTECTED]" mailing list.
