On Fri, 22 Jun 2001, lfmaillist wrote:
> Does Ipchains support dynamic IP address in the outer network
> interface?
IPchains doesn't support dynamic IPs in any way so, you're going to need
a script of some sort that keeps track of IPs and changes the rules
accordingly.
You could try something like (slightly modified from Brooks Robinson's
example):
1. save your IPchains rules to a file, like /etc/ipchains.rules
2. copy those rules into a template file, like /etc/ipchains.template
3. replace all references to the dynamic IP address with the word DYNIP
or something such, in the template file
4. add a cron job to run the script:
--- START of SCRIPT ---
#!/bin/sh
# Get new IP address (could also use /bin/hostname -i on some systems)
NEWIP=$(/sbin/ifconfig | grep -1 eth0 | cut -s -d ' ' -f12 | grep addr |
cut -d ':' -f2)
# Replace old IP address with the new one in the rules file
cat /etc/ipchains.template | sed -e "s/DYNIP/$NEWIP/g" > /etc/ipchains.rules
# Flush the old rules and read in the new ones
/sbin/ipchains -F
/sbin/ipchains-restore < /etc/ipchains.rules
--- END of SCRIPT
and you should be all set. Just make sure the locations of ipchains and
ipchains-restore and the name of the network interface are correct.
Naturally, you should make the script run right after the IP address
changes.
HTH
.pi.
--
Petteri Lyytinen + [EMAIL PROTECTED] + http://www.cs.tut.fi/~typo/
"Close friends are the true angels who lift you up on your feet when
your wings don't remember how to fly."
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
