I've got port forwarding for a hotline server I run working with the EigerStein Pre/release with pppoe (thanks to Etienne Charlier). There are notes about security holes using dynamic ip addresses. The only notes I can find about this are from http://www.linuxdoc.org/HOWTO/IP-Masquerade-HOWTO-6.html Which says: NOTE #2: If you get a dynamically assigned TCP/IP address from your ISP (PPP, ADSL, Cablemodems, etc.), you CANNOT load this strong ruleset upon boot. You will either need to reload this firewall ruleset EVERY TIME you get a new IP address or make your /etc/rc.d/rc.firewall ruleset more intelligent. To do this for PPP users, carefully read and un-comment out the properly lines in the "Dynamic PPP IP fetch" section below. You can also find more details in the TrinityOS - Section 10 doc for more details on Strong rulesets and Dynamic IP addresses. So I added a "net reload" line to the ip-up script. (which fixed all my ipchains problems). Is there a reason this shouldn't be a standard part of ppp(d).lrp or pppoe.lrp? Everything else in the strong rulesets from the above how-to seem to already be included in the standard scripts. So my question is: Am I missing something? The network config warning seems pretty adamant. Thanks for your help. -Liam (on to FAIRQ so hotline will stop hogging all my bandwidth :] ) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
