On Sun, Aug 29, 1999 at 10:15:30PM +0200, Admin wrote:
> On Sun, 29 Aug 1999 21:37:23 +0800, Moonshi Mohsenruddin wrote:
>
> >What you could do is to add the masquerading entries for DNS in your
> >IPFWADM-WRAPPER or IPCHAINS rules. I used "ipfwadm-wrapper" as I am
> >sooo familiar with it.
> >
> >it reads like this in my rules;
> >
> >/sbin/ipfwadm-wrapper -F -a accept -P udp -S 192.168.x.x 53 -D 0/0 53
> >-W eth0
>
>
> nice idea, but first it works OK, then, when I got adifferent IP from my ISP, it
>won't, then after a while, maybe I got the IP I had first, it works again... So I
>imagine some internal tables won't get cleared
> often enough?
>
sometime ago ipmasq code was changed to support sort-of "dest loose" streams:
SAME masq tunnel used for SAME src ip and port. That maybe hurting you,
try lowering ipmasq's UDP timeout
[default: 900 120 300]
^^^------UDP
# ipchains -S 900 120 30
Please test if this works
Regards
--
-- Juanjo http://juanjox.kernelnotes.org/
... because there IS an OS that CAN follow your power
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
