/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
John Mangan wrote:
> I have been through the IPMASQ HOWTO and I appear to have everything working
> well:
> - I have an NT machine connected via Token-Ring to a RedHat 6.2 machine
> which accesses the internet through a modem (PPP with dynamic addressing).
> - I am running SQUID for caching and proxy-ing (not transparent).
> - Dial-on-Demand (using DIALD) works fine and I can browse the web without
> any problems from NT using the semi-strong ruleset included in the HOWTO.
>
> However once the link goes down following the idle timeout no amount of
> requests from the browser will kick the link into action. I have flushed te
> ruleset and Dial-on-Demand is restored but this seems rather a blunt
> approach. I have also tried adding a rule for sl0 to allow UDP port 53 on
> the input to see if this would allow it to work but without success.
>
> So is the best approach to flush the ruleset in 'ip-down' or is there a
> better way?
are the packets sent by the browser after the disconnect
being blocked by the ruleset (because the ruleset is referring
to the now non-existent address)? is that why it doesn't reconnect?
if so, try rebuilding the ruleset after a disconnect (using 0/0 to
specify the local address) as well as rebuilding the ruleset upon
reconnect. that way, when disconnected, an appropriate ruleset will
be in place, new packets will get through causing diald to reconnect
and recreate the new ruleset which will hopefully allow the packet
out (as long as its source address gets rewritten properly by ip_dynaddr).
flushing the ruleset in ip-down might work but it means that you
won't have a firewall between the time you reconnect and the time
that the next ruleset is setup. you'll have to assess the risk
that that poses to you.
raf
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
