/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
Dear All,
I recently upgraded my linux box from Suse 7.0 (kernel 2.2.16) to Redhat
7.3 (kernel 2.4.18). I used to connect to the internet by a 56k Dial-up
modem with wvdial in demand mode (wvdial.dod). During booting the
wvdial.dod would assign two temporary IP address: local and remote. This
was usefull for the IPCHAINS firewall, as it could besides the internal
network IP of eth0 now also find a fake IP for ppp0. This would ofcourse
be traded in for a new IP as soon as a connection would come up with the
ISP. Through masquerading of the internal network, I could also let de
linux box connect from my windoze boxes. The only thing I had to add was
some rules to restart the firewall in the file /etc/ppp/ip-up after the
connection comes up and to restart after it goes down.
But now the situation is different. Redhat 7.3 uses IPTABLES and
dial-on-demand is set inside the file /etc/sysconfig/ifcfg-ppp0. As a
consequence, no IP address is known during booting. This rsults in a lot
of error messages. I counter this by loading on boot first a set of
rules with a static IP address (/etc/rc.d/rc.firewall-2.4,static).
Then I have to manually launch pppd with ifup ppp0. This process waits
for a trigger. I first have to restart the firewall (again
rc.firewall-2.4.static), and then I give a ping to an external URL. PPPD
dials in and gets a new IP address from the ISP. This also frees the
console that has been blinking al the time. I have to run the dynamic
firewall now (rc.firewall-2.4.dyn) to enable the masquerading and access
from the winozw machines the internet etc. This however works fine, and
I encountered no strange disruptions. I am very happy with the rulesets
as the are.
As you can read from the above this is however all quite complicated and
it should be able to do some things automatically. However, all
references for dynamic assigned IP addresses made in the Masquerading
HOW-TO do not make much sense to a user of Redhat 7.3. It says in
Chapter 6.4.1:
PPP users:
# ----------
# If you aren't already aware, the /etc/ppp/ip-up script is always
run when
# a PPP connection comes up. Because of this, we can make the
ruleset go and
# get the new PPP IP address and update the strong firewall ruleset.
#
# If the /etc/ppp/ip-up file already exists, you should edit it and
add a line
# containing "/etc/rc.d/rc.firewall" near the end of the file.
#
# If you don't already have a /etc/ppp/ip-up sccript, you need to
create the
# following link to run the /etc/rc.d/rc.firewall script.
#
# ln -s /etc/rc.d/rc.firewall /etc/ppp/ip-up
#
This looked familiar, as I did the same with Suse 7.0. The
/etc/ppp/ip-up script of Redhat 7.3 however says that this file should
not be modified, and instead modifications should be done in the in the
/etc/ppp/ip-up.local file. This file does not exist, so I assume that
creating one will make not much sense. I soon found that the
/etc/sysconfig/ifup-ppp0 script would be the best alternative. I added
the line /etc/rc.d/rc.firewall-2.4.dyn (my dynamic IP firewall
rulesset), but it does work.
Also it states:
# * You then want to enable the #ed out shell command below *
#
#
# Determine the external IP automatically:
# ----------------------------------------
#
EXTIP="`$IFCONFIG $EXTIF | $GREP 'inet addr' | $AWK '{print $2}' | \
$SED -e 's/.*://'`"
# For users who wish to use STATIC IP addresses:
#
# # out the EXTIP line above and un-# out the EXTIP line below
#
#EXTIP="your.static.PPP.address"
echo " External IP: $EXTIP"
echo " ---"
I do not get this remark on the #ed out shell command below. I figure it
is already marked out, so no alterations are needed if you want to work
with the dynamic address. Is that correct?
Further, if I launch dial-on-demand on boot, the machine does not finish
its routine, since it is awaiting the trigger that never is coming. Best
would be to run a script that first gives the command ifup ppp0, but
then not waits till this finishes, but starts directly the firewall
(static or dynamic as ifconfig already finds a ppp0), gives a ping, and
then when ppp0 is up starts the dynamic firewall (dyn). Since the modem
is in persist mode, I guess after disconnection due to timeout, the
static firewall has to be started again.
However, I have the impression I complicate things terribly and overlook
something. Any advice would be more then helpfull.
Thanks, and with kind regards,
Paul
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
