/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */
Jason W. Martinez wrote: > Hello, > > I have been able to get my firewall script to work (with masq functionality) > but not without having to go through this strange morning ritual everytime I > boot my computer: > > I have a home network (redhat 7.2), where my external device is ppp0 (dynamic > ip)---my other pc has XP home edition. > > Each morning, I must go through the following steps: > > 1. Delete the following network information. > ip: 192.168.0.1 > subnet: 255.255.255.0 > gateway: 192.168.0.254 > > 2. restart the network services. how can you restart the network after having deleted the network configuration? > 3. dial the modem, which also executes the rc.firewall 2.4 stronger rules > through ipp-up. > > 4. change the internal ip address back to its original configuration that is > located in step one. > > 5. Restart the network services again. this is all very wierd. > This is the ONLY way I have been able to get ip masquerading to work on my > computer. The rc.firewall rules are first executed when the computer boots > /etc/rc.d/rc.local (as per the instructions that I have found in the > documentation), but I suspect that I could/should change the order in which > this is executed at boot time. in general, /etc/rc.d/rc.local is a bad place to start a firewall. this script runs after all other boot scripts have run which means after the network is started. if you start your firewall after starting the network, then there is a period of time where your network is unprotected. the best thing to do is to start the firewall before starting the network and then restart it after interfaces are brought up (now that you know your address(es)). if your only connection to the outside world is via a modem, though, this doesn't matter. > I have read the docs and searched the mailing lists, but I have had no luck. > Any advice? Suggestions? debug rc.firewall. obviously, it's supposed to work as advertised (in rc.local and /etc/ppp/ip-up). if it's not, you need to debug it to find out why, not come up with contorted methods to work around it. maybe it's spitting out errors and you're just not seeing them. add exec >/tmp/rc.firewall.out 2>&1 to the top of the script so you can see if anything's going wrong. > I'm a novice, so please be kind! good luck! > Jason raf _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
