/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */
Hi. Thanks for your reply. Two things odd: I didn't receive it via email (should I have?) and there's no interface via the list manager URL by which to post a reply (should there be?) so I'm doing this by pasting from the list archive into a new email. Hopefully this won't botch the threading. (I got my original post back via email via the list manager; is there something wrong with it at this time that precluded me getting fuzzy fox's reply?) (Cut and paste didn't work; typing it all in manually) Fuzzy Fox <fox at foxtaur.com> wrote: > James B. Hiller <jhiller at visi.net> wrote: >> >> Finally I got it narrowed down, and got past the problem by calling >> the script twice - once from /etc/rc.d/rc.local, and then again by >> /etc/ppp/ip-up. > This is what I did in my own custom setup. Call the script once at boot > time to set up forwarding, and then again whenever the IP changes on the > interface. Ok, so at least I'm not doing something dumb or avoidable to create the behavior I'm trying to work around. Don't know enough about the iptables universe to recognize when I'm doing something I shouldn't. And evidently this "workaround" is a plausible one (though at the moment, I must be missing some minor point, because once the first ppp link goes down, it's not later coming back up properly. Still gotta figure that out. >> I'd say that this script needs to be broken into two pieces - one that >> sets up forwarding and one that sets up masquerading. > That's not a bad idea; the rules could be broken out into sub-chains > which can be flushed and rewritten when an IP changes, while the parent > chains retain their configurations loaded at boot time. Right, something like that. Said much better than I (my lack of knowledge on the topic). > In my own opinion, reloading the entire set of chains is not a major > performance hit, which is why I never implemented it. Ok. I'm sure it's not - I just mostly wanted to be sure that: a. I wasn't horking something up by taking the approach I'm taking (don't know if there would be any ill effect from defining something that's already been defined), and b. I was taking essentially the correct approach to doing what I believed needed to be done (evidently I am, almost, other than that ppp links after the first aren't coming up). I guess I was thinking that this arrangement in a PPP environment would occur for enough people that wickering the script(s) in this way would have been the solution of choice, so when things weren't working as expected, this WASN'T something I was thinking would have been the problem. Apologies for not submitted a suggested modified script - again, back to that lack of knowledge of iptables and firewalling in general. If you think you might be inclined to do a modified script for the general public, please let me know. If not, I'll start on it, though it's likely to be weeks til I can get something that plays well. Last: Since you didn't address the question about having an authoritative list of kernel config values relative to 2.4.20 or 2.4.21, I'm assuming one of: (a) You don't know of any such list. (b) I asked a stupid question. Thx! jbh _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
