PGNd <[email protected]> wrote: > I'm running a border router/firewall, switched from a static IP -> a > dynamically changing IP. > > I'm interested in best-practice (among many options) for tracking that IP > change and pushing it to 'all' the places that need it -- particularly > shorewall.
Don't embed the public IP where it isn't needed ? For example, in Shorewall, simply specify the interface or zone, not an IP - unless you have multiple public IPs then there's no need to specify the public IP anywhere in either masq or rules. On checking, I see that my (static) public IP only occurs once in my Shorewall config - in the my tcstart file where it's in a rule to bypass traffic shaping for internal traffic originated on the firewall - and that's a rule that's probably redundant and could be left out anyway. Assuming there's some event that occurs when you get a new IP, then use that. In my case, I have PPPoE so the if-up script for PPP will allow things like that to be dealt with - if you really need it. Most services will be happy listening on * - ie all interfaces. > My current inclination is to use ddclient's "use=web, web=checkip.dyndns.com" > remote IP check, scheduled for a check every 5-10m. That seems a long way round. Surely there is no need to go outside of your machine for your IP address - you have that to configure your interface. If your IP is changing but you don't have a local event (PPP if-up, DHCP client rebinding) then you'd better describe your setup a bit better as I can't see how you can make a sensibly working system like that. > ddlcient then updates services with that new IP, including an nsupdate of a > hostname's short-ttl 'A' record on my bind9 server, which authoritative for > the zone. How's that working then ? Is this just the internal or external DNS. If it's external, then presumably you must have an external slave - how does that know where to pull it's zone updates from when the master keeps moving around ? ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
