Download and examine the pmfirewall scripts from http://www.pointman.org. They do exactly what you need and you might be able to simply incorporate those scripts into your current firewall scripts...or, vice versa. --Greg ----- Original Message ----- From: "JASON SNYDER" <[EMAIL PROTECTED]> > A year and some change ago I scrounged together a computer, put mdk on > it, and set it up as a masquerade firewall and DHCPd server for my cable > modem at home. I have a script that is run at boot (and is set up to be > rerun at any time) to set up all of my ipchain rules and load kernel > modules (like for ftp and such) and of course DHCPd has its config > file. (The ipchains script has global [script] variables to store IP > address for interfaces, store interface is which and stuff like that.) > > A couple of my friends saw what I did and realized that they needed > something like that, so I set up computers for them. The problem is > that my address never changes, so everything is always happy for me, but > their addresses are dynamic and keep on changing. The current mdk 7.1 > seems to be able keep rolling along when the IP address and default > gateway change, but problems arise when the cable modem providers change > the DNS servers and also in the rare instance that a machine gets > rebooted. (Linux has been a solid performer, but there are others > factors that come into play. One household got switched to a different > network and was issued a new cable modem along with that and things > chugged along ok until a month or so down the road when the computer was > rebooted.) > > A possible solution that I thought of, but haven't tried yet would be to > do the following: Write a script to update the ipchains and dhcpd > config file when addresses change then have the script reload dhcpd and > rerun the ipchains config file. Set up an hourly cron job to run this > update script. > 1. First have the script archive any pre-existing Sed scripts to update > dhcpd and ipchains. Also have it look for a saved copy of resolv.conf > and archive the saved resolve.conf file if present. > 2. Have the update script run ifconfig and an Awk script to pull the > Internet IP address out of the ifconfig output and generate a Sed script > to update the ipchains and dhcpd config files. Also make a new saved > copy of resolv.conf > 3. Run diff on the new and archived resolv.conf files. If the new one > is different, then run an Awk script to append Sed commands to the Sed > script to update the dhcpd config file. (Do nothing if there is no > archived file.) > 4. Then, if there are archived Sed scripts, run diff to check for > differences between the new and archived scripts. If there is a > difference, run the new Sed script and rerun the ipchains config or > reload dhcpd. (Do nothing if there is no archived file. > > This seems like a cluggy way to do things. Is there a more elegant way > to keep ipchains and dhcpd information up to date? I would especially > like to do something that would be triggered to update everything > necessary the moment that dhcpcd got new IP information from the ISP. > > > ---------------------------------------------------------------------------- ---- > Keep in touch with http://mandrakeforum.com: > Subscribe the "[EMAIL PROTECTED]" mailing list. > ______________________________________________________________________________ Vous avez un site perso ? 2 millions de francs à gagner sur i(france) ! Webmasters : ZE CONCOURS ! http://www.ifrance.com/_reloc/concours.emailif
Keep in touch with http://mandrakeforum.com: Subscribe the "[EMAIL PROTECTED]" mailing list.
