JASON SNYDER wrote: > > A year and some change ago I scrounged together a computer, put mdk on > it, and set it up as a masquerade firewall and DHCPd server for my cable > modem at home. I have a script that is run at boot (and is set up to be > rerun at any time) to set up all of my ipchain rules and load kernel > modules (like for ftp and such) and of course DHCPd has its config > file. (The ipchains script has global [script] variables to store IP > address for interfaces, store interface is which and stuff like that.) This sho8uld be useful information: I have a cable modem which I installed to use dhcp. After troubles at the vendor, they suggested a fixed address, which I have been using ever since. Fossils of the dhcp installation still exist (in case I have to return to it). dhcp of course collects all the information needed from the dhcp server, but it places it all in environment variables which are of course lost when dhcp terminates. However dhcp repeatedly calls dh-client-script, so I placed a call to my two firewall scripts into dhclient-script at the right point (where x$reason = xBOUND). The caller's environment variables are available to the callee. The first script flushes all the ipchains rules, sets the default policies, and sets up masquerading on the FORWARD chain. It contains CABLE="eth1" and uses $CABLE appropriately. The second script (containing LOOPBACK_INTERFACE="lo" and CABLE="eth1") adds all the other rules, making use of the following dhcp environment variables: $new_ip_address $new_network_number $nameserver1 $nameserver2 This two-script structure is useful so that with my present fixed IPs I can for diagnostic purposes take the firewall down without losing the masquerading any time by manually running the first script and put it back up again by manually running the second. -- Regards, Ron. [AU]
Keep in touch with http://mandrakeforum.com: Subscribe the "[EMAIL PROTECTED]" mailing list.
