Yes, I know that this is changed in RC4. However, I didn't have time to
move from RC3 to RC4 prior to a client install last night.
This line has worked without incident on several firewalls with dynamic
external ip addresses:
eval EXTERN_IP=\"\${"$EXTERN_IF"_IPADDR:-""}
\${"$EXTERN_IF"_IP_EXTRA_ADDRS:-""}\"
However, this line was pure EVIL last night !?!?
And, "$EXTERN_IF"_IP_EXTRA_ADDRS was *empty* !!!
Yes, we got the perfect firewall -- we could get out; but, *nothing* can
get in ;<
Due to the static address on the external interface, I commented out
this line and all works well.
This morning, I read the thread where this was criticized for other
reasons, and I see that Charles has replaced it with this in RC4:
eval EXTERN_IP=\"\${"$EXTERN_IF"_IPADDR:-""}\"
which looks like it should work in our site; but, I won't try it until I
can get back onsite ;>
I wonder if this isn't also the reason that we couldn't get an unused
public address to forward to a NAT'ed internal address?
What do you think?
--
Best Regards,
mds
mds resource
888.250.3987
Dare to fix things before they break . . .
Our capacity for understanding is inversely proportional to how much we
think we know. The more I know, the more I know I don't know . . .
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
