> I'm still confused ;< I'll try to part the mist, but Moses I'm not.
> What does this have to do with fixed-address? You're using dhclient, and obtaining an IP with DHCP. As far as your system configuration is concerned, this *IS* (for all intents and purposes) a dynamic IP. You have to run a dhcp client to get an IP, and the fact that your ISP has agreed to give you the same IP over and over again (an "effictively static" IP), doesn't change the fact that as far as the core networking scripts and system configuration are concerend, you've got a dynamic IP. The big test here is if you're running a dhcp client. Answer yes and you're "dynamic". Answer no and you're static (unless you're doing something else wacky, like PPPoE). > > - You can explicitly append, pre-pend, and replace information from the dhcp > > server using entries in /etc/dhclient.conf...that's why it's there. > > OK > > > - If you assign CONFIG_DNS=YES in /etc/network.conf, *AND* you're running > > dhclient, you have two pieces of software trying to update the same > > file...you should expect problems. I suggest setting CONFIG_DNS=NO in > > network.conf if you're running dhclient, and this is how my disk images are > > configured. > > Again, I'm confused -- how does CONFIG_DNS=NO help my situation? Because right now, you've got the network scripts and dhcp scripts "fighting" over who's creating /etc/resolv.conf, which is why you see different settings at different times. This is complicated by the fact that sometimes the dhclient scripts call the firewall scripts to re-load settings based on your "new" external IP. > Actually, even after reading the dhclient.conf manpage, I was not aware > that most dhclient actions are in shell scripts, rather than compiled > into the dhclient executable. Now that I know this, I've read the > scripts and see what is happening -- but, I still do not understand > *why* ;> Of course, why is less important now than what to do about > this . . . Well, the general answer to *why* is because you've got a dynamic setup (ie you're running a dhcp client). For more details on exactly why various things are done, you need to understand configuring networking, name resolution, routing, and the like at a fairly low level, and have at least a general overview of the dhcp protocol (it's always good to read through the RFC's). > > - While it would be possible to remove the code (or over-ride the specific > > procedure) that writes /etc/resolv.conf, I would advise against taking this > > sort of approach...using the built-in hooks for defining specific settings > > (/etc/dhclient.conf) is the "approved" way to do this, and will be easier to > > understand/maintain/upgrade in the future. > > Yes, I agree -- dhclient-enter|exit-hooks are provided to this end. > > Speaking of which, I am unclear why you implicitly exclude these > scenarios from reload_all(): > > [ x$old_ip_address = x$new_ip_address ] > [ x$reason = xRENEW ] > [ x$reason = xREBIND ] reload_all() is a procedure that updates firewall rules (and whatever else is required) when your IP address changes. The above are all instances of your IP address *NOT CHANGING*, so the firewall rules, port-forwards, &c are OK as they stand. > I've still *not* figured out how $reason gets set By the dhclient binary...these environment variables are setup prior to calling /etc/dhclient-script > , nor am I completely > clear about the meanings for BOUND, REBIND, RENEW, &c. Um...did you read the dhclient-script man page? Each of the above is documented there: http://lrp.steinkuehler.net/Packages/man/dhclient-script.8.man.htm > If my ISP is > going to change my leased address ( [ x$old_ip_address != > x$new_ip_address ] ), I would think that would be one time that I'd want > my ISP to change resolv.conf ?!?! And it would...at least if you leave dhclient (and the dhclient scripts) alone to do their thing. > However, if the address remains unchanged (RENEW ?), then what could it > hurt? Ah-h-h-h, yes, maybe I've got some tunnels open and ipsec is > handling firewall holes that are not permanently there -- but, I should > fix that -- right? Yes...your firewall rules will be getting automatically re-loaded. You'll need to punch static holes for any VPN tunnels, rather than relying on the [left|right]firewall=yes settings in ipsec.conf, if you expect VPN tunnels to survive a firewall rule flush/reload > Even if I supersede and CONFIG_DNS=NO, dhclient-script is *still* going > to diddle my resolv.conf -- right??? What if I want *both* my original > content _and_ all ISP additions? I continue to think that ISP changes > -- especially for a fixed-address -- are few and far between . . . You *SHOULD* have both your original content and the ISP's provided content (or at least that's what I'd suggest) in your /etc/resolv.conf. Again, you do this with the dhclient.conf option modifiers: default, supersede, prepend, and append (dhclient.conf man page). Exactly how you wish to combine your local data with the data provided by your ISP depends a lot on both your local network configuration, and exactly how you want things to work (for instance, you might want your local domain, the remote domain, or both in /etc/resolv.conf "search"...which option you choose, and which order these entries appear, will affect your name resolving, and is a network configuration decision you'll have to make. I'm just pointing out the tools you use to implement the functionality. If you have specific problems (ie I want it to work like *this*, but it does *that* instead), post some details of your desired functionality, and your existing configuration, and we can probably get you going. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
