I have been successfully using Diald for around 18 months in several of
it's incarnations from 0.16.5 through to the latest 0.99.4. I find it an
excellent piece of software which does it's job very well.
I am using a static IP with RH6.1 using IP masquerading with IPchains. I
setup the masquerading at bootup using rc.firewall run from the end of
my rc.local.
I have added a comprehensive firewall built using Robert Ziegler's web
based tool to build an appropriate set of IPchains rules
(http://www.linux-firewall-tools.com/linux/index.html). This has
required considerable modification to fit in with Diald's ethertap
proxy.
The only way I have been able to make this work is to establish an open
firewall with masquerading at start-up and then to load the real
firewall from Diald's ip-up script after the link has come up. I then
use Diald's ip-down script to restore the simple firewall after the link
comes down. Without this, the firewall prevents Diald from first
bringing the link up. This is also how a dynamic IP user would do it.
With a static IP address, I feel it should be possible to define a
common set of IPchains rules to work with Diald before and after the
link has come up but so far I have failed to do this. IPchains seems to
confuse the ethertap proxy and the real external interface. I am using
the same IPs for both of these which is fine for Diald but seems to
confuse IPchains. The consequence is that the common ruleset won't allow
Diald to bring the link up although it will work fine once it is up.
Does anyone have experience using Diald, static IP and complex IPchains
rulesets who has solved this problem and who might point me in the right
direction?
Regards,
Ian Baines
--
Ian Baines
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
