G'day and thanks again.
[EMAIL PROTECTED] said:
>
>
> On Sun, 25 Oct 1998, Stephen Davies wrote:
>
> > G'day Kaz and thanks for your reply.
> >
> > The diald doco specifically says to not use the -detach option and I am pretty
> > sure I had the same situation before I started using diald.
>
> How did you manage your pppd's before you switched to diald? Did you just kill
> them and restart them from a shell script? That can give rise to the same race
> condition.
>
Yes, I believe that is what I did but it is quite a while ago.
> One easy way to get pppd to restart itself is simply to write an endless
> loop in the bash shell:
>
> while true ; do
> pppd < options > -detach
> done
>
> By using -detach, the shell will wait for pppd to terminate before launching it
> again, ensuring that the device is released.
>
Interesting idea. I used to rely on diald to drop the connection for brief
periods but now that I do not, this looks like a simple and effective
alternative to diald.
Shouldn't affect any dialin user either.
> > Yes, my permanent connection is permanent (except for the aforementioned
> > failures) and I do own a /24 network.
>
> Have you tried using the interface IP addresses in your firewall rules, rather
> than the interface names (-V rather an -W)?
For the first few years of connecting to the net via Linux PPP, I followed the
advice of my then ISP and configured both eth0 and ppp0 to 203.2.199.1. At
that stage I relied only on TCP wrappers for "firewalling".
When I added a web server and dialin services, I decided to use ipfwadm as
well as wrappers and split the two interfaces to two IP addresses to simplify
the rules as you suggest.
However, I could not find a way to make this work completely. If I made both
IPs resolve to mustang.sdc.com.au, every second access from ftp etc (from
security conscious sites) would fail because the reverse resolution would give
a different IP from the initial value due to named cycling between alternative
addresses.
If I assigned different names to each interface, it was confusing to regular
users: www.sdc.com.au would only work for either internal or external users
but not both.
If you have a solution to this dilemma, I would very much like to hear it.
Cheers and thanks,
Stephen.
========================================================================
Stephen Davies Consulting
[EMAIL PROTECTED]
Adelaide, South Australia. Voice:
61-8-82728863
Computing & Network solutions. Fax: 61-8-82741015
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
