On Sat, Jul 21, 2001 at 04:38:09PM -0400, [EMAIL PROTECTED] wrote:
> On Sat, 21 Jul 2001, Hal Burgiss wrote:
>
> > Mine is in my dhcp client script that execs on any dhcp action.
> > That is the best place for it. That way it will run automatically.
> > Of course, the iptables script needs to be aware of dynamic IPs.
> > Are you using pump or dhcpcd?
>
> I'm using dhcpcd. Do you mean that you call the script in the
> /etc/dhcpcd/dhcpcd-eth0.exe file? What do I have to do to make the
I believe so, but I am using pump.
> iptables script be aware of dynamic IP's.
Presumably your script has some rules based on your local IP address?
I would think so, but can't say without seeing it. Usually, you'd have
something like:
WAN_IP=`ifconfig $WAN_IF | grep inet | cut -d : -f 2 | cut -d \ -f 1`
to get a dynamic IP. So if the script is doing something like this,
and you run it from the dhcp exec script, then it will always get it
right.
> Is there a chance that you could include the rules you use to handle dhcp?
for i in $DHCP_SERVERS;do
echo " $i"
$IPTABLES -A INPUT -p udp -s $i --sport 67 -d $REMOTENET --dport 68 -j ACCEPT
done
My ISP sometimes uses two dhcp servers.
Connection tracking might handle this without any special rules. I
haven't tried that, but maybe somebody else has?
> I meant how does iptables handle dhcp? Do I need to leave port 67 open
> so that the dhcp broadcast can get through to start the ip change?
See above. Try it without any special rules and see. A lot depends on
the how the script handles things. Most iptables scripts seem to open
specific holes for inbound connections, and let connection tracking
handle everything else. This seems to work really well by and large.
--
Hal B
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
Spamtrap: [EMAIL PROTECTED] and [EMAIL PROTECTED]
--
_______________________________________________
Seawolf-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/seawolf-list
