[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: Firewall with dynamic IP



Greetings,
	I kind of have the same situation with a box of mine.  I have a cable
modem, with DHCP address allocation.  I am using the box with IPCHAINS to
MASQ some web sites so that my children only get off the internet what I
think they should get off the internet (i.e., one site at a time).  This
trick I learned from searching out how to get Apache to do virtual hosts
with a dynamic IP.

1)	Copy your ideal IPCHAINS (or other script) to foo.template (e.g.
firewall.template or httpd.conf.template)

2)	Replace all references to the dynamic IP address with DYNAMICIPADDRESS or
something similar

3)	Add a cron job, or what scheduler manual or otherwise with simirlar code:

------------------ START OF SCRIPT ------------------
#!/bin/bash

# get new ip address
MYIP=$(/sbin/ifconfig | grep -1 eth0 | cut -s -d ' ' -f12 | grep addr |
cut -d ':' -f2)

# change the firewall.template file
cat firewall.template | sed -e "s/DYNAMICIPADDRESS/$MYIP/g" > firewall

# restart firewall
chmod 0744 firewall
firewall
------------------- END OF SCRIPT -------------------

This works fairly well, my own personal concern was: will the box get a
dynamic ip address through my DHCP client from my cable modem through the
firewall if the ip address changes?

I haven't run into this problem yet, and I'm not familiar enough with the
DHCP protocol to say for sure.

Have Fun!

Brooks


> -----Original Message-----
> From: julien@lri.fr [mailto:julien@lri.fr]On Behalf Of Julien Stern
> Sent: Friday, August 11, 2000 10:31 AM
> To: debian-firewall@lists.debian.org
> Subject: Firewall with dynamic IP
>
>
> Hi all,
>
> I have a stupid problem with my firewall.
> It's very simple (no DMZ) and it has a dynamic IP.
> Everything works fine. However, I would like to be
> able to know what's the new IP of my firewall when I'm
> away.
>
> Nothing runs of the firewall except ssh2 and syslogd
> (oh, well there is cron, portmap, tcplogd and a few others, but
> no ftp, telnet, web, rlogin, mail... no services basically).
>
> So, how to get the firewall new IP when it changes?
>
> If I can retrieve the IP from an inside box, I can simply
> mail it to an outside account. But how to retrieve this
> address automatically, simply and securely?
>
> Sincerely,
> Julien
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
>



Reply to: