RE: Firewall with dynamic IP
I kind of have the same situation with a box of mine. I have a cable
modem, with DHCP address allocation. I am using the box with IPCHAINS to
MASQ some web sites so that my children only get off the internet what I
think they should get off the internet (i.e., one site at a time). This
trick I learned from searching out how to get Apache to do virtual hosts
with a dynamic IP.
1) Copy your ideal IPCHAINS (or other script) to foo.template (e.g.
firewall.template or httpd.conf.template)
2) Replace all references to the dynamic IP address with DYNAMICIPADDRESS or
3) Add a cron job, or what scheduler manual or otherwise with simirlar code:
------------------ START OF SCRIPT ------------------
# get new ip address
MYIP=$(/sbin/ifconfig | grep -1 eth0 | cut -s -d ' ' -f12 | grep addr |
cut -d ':' -f2)
# change the firewall.template file
cat firewall.template | sed -e "s/DYNAMICIPADDRESS/$MYIP/g" > firewall
# restart firewall
chmod 0744 firewall
------------------- END OF SCRIPT -------------------
This works fairly well, my own personal concern was: will the box get a
dynamic ip address through my DHCP client from my cable modem through the
firewall if the ip address changes?
I haven't run into this problem yet, and I'm not familiar enough with the
DHCP protocol to say for sure.
> -----Original Message-----
> From: email@example.com [mailto:firstname.lastname@example.org]On Behalf Of Julien Stern
> Sent: Friday, August 11, 2000 10:31 AM
> To: email@example.com
> Subject: Firewall with dynamic IP
> Hi all,
> I have a stupid problem with my firewall.
> It's very simple (no DMZ) and it has a dynamic IP.
> Everything works fine. However, I would like to be
> able to know what's the new IP of my firewall when I'm
> Nothing runs of the firewall except ssh2 and syslogd
> (oh, well there is cron, portmap, tcplogd and a few others, but
> no ftp, telnet, web, rlogin, mail... no services basically).
> So, how to get the firewall new IP when it changes?
> If I can retrieve the IP from an inside box, I can simply
> mail it to an outside account. But how to retrieve this
> address automatically, simply and securely?
> To UNSUBSCRIBE, email to firstname.lastname@example.org
> with a subject of "unsubscribe". Trouble? Contact