Re: "Crashing" Firewall
I exchanged a few emails with Urs and it seems we got to the
bottom of this.
On Tue, Oct 08, 2002 at 11:30:27AM +0200, martin f krafft wrote:
> also sprach Urs Martini <urs.martini@gmx.de> [2002.10.08.0129 +0200]:
> > I got a problem with my new set up firewall: it "crashes" after some time!
>
> What's "crashes"? What does it do?
The machine did not actually crash, but got into a situation
where pretty much no traffic was allowed through.
> > Now before I get into details - is there anyone who's willing
> > to help myself fixing that problem _personally_?
>
> Why? I''ll help you, but I won't take it off the list.
Well, I did take it off the list, with the intention of posting
a resolution here, once we got to that. That's what I'm doing
now.
Urs has a 2.2kernel/ipchains masquerading firewall connecting
his home LAN to the world over a DSL line (with pppoe). Now his
provider disconnects every pppoe session that's longer than 24
hours, most likely to discourage people from running their own
(web) servers and such. Of course, upon reestablishing the
link, the box gets a different IP address (that was the whole
point of disc'ing the line). The script Urs had did not take
into account a change of the local IP address. Firewall config
is stored in a /path/rc.firewall file, which takes the usual
start|stop arguments. I suggested that it be called with start from an
/etc/ppp/ip-up.d/ script, and with stop from a .../ip-down.d/
one. As the local (public) IP address is "computed" in each
(start) run of the script, the fw/masq rules are now following
the dynamic IP assignment.
Apparently this works.
Regards to all,
Andrei
Reply to: