Hi there, On Mon, Sep 06, 2004 at 08:25:48AM +1000, david kwok wrote: [SNIP] > This firewall script somehow works intermittantly. When it disconnects > and reconnects to the isp, the postrouting rules do not seem to > translate internal address of the pbx server to the current public ip > address and as a result the packet from the other end cannot come back > to the pbx box. I have only had a short look on the script, but to me it looks as if your firewall-tables are not reinitialized after reconnect. As it is very likely that you have a different public IP address then, the address in use when the script was first started is not current anymore and therefore the firewall rules translate the pbx-server address to the old public IP. We have some similar setup here. I set up the rules which are independent of the public IP and saved them using /etc/init.d/iptables to the "active" set. That way they are initialized when the system comes up. In addition I have two scripts in /etc/ppp/ip-up.d resp. /etc/ppp/ip-down.d which setup resp. clean up the additional rules dependent on the public IP address. > Any suggestions as to why it does not follow the rules are most appreciated. Actually it does, but the rules don't contain the "correct", i.e. current, public IP address. OTOH, I could have overlooked s.th. HTH, Ralf -- Ralf Gerlich http://home.easylink.de/rgerlich PGP: 1024D/54F7 B9AC 1CE4 137E 7791 3E63 4BB6 E425 AF97 3BCF No software patents in Europe! For SMEs and OpenSource! http://swpat.ffii.org/
Attachment:
signature.asc
Description: Digital signature