Hi there,
On Mon, Sep 06, 2004 at 08:25:48AM +1000, david kwok wrote:
[SNIP]
> This firewall script somehow works intermittantly. When it disconnects
> and reconnects to the isp, the postrouting rules do not seem to
> translate internal address of the pbx server to the current public ip
> address and as a result the packet from the other end cannot come back
> to the pbx box.
I have only had a short look on the script, but to me it looks as if your firewall-tables are not reinitialized after reconnect. As it is very likely that you have a different public IP address then, the address in use when the script was first started is not current anymore and therefore the firewall rules translate the pbx-server address to the old public IP.
We have some similar setup here. I set up the rules which are independent of the public IP and saved them using /etc/init.d/iptables to the "active" set. That way they are initialized when the system comes up. In addition I have two scripts in /etc/ppp/ip-up.d resp. /etc/ppp/ip-down.d which setup resp. clean up the additional rules dependent on the public IP address.
> Any suggestions as to why it does not follow the rules are most appreciated.
Actually it does, but the rules don't contain the "correct", i.e. current, public IP address.
OTOH, I could have overlooked s.th.
HTH,
Ralf
--
Ralf Gerlich http://home.easylink.de/rgerlich
PGP: 1024D/54F7 B9AC 1CE4 137E 7791 3E63 4BB6 E425 AF97 3BCF
No software patents in Europe! For SMEs and OpenSource!
http://swpat.ffii.org/
Attachment:
signature.asc
Description: Digital signature