Re: Ipchains and connection to ISP
I've now allowed dhcp in from the ISP and it works. Can I ask you one
more question: is it possible to direct the ipchains log to a file other
than /var/log/kern.log (e.g. /var/log/ipchains.log), so that kern.log
doesn't get filled up with ipchains log messages? Udo
Phil Dyer wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Udo Klein said:
I connect to my ISP provider via a cable modem (dhclient gets the
dynamic IP address). A few weeks ago I installed an (ipchains) firewall,
which basically denies all requests from outside (I checked this by
looking at the logs). I could connect to the ISP, browse the net, etc.
However, since yesterday I cannot connect to the ISP anymore. But
strangly, the connection is impossible only while the firewall is up and
running. If I disable the firewall by "mv /etc/rcS.d/S39packetfilter
/etc/rcS.d/_S39packetfilter" I CAN connect and browse the net!
Is this caused by some requests from the ISP provider (maybe when
changing or assigning the dynamic IP address) being rejected by my
Yes, you need to allow dhcp in from the isp. dhcp will come from the
server on udp port 67, and will connect to your client on udp port 68.
$IPCHAINS -A INPUT -s 0/0 -p udp --dport 68 --sport 67 -j ACCEPT
Also, I notice that the script sets your WAN_IP by pulling the current
ip address off of your interface. That can cause trouble when your isp
re-assigns you a different ip address while you are up and running. For
dynamic ip's, I'd rather use interface names than ip address.
I haven't looked closely at your script, so I can't say that dhcp is the
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)
Comment: Public Key: http://www.dyermaker.org/gpgkey
-----END PGP SIGNATURE-----