[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Ipchains and connection to ISP

Thanks Phil,

I've now allowed dhcp in from the ISP and it works. Can I ask you one more question: is it possible to direct the ipchains log to a file other than /var/log/kern.log (e.g. /var/log/ipchains.log), so that kern.log doesn't get filled up with ipchains log messages? Udo

Phil Dyer wrote:
Hash: SHA1

Udo Klein said:

Hi everybody,

I connect to my ISP provider via a cable modem (dhclient gets the dynamic IP address). A few weeks ago I installed an (ipchains) firewall, which basically denies all requests from outside (I checked this by looking at the logs). I could connect to the ISP, browse the net, etc.

However, since yesterday I cannot connect to the ISP anymore. But strangly, the connection is impossible only while the firewall is up and running. If I disable the firewall by "mv /etc/rcS.d/S39packetfilter /etc/rcS.d/_S39packetfilter" I CAN connect and browse the net!

Is this caused by some requests from the ISP provider (maybe when changing or assigning the dynamic IP address) being rejected by my ipchains rules?

Yes, you need to allow dhcp in from the isp. dhcp will come from the
server on udp port 67, and will connect to your client on udp port 68.

$IPCHAINS -A INPUT -s 0/0 -p udp --dport 68 --sport 67 -j ACCEPT

Also, I notice that the script sets your WAN_IP by pulling the current
ip address off of your interface. That can cause trouble when your isp
re-assigns you a different ip address while you are up and running. For
dynamic ip's, I'd rather use interface names than ip address.

I haven't looked closely at your script, so I can't say that dhcp is the
only problem...

- --


Version: GnuPG v1.4.0 (MingW32)
Comment: Public Key: http://www.dyermaker.org/gpgkey


Reply to: