-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Udo Klein said:
Hi everybody,
I connect to my ISP provider via a cable modem (dhclient gets the
dynamic IP address). A few weeks ago I installed an (ipchains) firewall,
which basically denies all requests from outside (I checked this by
looking at the logs). I could connect to the ISP, browse the net, etc.
However, since yesterday I cannot connect to the ISP anymore. But
strangly, the connection is impossible only while the firewall is up and
running. If I disable the firewall by "mv /etc/rcS.d/S39packetfilter
/etc/rcS.d/_S39packetfilter" I CAN connect and browse the net!
Is this caused by some requests from the ISP provider (maybe when
changing or assigning the dynamic IP address) being rejected by my
ipchains rules?
Yes, you need to allow dhcp in from the isp. dhcp will come from the
server on udp port 67, and will connect to your client on udp port 68.
$IPCHAINS -A INPUT -s 0/0 -p udp --dport 68 --sport 67 -j ACCEPT
Also, I notice that the script sets your WAN_IP by pulling the current
ip address off of your interface. That can cause trouble when your isp
re-assigns you a different ip address while you are up and running. For
dynamic ip's, I'd rather use interface names than ip address.
I haven't looked closely at your script, so I can't say that dhcp is the
only problem...
- --
/phil
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)
Comment: Public Key: http://www.dyermaker.org/gpgkey
iD8DBQFCUTKKGbd/rBLcaFwRAjW2AKDObvie9DEX0gvazhdppHduLPTPvACgyDNw
swPhOG3Wp3PBMl+LD6q0goA=
=43np
-----END PGP SIGNATURE-----