Re: IPTABLES and DHCP
--- Randolph S. Kahle <RandyKahle@KahleAssociates.com> (2001-12-07 04:45):
> I am configuring a firewall that will run dhcpcd on eth0 (it is
> connected to a cable modem).
>
> I have a firewall rule set (for IPTABLES) that is working on another
> machine with a fixed IP for eth0
>
> In the rule set I have statements such as
>
> IF_INTERNET="eth0"
> IP_INTERNET="24.27.45.111"
>
>
> I use the $IP_INTERNET value in
>
> $IPTABLES -t nat -A POSTROUTING -o $IF_INTERNET -j SNAT --to-source
> $IP_INTERNET
>
> to give me my NAT translation.
>
> My question is this --> How do I synchronize the IP address for eth0
> that dhcpcd secures with the rule in iptables?
>
> It seems to me that I need to run some script or take some action each
> time dhcpcd secures a new IP address.
I'd suggest using -j MASQUERADE instead of SNAT in this instance. The
MASQUERADE target is generally used for dynamic ip address connections
(such as yours), whereas SNAT is for static ip addresses. I too have a
cable modem which gets its address via dhcp and I've been using
MASQUERADE for many months now with no problems.
The line from my iptables script is this:
${iptables} -t nat -A POSTROUTING -o ${inet_iface} -j MASQUERADE
Cheers,
Sean
--
Sean Quinlan (smq@gmx.co.uk)
Reply to: