On Wed, Dec 05, 2001 at 12:48:13AM -0600, Jor-el wrote: > On Sat, 1 Dec 2001, David B Harris wrote: > > > On Sun, 2 Dec 2001 11:36:20 +1000, > > mdevin@ozemail.com.au wrote: > > > > SNAT would be. However, you better make sure that each time the IP > > address of your interface changes, your firewall script runs. You could > > do this in Debian by putting your firewall script in /etc/ppp/ip-up.d/. > > But also please keep in mind that your firewall rules should be put in > > place *before* any external interfaces are brought on-line. > > > Isnt this assuming that the internet connection uses ppp? > Cablemodem, for instance, doesnt use ppp at all - a fact that seems to > have escaped the maintainer of the dhcpcd package too. How would one solve > this problem in the case of cablemodem? > I understand that you are using dhclient from a subsequent post of yours. If you wanted to re-run part of your firewall to reconfigure for a change in IP address with a cable connection then you could look into the following: Firstly, I don't have a cable connection, but I did set one up on a friends computer recently. I can't remember all the details now, but I do remember that dhclient provided some hooks for doing things when certain conditions were met. For example, it is possible with dhclient to check the new IP address assigned and compare this to the old one and only have the firewall script run if the new IP address has changed. This would mean that even if dhclient lost the connection and had to reconnect, it would rarely have to re-run the firewall script for a cable connection (where IP rarely changes). Sorry I can't remember the name of the file to put these config details in to do this stuff, but if you read the documentation with dhclient then you will figure it out. Hey, I did :-) Anyway, I guess the point is, that you can do the same with dhclient, and in a more configurable way. Cheers. Mark.
Attachment:
pgpGIBau2_BvM.pgp
Description: PGP signature