Experts,
I have a firewall machine built recently and it runs debian bullseye
(v11). It has two ethernet interfaces - one internal ($intf) and one
external ($extf). My external port runs dhclient to get its IP address
and internal port runs dnsmasq to provide DNS service to
internal/protected hosts. Usual iptables rules are established to
prevent attack/entry into internal net from external net and allow
proper internet access to internal net hosts.
I had this system working fine (on an older machine) since debian
5.0.7. I have not upgraded that machine as it is working fine. However
that hardware is too old (10+ years) and I wanted to replace it with
something more modern running latest OS and that is why I built the
above machine.
My old machine does not seem have avahi-daemon. So, it runs fine.
However, my new machine has this daemon running which notices that
$extif does not have much activity and disables it after some timeout
idle time. I initially thought my firewall rules are suspect and was
banging my head for a while adding extra rules for
DHCPDISCOVER/REQUEST etc thinking that those are blocked. Today I
noticed that my $extif is vanishing and /var/log/daemon.log shows some
avahi-daemon messages about that interface being disabled/withdrawn or
some such thing.
As a next step, I want to tell avahi-daemon that it should not work on
that interface as it is not meant to be fooled around. Do I use
deny-interface $extif or allow-interface $intif only? Which is proper?
Will doing one of these solve my problem of $extif vanishing from
ifconfig?
If you think there is something else that I can do that is better,
please let me know that too.
Much appreciate any help.
Please let me know if you need anything else that will help to resolve
this problem.
Regards
Ramesh