Craig Wyndham wrote:
I tried the /etc/ppp/ip-up script, but it seems to run too early and fails to pick up the new address of the ppp connection. If I then restart the firewall manually it works fine, but then tends to stop passing traffic after a few minutes.
I just have not had time to investigate further, but would be very interested in any inputs.
Craig Wyndham (Sydney, Australia)
-------------------------
Try to use the /etc/ppp/ip-up script.
On Wed, 28 Jun 2000, Timo Schulz wrote:
Hello list, I have a little problem with my dialup connection. After I get connect, I have to restart the SuSEfirewall script to activate the PPP device. So I need root privilegs. Is there any secure possibility to restart the firewall without involving root?
Thanks in advance.
-- Two-a-Day at joesixpack.net www.freenet.de/joesixpack keyid BF3DF9B4
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Hi Craig, I use Red Hat Linux with the 2.0.36 kernel and "ipfwadm". I found I had to incorporate the attached snippet into "/etc/ppp/ip-up", to enforce a wait for the IP address to become available. I also include my "ppp_ip" script which is referenced within the snippet. This script simply returns the current IP address for the PPP session. Cheers - Les Catterall # # <extract> from my "/etc/ppp/ip-up". # # # Users with a Static IP address could enter it here. # # firewall_ip = "your.static.PPP.address" # # # We get our firewall's IP address dynamically from PPP, so we need to enable # the following option. This enables dynamic-ip address hacking in IP MASQ, # making life with Diald and similar programs much easier. # echo "1" > /proc/sys/net/ipv4/ip_dynaddr # # Now, _THIS_ script is run automatically immediately after "pppd" brings IPCP # up (see man "pppd"). So our firewall's IP address this time around will be # available to us sometime during the course of running this script. We're # going to need this address for the rulesets that follow (which utilise the # "firewall_ip" environment variable), so wait here until it's available. # while [ "`/usr/local/bin/ppp_ip`" = "" ]; do sleep 1; done firewall_ip="`/usr/local/bin/ppp_ip`" # # Continue "/etc/ppp/ip-up" processing now that IP address is available. # # # </extract> # #!/bin/sh # # ppp_ip # # Version : 19990621 - Les Catterall # # Edits: # 19970720 - Original version. # 19980920 - Port to Redhad Linux and rename "ppp_ip". # 19990621 - Use "ifconfig" rather than "tail /var/log/messages". # # This script may be used to determine the local IP address allocated for # the current PPP session (the dynamic Internet address). This address # is available via "/sbin/ifconfig" immediately after establishing a PPP # connection. It may be used after any script which calls "/usr/sbin/pppd". # /sbin/ifconfig | grep 'P-t-P' | awk '{print $2}' | awk -F: '{print $2}' # # End ppp_ip #