Mailinglist Archive: opensuse-security (206 mails)

< Previous Next >
Re: [suse-security] DialUp with Firewall
  • From: Les Catterall <catterau@xxxxxxxxxxx>
  • Date: Fri, 30 Jun 2000 18:58:32 +1000
  • Message-id: <395C6138.7723CE8A@xxxxxxxxxxx>
Craig Wyndham wrote:

I tried the /etc/ppp/ip-up script, but it seems to run too early and
fails to pick up the new address of the ppp connection. If I then
restart the firewall manually it works fine, but then tends to
stop passing traffic after a few minutes.

I just have not had time to investigate further, but would be very
interested in any inputs.

Craig Wyndham (Sydney, Australia)

-------------------------

Try to use the /etc/ppp/ip-up script.

On Wed, 28 Jun 2000, Timo Schulz wrote:


Hello list,
I have a little problem with my dialup connection.
After I get connect, I have to restart the SuSEfirewall script
to activate the PPP device. So I need root privilegs.
Is there any secure possibility to restart the firewall without
involving root?

Thanks in advance.

--
Two-a-Day at joesixpack.net www.freenet.de/joesixpack keyid BF3DF9B4

---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
For additional commands, e-mail: suse-security-help@xxxxxxxx


---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
For additional commands, e-mail: suse-security-help@xxxxxxxx

---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
For additional commands, e-mail: suse-security-help@xxxxxxxx

Hi Craig,

I use Red Hat Linux with the 2.0.36 kernel and "ipfwadm". I found I had
to incorporate the attached snippet into "/etc/ppp/ip-up", to enforce
a wait for the IP address to become available. I also include my "ppp_ip"
script which is referenced within the snippet. This script simply returns
the current IP address for the PPP session.

Cheers - Les Catterall#
# <extract> from my "/etc/ppp/ip-up".
#

#
# Users with a Static IP address could enter it here.
#
# firewall_ip = "your.static.PPP.address"
#

#
# We get our firewall's IP address dynamically from PPP, so we need to enable
# the following option. This enables dynamic-ip address hacking in IP MASQ,
# making life with Diald and similar programs much easier.
#

echo "1" > /proc/sys/net/ipv4/ip_dynaddr

#
# Now, _THIS_ script is run automatically immediately after "pppd" brings IPCP
# up (see man "pppd"). So our firewall's IP address this time around will be
# available to us sometime during the course of running this script. We're
# going to need this address for the rulesets that follow (which utilise the
# "firewall_ip" environment variable), so wait here until it's available.
#

while [ "`/usr/local/bin/ppp_ip`" = "" ]; do sleep 1; done

firewall_ip="`/usr/local/bin/ppp_ip`"

#
# Continue "/etc/ppp/ip-up" processing now that IP address is available.
#

#
# </extract>
#
#!/bin/sh

#
# ppp_ip
#
# Version : 19990621 - Les Catterall
#
# Edits:
# 19970720 - Original version.
# 19980920 - Port to Redhad Linux and rename "ppp_ip".
# 19990621 - Use "ifconfig" rather than "tail /var/log/messages".
#
# This script may be used to determine the local IP address allocated for
# the current PPP session (the dynamic Internet address). This address
# is available via "/sbin/ifconfig" immediately after establishing a PPP
# connection. It may be used after any script which calls "/usr/sbin/pppd".
#

/sbin/ifconfig | grep 'P-t-P' | awk '{print $2}' | awk -F: '{print $2}'


#
# End ppp_ip
#
< Previous Next >
Follow Ups
References