Hi

you should use the ip-up and ip-down script in the /etc/ppp directory. In addition you should have a look at the SuSE-support-database, If I remember correctly, there is a way described how you can read the current IP of your interface to the internet and enabling the rules for this directly by use this IP. But if you do not want to do it in this way, switch to iptables with kernel 2.4.x.

THX

MfG.

Stefan Walther
stefan_walther@gehag-dsk.de
dienst.: +4930/89786448
Funk: +49172/3943961

eric.draven@aon.at

09.09.01 13:19

To: suse-security@suse.com
cc:
Subject: [suse-security] IPCHAINS with dynamic DNS

Hi all,

i recognized a strange (?) behavior of IPCHAINS toward dynamic DNS
names.

I have the following problem: i use a dialup-connection at home and
want to grant SSH-access to our company server, but (of course) only for
my IP.
So I registered some dynamic DNS-service and applied the host
"xxx.ath.cx".

Now i added the neccessary rules to ipchains, using this hostname. It
was working fine. But after i reconnected (and got a new IP) it was not
working anymore. Strange.
Then i re-checked the rules and saw that ipchains obviously resolves the
IP of "xxx.ath.cx", reverse lookups it and inserts THIS result (which is
now the hostname given by my provider) to the final rules.

So the original rule of:

ipchains -I input 1 -j ACCEPT -l -p tcp -i eth0 -s xxx.ath.cx -d dst 22

is translated to: (ipchains -L)

target prot opt source destination ports
ACCEPT tcp ----l- L0099P99.dipool.highway.telekom.at dst any -> ssh

which is not really what i want.. :/

Is there any solution? Deleting and re-inserting this rules every minute
via crontab is something i would not really like to do..

best regards, E.

--
To unsubscribe, e-mail: suse-security-unsubscribe@suse.com
For additional commands, e-mail: suse-security-help@suse.com