A lot of ISP's will give you a dns name based on your IP as well. Just throwing that in to make sure that you had double checked that your name isn't changing. Like my road runner account will change to something like gsoxxx-xxx-xxx.triad.rr.com as my host name where the xxx's are the last three sets of my ip number. Wade Chandler Metro IT Solutions Lead Programmer http://www.metrotriad.com/wchan http://www.metrois.com wade.chandler@metrois.com 336-725-1621 Ext. 1015 ----- Original Message ----- From: "Adalbert Michelic" <adalbert.list@lopez.at> To: <suse-security@suse.com> Sent: Sunday, September 09, 2001 4:55 PM Subject: Re: [suse-security] IPCHAINS with dynamic DNS
Eric,
* On Sunday, September 09, 2001 at 13:21, eric.draven@aon.at wrote:
i recognized a strange (?) behavior of IPCHAINS toward dynamic DNS names.
I have the following problem: i use a dialup-connection at home and want to grant SSH-access to our company server, but (of course) only for my IP. So I registered some dynamic DNS-service and applied the host "xxx.ath.cx".
Now i added the neccessary rules to ipchains, using this hostname. It was working fine. But after i reconnected (and got a new IP) it was not working anymore. Strange. Then i re-checked the rules and saw that ipchains obviously resolves the IP of "xxx.ath.cx", reverse lookups it and inserts THIS result (which is now the hostname given by my provider) to the final rules.
When adding your rule with ipchains, the hostname is looked up by ipchains. When checking your rules afterwards with ipchains -L, the address is reverse looked up.
The kernel only knows about the IP-addresses - you can verify this with "cat /proc/net/ip_fwchains" (at least with Kernel 2.2.x).
Is there any solution? Deleting and re-inserting this rules every minute via crontab is something i would not really like to do..
I would suggest the following: - Insert the rule in /etc/ppp/ip-up.local - Remove the rule in /etc/ppp/ip-down.local - Update your DynDNS-Hostname when running ip-up.local
Adalbert
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com