Eric, * On Sunday, September 09, 2001 at 13:21, eric.draven@aon.at wrote:
i recognized a strange (?) behavior of IPCHAINS toward dynamic DNS names.
I have the following problem: i use a dialup-connection at home and want to grant SSH-access to our company server, but (of course) only for my IP. So I registered some dynamic DNS-service and applied the host "xxx.ath.cx".
Now i added the neccessary rules to ipchains, using this hostname. It was working fine. But after i reconnected (and got a new IP) it was not working anymore. Strange. Then i re-checked the rules and saw that ipchains obviously resolves the IP of "xxx.ath.cx", reverse lookups it and inserts THIS result (which is now the hostname given by my provider) to the final rules.
When adding your rule with ipchains, the hostname is looked up by ipchains. When checking your rules afterwards with ipchains -L, the address is reverse looked up. The kernel only knows about the IP-addresses - you can verify this with "cat /proc/net/ip_fwchains" (at least with Kernel 2.2.x).
Is there any solution? Deleting and re-inserting this rules every minute via crontab is something i would not really like to do..
I would suggest the following: - Insert the rule in /etc/ppp/ip-up.local - Remove the rule in /etc/ppp/ip-down.local - Update your DynDNS-Hostname when running ip-up.local Adalbert