Mailinglist Archive: opensuse-security (375 mails)

< Previous Next >
Re: [suse-security] Problems with SuSEfirewall2, Masquarding after Connection lost
  • From: David Huecking <d.huecking@xxxxxxx>
  • Date: Sun, 29 Sep 2002 23:06:32 +0200
  • Message-id: <200209292306.32033.d.huecking@xxxxxxx>
Hi!

I also run a masquarading dsl-box based on SuSE 7.3 and SuSEfirewall2.
But: I run The Roaring Pinguin DSL-packet instead of the kernel based pppoed24
and I use ddclient by calling it in /etc/ppp/ip-up.local, so it does not run
as a daemon.
I cut the DSL-connection once in 24 hours according to the rules of my
internet provider via cronjob simple with a
/etc/init.d/adsl stop
/bin/sleep 30
/etc/init.d/adsl start
The rest like renewing the dynamic DNS entry and setting up iptables again
works automagic. This also works fine when the connection drops due to other
events...
Then I must say that I run a local DNS-server on another (also masqueraded)
server as a proxy and for resolving local (192.168...) addresses which is
contacted by the masqueraded clients. I can directy resolve extern addresses
after the reconnect.
And where do you get the /etc/resolv.conf entries (nameserver IPs) from. Is
the DSL-box using the "feature" of resolving them completely dynamic? The
entries of the masqueraded clients in resolv.conf are static?
Maybe you should sniff the network traffic leaving your ethernet-interface of
the DSL-modem with e.g. etherreal (X-forwarding...).

On Sonntag, 29. September 2002 21:11, Jammer wrote:
> I'm using a SuSE 7.2 Box with SuSEfirewall2 (installed from RPM) to
> Masquarde my Network at home using my DSL - Connection.
>
> Everything works fine, till the one Point:
> When i loose my Internet-Connection due to a 24h disconnect, reboot
> or 'playing around with the pppoed' I have the following problem:
>
> By default I do the following steps in a cronjob:
> test if pppoed is running
> if not, stop everything and restart all the things
>
>
> /sbin/checkproc /usr/sbin/pppoed24 || {
> /etc/rc.d/pppoed stop > /dev/null
> sleep 2
> /etc/rc.d/pppoed start > /dev/null
> sleep 5
> /usr/bin/killall ddclient
> sleep 1
> /usr/sbin/ddclient
> /root/bin/settime.sh >/dev/null
> sleep 2
> }
>
> It works but with one problem:
> I have a network masquaraded and when i loose connection and
> re-establish connection i can ping from the hosts that are
> masquaraded, but i can not resolve any DNS-Names. I can see no drops
> in the firewall logs, so everything is ok.. and after 5-10 Minutes
> DNS-lookups are working.

--
Eat, sleep and go running,
David Huecking.

Encrypted eMail welcome! GnuPG/ PGP-Fingerprint:
3DF2 CBE0 DFAA 4164 02C2 4E2A E005 8DF7 5780 9216


< Previous Next >
This Thread
References