Hi! I also run a masquarading dsl-box based on SuSE 7.3 and SuSEfirewall2. But: I run The Roaring Pinguin DSL-packet instead of the kernel based pppoed24 and I use ddclient by calling it in /etc/ppp/ip-up.local, so it does not run as a daemon. I cut the DSL-connection once in 24 hours according to the rules of my internet provider via cronjob simple with a /etc/init.d/adsl stop /bin/sleep 30 /etc/init.d/adsl start The rest like renewing the dynamic DNS entry and setting up iptables again works automagic. This also works fine when the connection drops due to other events... Then I must say that I run a local DNS-server on another (also masqueraded) server as a proxy and for resolving local (192.168...) addresses which is contacted by the masqueraded clients. I can directy resolve extern addresses after the reconnect. And where do you get the /etc/resolv.conf entries (nameserver IPs) from. Is the DSL-box using the "feature" of resolving them completely dynamic? The entries of the masqueraded clients in resolv.conf are static? Maybe you should sniff the network traffic leaving your ethernet-interface of the DSL-modem with e.g. etherreal (X-forwarding...). On Sonntag, 29. September 2002 21:11, Jammer wrote:
I'm using a SuSE 7.2 Box with SuSEfirewall2 (installed from RPM) to Masquarde my Network at home using my DSL - Connection.
Everything works fine, till the one Point: When i loose my Internet-Connection due to a 24h disconnect, reboot or 'playing around with the pppoed' I have the following problem:
By default I do the following steps in a cronjob: test if pppoed is running if not, stop everything and restart all the things
/sbin/checkproc /usr/sbin/pppoed24 || { /etc/rc.d/pppoed stop > /dev/null sleep 2 /etc/rc.d/pppoed start > /dev/null sleep 5 /usr/bin/killall ddclient sleep 1 /usr/sbin/ddclient /root/bin/settime.sh >/dev/null sleep 2 }
It works but with one problem: I have a network masquaraded and when i loose connection and re-establish connection i can ping from the hosts that are masquaraded, but i can not resolve any DNS-Names. I can see no drops in the firewall logs, so everything is ok.. and after 5-10 Minutes DNS-lookups are working.
-- Eat, sleep and go running, David Huecking. Encrypted eMail welcome! GnuPG/ PGP-Fingerprint: 3DF2 CBE0 DFAA 4164 02C2 4E2A E005 8DF7 5780 9216