LinuxSA Mailing list archives
Index:
[thread]
[date]
[subject]
[author]
From: Adam J. Sulis <asulis@range.on.ca>
To : Daryl Tester <dt@picknowl.com.au>
Date: Sun, 18 Jun 2000 20:55:10 -0400
Re: PPP, Dynamic IP, and an IPCHAINS script
Whoa, I never even considered that idea. Much better indeed, and more
secure (I preferred having the services independant, but resigned myself to
tying them together.
This group rocks. Thanks Daryl, I owe you one. I'll try this tomorrow.
At 09:55 AM 6/19/00 +0930, you wrote:
>"Adam J. Sulis" wrote:
>
> > I hope this doesn't transmit in HTML - first email using Eudora (I think I
> > have it all config'd).
>
>All text-amundo.
>
> > Here is the glitch: Once dialed in, my ppp0 interface is given a dynamic,
> > random IP from the ISP's pool. However, a few lines of code later in the
> > script, my firewall script pre-sets a number of variables, one of which is
> > the external interface IP, "IPADDR". I need to find a way to pass the new
> > IP address to this variable on-the-fly so that IPCHAINS can pick it up and
> > use it. The affected part of the script (trimmed for size) appears at the
> > end of this message.
>
>Rather than using the IP address, why not use the interface? eg, excerpt
>from my firewall script -
>
>## I like pinging, boing boing boing ...
>## Up and down until I get a pain in me groin ...
>/sbin/ipchains -A input -i ppp+ -p icmp -j ACCEPT
>
>## Expose services SMTP, SSHD to PPP interface.
>/sbin/ipchains -A input -i ppp+ -p tcp --dport ssh --syn -j ACCEPT -l
>/sbin/ipchains -A input -i ppp+ -p tcp --dport smtp --syn -j ACCEPT -l
>
>ppp+ denotes all ppp interfaces, so if it should happen to come up
>on ppp1, things remain OK. Used this way, the ipchain config can be
>in place _before_ your link is brought up, and can work independantly.
>Otherwise, there exists a small window of opportunity to get at your
>system.
>
>Regards,
> Daryl Tester
>
>--
>LinuxSA WWW: http://www.linuxsa.org.au/ IRC: #linuxsa on irc.linux.org.au
>To unsubscribe from the LinuxSA list:
> mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject
--
LinuxSA WWW: http://www.linuxsa.org.au/ IRC: #linuxsa on irc.linux.org.au
To unsubscribe from the LinuxSA list:
mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject
Index:
[thread]
[date]
[subject]
[author]
Return to the LinuxSA Mailing List Information Page