[ale] portfw

[Ben Coleman]

On Fri, 02 Feb 2001 14:49:17 -0500, Paul Voccio wrote:

>Using portfw this way:
>
> > /usr/sbin/ipmasqadm portfw -f
> > /usr/sbin/ipmasqadm portfw -a -P tcp -L XXX.XXX.XXX.XXX 80 -R 
>192.168.1.2 80 >
>
>If I were using such a configuration on RH 6.2 and I have a dynamic 
>hostname such as dhs.org can I insert my hostname for the Xs since that is 
>constantly updated instead of the actual ip address of the nic? I suppose I 
>could get pull the script and get the actual ip from ifconfig but this 
>would seem much easier.

Even if that works, the problem is that the hostname will only be
resolved when you run the command.  When the address changes later,
portfw will still be using the old address (I think.  There is some
kernel code for dealing with dynamic addresses, but I'm not sure that
it extends to portfw).

The usual way to handle this is to re-establish the port forwarding
rules whenever the address changes.  How you do this will depend on how
you are acquiring the dynamic address.  If you're using PPP (including
PPPOE), the script /etc/ppp/ip-up is run when the link comes up.  The
4th parameter passed to it is the ip address of the local side of the
link.  So, you could insert the code

> /usr/sbin/ipmasqadm portfw -f
> /usr/sbin/ipmasqadm portfw -a -P tcp -L $4 80 -R 192.168.1.2 80 >

into /etc/ppp/ip-up, and whenever the link is re-established
(presumably with a new ip address), the port forwarding rules will be
changed.

If you're using DHCP, dhcpcd has a similar mechanism.  Last I knew,
pump didn't, so you may find that you have to switch to using dhcpcd
instead of pump.

Ben

-- 
Ben Coleman oloryn at benshome.net      | The attempt to legislatively
http://oloryn.home.mindspring.com/   | micromanage equality results, at
Amateur Radio NJ8J                   | best, in equal misery for all.


--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.