View previous topic :: View next topic |
Author |
Message |
thauer n00b
Joined: 28 Aug 2004 Posts: 22 Location: Switzerland
|
Posted: Wed Sep 15, 2004 10:58 pm Post subject: Picking up computer's ip address after redial |
|
|
I have struggled with this for a long time. I need to log in to my home machine from work. Easy, but my home computer is on a dialup (ADSL) line without a fixed IP address. Thus when the line is dropped (once a day or so), the machine disappears behind a dynamically assigned new IP address upon redial which I won't see until I get to the computer physically.
So this is what I do:
My home computer "pings" my work computer every ten minutes:
Code: | localhost root $ crontab -l
*/10 * * * * /usr/bin/curl myhost.atwork.com:44444 --connect-timeout 1 >/dev/null 2>&1 |
On my work computer I have a firewall (iptables) running with a chain called "HOMEGATE" which has three rules, the first lets me through from "home", the second logs the "ping" (see above) and the third simply forwards into the real firewall chain. INPUT and FORWARD are all going to HOMEGATE. Notice that as long as the ip address of home is valid, the pings never reach the second rule, they are accepted by the first (and then dropped because there is no service there obviously)
Code: | $ cat /etc/hosts
127.0.0.1 localhost
111.111.111.111 home
$ iptables -L --line-numbers
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 HOMEGATE all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 HOMEGATE all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Chain HOMEGATE (2 references)
num target prot opt source destination
1 ACCEPT tcp -- home anywhere
2 LOG tcp -- anywhere anywhere tcp dpt:44444 LOG level warning prefix `REPORTINGHOMEIP'
3 MYFIREWALL all -- anywhere anywhere
Chain MYFIREWALL (1 references)
num target prot opt source destination
[...]
6 REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
|
Allright, we captured the change of the IP address, now we need to process the log message. metalog is my friend:
Code: | $ cat /etc/metalog/metalog.conf
[...]
Home IP logging :
regex = "REPORTINGHOMEIP"
command = "/usr/local/sbin/gethomeip.sh"
[...]
$ cat /usr/local/sbin/gethomeip.sh
#!/bin/bash
# Extract IP address from the log message:
homeip=`echo $* | sed 's/.*SRC=\([^ ]\+\) .*/\1/'`
# Patch /etc/hosts:
sed -i -e "s/.* home/"$homeip" home/" /etc/hosts
# Patch (the running) iptables
iptables -R HOMEGATE 1 -j ACCEPT -p tcp -s home
|
That's it. In summary:
Home computer pings every ten minutes to port 44444
Work computer's firewall ignores 44444 as long as it is coming from what is currently known as home computer
When the IP address of my home computer changes, the logging does happen and metalog calls a script
The script updates /etc/hosts and the running firewall
ssh thauer@home works again!
|
|
Back to top |
|
|
tminos n00b
Joined: 10 Apr 2002 Posts: 25 Location: California
|
Posted: Thu Sep 16, 2004 3:28 am Post subject: |
|
|
Why not just use something like dyndns.org ... ? |
|
Back to top |
|
|
thauer n00b
Joined: 28 Aug 2004 Posts: 22 Location: Switzerland
|
Posted: Thu Sep 16, 2004 7:06 am Post subject: |
|
|
tminos wrote: | Why not just use something like dyndns.org ... ? |
For one, I did not know about it. Thanks, this is a great forum!
Two more things in my defense:
I actually liked my solution, maybe pieces can be useful for something related after all: it shows a little bit of how iptables can be used for non-default things and I just learned how to use metalog...
There is one thing which the dyndns service does not do for me: updating my iptables rules on my non-home machine. I have strict firewall rules on that computer which do not allow generic access, but accepts connections from my home machine. Given that iptables stores the rules with ip-addresses, the table gets broken when my home machine gets assigned a new ip address. |
|
Back to top |
|
|
giftnudel n00b
Joined: 04 Nov 2003 Posts: 20
|
Posted: Thu Sep 16, 2004 8:55 am Post subject: |
|
|
Hi,
but you do realize, that if one finds out your port, he might get full access to your pc?
Otherwise this is a very interesting solution
giftnudel |
|
Back to top |
|
|
venkat200 n00b
Joined: 14 Sep 2009 Posts: 1
|
|
Back to top |
|
|
depontius Advocate
Joined: 05 May 2004 Posts: 3509
|
Posted: Mon Dec 07, 2009 5:13 pm Post subject: |
|
|
There's another option here. You don't have to poll - dhcp has provisions to call your own script, so this can be event-driven. To be honest, I'm running dhcpcd-3.X, so anything I can tell you is hopelessly obsolete. I masked >=dhcpcd-4.X until I could learn how to replace my dhcpcd-3.X scripts. I never got around to it, and I believe I've heard that dhcpcd-5.X is going to do it differently, so I'm hoping to skip dhcpcd-4.X entirely.
With dhcpcd-3.X I was able to specify an executable with this line in /etc/conf.d/net :
Code: | dhcpcd_eth0="-h myName -R -c /usr/local/sbin/dhcpcd.sh" |
Whenever dhcpcd did anything significant it would call my dhcpcd.sh with a few arguments, which I could parse and do what was needed.
I'm under the impression that this same type of capability is still in place in newer versions, just implemented differently. _________________ .sigs waste space and bandwidth |
|
Back to top |
|
|
MacGyver031 Tux's lil' helper
Joined: 11 Jul 2004 Posts: 141 Location: Ilavalai, Sri Lanka
|
Posted: Wed Oct 31, 2012 9:16 am Post subject: |
|
|
I have net-misc/dhcpcd-5.6.2 on my systems. This has hooks which can be programmed easily. Everytime there is a change in dhcp-process, the files in dhcp-hooks are executed. So you could do the following:
/lib/dhcpcd/dhcp-hooks/50-update_remotesys
Code: |
# BOUND:
# binding to a new adress has been done.
# $new_ip_address
# $new_subnet_mask
# $interface
# $media
# RENEW:
# renewing a binding
# $new_ip_address, $old_ip_address
# ....
# REBIND:
# same as RENEW, except ARP tables are cleared
# REBOOT:
# got the same address after sys-reboot, same as bound
# TIMEOUT:
#
# EXPIRE:
# giving up IP-address.
# IPVLL
# FAIL:
# Unable to contact dhcp-server, handling as same as EXPIRE
# PREINIT|CARRIER
if [ $interface == "eth0" ]; then
case "${reason}" in
BOUND|RENEW|REBIND)
# THESE BASH COMMANDS WILL BE EXECUTED AFTER SUCCESSFULLY OBTAINING IP.
# Variable $new_ip_address has the newly obtained IP.
;;
EXPIRE|FAIL|STOP|TIMEOUT)
logger "Unable to obtain new IP. Retrying later."
;;
esac
fi
|
_________________ Sincerely your
Joanand K.
MacBook Pro 5.1: 2.4GHz Core2 Duo, 4096MB, 500GB, NVidia 9400/9600 M GT
Gentoo, Kernel 3.4.9, XOrg, Fluxbox. |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|