Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
pppoe "redial" and iptables rules
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
wpeqan
n00b
n00b


Joined: 21 Feb 2012
Posts: 1

PostPosted: Tue Feb 21, 2012 2:27 pm    Post subject: pppoe "redial" and iptables rules Reply with quote

Hello,

I'm using gentoo on a desktop machine and connect to the internet with pppoe, I'm using a custom iptables script as firewall.
Everytime I get a new IP address from my provider the firewallscript needs to be restarted, but I don't really know where to insert it.
At the moment I need to manually execute "/path/to/iptables.sh restart".

Is there some standard way to update the firewall rules after I get a new IP?


Thanks in advance.

Relevant Portions of /etc/conf.d/net:
Code:

 # cat /etc/conf.d/net
modules=( "wpa_supplicant" )
wpa_supplicant_wlan0=( "wpa_supplicant" )
wpa_timeout_wlan0=60
#link_ppp0="wlan0"
config_eth0="null"
link_ppp0="eth0"

config_ppp0=( "ppp" )
plugins_ppp0=( "pppoe" )
username_ppp0='username'
password_ppp0='pw'
rc_wlan0_before="net.ppp0"
rc_ppp0_provide="net"
pppd_ppp0=(
   "noauth"
   "defaultroute"
   "usepeerdns"
   "ipcp-accept-remote"
   "ipcp-accept-local"
   "lcp-echo-interval 15"
   "lcp-echo-failure 3"
   "debug"
)
preferred_aps=( "my_ssid" )



edit:
Found the answer to my question in the logs.. I'll put the skript in /etc/ppp/ip-up
Code:

...
Feb 21 11:34:10 1313 pppd[11907]: rcvd [PAP AuthAck id=0x3 ""]
Feb 21 11:34:10 1313 pppd[11907]: PAP authentication succeeded
Feb 21 11:34:10 1313 pppd[11907]: peer from calling number 00:90:1A:A0:AA:14 authorized
...
Feb 21 11:34:11 1313 pppd[11907]: local  IP address ip
Feb 21 11:34:11 1313 pppd[11907]: remote IP address ip
Feb 21 11:34:11 1313 pppd[11907]: primary   DNS address ip
Feb 21 11:34:11 1313 pppd[11907]: secondary DNS address ip
Feb 21 11:34:11 1313 pppd[11907]: Script /etc/ppp/ip-up started (pid 19005)
Feb 21 11:34:11 1313 /etc/init.d/net.ppp0[19022]: status: inactive
Feb 21 11:34:11 1313 /etc/init.d/net.ppp0[19081]: You are using a bash array for config_ppp0.
Feb 21 11:34:11 1313 /etc/init.d/net.ppp0[19082]: This feature will be removed in the future.
Feb 21 11:34:11 1313 /etc/init.d/net.ppp0[19083]: Please see net.example for the correct format for config_ppp0.
Feb 21 11:34:11 1313 pppd[11907]: Script /etc/ppp/ip-up finished (pid 19005), status = 0x0

Back to top
View user's profile Send private message
truc
Advocate
Advocate


Joined: 25 Jul 2005
Posts: 3199

PostPosted: Tue Feb 21, 2012 4:44 pm    Post subject: Reply with quote

Often, you have one of the pppoe hooks which adds the clamp-mss iptables rules, if you plan to share your internet access, either disable this hook and add the rules manually to you custum iptables ruleset script or, find a way to have the clamp-mss hook run after your custom iptables script.


Also, you coud use iptables-save/iptables-restore to save your ruleset and re-generate it *only* when you get a new IP?

HTH?
_________________
The End of the Internet!
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum