[TriLUG] iptables - sometimes stops working

Turnpike Man turnpike420 at yahoo.com
Wed Apr 9 15:17:54 EDT 2003


I set the external nic to a static IP on the corp network.  The internal nic is
also static, of course.  At home, it relies on RR DHCP for the external nic. 
*shrugs*  This one has stumped me.  About 6+ months ago, I am remembering I
talked to someone about this (before I knew TriLUG existed).  I remember him
saying he had setup a cron job which checked on the iptables service every 5
minutes.  There are many things I didn't like about that.  First, writing the
cron job b/c I've yet do to those types of things. Second, there didn't seem to
be a point, this is linux, should be up and stable (in most cases) if properly
configured.  Third, if the internet is out for more than 5 seconds around here,
people are knocking on my door and ringing my phone, so a cron job would waste
valuable resources if it had to check so often.  And lastly, when iptables is
stuck, if I do "service iptables status" I get back the proper response as if
everything is fine and all rules are applied, so how would a cron job detect,
this I've yet to think about really.  Got me on this one.  Anomaly was a good
choice of word I suppose.

David M.

--- Brian Daniels <bitmage at bellsouth.net> wrote:
> On Wed, Apr 09, 2003 at 06:58:41AM -0700, Turnpike Man wrote:
> > line.  The anomaly I'm having is this:  I have a training lab setup in the
> > corporate office.  That lab is separated from the production network by a
> linux
> > machine running iptables.  That way folks can create their own domains,
> cross
> 
> Is the firewall getting it's 'outside' address from the corp network via 
> dhcp?  This sounds like what would happen if your DHCP lease expired, you 
> were assigned a new ip, and your rules were not re-set to expect the new ip 
> on the external interface.
> 
> --Brian


__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - File online, calculators, forms, and more
http://tax.yahoo.com



More information about the TriLUG mailing list