[TriLUG] iptables - sometimes stops working
Turnpike Man
turnpike420 at yahoo.com
Wed Apr 9 15:17:54 EDT 2003
I set the external nic to a static IP on the corp network. The internal nic is
also static, of course. At home, it relies on RR DHCP for the external nic.
*shrugs* This one has stumped me. About 6+ months ago, I am remembering I
talked to someone about this (before I knew TriLUG existed). I remember him
saying he had setup a cron job which checked on the iptables service every 5
minutes. There are many things I didn't like about that. First, writing the
cron job b/c I've yet do to those types of things. Second, there didn't seem to
be a point, this is linux, should be up and stable (in most cases) if properly
configured. Third, if the internet is out for more than 5 seconds around here,
people are knocking on my door and ringing my phone, so a cron job would waste
valuable resources if it had to check so often. And lastly, when iptables is
stuck, if I do "service iptables status" I get back the proper response as if
everything is fine and all rules are applied, so how would a cron job detect,
this I've yet to think about really. Got me on this one. Anomaly was a good
choice of word I suppose.
David M.
--- Brian Daniels <bitmage at bellsouth.net> wrote:
> On Wed, Apr 09, 2003 at 06:58:41AM -0700, Turnpike Man wrote:
> > line. The anomaly I'm having is this: I have a training lab setup in the
> > corporate office. That lab is separated from the production network by a
> linux
> > machine running iptables. That way folks can create their own domains,
> cross
>
> Is the firewall getting it's 'outside' address from the corp network via
> dhcp? This sounds like what would happen if your DHCP lease expired, you
> were assigned a new ip, and your rules were not re-set to expect the new ip
> on the external interface.
>
> --Brian
__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - File online, calculators, forms, and more
http://tax.yahoo.com
More information about the TriLUG
mailing list