On Fri, Oct 15, 2004 at 11:41:06AM -0700, kate wrote: > 1. yes I have ipt_MASQUERADE loaded. > 2. my logic was to substitute any static_ip refernce > with -i eth0, but you're saying that doesn't work. no--it doesn't work. might be a nice feature request...but alas at the current state of technology--no dice. > Would refernce to the box eg. myfw.mydomain.com work > instead of ip_static ? nope--same problem, essentially. when you use an FQDN in a rule--it is resolved to an IP address once, at the time the rule is loaded. > Your neat script, where would I place that in my fw > script? at the top? Does it need anything else to make > it work? it's really just a variable declaration, but yeah--at the top would be a good place for it. once you have a script that can figure out your IP addresses for you at the time of execution--the only other piece you need is to reload your rules each time your IP address changes--the man page of your particular DHCP client should have details on how to execute a script on IP change. this also isn't as big a deal in practice as it may seem--my firewall on my cable modem at my house has had the same IP address since 11-27-2003 (the day i upgraded it). > you can see that I am new at this! s'alright--that's what these lists are for. a good read for newbies is the IPTables Tutorial, located at: http://iptables-tutorial.frozentux.net/iptables-tutorial.html -j -- Jason Opperisano <opie@xxxxxxxxxxx>
