IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

New <penelope pitstop />Heyulp!
I'd like to draw our resident iptables hexperts' attention to the mailing list post I made a couple of days ago.

[link|http://lists.warhead.org.uk/pipermail/iwe/2005-July/000115.html|http://lists.warhead...-July/000115.html]

Help gratefully received. Kudos and beer in return.


Peter
[link|http://www.ubuntulinux.org|Ubuntu Linux]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Home]
Use P2P for legitimate purposes!
Expand Edited by pwhysall July 27, 2005, 09:56:04 AM EDT
New Maybe this will help a bit?
[link|http://lists.debian.org/debian-user/2003/08/msg01807.html|Here]:

I've got a Debian woody box acting as firewall for a small home network. It has two ethernet cards with the internal network one being static and the external one configured by DHCP. I use a cable modem for internet connectivity. I'd like the Debian box to use the dns server it's running for name resolution but every time eth1 reconnects to comcast.net it overwrites /etc/resolv.conf with the standard nameserver addresses plus a search domain (attbi.com). I though about changing the permissions on resolv.conf or adding a post-up script to eth1 but I was wondering if there was a right way to do this. Its not a big deal but it bugs me.


A solution regarding DHCP tweaks is offered in the [link|http://lists.debian.org/debian-user/2003/08/msg01903.html|reply].

Luck!

Cheers,
Scott.
New Re: Maybe this will help a bit?
Thanks for your consideration and effort, but the offending link (the 10.201.0.0/16 network) isn't DHCP served :-)


Peter
[link|http://www.ubuntulinux.org|Ubuntu Linux]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Home]
Use P2P for legitimate purposes!
New Personally I'd like to see the actual script you ran.
I can do the script junk in me head much easier.

Plus, can you post a linky to the PDF?
--
[link|mailto:greg@gregfolkert.net|greg],
[link|http://www.iwethey.org/ed_curry|REMEMBER ED CURRY!] @ iwethey
[image|http://www.danasoft.com/vipersig.jpg||||]
New PDF Link
[link|http://guildenstern.dyndns.org/tmp/home_network.pdf|http://guildenstern..../home_network.pdf]


Peter
[link|http://www.ubuntulinux.org|Ubuntu Linux]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Home]
Use P2P for legitimate purposes!
New Questions.
Are you using iptables on Ariel? You shouldn't need to, just define defaults routes on ariel and miranda, run a routing daemon on ariel... rip/ripII should be all you need. Zebra is dead though the "known to be successor" is quagga, BIRD also is working well. routed is a bit heavy for what you want, gated just stop, don't use it. radvd advertising routing daemon heavy.

If I were in your shoes, BIRD seems right, easily configd to only route to and from a network... of course, you could use iptables... but why. Routing is so damned automagic when setup proper, iptables have to be run everytime there is a change, plus you have to turn on tcp-forwarding in the kernel.

And with the DNS issue, MaraDNS needs to be configured to agree to listen and reply on 10.201.1.254:53, 10.200.1.50:53 and 127.0.0.1:53
--
[link|mailto:greg@gregfolkert.net|greg],
[link|http://www.iwethey.org/ed_curry|REMEMBER ED CURRY!] @ iwethey
[image|http://www.danasoft.com/vipersig.jpg||||]
New What ports is MaraDNS listening on?
It looks like it's hearing the request on 10.200.1.50 but then replying from 10.201.1.254.

Wade.
Save Fintlewoodlewix
New 53


Peter
[link|http://www.ubuntulinux.org|Ubuntu Linux]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Home]
Use P2P for legitimate purposes!
New Doh. I meant interfaces.
Save Fintlewoodlewix
New As described in the original post.


Peter
[link|http://www.ubuntulinux.org|Ubuntu Linux]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Home]
Use P2P for legitimate purposes!
     <penelope pitstop />Heyulp! - (pwhysall) - (9)
         Maybe this will help a bit? - (Another Scott) - (1)
             Re: Maybe this will help a bit? - (pwhysall)
         Personally I'd like to see the actual script you ran. - (folkert) - (2)
             PDF Link - (pwhysall) - (1)
                 Questions. - (folkert)
         What ports is MaraDNS listening on? - (static) - (3)
             53 -NT - (pwhysall) - (2)
                 Doh. I meant interfaces. -NT - (static) - (1)
                     As described in the original post. -NT - (pwhysall)

Absorbant and yellow and porous is he!
80 ms