[ale] Linux box as a router w/DHCP

James Sumners james.sumners at gmail.com
Mon Jan 22 17:57:17 EST 2007


If you're not doing any port forwarding (DNAT) I don't suppose there
is a problem with that. But if you want to mangle packets, I believe
you have to reference the external IP.

Of course, I'm not very knowledgeable in all of this. My firewall is a
result of a couple day's worth of research. I then promptly forgot
about it all and concentrated on my ODE and Combinatorics classes :)

On 1/22/07, JK <jknapka at kneuro.net> wrote:
> James Sumners wrote:
>
> > The P2 machine I use, I got off eBay for $25.
> >
> > The "problem" with the IP address being assigned from the ISP via DHCP
> > lies in the way the firewall scripts have to be written. If the ISP
> > is... silly, and assigns a new IP address every lease renewal, or even
> > every day (whatever), then they scripts have to be able to handle
> > that. If you have a static IP from your ISP, then you can reference
> > the same external IP in your firewall rules without care. If you have
> > a dynamic IP, you have to get a little crafty and retrieve the current
> > external IP every time the script is run.
>
> In general, I've never needed to explicitly mention the IP address
> of the outside interface in my iptables rules.  As a matter of
> curiosity, why would you need to do that?
>
> I just let DHCP configure the default route via eth0 (my
> Internet-facing interface), and say "masquerade everything
> going out of eth0":
>
>    iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>
> It could be that this is a terrible idea, but if so, I'd appreciate
> it if someone could tell me why.  (Of course, my *inward*-facing
> interfaces have rules to prohibit spoofing, and the eth0 INPUT and
> FORWARD chains have rules to ensure that nothing gets in on
> eth0 with a source address from the masq'd internal subnets.)
>
> -- JK

-- 
James Sumners
http://james.roomfullofmirrors.com/

"All governments suffer a recurring problem: Power attracts
pathological personalities. It is not that power corrupts but that it
is magnetic to the corruptible. Such people have a tendency to become
drunk on violence, a condition to which they are quickly addicted."

Missionaria Protectiva, Text QIV (decto)
CH:D 59



More information about the Ale mailing list