Hi All! I have forwarded some ports on my firewall not based on IP but based on DNS name (we would like to use dyndns or something like that) Example in /etc/shorewall/rules DNAT net:myhostname.dyndns.org loc:192.168.1.1 tcp 83 - This works fine! But when the IP adress of this dynamic hostname updates to a new address it doesn''t work anymore the only way to let it work with an updated hostname seems to be a "shorewall restart" Is there any solution to let shorewall update this without having to restart the firewall? Regards, Niels
On Thu, 2003-10-09 at 08:11, niels@wxn.nl wrote:> Hi All! > > I have forwarded some ports on my firewall not based on IP but based on DNS > name (we would like to use dyndns or something like that) > > Example in /etc/shorewall/rules > > DNAT net:myhostname.dyndns.org loc:192.168.1.1 tcp 83 > - > > This works fine! > > But when the IP adress of this dynamic hostname updates to a new address it > doesn''t work anymore the only way to let it work with an updated hostname > seems to be a "shorewall restart" > > Is there any solution to let shorewall update this without having to restart > the firewall? >No. See http://shorewall.net/configuration_file_basics.htm#dnsnames -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
On Thu, 2003-10-09 at 08:23, Tom Eastep wrote:> > > > Is there any solution to let shorewall update this without having to restart > > the firewall? > > > > No. See http://shorewall.net/configuration_file_basics.htm#dnsnamesNote however that most dhcp clients have the capability to run a script when renewing/acquiring a lease and such a script can detect a change in the assigned address and issue a "/sbin/shorewall restart". See http://seawall.sf.net/dhclient.html for some ideas. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
> No. See http://shorewall.net/configuration_file_basics.htm#dnsnamesYes I already have read that, I am a bit stubborn I know :-) But ehh will a "shorewall refresh" not do the job and never will?
On Thu, 2003-10-09 at 08:26, niels@wxn.nl wrote:> > No. See http://shorewall.net/configuration_file_basics.htm#dnsnames > > Yes I already have read that, I am a bit stubborn I know :-) > > But ehh will a "shorewall refresh" not do the job and never will? >It never has, doesn''t now and never will. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net