Greig McGill wrote:
Hi Glenn.
However if I do:
$/etc/init.d/ipmasq stop $/etc/init.d/ipmasq start
after dialing in then it works.
It sounds like your rules might be binding to an IP address instead of an interface - in your case, probably ppp0. As you get a new IP every time you dial up, your rules may be incorrect.
It appears to be handling the new ip properly. The dropped packets log like this: 203.96.152.4 is the dns server, 203.79.74.233 is my dynamic ip Jul 8 09:13:06 pixie kernel: IN= OUT=ppp0 SRC=203.79.74.233 DST=203.96.152.4 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=147 DF PROTO=UDP SPT=53 DPT=53 LEN=59 Why is it using udp?
I'm not at all familiar with this "ipmasq" thing though - I recommend just using standard iptables rules...maybe it is, I've never seen it.
It does just use standard iptables rules, but wraps them in "easy to use" config scripts. I have fixed the problem for now by opening port 53. I think this is pretty secure because bind is only listening on the internal interface. My question now is why would it be dropping packets from the masq machine itself that are destined for the external interface? And why only dns lookup forward packets? g -- Glenn Ramsey <glenn(a)componic.co.nz> 07 8627077 http://www.componic.co.nz