Re: guarddog uses ip number instead of name?
* <afe0108 <at> yahoo.com>
2004-07-15 06:19:51 GMT
--- Avi Schwartz <avi <at> CFFtechnologies.com> wrote:
> On Jul 14, 2004, at 23:42, Leendert Meyer wrote:
> > On Thursday 15 July 2004 01:06, * wrote:
> >> Hi Kevin, thanks for the reply! I am actually using dyndns.com. And
> >> I misstated the problem, sorry about that! My ip number is NOT being
> >> used in iptables. What is being used is the hostname resolved from my
> >> ip number. E.g. I would like it to use:
> >> blah.homeip.net
> >> in the iptables but it is using instead:
> >> adsl-68-126-0-201.dsl.irvnca.pacbell.net
> >> which makes sense since when I do a host 184.108.40.206 it returns the
> >> second one. I wonder how people are working around this? Do you see
> >> your dyndns.com hostname in your iptables? Thanks.
> > You did not complain about a non-working firewall.
> > Is your firewall working?
> I am actually replying to the previous message since I missed it
> What you are seeing is the result of the reverse DNS. This is handled
> by your ISP (i.e. the IP owner) and NOT by dyndns. The only one that
> can control it is the IP owner (your ISP) and since they are unlikely
> to change it to resolve to your dyndns hostname, there is nothing much
> you can do. But you should not have a problem with your firewall
> because of that.
> BTW, the name is not used by iptables. --list by default attempts to
> translate the IP to a hostname but If you will run
> iptables --list -n
> you will the IP numbers instead.
Thanks Avi, that helps! BUT if the firewall is using ip numbers then it
seems like I'm back to square one:
(1) I run guarddog and populate iptables.
(2) I run /etc/init.d/iptables save, to save the state.
(3) When my machine boots up it uses iptables-restore to restore the
So as I was saying (or trying to say) in my original post, when my ip
number changes daily via DHCP then it's impossible to use my machine as
a server. I.e. I can no longer ssh in because the rule restored from
iptables-restore is using an old ip number.
Certainly I shouldn't have to rerun guarddog and resave the state every
time my address changes? I must be doing something wrong, or there must
be a way around this. Thanks.
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.