by Christian Caro » Mon, 14 Jan 2002 13:42:28
I have a dynamic ip and a firewall. I have a M$ computer connected to a
FreeBSD computer, which is connected to Internet. Whenever the ip changes,
all my connections to the Internet stop working.
Is there a way to:
-track the new ip as it changes
-restart the network using this new ip (do I have to?)
-restart the firewall (ipfw) using the new ip
...without rebooting?
Any idea?
--
==========================================
Christian Caron
by Devon Rya » Mon, 14 Jan 2002 14:03:49
> I have a dynamic ip and a firewall. I have a M$ computer connected to a
> FreeBSD computer, which is connected to Internet. Whenever the ip changes,
> all my connections to the Internet stop working.
> Is there a way to:
> -track the new ip as it changes
> -restart the network using this new ip (do I have to?)
> -restart the firewall (ipfw) using the new ip
> ...without rebooting?
> Any idea?
--
Biology/Neuroscience, Pre-med | http://home.uchicago.edu/~dpryan
by Aaron Ange » Mon, 14 Jan 2002 16:15:07
> I have a dynamic ip and a firewall. I have a M$ computer connected to a
> FreeBSD computer, which is connected to Internet. Whenever the ip changes,
> all my connections to the Internet stop working.
> Is there a way to:
> -track the new ip as it changes
> -restart the network using this new ip (do I have to?)
> -restart the firewall (ipfw) using the new ip
> ...without rebooting?
> Any idea?
As for tracking the new IP as it changes, that would depend on which
DHCP client you're using. If you're using dhclient, there is a dhclient
script, /sbin/dhclient-script, which is called each time the IP address
changes. Look in there, it may call a local script. If so, modify
that. If not, backup the original and modify the master script to call
a local script, and put your notification stuff in there.
by Berk S. Daemo » Mon, 14 Jan 2002 19:14:44
> > Hi everyone,
> > I have a dynamic ip and a firewall. I have a M$ computer connected to a
> > FreeBSD computer, which is connected to Internet. Whenever the ip
changes,
> > all my connections to the Internet stop working.
> > Is there a way to:
> > -track the new ip as it changes
> > -restart the network using this new ip (do I have to?)
> > -restart the firewall (ipfw) using the new ip
> > ...without rebooting?
> > Any idea?
> Hopefully there is a better way, but you could find out how often you
> have to renew your lease and make a cron job that does whatever it is
> you need it to do (never had those problems, then again my lease is
> always for the same ip).
> --
> Biology/Neuroscience, Pre-med | http://home.uchicago.edu/~dpryan
by Rodrigo A B Freire - STB » Mon, 14 Jan 2002 23:18:54
Rod.
Quote:> Hi everyone,
> I have a dynamic ip and a firewall. I have a M$ computer connected to a
> FreeBSD computer, which is connected to Internet. Whenever the ip changes,
> all my connections to the Internet stop working.
> Is there a way to:
> -track the new ip as it changes
> -restart the network using this new ip (do I have to?)
> -restart the firewall (ipfw) using the new ip
> ...without rebooting?
> Any idea?
> --
> ==========================================
> Christian Caron
by ericg » Tue, 15 Jan 2002 22:17:30
It probably stop working because your ipfw rules prevent connections using the
new IP. What i did is i defined a $dynip = `ifconfig ep0 | grep inet | grep -v
inet6 | awk '{print $2}'` variable in my rules file and use this variable
instead of hardcoded IP.
I assume here that you get a new IP after a system reboot since changing the
IP while having an active connection is a serious violation of the DHCP
protocol.
Eric.
> I have a dynamic ip and a firewall. I have a M$ computer connected to a
> FreeBSD computer, which is connected to Internet. Whenever the ip changes,
> all my connections to the Internet stop working.
> Is there a way to:
> -track the new ip as it changes
> -restart the network using this new ip (do I have to?)
> -restart the firewall (ipfw) using the new ip
> ...without rebooting?
> Any idea?
> --
> ==========================================
> Christian Caron
by Lowell Gilber » Wed, 16 Jan 2002 00:57:38
No. It's not. Changing IP addresses on clients without needingQuote:> I assume here that you get a new IP after a system reboot since changing the
> IP while having an active connection is a serious violation of the DHCP
> protocol.
by jp » Wed, 16 Jan 2002 01:29:41
> No. It's not. Changing IP addresses on clients without needing
> to reboot them was the whole *point* of developing DHCP, as an
> improvement to BOOTP.
--
j p d (at) d s b (dot) t u d e l f t (dot) n l .
by ericg » Wed, 16 Jan 2002 04:02:19
Yes it is (See RFC 2131 on DHCP protocol). DHCP doesn't require an administrator
to manualy configure each new network device. That was the whole point of
developing DHCP.
Eric.
> No. It's not. Changing IP addresses on clients without needing
> to reboot them was the whole *point* of developing DHCP, as an
> improvement to BOOTP.
by ericg » Wed, 16 Jan 2002 04:10:41
You're right. That's exactly why DHCP will rebind you to the same address on an
active session.
Eric.
> > No. It's not. Changing IP addresses on clients without needing
> > to reboot them was the whole *point* of developing DHCP, as an
> > improvement to BOOTP.
> But it'll still break the existing connections (eg, ssh), so those will
> need to be re-established, no?
> --
> j p d (at) d s b (dot) t u d e l f t (dot) n l .
by Lowell Gilber » Wed, 16 Jan 2002 04:19:08
> > No. It's not. Changing IP addresses on clients without needing
> > to reboot them was the whole *point* of developing DHCP, as an
> > improvement to BOOTP.
> But it'll still break the existing connections (eg, ssh), so those will
> need to be re-established, no?
- Lowell
by Lowell Gilber » Wed, 16 Jan 2002 04:57:05
[You can run a DHCP server such that it gives out infinite leases that
don't need to be renewed. However, this is functionally equivalent to
BOOTP.]
In short, DHCP is a way to configure devices over the network, and one
of its features *is* the ability to change the IP address on a client.
This does, indeed, cause active connections to fail.
-- Lowell Gilbert
> > > I assume here that you get a new IP after a system reboot since changing the
> > > IP while having an active connection is a serious violation of the DHCP
> > > protocol.
> > No. It's not. Changing IP addresses on clients without needing
> > to reboot them was the whole *point* of developing DHCP, as an
> > improvement to BOOTP.
by Christian Caro » Wed, 16 Jan 2002 07:06:11
My problems are not when I'm rebooting as the new ip is detected and I use this script to get the new ip in the firewall.
The problem is when my ip is not renewed and I get another one, while the computer is running. Then, I lose my connections. The only way I found to correct the situation is to reboot.
But does somebody know how to "restart the services" (including the firewall ipfw), without rebooting?
Thanks!
--
==========================================
Christian Caron
by jp » Wed, 16 Jan 2002 09:37:23
I can see a lot of problems with it[1], but I can see merits, too.Quote:>> But it'll still break the existing connections (eg, ssh), so those will
>> need to be re-established, no?
> Yes. [Actually, I once had a proposal for an extension to DHCP that
> would allow for gradual transfer to a new IP address, but it was never
> implemented by anyone but me, never implemented in any server at all,
> and obviously was never advanced as a standard.]
[1] Mending programs (not being dhcp[cd]) to take hold of the new ip?
Here _and_ there?
--
j p d (at) d s b (dot) t u d e l f t (dot) n l .
by ericg » Wed, 16 Jan 2002 22:05:13
There is 2 conditions that *may* cause your client to get a different lease.Quote:> It also, however, provides for address
> "leases", so that the device doesn't necessarily get to keep using
> that address indefinitely.
1. The lease has expired ( which mean the client haven't tried to *revalidate* his
lease). That will not happen unless you turn off your computer for a while or your
connexion break for more than the lease period.
2. The client has sent a request to release his lease.
The dhcp server will keep the information about the given lease and will try as much
as possible to re-assign the same lease to the same host. In case where the dhcp
server have no more free lease to assing to new clients it will reclaim *unused*
leases and start assigning them to new clients.
It is prepared for that situation but this situation is most likely not expected sinceQuote:> The device is required to contact the
> server to renew its lease occasionally, and must be prepared, if the
> server so instructs, to stop using the address and start using a new
> one. A reboot of the device is, thus, not required, and neither is
> direct configuration.
That's exactly why it is an unacceptable server behavior.Quote:> In short, DHCP is a way to configure devices over the network, and one
> of its features *is* the ability to change the IP address on a client.
> This does, indeed, cause active connections to fail.
1. DHCP and Bootp Assignment of Dynamic IP Addresses.
My university is switching to a dynamic IP assignment from the standard
static setup they had before. The will be using a combination of
bootp or dhcp to allocate these numbers. I have scoured the FAQS
and the newsgroups and have had no luck. Is there any suggested
manner for dealing with this problem?
Thank you.
Charles Suprin.
--
Charles Suprin
---
There's not enough sax and violins on television.
2. Some notes on ftp with cron
3. dynamic IP address on my LAN w/ MS DHCP <<HOW>>
5. PPP server w/ dynamic IP provided by DHCP server
6. Implementation of QoS in Linux
7. Dhcp, dynamic ip and daemon
10. Linux DHCP server with dynamic IP
11. Dynamic allocation of IP (DHCP)
12. Finding DHCP (dynamic IP) devices on a subnet