I have a machine running, opensuse 11.0, that acts as firewall, mailserver etc for the house. I have a Dlink DSL-300t adsl modem that I use to connect to the outside world. I have configured the WAN facing ethernet port to use dhcpcd to get its ip address from the modem. As default the modem has a lease time of 300 secs so the lease was renewed every 180 secs. This worked well in 10.1 but when I upgraded to 11.0 I started seeing messages in the logs that I am sure weren’t happening before.
Under 11.0 every time the lease is renewed all the scripts in ifup.d are executed, so for me this includes the firewall and my dynamic dns ip update script.
So my question is : should the scripts be executed on lease renewal when the ip address has not changed?
To minimise the problem I have increased the lease time but this means I miss a dsl reconnect with a new ip address and my dynamic dns ip address is wrong until the next lease expiry time.
martst schrieb:
> I have a machine running, opensuse 11.0, that acts as firewall,
> mailserver etc for the house. I have a Dlink DSL-300t adsl modem that I
> use to connect to the outside world. I have configured the WAN facing
> ethernet port to use dhcpcd to get its ip address from the modem. As
> default the modem has a lease time of 300 secs so the lease was renewed
> every 180 secs. This worked well in 10.1 but when I upgraded to 11.0 I
> started seeing messages in the logs that I am sure weren’t happening
> before.
> Under 11.0 every time the lease is renewed all the scripts in ifup.d
> are executed, so for me this includes the firewall and my dynamic dns ip
> update script.
> So my question is : should the scripts be executed on lease renewal
> when the ip address has not changed?
I see no harm in it. In fact, complexity being the enemy of security,
I’d probably prefer it that way, instead of adding code to determine
whether the address hasn’t changed and the potential to get it wrong.
> To minimise the problem I have increased the lease time but this means
> I miss a dsl reconnect with a new ip address and my dynamic dns ip
> address is wrong until the next lease expiry time.
That sounds wrong. I have the impression that I don’t quite understand
your setup. If your ADSL modem is really just a modem, how come you can
set the lease time? If it is a router, how come your IP address can
change without the lease time expiring?
If I were to speculate, I’d say you are trying to use the lease expiry
of your internal network as a trigger for the periodic update of your
external IP address. I don’t think that’s a sensible approach. The
best solution would be your router (ADSL modem) doing dynDNS updates
automatically whenever its external IP address changes. If it is not
capable of doing that, the second best solution would be a simple
cron job running the dynDNS update script every 300 secs. Either way
you can then set your internal DHCP lease time to something sensible
like one day or one week.
The D-link ADSL modem is not a router and does not offer functions like NAT. It has a dhcp server that allows the connected computer to be given the external IP address. In my setup the external facing ethernet interface on my gateway computer picks up this IP address and I run a firewall on the computer that provides the NAT function for the internal facing network interface.
I have been using this basic configuration for the last 8 years, first with a modem/router in “half bridge” mode and now with the adsl modem. After the upgrade to 11.0 things have changed. Previously there were no messages in the log file from dhcpcd and the ifup.d scripts were not executed unless the external ip address had changed. Now dhcpcd executes ifup every time even though the ip address has not changed.
The best solution would be your router (ADSL modem) doing dynDNS updates
automatically whenever its external IP address changes. If it is not
capable of doing that, the second best solution would be a simple
cron job running the dynDNS update script every 300 secs. Either way
you can then set your internal DHCP lease time to something sensible
like one day or one week.
I could have a script that checked if the address had changed and then update the DNS server and the firewall but as this used to work well before I was wondering if I had something wrong or the design of dhcpcd had changed.
martst schrieb:
> The D-link ADSL modem is not a router and does not offer functions like
> NAT. It has a dhcp server that allows the connected computer to be given
> the external IP address.
I see. I’m afraid I don’t have any experience with that sort of device.
> I could have a script that checked if the address had changed and then
> update the DNS server and the firewall but as this used to work well
> before I was wondering if I had something wrong or the design of dhcpcd
> had changed.
I don’t know if something has changed there, but it’s quite possible.
Both the old and new behaviour you describe seem legitimate to me.
If the problem is just a few more log messages I’d just ignore them.
If there’s something more serious then the script would probably be
the way to go.