iptables - specifying iface that does not currently exist
- From: "Justin" <yu.justin@xxxxxxxxx>
- Date: 14 Aug 2006 08:04:06 -0700
Hi,
I've set up a router and firewall with iptables, the external link is a
ppp one using the speedtouch USB modem and the internal is a normal
ethernet card. The ppp link isn't always up, pppd will repeatedly try
until it gets through.
My question is: when the ppp0 iface goes down, what happens to the data
packets being forwarded out from the LAN to the internet? I have
ip_forward and ip_dynaddr both set to 1 and I know it's perfectly legal
to specify with iptables an iface that does not exist. But something
must be done to the packets being continuously sent into tho router
destined into a downed iface... Does the kernel buffer them up until
the link is back up (ip_dynaddr = 1)? wouldn't there be a limit for
this buffering? Should I turn off just the ip_forward and firewall with
the ip-down hook or is this unnecessary?
I need this router to be rock solid, with minimum maintainence as I
won't be able to administer it easily. hopefully someone can help me
out on this detail which I can't find any info on.
Cheers for any help received!
Justin
.
- Follow-Ups:
- Re: iptables - specifying iface that does not currently exist
- From: Robert Harris
- Re: iptables - specifying iface that does not currently exist
- Prev by Date: Help with network settings
- Next by Date: Re: linux server with 2 nics and 2 routers
- Previous by thread: Help with network settings
- Next by thread: Re: iptables - specifying iface that does not currently exist
- Index(es):
Relevant Pages
|
