SIDEBAR
»
S
I
D
E
B
A
R
«
Monitor your dynamic IP & update IPtables when it changes
December 22nd, 2008 by Mr. Blue

If you have DSL or an otherwise sometimes-changing IP address on the public interface of your IPtables-based router, this may be of use to you.Download It!

In a nutshell, it’ll monitor your public IP and reload the IPtables if something changes.

No, it’s not a daemon, no it doesn’t update the kernel table like it should, and yes, it has to be called from cron.


2 Responses  
  • Dana Schuett writes:
    August 30th, 20109:22 pmat

    Hi, your iptables $CURIP update is exactly what I’m looking for! I understand you entire script until it gets to the part on updated the iptable rules? Could you explain in more detail how this would work? I am just unclear how you actually get it into my iptables script.

    WHAT I’M UNSURE OF:
    # update the iptables rules if the current IP is different from the last ip in /tmp/lastip
    if [ "$CURIP" != "$LASTIP" ]
    then
    #add your iptables rule here to remove the old rules with the external dynamic ip in it, and insert the new IP
    #using the $CURIP variable.

    HERE IS WHERE I NEED THIS INJECTED INTO MY IPTABLES SCRIPT:

    $IPT -A PREROUTING -t nat -d my.isp.ip.addr -p tcp –dport 8080 -j DNAT –to 192.168.0.201:8080
    $IPT -t nat -A POSTROUTING -s 192.168.0.0/24 -p tcp –dport 8080 -d 192.168.0.201 -j MASQUERADE
    $IPT -A PREROUTING -t nat -d my.isp.ip.addr -p tcp –dport 2020 -j DNAT –to 192.168.0.201:2020
    $IPT -t nat -A POSTROUTING -s 192.168.0.0/24 -p tcp –dport 2020 -d 192.168.0.201 -j MASQUERADE

    Thanks for your time,

    Dana

  • Mr. Blue writes:
    August 30th, 20109:45 pmat

    Hey! thanks for the comment!!
    So in this “then” section, what you would do is flush all your rules first, then apply your same rules, modified with the ‘new’ IP address, like so:
    if [ "$CURIP" != "$LASTIP" ]
    then
    #add your iptables rule here to remove the old rules with the external dynamic ip in it, and insert the new IP using the $CURIP variable.
    $IPT -F (or whatever your preferred method is for flushing iptables)
    $IPT -A PREROUTING -t nat -d $CURIP -p tcp –dport 8080 -j DNAT –to 192.168.0.201:8080
    $IPT -t nat -A POSTROUTING -s 192.168.0.0/24 -p tcp –dport 8080 -d 192.168.0.201 -j MASQUERADE
    $IPT -A PREROUTING -t nat -d $CURIP -p tcp –dport 2020 -j DNAT –to 192.168.0.201:2020
    $IPT -t nat -A POSTROUTING -s 192.168.0.0/24 -p tcp –dport 2020 -d 192.168.0.201 -j MASQUERADE

    Provided your iptables rules are correct as you want them, this *should* work. However bear in mind it’s been about 3 years since I originally wrote this post :)



Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>
»  Substance:WordPress   »  Style:Ahren Ahimsa
© 2010 axmx.net