Unnumbered interface means a specific thing in networking but in FWbuilder it might result in the desired behavior. Is there an intelligent way to determine that the external IP has changed and the FWBuilder script needs to be rerun, to adjust the iptables policy? in FWBuilder, i can set the ISP interface as an "unnumbered interface" which i believe means no IP would be associated with the interface, and therefore would write the rules with only the interface name. LAN side, everything is 100% working, but the external pieces do not work until i run that script.
I have to re-run the FWBuilder generated script, for the rules to be rewritten with the new IP for the ISP interface, in order to fully recover from an outage or interruption. rules include "-o enp7s0" and "-s 192.168.0.x" or "-d 192.168.0.x", specifying both the interface and the assigned IP as the source or destination, in the case of inbound access. I write my firewall rules with FWBuilder, and the script it generates always explicitly writes in the IP of the ISP interface, instead of just using the name of the interface. that said, the ISP interface on my router gets a different IP when the modem reboots, hence outbound access fails because iptables is configured with the previously assigned IP. i will be asking the ISP to change the device to just a modem, so that i can avoid double-NAT and other nuances. Right now, i have my router plugged into a cable modem that is acting as a modem, router, switch and wifi all-in-one. now all my services do not fail when things boot up after a power outage, but external recursion and all other outbound access fails because the ISP interface on my router has a different IP and firewall rules do not match. i moved from forwarding requests to my authoritative servers, to having the router be a slave to the authoritative servers. every time it rebooted none of my DNS requests would work until i ran through an extensive process to start all the services that failed, including the caching recursive DNS instance. Previously, i had my router acting as a caching recursion DNS instance, forwarding requests to my internal authoritative servers, or out to the roots on the internet.
i do have battery backups but they are aged and no longer effective, but i cannot replace them yet due to budget constraints. I am trying to improve the fault tolerance and recovery of my network after power outages and other service interruptions.
0 kommentar(er)
