Communities

Writing
Writing
Codidact Meta
Codidact Meta
The Great Outdoors
The Great Outdoors
Photography & Video
Photography & Video
Scientific Speculation
Scientific Speculation
Cooking
Cooking
Electrical Engineering
Electrical Engineering
Judaism
Judaism
Languages & Linguistics
Languages & Linguistics
Software Development
Software Development
Mathematics
Mathematics
Christianity
Christianity
Code Golf
Code Golf
Music
Music
Physics
Physics
Linux Systems
Linux Systems
Power Users
Power Users
Tabletop RPGs
Tabletop RPGs
Community Proposals
Community Proposals
tag:snake search within a tag
answers:0 unanswered questions
user:xxxx search by author id
score:0.5 posts with 0.5+ score
"snake oil" exact phrase
votes:4 posts with 4+ votes
created:<1w created < 1 week ago
post_type:xxxx type of post
Search help
Notifications
Mark all as read See all your notifications »
Q&A

Dynamic IP & lease loss - "callback" mechanism?

+1
−0

I'm playing with NAT, and have a script now that, at startup of my little Linux machine, creates some DNAT rules, which take one incoming special port, and forward that to another interface with a standard e.g. SSH port, so I can talk to this Linux box, from the outside, and to its connected 2nd box, as if it were one machine, but different ports.

The interface to the outside world was, so far, configured with static IP. But it might need configuring for dynamic assignment.

So, my simple startup bash script adding the DNAt rules with iptables, then won't work anymore:

  1. it can only be called when it's clear that the interface has gotten an IP
  2. the interface could lose the IP (lease) at some point - then the old DNAt rules need to be deleted (?) and new ones added for the updated IP address of the interface in question.

Is there some sort of callback mechanism in Linux that I can hook into, so it tells me when the IP address was changed/assigned, and I can then react to that by fixing the DNAT rules?

History
Why does this post require attention from curators or moderators?
You might want to add some details to your flag.
Why should this post be closed?

0 comment threads

1 answer

+2
−0

It depends on a couple of factors:

  1. Whether the interface is directly connected to the internet, or is behind a separate firewall which is forwarding on to your machine
  2. What you are using to assign your dynamic address

If your machine is behind a separate firewall, that device is one which gets its WAN interface IP dynamically from your ISP. To access from the outside, you would typically configure the DNAT on that firewall and forward to your machine, which would usually be assigned a static (or DHCP-reserved) address in your internal LAN (so the firewall has a consistent place to forward the traffic to).

To cover if/when the ISP-assigned dynamic WAN address address changes, you would usually subscribe to a Dynamic DNS service (e.g. https://freedns.afraid.org/), which will automatically update a DNS record for you, when your address changes. This is managed either by installing the DDNS-provider's script onto your machine and scheduling it to poll the DDNS-provider's server/API every few minutes. Some firewalls have the facility to run the script for you without polling, by subscribing to events baked into the firewall device.

If it is the interface on your machine that is directly changing, then you have to hook into your DHCP client's facilities to kick off a script which updates your local firewall rules:

  • For ISC, there should be an /etc/dhclient.conf file which contains a JSON-like block representing your interface. That block can contain a script directive which points to the path of a custom script which runs for all events. The dhclient daemon passes specific arguments to the script, including the event name and new IP address. Your script would parse the arguments and update your NAT rules. Details of the mechanism can be found at https://linux.die.net/man/5/dhclient.conf and https://linux.die.net/man/8/dhclient-script.

  • For systemd, there should be an associated networkd-dispatcher service; this typically has an /etc/networkd-dispatcher directory containing subdirectories which reference the various states. You would place your custom script into the subdirectory which best applies (possibly routable.d) and it would run when the network changes to that state. I think the details are passed to your script by environment variables. Some limited info can be found at https://manpages.ubuntu.com/manpages/focal/man8/networkd-dispatcher.8.html.

  • For NetworkManager, it typically has an /etc/NetworkManager/dispatcher.d directory, where you can place your own scripts. Each script is invoked by NetworkManager, and passed the name of the interface and an event name as arguments; the rest of the details are in environment variables. https://developer-old.gnome.org/NetworkManager/stable/NetworkManager.html has more details.

For any other client, or if your address is assigned some other way, you will need to hook whatever that mechanism is.

History
Why does this post require attention from curators or moderators?
You might want to add some details to your flag.

0 comment threads

Sign up to answer this question »