Hi -
I'm runnig several service jails at a 7.2 server. In one of my service jails I did install squeezebox in order to stream music into my home LAN behind an AVM Fritzbox router.
The server's pf rule set has three entries dealing with that specific jail, namely:
Well, I'm redirecting $rdrMP3 from any incoming connection exclusively to that jail, only. On the way out NAT will happen. Then, I do only allow one single IP address ($ip_mp3stream) to pass into that jail.
First of all that works for a day, only, because my DSL line is reset every 24 hrs by my ISP and a new IP address will be assigned.
In order to deal with the latter I did write a script for crontab that will check every some minutes if my routers dynamic IP address might have changed (via dynalias account). If so, that script will modify the anchor mp3stream accordingly:
Now, I thought about what happens if 1) my server reboots unattended for odd reasons or on purpose, 2) DNS is broken, 3) pfctl might fail, and 4) my dynalias breaks for some reasons.
Regarding 1) and 2) I'll immediately set $ip_mp3stream to localhost, letting the crontab script re-assign the valid address.
And now my answers begin:
- How should one deal with 3)? Worst case: It still failes after my router's IP did change. Should one store some time stamp into a file?
- Regarding 4) I do not have any idea at all :-(
- Did I forget something important?
Thanks
I'm runnig several service jails at a 7.2 server. In one of my service jails I did install squeezebox in order to stream music into my home LAN behind an AVM Fritzbox router.
The server's pf rule set has three entries dealing with that specific jail, namely:
Code:
nat on $if_ext from $ip_media to any -> $ip_ext
rdr on $if_ext proto tcp from any to $ip_ext port $rdrMP3 -> $ip_media port $rdrMP3
anchor "mp3stream" {
pass in log on $if_ext proto tcp from $ip_mp3stream to $ip_media port $rdrMP3 keep state \
(max-src-conn 10)
}
($ip_mp3stream is set to my router's dynamic IP address.)Well, I'm redirecting $rdrMP3 from any incoming connection exclusively to that jail, only. On the way out NAT will happen. Then, I do only allow one single IP address ($ip_mp3stream) to pass into that jail.
First of all that works for a day, only, because my DSL line is reset every 24 hrs by my ISP and a new IP address will be assigned.
In order to deal with the latter I did write a script for crontab that will check every some minutes if my routers dynamic IP address might have changed (via dynalias account). If so, that script will modify the anchor mp3stream accordingly:
Code:
echo "pass in log on [$if_ext] proto tcp from [$ip_mp3stream] to [$ip_media] port [$rdrMP3] \
keep state (max-src-conn 10)" | /sbin/pfctl -a mp3stream -f -
([macros] don't work here, in reality the real values are used here,
used for clarification purposes, only)Now, I thought about what happens if 1) my server reboots unattended for odd reasons or on purpose, 2) DNS is broken, 3) pfctl might fail, and 4) my dynalias breaks for some reasons.
Regarding 1) and 2) I'll immediately set $ip_mp3stream to localhost, letting the crontab script re-assign the valid address.
And now my answers begin:
- How should one deal with 3)? Worst case: It still failes after my router's IP did change. Should one store some time stamp into a file?
- Regarding 4) I do not have any idea at all :-(
- Did I forget something important?
Thanks
