<Original posting below> Hi agn, wow, that was REALLY fast! Thanks to Dave Filchak <dfilchak@sympatico.ca>, who helped me out very quick with the following link: http://iptables-tutorial.frozentux.net/chunkyhtml/index.html According to this tutorial, the rule is as follows: $IPTABLES -I INPUT -i <lan-if> -p udp --dport 67:68 --sport 67:68 -j ACCEPT_LOG <lan-if> is the interface to the internal net, on which the dhcpd listens. (Btw.: The URL is also a good iptables-tutorial, think I'm going to bookmark it, :-) ) I tried it out, and it works perfectly well. Many thanks to Dave and to the list, have a nice hackin', Harald On Sunday 11 January 2004 18:38, Harald Husemann wrote: > Hi folks, > > I'm running RH 7 on an HP Netserver. This machine should act as a firewall > (with iptables), and also as a DHCP-server for my internal network. > When I activate the firewall, DHCP is of course no longer available, so I > tried to implement a rule to allow dhcp. I saw that when one of the clients > boots, there's a UDP packet with source-IP 0.0.0.0 and destination > 255.255.255.255, destination port 67 which gets dropped. So, I added the > following rule: > > $IPTABLES -A FORWARD -p udp -s 0.0.0.0/0 -d 255.255.255.255/32 --dport 67 > -j ACCEPT_LOG > > to my iptables.conf. Unfortunately, it didn't work, the packets are still > dropped (according to /var/log/messages). Also, changing the destination IP > to ANY didnt't help. > > I know it's a bit insecure to run a DHCP-Server on a firewall, but it's an > internal fw protecting my DMZ - and I don't want to setup another machine > for DHCP... > > Any ideas? > > > Thanks in advance, > > Harald -- ======================================================= Dipl. Ing. Harald Husemann E-Mail: bofh@dh9dat.de www: www.deepthought.prima.de Projects: rawt.sourceforge.net <Linux is like a tipi: No windows, no gates - Apache inside!> _______________________________________________ LinuxManagers mailing list - http://www.linuxmanagers.org submissions: LinuxManagers@linuxmanagers.org subscribe/unsubscribe: http://www.linuxmanagers.org/mailman/listinfo/linuxmanagers