SUMMARY: Iptables and dhcp

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



<Original posting below>

Hi agn,

wow, that was REALLY fast!
Thanks to Dave Filchak <dfilchak@sympatico.ca>, who helped me out very quick
with the following link:
http://iptables-tutorial.frozentux.net/chunkyhtml/index.html

According to this tutorial, the rule is as follows:

$IPTABLES  -I INPUT -i <lan-if> -p udp --dport 67:68 --sport 67:68 -j
ACCEPT_LOG

<lan-if> is the interface to the internal net, on which the dhcpd listens.
(Btw.: The URL is also a good iptables-tutorial, think I'm going to bookmark
it, :-) )

I tried it out, and it works perfectly well.

Many thanks to Dave and to the list,

have a nice hackin',

Harald



On Sunday 11 January 2004 18:38, Harald Husemann wrote:
> Hi folks,
>
> I'm running RH 7 on an HP Netserver. This machine should act as a firewall
> (with iptables), and also as a DHCP-server for my internal network.
> When I activate the firewall, DHCP is of course no longer available, so I
> tried to implement a rule to allow dhcp. I saw that when one of the clients
> boots, there's a UDP packet with source-IP 0.0.0.0 and destination
> 255.255.255.255, destination port 67 which gets dropped. So, I added the
> following rule:
>
> $IPTABLES -A FORWARD -p udp -s 0.0.0.0/0 -d 255.255.255.255/32 --dport 67
> -j ACCEPT_LOG
>
> to my iptables.conf. Unfortunately, it didn't work, the packets are still
> dropped (according to /var/log/messages). Also, changing the destination IP
> to ANY didnt't help.
>
> I know it's a bit insecure to run a DHCP-Server on a firewall, but it's an
> internal fw protecting my DMZ - and I don't want to setup another machine
> for DHCP...
>
> Any ideas?
>
>
> Thanks in advance,
>
> Harald

--
=======================================================
Dipl. Ing. Harald Husemann
E-Mail:	bofh@dh9dat.de
www:	www.deepthought.prima.de
Projects:	rawt.sourceforge.net

<Linux is like a tipi: No windows, no gates - Apache inside!>
_______________________________________________
LinuxManagers mailing list - http://www.linuxmanagers.org
submissions: LinuxManagers@linuxmanagers.org
subscribe/unsubscribe: http://www.linuxmanagers.org/mailman/listinfo/linuxmanagers

[Index of Archives]     [Kernel]     [Linux SCSI]     [Video 4 Linux]     [Linux Admin]     [Yosemite News]

  Powered by Linux