[CLUE-Tech] DHCP server with firewall..

David Anselmi anselmi at intradenver.net
Mon Aug 6 16:11:29 MDT 2001 

Well, you're down to the bottom of the barrel when I try to answer something
like this.

The assumption seems to be that your firewall rules are blocking your dhcp.
Do you have anything in the logs to show the dhcp traffic getting dropped
(perhaps you can make the firewall log everything that it drops)?  If not, it
may not actually be the firewall.

I don't know much about iptables (going to learn tomorrow).  But your script
seems redundant to me - e.g. you allow dhcp udp packets, but you also allow
anything to the internal broadcast and host addresses.  Ok, maybe that's how
it's supposed to be.

Could it be that your machines are doing dhcp with tcp, rather than udp?  I
don't know how to tell, except that IANA gave tcp ports 67-8 to dhcp (as well
as the udp ports).  Maybe you can add a line for that.

Hope that helps, but I'd be surprised if it did.  Maybe tomorrow I'll know
more.

Dave

Jeremiah Stanley wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> > Well, I contend it's better to block it on the way in ... h*ll, do
> > both.
>
> Hrmn... we seem to be off topic. I already have a very robust firewall
> written and iplemented (the box pumps about 2 M/sec all day long without a
> hitch over my cable modem). My question was more of the nature: "I cannot
> get DHCP working on my network (I have my roommate's computer that I would
> him to use DHCP so that I don't have to constantly 'fix' his computer so
> that he can get on the internet). Before I installed my firewall, it
> worked perfectly. So what am I doing wrong that isn't allowing connections
> or transmission of the udp information to his computer?"
>
> If you would kindly read the script that I attached a few days ago (lemme
> know if you wanna see it again) you will notice that I am dropping all
> packets that are not to be going to either the ssh port or the identd port
> (I'm an IRC junkie). The most unfortunate part of the @home cable service
> is all the netbios trash that gets routed into my living room.
>
> Thx
> JStanley
> - --
> If only sitting was required, all frogs would be Buddhas...
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
>
> iD8DBQE7bXVSAd8Nj1SHkdcRAu5XAJ9PdjSMWCfBUknjag4Vyh7noF8YKgCfbGMz
> 6cqJH8PJVK5rR4UmGOq7Bz0=
> =9tE1
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> CLUE-Tech mailing list
> CLUE-Tech at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-tech

More information about the clue-tech mailing list